wallpaper on monitors showing a cyber attack

Is Your Company Compliant with the NIS2 Directive?

Everything You Need to Know About NIS2

NIS2: A New Era in Cybersecurity – Are You Ready?

The rapid pace of digitalization and the growing prevalence of cyberattacks in our daily lives demand that companies adopt a more prepared and conscious approach to cybersecurity. The European Union’s response is the NIS2 Directive, which imposes stricter requirements to protect critical infrastructure and essential services.

This is no longer just an IT issue – compliance is the responsibility of the entire organization. Companies affected by NIS2 must strengthen their defenses not only from a technological but also from an organizational and legal standpoint.

How Can You Prepare for NIS2?

NIS2 is more than another EU regulation – it is a clear expectation: be prepared for cyberattacks, operate secure systems, and respond swiftly to incidents. Preparation is not just a matter of technology – compliance must be ensured at organizational, legal, and process levels as well.

Steps to Prepare for NIS2

Initial Assessment

Determine if your organization falls under NIS2 and understand the resulting obligations.

GAP Analysis

Compare your existing cybersecurity and organizational measures to NIS2 requirements and identify deficiencies.

Action Plan Development

Based on the GAP analysis, define concrete and scheduled development steps to achieve compliance.

Documentation and Policy Development

Create internal policies, procedures, incident management protocols, and protection measures.

Awareness and Training

Empower employees through targeted training and exercises to increase cyber awareness.

NIS2 Audit

Conduct an external audit to objectively assess compliance and address any remaining gaps.

Ensure Continuous Compliance

NIS2 is not a one-time project – ongoing readiness and continuous improvement are required.

How Can Régens Help?

Régens offers comprehensive NIS2 preparation services:

We conduct exposure and risk assessments
We establish the required security and operational systems
We create documentation and assist in developing internal policies
We provide training
We offer continuous support to maintain compliance

Don't wait until the last minute – prepare for NIS2 on time with an experienced partner!

Let's talk about the service

keyboard and hands with information security illustration

Need Help Preparing for NIS2?

By answering a few questions, you can request a quick quote from Régens to ensure your NIS2 compliance.

I need help with NIS2 compliance

What Are the NIS2 Requirements for Your Organization?

Management

Leadership must understand the directive's requirements and risk management processes. They bear direct responsibility for identifying and managing cyber risks to ensure compliance.

Reporting to Authorities

Organizations must establish processes for proper reporting to authorities. For example, in case of major incidents, a report must be submitted within 24 hours.

Risk Management

Measures must be taken to minimize risks, including incident response, improving supply chain security, network security, access control, and encryption.

Business Continuity

Organizations must plan how to ensure business continuity in the event of serious cyber incidents, including system recovery, emergency procedures, and crisis management teams.

Minimum Measures Required by the NIS2 Directive

Beyond the four broad areas of requirements, NIS2 mandates that essential and important entities implement key security measures to address specific probable cyber threats:

Evaluation of security measure effectiveness and procedure development
Cryptographic and encryption policies
Security incident response plans
System security from procurement to operation
Cybersecurity training and cyber hygiene practices
Data access procedures and sensitive data handling
Business continuity planning in case of security incidents
Use of multi-factor authentication and encryption
Supply chain security and protection of vendor relationships
Evaluation of vendor security levels and implementation of appropriate measures

NIS2 expert working on a laptop with security graphics

Can I Be Penalized for Non-Compliance with NIS2?

If you do not comply with the new NIS2 cybersecurity requirements, you can expect severe penalties. Sanctions can amount to up to 2% of your revenue, and may even include disqualification from certain activities.

Request a quick quote for your NIS2 compliance!

Certifications That Support NIS2 Compliance:

For us, NIS2 compliance is not just a box to tick – we help as if it were our own company, and together with our trusted auditor partners, we confidently guide our clients through the process.

Andrea Kajzingerné Szarka

Business Consultant

Security and NIS2 Compliance in One Place

Explore Régens’ NIS2 compliance solutions! Our service packages and pricing are available in a single downloadable document – making it easy to find the best solution for your needs.

Download now and take a step toward cybersecurity compliance!

Please provide your details to receive our brochure about services and pricing immediately.

Key Documentation for a Successful NIS 2 Audit

The requirements defined by the NIS 2 directive define several deliverables (e.g.: regulations, procedural instructions) that organizations must mandatorily develop and establish to comply with the Cyber Act. It’s no surprise that these documents must also be presented during the cybersecurity audit to ensure its successful conclusion. But have we thought of everything? Here are five essential documents that must not be overlooked when aiming for a successful NIS 2 audit. Read more

NIS2 Audit Guide: Tips, Requirements, and the Review Process

With the introduction of Decree 1/2025 (I. 31.) SZTFH, organizations falling under the NIS2 Directive now have a clear understanding of the audit fees due this year. However, the regulation does not only cover costs but also provides detailed information on the expected audit process and the methodology that auditor firms must follow. What are the most useful insights from the regulation for companies subject to NIS2? This article aims to answer these questions. Read more

Can We Fail the NIS2 Audit? The Crucial Role of Preparation in Cybersecurity Compliance

Starting from October 2024, the national implementation of the NIS2 directive becomes mandatory for all affected organizations. The aim of this new regulation is to ensure a unified and high level of cybersecurity across EU member states, particularly among companies operating in essential and important sectors. In light of this, the question naturally arises: can an organization fail a NIS2 audit? Read more

Important Deadlines for NIS2 Preparation

June 30, 2024

By this date, companies must have registered with the Authority and reported the person responsible for the security of their electronic information systems (Information Security Officer – ISO).

October 18, 2024

From this date, organizations must apply the administrative, physical, and logical protective measures specified in the implementing regulation.

August 31, 2025

The affected organizations must conclude a contract by August 31, 2025, with an accredited auditing company registered with the SZTFH for the execution of a cybersecurity audit.

June 30, 2026

The first cybersecurity audit must be completed by this date.

Comprehensive NIS2 Solution: Preparation and Audit in One Package

We work in official partnership with certified NIS2 audit firms, enabling you to access preparation and auditing in a unified, transparent process – without separate arrangements or complex coordination.

Contact our team for details about our all-in-one offer and ensure your company’s successful compliance with our intensive preparation program.

Key Legislation for NIS2 Compliance

Act LXIX of 2024 on Cybersecurity in Hungary
Government Decree 7/2024 (VI. 24.) on Security Classification and Protective Measures by Security Class
SZTFH Decree 1/2025 (I. 31.) on the Process and Fees of Cybersecurity Audits

Frequently Asked Questions About NIS2 Preparation

The NIS2 Directive primarily applies to medium and large enterprises operating in so-called essential sectors – such as energy, healthcare, transport, telecommunications, water supply, digital infrastructure, outsourced ICT services, digital service providers, postal services, waste management, space sector, food, manufacturing, and chemicals, as well as research.

The directive also covers certain critical actors, such as electronic communications providers, trust service providers, DNS service providers, top-level domain registries, and domain name registrars.

The final determination depends on the critical nature of the service and the number of employees.

From 17 October 2024, compliance is mandatory based on national legislation in the Member States. Now is the time to prepare, as the closer the deadline, the less room there will be for maneuver.

This depends on the current information security maturity of the organization. The minimum duration is usually 2 months, but 6–12 months may be needed for more complex systems, especially if internal regulations are lacking. Our expert support remains available after the audit for long-term sustainability.

During a GAP analysis, we compare current operations and regulations with NIS2 requirements. Based on the identified gaps, we propose the necessary improvements – this forms the basis of the preparation plan.

It is not recommended. The purpose of the audit is to check compliance – not to provide consultancy. Without preparation, the organization is likely to have many deficiencies, which can only be corrected after a follow-up audit. Find out more about why preparation is absolutely essential for a successful NIS2 audit.

The audit fee depends on several factors: the size of the organization, sector, number of affected systems, etc. We provide a separate information sheet on the exact details – read our article on NIS2 audit fees or request a quote from our experts.

GAP analysis: We assess the current state and the expected requirements.
NIS2 preparation: We implement the necessary measures, policies, documentation, and training.
NIS2 audit: We assist during the audit, which is carried out by our SZTFH-accredited audit partner.

Get to know the NIS2 requirements in detail.
Check if your company is among the affected organizations.
Contact us – we help with the GAP analysis and preparation plan.
Request a tailored quote for a service package suited to your organization.

Régens has decades of experience in cybersecurity, IT consulting, and EU compliance. Our expert team is up-to-date with NIS2 requirements and applies a structured, practical approach that supports real business operations as well as compliance. Our references, certifications, and certified partners are your guarantee.

Self-identification: We help determine if you are affected by the directive.
GAP and risk analysis: We identify gaps and risk sources.
Implementation of protective measures: We help with practical implementation.
Audit support: We assist with the official audit and provide follow-up support.

The audit is not a one-off check – maintaining compliance is an ongoing task.
A renewal audit is required every two years under the NIS2 directive.
If deficiencies are found during the first audit, an action plan must be drawn up and corrective steps taken.
Security incidents must be reported to the authority within the specified deadline.
The appropriate level of cybersecurity must be maintained continuously, supported by documentation and internal controls.
The Information Security Officer (ISO) plays a key role in internal management, incident handling, and ongoing compliance.

👉 Régens’ external CISO service can take over this complex role – so you can be sure that compliance with the NIS2 directive is maintained efficiently and up-to-date by a team of experts.