Cybersecurity & NIS2

NIS2 Assessment & Roadmap

Gap analysis and roadmap for NIS2 compliance. Identify vulnerabilities and get a concrete plan before the October 2026 deadline.

At a glance

The new European cybersecurity law (NIS2) comes into force in October 2026 and carries heavy penalties. We help you understand whether your company needs to comply, what you're missing, and how to get ready in time.

Avoid fines up to 10 million euros
Clear action plan with priorities
October 2026 deadline
Want to know more?

We analyze your current situation against NIS2 requirements. We deliver a report that explains what you need to do, in what order, and with estimated timelines and costs. We also support you in preparing the documentation required by the regulation.

Current security posture analysis
Gap identification against NIS2 requirements
Critical asset and supply chain mapping
Prioritized remediation plan
Governance and documentation support
Management training

Why choose this service

Avoid fines

NIS2 penalties of up to 10 million euros or 2% of global turnover. The assessment lets you identify and close gaps before the deadline.

Clear roadmap

Not a generic report, but a concrete action plan with priorities, timelines, and estimated budgets.

Competitive advantage

NIS2 compliance becomes a business asset: show your clients and partners that you are a reliable supplier.

What is the NIS2 Directive?

The NIS2 Directive (Network and Information Security 2) is the new European cybersecurity framework, in force since January 2023 with a compliance deadline of 17 October 2026.

Compared to the previous NIS, NIS2:

  • Expands the scope to more sectors and company sizes
  • Increases penalties up to 10 million euros or 2% of global turnover
  • Holds management accountable with personal obligations for executives
  • Includes the supply chain, making compliance a requirement for working with in-scope companies

Who is subject to NIS2?

Companies operating in critical sectors are subject to NIS2:

  • Energy, transport, banking, healthcare
  • Digital infrastructure and ICT
  • Public administration
  • Food production, chemicals, manufacturing
  • Postal services, waste management

And that exceed certain size thresholds:

  • Medium enterprises: 50+ employees or 10M+ euros turnover
  • Large enterprises: 250+ employees or 50M+ euros turnover

Important: even if your company is not directly in scope, you may be involved as a supplier to a company that is.

Our approach

1

Scoping

Interviews with management and IT, business perimeter analysis, NIS2 applicability verification, stakeholder identification.

2

Gap Analysis

Assessment against all NIS2 requirements, review of existing policies and procedures, evaluation of technical measures, critical supply chain mapping.

3

Roadmap

Detailed report with identified gaps, prioritized remediation plan, estimated timelines and budget, immediate quick wins.

4

Support (optional)

Implementation of measures, staff training, periodic audits, incident response support.

Deliverables

At the end of the assessment you will receive:

  1. Executive Summary for management
  2. Detailed technical report with all identified gaps
  3. Compliance matrix showing current status vs. NIS2 requirements
  4. Compliance roadmap with priorities, timelines, and estimated costs
  5. Document templates (policies, procedures, registers)

Why Ekados

  • Experience: 18+ years in IT security
  • Pragmatic approach: concrete solutions, not just theory
  • Certified team: expertise in ISO 27001, NIST, CIS standards
  • Ongoing support: we don’t leave you on your own after the assessment

Ready to get started?

Contact us for a free consultation. We will help you find the best solution for your business.