NIS2 PLATFORMISSUE I14 MAY MMXXVIBRUSSELS · BERLIN · AMSTERDAMEU-CENTRAL-1 · FRANKFURT

FOR CISOs, COMPLIANCE LEADS & THE MSPs WHO SERVE THEM

Be NIS2-ready
in days,
not quarters.

The NIS2 deadline is here. Penalties reach €10 million or 2% of global turnover, and your management body is personally liable. Most companies aren't ready — they have a stack of ISO 27001 documentation and a half-finished spreadsheet labelled "NIS2". We turn what you already have into the policies, registers, and incident workflows the directive requires. Usually within a week.

Get your free gap report Book a demoFree gap report on your existing docs  ·  no card required
Live in:BEBelgiumDEGermanyNLNetherlandsAll 27 EU member states by mid-2027EU-CENTRAL-1·FRANKFURT
§ 01HOW IT WORKS

Three steps.
About a week.

You don't need to start from scratch. Most of the work is already in your existing ISO 27001 or SOC 2 documentation — we just need to find it, map it, and emit it in the format NIS2 requires.

  • No re-authoring. ISO 27001 controls map directly to NIS2 Article 21 — we don't ask you to start over.
  • You approve everything. The AI drafts; your CISO signs. Nothing is generated silently or filed without review.
  • Up and running in hours. Connect to SharePoint, Microsoft 365, or Google Drive and we ingest your docs automatically.
  1. 01

    Upload what you have

    Drop in your information security policy, asset register, supplier list, training records — whatever you've got. PDF, Word, Excel. We support it.

  2. 02

    We draft the NIS2 documents

    Within minutes, you get a complete Article 21 policy set, a populated risk register, and a gap report — every line traced to a citation in your originals.

  3. 03

    You review, edit, approve

    Read the drafts, edit anything, and sign them off. Approved documents are version-controlled and ready to share with your auditor or regulator.

Typical first-week output ↓

What you'll receiveFormat
Information Security PolicyArticle 21(2)(a–j)DOCX
Incident Response PlanArticle 21(2)(b)DOCX
Business Continuity & Disaster Recovery PlanArticle 21(2)(c)DOCX
Risk Register (populated)Article 21(2)(a)XLSX
Gap & Remediation ReportAll controlsPDF
Board Cybersecurity BriefingArticle 20PDF
§ 02INCIDENT RESPONSE

When incidents hit,
the clock starts.

NIS2 gives you 24 hours to file an early warning, 72 hours for the full notification, and 30 days for the final report. Miss any of them and you're in violation. We track every clock and draft every submission against your country's reporting template — so you're never staring at a blank form at 3 AM on a Friday.

  • Live deadline tracking. Reminders at T-12h, T-2h, and T-30m. Email and SMS. Nothing slips.
  • Pre-filled CSIRT submissions. We know what Belgium's CCB needs, what Germany's BSI needs, and what each country expects in between. The form is half-done before you start.
  • Practice without notifying. Run tabletop drills any time — your team rehearses the workflow without sending a thing to the regulator.
● LIVE EXAMPLERANSOMWARE ON FINANCE VM · DETECTED 6H AGO
TABLETOP DRILL
24HPENDING
EARLY WARNING
17:59:59
time remaining
72HPENDING
NOTIFICATION
2D 17:59:59
time remaining
30DPENDING
FINAL REPORT
29D 17:59:59
time remaining
§ 03COUNTRY COVERAGE

Operating in multiple states?
We've got you.

Each EU member state interprets NIS2 differently. Belgium has its own thresholds, Germany has its own registration forms, the Netherlands has its own CSIRT contacts. We maintain country-specific configurations and update them when laws change — typically within 10 business days, with no upgrade or migration on your side.

If you operate cross-border, you get one platform that handles every jurisdiction you're in. One login, one workflow, multiple regulators served.

FLAGJURISDICTIONSTATUSSINCE
BE

Belgium

CCB · CERT.be

LIVE2024
DE

Germany

BSI · CERT-Bund

LIVE2025
NL

Netherlands

RDI · NCSC-NL

LIVE2025
FR

France

ANSSI · CERT-FR

COMING SOONQ3 2026
IT

Italy

ACN · CSIRT-Italia

COMING SOONQ3 2026
ES

Spain

INCIBE-CERT · CCN-CERT

COMING SOONQ4 2026

— and the remaining 21 EU member states by mid-2027 —

§ 04AUDIT-READY BY DESIGN

When the auditor calls,
you're already ready.

Every paragraph in every generated document carries a citation back to the source in your originals — so you can defend any claim. The activity log is tamper-evident. Export any time window as a single signed PDF — exactly what your regulator or auditor wants to see.

  • Every line, sourced. Click any paragraph and see the original document, page, and quote behind it.
  • Tamper-evident activity log. Every edit, approval, and export is recorded and cryptographically chained — proving the timeline if ever challenged.
  • Audit packets in one click. A single signed PDF containing every document and every activity-log entry for any period.
EXAMPLE · GOVERNANCE CLAUSE · NIS2 ARTICLE 20REVIEWED

CLAIM

The management body owns and approves the cybersecurity programme.

CITATION FROM YOUR DOCUMENT

"The Management Body approves this policy and is accountable for the cybersecurity posture of the organisation, in accordance with NIS2 Article 20."

ACME-ISP-V3.DOCX · § 3 GOVERNANCE

Confidence

High

Status

Approved

Reviewed by

Ada CISO

ACTIVITY LOG · LAST 4 ENTRIES (TAMPER-EVIDENT)
  • Today 18:49Document approved by Ada CISO
  • Today 18:49ISP draft generated
  • Today 18:46Acme-ISP-v3.docx uploaded
  • Today 18:43Ada CISO signed in
§ 05THE BOARD'S PROBLEM, NOT IT'S

"Member States shall ensure that the management bodies of essential and important entities approve the cybersecurity risk-management measures …  and can be held liable for infringements by the entities of this Article."

NIS2 DIRECTIVE·ARTICLE 20·GOVERNANCE & LIABILITY

Under NIS2, your CEO and board members can be held personally liable. Fines, public censure, and in some states a temporary ban from holding management positions are all on the table. We give the board a quarterly briefing in your branding, surface the key risks in plain English, and record sign-off so their diligence is provable — not assumed.

§ 06FOR MSPs & CONSULTANCIES

Manage every customer
from one place.

Run NIS2 engagements at scale. Branded portals for your customers, partner billing handled for you, and a certified training programme so your consultants ship as accredited NIS2 specialists.

Higher-margin work, repeatable methodology, and a credential to put in front of prospects.

Start with a free gap report Become a partner
  • § a

    Your brand, end-to-end

    Your logo, your colours, your domain. Customers never see another brand on the platform.

  • § b

    One operational view

    Manage every customer's compliance from a single console. Spot risks before your customer does.

  • § c

    We handle the billing

    Revenue-share, invoicing, EU VAT — handled. You bill the customer, we settle with you.

  • § d

    Accredited consultants

    Our certified NIS2 specialist programme gives your team a credential to put in front of buyers.

START TODAY

See where you stand
in 30 minutes.

Answer a short self-assessment and walk away with a gap report showing exactly what's missing — and exactly how long it takes to fix. No card, no sales script.

Start free gap report Book a demo

Belgium · Germany · Netherlands LIVE — France · Italy · Spain · Poland Q3 2026