NIS2 & EU AI Act. Implemented, not just assessed.
We implement regulation technically – not just tick checklists. From gap analysis through implementation to audit readiness.
Time Is Running Out
NIS2 is already mandatory. Only 5 months remain until the EU AI Act takes full effect.
Regulation Is Getting Serious
NIS2 has been in effect since December 2025. The EU AI Act follows in August 2026. Those who fail to act now risk fines and personal liability.
NIS2 Is Mandatory
29,500 organizations in Germany must act immediately. In force since December 2025 – no transition period.
EU AI Act Is Coming
Fully in effect from August 2026. Every AI system requires a risk classification and documentation.
Personal Liability
Executive management is personally liable for the implementation of NIS2 cybersecurity measures.
Fines
Up to EUR 10 million (NIS2) or EUR 35 million / 7% of annual turnover (EU AI Act).
Reporting Obligations
24-hour early warning, 72-hour incident report, and 1-month final report to the regulatory authority.
Audit Readiness
Regulatory authorities want evidence – not slides and lip service.
From Assessment to Audit Readiness
A structured program with clear milestones – for NIS2, EU AI Act, or both.
NIS2 / EU AI Act Assessment
Structured baseline assessment with a proven questionnaire: NIS2 Readiness (120+ checkpoints across all requirement domains) or EU AI Act Compliance (AI system inventory, risk classification per Annex I–III). Combination of management workshops, expert interviews, and document analysis.
Deliverables
- Gap Analysis (current vs. target per domain / per AI system)
- Risk Matrix (likelihood × impact)
- Maturity Rating (5-level scale per domain) or AI System Register with risk classes
- Prioritized Action Plan (quick wins, short-term, medium-term) with effort estimates
- Results Report (40–60 pages) & Management Presentation
Framework & Concept
ISMS framework, AI governance framework, security policies, incident response design, and governance structures – tailored to your industry requirements.
Deliverables
- ISMS Scope & Policy
- AI Governance Framework (roles, processes, responsibilities)
- Policy Set (Security, Data Protection, AI Usage)
- Incident Response Plan (24h/72h NIS2 reporting deadlines)
- Risk Management Methodology
Implementation
Technical controls, process implementation, AI system documentation (Art. 9–15 EU AI Act), awareness programs, and monitoring setup.
Deliverables
- Technical Controls (Network, Identity, Cryptography)
- AI System Register with conformity documentation
- Process Documentation & Evidence Management
- Training Program (Awareness & Expert Training)
- KPI Framework & Monitoring Dashboard
Audit Readiness & Handover
Internal pre-audit, documentation review, management review, and structured transition to ongoing operations.
Deliverables
- Pre-Audit Report with recommendations
- Documentation Map (all evidence at a glance)
- Management Review & Final Presentation
- Operations Handbook for ongoing compliance
Your Path to Compliance
From assessment to ongoing support as Virtual CISO.
Entry
7,500 – 15,000 EUR
Core
50,000 – 150,000 EUR
Framework & Concept
Implementation + Audit Readiness
Retainer
5,000 – 7,000 EUR/month
Virtual CISO
Deploying AI while meeting NIS2/AI Act requirements?
We combine AI integration and compliance from day one. No retroactive auditing, but compliant-by-design.
Learn about AI IntegrationBattle-tested in Regulated Environments
Software Lifecycle & AI Agents (Critical Infrastructure)
Cloud Security Framework & Tenant Separation
Sovereign Cloud Procurement (BSI, C5, VS-NfD)
Frequently Asked Questions
What does a NIS2 assessment cost?
Are we affected by NIS2?
Can you also support the implementation?
NIS2 or EU AI Act affects your organization?
Let's evaluate your compliance requirements in a free introductory call – no strings attached.
30 min · Video call · No obligation