Many obligations can already be implemented today – regardless of whether national implementation has already taken place.
The biggest quick wins:

  • Activate multi-factor authentication (MFA) wherever possible
  • Establish patch management and regularly close vulnerabilities
  • Document backups and recovery tests
  • Check access and authorizations
  • Define and practice the incident response process, more on this in our blog article “NIS2 is coming – Do companies need a SIEM system?”

These measures immediately improve the level of security and prepare the company for audits or supply chain checks.