NIS2 Assessment & Roadmap
Gap analysis and roadmap for NIS2 compliance. Identify vulnerabilities and get a concrete plan before the October 2026 deadline.
At a glance
The new European cybersecurity law (NIS2) comes into force in October 2026 and carries heavy penalties. We help you understand whether your company needs to comply, what you're missing, and how to get ready in time.
Want to know more?
We analyze your current situation against NIS2 requirements. We deliver a report that explains what you need to do, in what order, and with estimated timelines and costs. We also support you in preparing the documentation required by the regulation.
Why choose this service
Avoid fines
NIS2 penalties of up to 10 million euros or 2% of global turnover. The assessment lets you identify and close gaps before the deadline.
Clear roadmap
Not a generic report, but a concrete action plan with priorities, timelines, and estimated budgets.
Competitive advantage
NIS2 compliance becomes a business asset: show your clients and partners that you are a reliable supplier.
What is the NIS2 Directive?
The NIS2 Directive (Network and Information Security 2) is the new European cybersecurity framework, in force since January 2023 with a compliance deadline of 17 October 2026.
Compared to the previous NIS, NIS2:
- Expands the scope to more sectors and company sizes
- Increases penalties up to 10 million euros or 2% of global turnover
- Holds management accountable with personal obligations for executives
- Includes the supply chain, making compliance a requirement for working with in-scope companies
Who is subject to NIS2?
Companies operating in critical sectors are subject to NIS2:
- Energy, transport, banking, healthcare
- Digital infrastructure and ICT
- Public administration
- Food production, chemicals, manufacturing
- Postal services, waste management
And that exceed certain size thresholds:
- Medium enterprises: 50+ employees or 10M+ euros turnover
- Large enterprises: 250+ employees or 50M+ euros turnover
Important: even if your company is not directly in scope, you may be involved as a supplier to a company that is.
Our approach
Scoping
Interviews with management and IT, business perimeter analysis, NIS2 applicability verification, stakeholder identification.
Gap Analysis
Assessment against all NIS2 requirements, review of existing policies and procedures, evaluation of technical measures, critical supply chain mapping.
Roadmap
Detailed report with identified gaps, prioritized remediation plan, estimated timelines and budget, immediate quick wins.
Support (optional)
Implementation of measures, staff training, periodic audits, incident response support.
Deliverables
At the end of the assessment you will receive:
- Executive Summary for management
- Detailed technical report with all identified gaps
- Compliance matrix showing current status vs. NIS2 requirements
- Compliance roadmap with priorities, timelines, and estimated costs
- Document templates (policies, procedures, registers)
Why Ekados
- Experience: 18+ years in IT security
- Pragmatic approach: concrete solutions, not just theory
- Certified team: expertise in ISO 27001, NIST, CIS standards
- Ongoing support: we donβt leave you on your own after the assessment
Other services Cybersecurity & NIS2
Discover our other cybersecurity & nis2 services.
Vulnerability Assessment & Penetration Test
Infrastructure scanning and intrusion testing to identify vulnerabilities before attackers do.
Managed Detection & Response (MDR)
24/7 monitoring of your infrastructure with immediate incident response. Your outsourced SOC.
vCISO - CISO as a Service
A dedicated information security officer for your company, without the costs of a full-time hire.
Security Awareness Training
Anti-phishing training for your employees. 90% of attacks start with an email.
GDPR Compliance
Assessment, alignment, and maintenance of GDPR compliance. Personal data protection, DPO as a Service, and privacy training.
ISO 27001 - Information Security Management System
ISO 27001 implementation and certification. Build an internationally recognized Information Security Management System (ISMS).
ISO 22301 - Business Continuity Management
ISO 22301 implementation and certification. Ensure your company's operational continuity in case of incidents, disasters, or crises.
Ready to get started?
Contact us for a free consultation. We will help you find the best solution for your business.