NIS2 awareness for organizations that need to explain cyber risk in practical terms.

What NIS2 is.

NIS2 is the European directive intended to strengthen cyber security across important and essential entities. In Germany, the framework is implemented through national rules, especially in the context of the German BSI Act (BSIG).

• Relevant sectors can include energy, health, IT services, digital infrastructure, manufacturing, transport and other important services.
• Suppliers and service providers are often pulled into the NIS2 and BSIG context through contracts, audits and customer evidence requests.
• Exact applicability depends on sector, size, activity and classification as an important or particularly important entity.

Start with a scope assessment.

Before planning training and evidence, organizations should check whether and in which role they fall under NIS2 and German BSIG requirements. The BSI provides an official scope check for this purpose.

• The scope assessment is the starting point for defining the extent, priority and documentation of measures.
• It does not replace legal review, but it helps with initial orientation.
• Open the BSI NIS2 scope check

What awareness needs to cover.

For NIS2, security measures need to be understood in daily work. Employees should recognise risks, report unusual activity and apply basic cyber hygiene.

• Recognise phishing, email risks and social engineering
• Apply password security, MFA and secure access
• Report security incidents and use escalation paths
• Classify AI use, information protection and supply chain risks