{"id":13130,"date":"2026-05-29T12:11:14","date_gmt":"2026-05-29T10:11:14","guid":{"rendered":"https:\/\/staging.netxconsult.de\/?p=13130"},"modified":"2026-06-15T18:14:38","modified_gmt":"2026-06-15T16:14:38","slug":"nis2-checklist-sme","status":"publish","type":"post","link":"https:\/\/netxconsult.de\/en\/blog\/nis2-checklist-sme\/","title":{"rendered":"NIS2 Checklist for SMEs: 10 Measures You Must Implement Now"},"content":{"rendered":"<p><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-padding-bottom:0px;--awb-margin-bottom:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1372.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-0 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:20px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:38.989599999999996px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-1\"><p><b>What should you know about NIS2? Does it affect your company?<\/b><br \/>\nNIS2 is the EU directive on network and information security, which has been transposed into German national law since December 2025 through the NIS2 Implementation Act (NIS2UmsuCG). It obliges companies with 50 or more employees in 18 regulated sectors to implement specific IT security measures \u2013 including personal liability of management in case of violations.<\/p>\n<p>Many SMEs still underestimate the scope of the directive. Many companies are asking themselves: are we even affected by NIS2? In this article, you will find a practical NIS2 checklist that allows you to assess within minutes whether your company is affected and which measures you should implement right away. We would be happy to support you on your journey towards NIS2 compliance.<\/p>\n<\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-2 fusion-flex-container nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-center fusion-flex-justify-content-center fusion-flex-content-wrap\" style=\"max-width:1372.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-1 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:20px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:0px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-1 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-text-color:var(--awb-color6);--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:24px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:54;line-height:1.14;\">Am I affected by NIS2 as an SME?<\/h2><\/div><div class=\"fusion-text fusion-text-2\"><p>Before you go through the list, we recommend that you first determine whether your organization is subject to NIS2. NIS2 <em><strong>generally<\/strong><\/em> applies to organizations that meet all three of the following criteria. However, caution is advised: even if your organization does not <em><strong>directly<\/strong><\/em> meet the criteria below, it may still be subject to NIS2 <strong><em>indirectly<\/em><\/strong> <em><strong>through its supply chain<\/strong><\/em>.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-2 fusion_builder_column_1_1 1_1 fusion-flex-column fusion-flex-align-self-center\" style=\"--awb-bg-blend:overlay;--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.536%;--awb-margin-bottom-large:0px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-spacing-right-medium:1.536%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-flex-justify-content-flex-start fusion-content-layout-column\">\n<div class=\"table-2\">\n<table width=\"100%\">\n<thead>\n<tr>\n<th align=\"left\">Criterion<\/th>\n<th align=\"left\">Threshold<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"left\">Employees<\/td>\n<td align=\"left\">50 or more<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">Annual turnover or balance sheet<\/td>\n<td align=\"left\">\u20ac10 million or more<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">Sector<\/td>\n<td align=\"left\">One of 18 regulated sectors \u2013 see full list below<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<div class=\"fusion-text fusion-text-3\"><\/div><div class=\"fusion-text fusion-text-4\"><p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<\/div><div class=\"fusion-title title fusion-title-2 fusion-sep-none fusion-title-text fusion-title-size-three\" style=\"--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:24px;--awb-margin-left-small:0px;\"><h3 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:32;line-height:1.26;\">Which 18 sectors are affected by NIS2?<\/h3><\/div><div class=\"fusion-text fusion-text-5\"><p>NIS2 differentiates between two groups: 11 sectors of high criticality (Annex 1) and 7 additional critical sectors (Annex 2).<\/p>\n<\/div><div class=\"fusion-title title fusion-title-3 fusion-sep-none fusion-title-text fusion-title-size-four\" style=\"--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:24px;--awb-margin-left-small:0px;\"><h4 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:26;line-height:1.4;\">Annex 1 \u2014 Sectors of High Criticality<\/h4><\/div>\n<div class=\"table-1\">\n<table width=\"100%\">\n<thead>\n<tr>\n<th align=\"left\">#<\/th>\n<th align=\"left\">Sector<\/th>\n<th align=\"left\">Examples<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"left\">1<\/td>\n<td align=\"left\">Energy<\/td>\n<td align=\"left\">Electricity, district heating, natural gas, oil, hydrogen<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">2<\/td>\n<td align=\"left\">Transport<\/td>\n<td align=\"left\">Aviation, rail, maritime, road transport<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">3<\/td>\n<td align=\"left\">Banking<\/td>\n<td align=\"left\">Credit institutions<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">4<\/td>\n<td align=\"left\">Financial market infrastructure<\/td>\n<td align=\"left\">Trading venues, central counterparties<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">5<\/td>\n<td align=\"left\">Healthcare<\/td>\n<td align=\"left\">Hospitals, laboratories, pharmaceuticals<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">6<\/td>\n<td align=\"left\">Drinking water<\/td>\n<td align=\"left\">Water suppliers<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">7<\/td>\n<td align=\"left\">Wastewater<\/td>\n<td align=\"left\">Wastewater treatment<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">8<\/td>\n<td align=\"left\">Digital infrastructure<\/td>\n<td align=\"left\">Cloud providers, data centres, DNS<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">9<\/td>\n<td align=\"left\">ICT services (B2B)<\/td>\n<td align=\"left\">Managed service providers, IT service providers<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">10<\/td>\n<td align=\"left\">Public administration<\/td>\n<td align=\"left\">Government authorities at federal and state level<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">11<\/td>\n<td align=\"left\">Space<\/td>\n<td align=\"left\">Satellite operators, space infrastructure<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<div class=\"fusion-title title fusion-title-4 fusion-sep-none fusion-title-text fusion-title-size-four\" style=\"--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:24px;--awb-margin-left-small:0px;\"><h4 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:26;line-height:1.4;\">Annex 2 \u2014 Additional Critical Sectors<\/h4><\/div>\n<div class=\"table-1\">\n<table width=\"100%\">\n<thead>\n<tr>\n<th align=\"left\">#<\/th>\n<th align=\"left\">Sector<\/th>\n<th align=\"left\">Examples<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"left\">12<\/td>\n<td align=\"left\">Postal and courier services<\/td>\n<td align=\"left\">Parcel delivery, mail services<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">13<\/td>\n<td align=\"left\">Waste management<\/td>\n<td align=\"left\">Disposal companies, recycling<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">14<\/td>\n<td align=\"left\">Chemicals<\/td>\n<td align=\"left\">Chemical industry, hazardous materials<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">15<\/td>\n<td align=\"left\">Food<\/td>\n<td align=\"left\">Production, processing, wholesale<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">16<\/td>\n<td align=\"left\">Manufacturing<\/td>\n<td align=\"left\">Mechanical engineering, medical technology, automotive<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">17<\/td>\n<td align=\"left\">Digital services<\/td>\n<td align=\"left\">Online marketplaces, search engines, social networks<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">18<\/td>\n<td align=\"left\">Research<\/td>\n<td align=\"left\">Research institutions, universities<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<div class=\"fusion-text fusion-text-6\"><p><em>Source: NIS2UmsuCG, Anlage 1 und 2 &#8211; <a href=\"https:\/\/www.bsi.bund.de\/DE\/Themen\/Regulierte-Wirtschaft\/NIS-2-regulierte-Unternehmen\/nis-2-regulierte-unternehmen_node.html\">BSI NIS-2 regulierte Unternehmen<\/a> (in force since 6 December 2025)<\/em><\/p>\n<\/div><div class=\"fusion-text fusion-text-7\"><blockquote>\n<p><b>Important<\/b>: An estimated 80% of affected companies are still unaware that they fall under NIS2. By the BSI registration deadline on 6 March 2026, only 38.5% of affected companies had registered. Companies that have not yet acted are already in violation of applicable law.<\/p>\n<p><strong>Not sure whether your sector is affected? The German Federal Office for Information Security (BSI) offers a<a href=\"https:\/\/betroffenheitspruefung-nis-2.bsi.de\/\"> free assessment tool <\/a>\u2013 get clarity within 5 minutes.<\/strong><\/p>\n<\/blockquote>\n<\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-3 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1372.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-3 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:20px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:0px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-5 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-text-color:var(--awb-color6);--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:24px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:54;line-height:1.14;\">Indirect impact: When NIS2 affects you via the supply chain<\/h2><\/div><div class=\"fusion-text fusion-text-8\"><p>&nbsp;<\/p>\n<\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-4 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1372.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-4 fusion_builder_column_2_3 2_3 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:66.666666666667%;--awb-margin-top-large:20px;--awb-spacing-right-large:2.88%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:2.88%;--awb-width-medium:66.666666666667%;--awb-order-medium:0;--awb-spacing-right-medium:2.88%;--awb-spacing-left-medium:2.88%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-9\"><p>Even if your business does not belong to one of the 18 sectors or does not meet the thresholds, you may still be indirectly affected by NIS2.<\/p>\n<p>As supply chains become increasingly digitalised, cyber risks grow significantly. The <b>German BSI Act<\/b> requires companies that fall under NIS2 to ensure the security of their<a href=\"https:\/\/www.bsi.bund.de\/DE\/Themen\/Regulierte-Wirtschaft\/NIS-2-regulierte-Unternehmen\/NIS-2-Infopakete\/NIS-2-Lieferkette\/NIS-2-Lieferkette_node.html\"> entire supply chain<\/a>.<\/p>\n<p><b>In practical terms, this means: <\/b>if your customer is subject to NIS2, they are legally obliged to pass on security requirements to you as a supplier or service provider.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-5 fusion_builder_column_1_3 1_3 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:33.333333333333%;--awb-margin-top-large:20px;--awb-spacing-right-large:5.76%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:5.76%;--awb-width-medium:33.333333333333%;--awb-order-medium:0;--awb-spacing-right-medium:5.76%;--awb-spacing-left-medium:5.76%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-image-element\" style=\"--awb-caption-title-font-family:var(--h2_typography-font-family);--awb-caption-title-font-weight:var(--h2_typography-font-weight);--awb-caption-title-font-style:var(--h2_typography-font-style);--awb-caption-title-size:var(--h2_typography-font-size);--awb-caption-title-transform:var(--h2_typography-text-transform);--awb-caption-title-line-height:var(--h2_typography-line-height);--awb-caption-title-letter-spacing:var(--h2_typography-letter-spacing);\"><span class=\" fusion-imageframe imageframe-none imageframe-1 hover-type-none\" style=\"border-radius:8px;\"><img decoding=\"async\" width=\"1800\" height=\"1800\" alt=\"NIS2: Sicherheitsrisiken in der Lieferkette durch vernetzte Unternehmen und gemeinsame Schwachstellen.\" title=\"NIS2 fu\u0308r KMU Blog Lieferkette\" src=\"https:\/\/netxconsult.de\/wp-content\/uploads\/2026\/05\/NIS2-fuer-KMU-Blog-Lieferkette.png\" class=\"img-responsive wp-image-13168\" srcset=\"https:\/\/netxconsult.de\/wp-content\/uploads\/2026\/05\/NIS2-fuer-KMU-Blog-Lieferkette-200x200.png 200w, https:\/\/netxconsult.de\/wp-content\/uploads\/2026\/05\/NIS2-fuer-KMU-Blog-Lieferkette-400x400.png 400w, https:\/\/netxconsult.de\/wp-content\/uploads\/2026\/05\/NIS2-fuer-KMU-Blog-Lieferkette-600x600.png 600w, https:\/\/netxconsult.de\/wp-content\/uploads\/2026\/05\/NIS2-fuer-KMU-Blog-Lieferkette-800x800.png 800w, https:\/\/netxconsult.de\/wp-content\/uploads\/2026\/05\/NIS2-fuer-KMU-Blog-Lieferkette-1200x1200.png 1200w, https:\/\/netxconsult.de\/wp-content\/uploads\/2026\/05\/NIS2-fuer-KMU-Blog-Lieferkette.png 1800w\" sizes=\"(max-width: 640px) 100vw, 400px\" \/><\/span><\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-5 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1372.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-6 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:20px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-6 fusion-sep-none fusion-title-text fusion-title-size-three\" style=\"--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:24px;--awb-margin-left-small:0px;\"><h3 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:32;line-height:1.26;\">What NIS2 requires from affected companies regarding their supply chain<\/h3><\/div><ul style=\"--awb-line-height:34px;--awb-icon-width:34px;--awb-icon-height:34px;--awb-icon-margin:14px;--awb-content-margin:48px;--awb-circlecolor:#f86011;--awb-circle-yes-font-size:17.6px;\" class=\"fusion-checklist fusion-checklist-1 fusion-checklist-default type-icons\"><li class=\"fusion-li-item\" style=\"--awb-circlecolor:#65bc7b;\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon awb-icon-check\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p>Contractual agreements (SLAs) with suppliers covering risk management, incident response, and patch management<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"--awb-circlecolor:var(--awb-custom12);\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon awb-icon-check\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p>Ensuring suppliers implement security by design and security by default<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"--awb-circlecolor:var(--awb-custom12);\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon awb-icon-check\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p>Requiring suppliers to consider BSI recommendations for their own supply chains<\/p>\n<\/div><\/li><\/ul><div class=\"fusion-text fusion-text-10\"><p><em>*Source:<a href=\"https:\/\/www.bsi.bund.de\/DE\/Themen\/Regulierte-Wirtschaft\/NIS-2-regulierte-Unternehmen\/NIS-2-Infopakete\/NIS-2-Lieferkette\/NIS-2-Lieferkette_node.html\"> BSI &#8211; Secure Supply Chain<\/a><\/em><\/p>\n<\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-6 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1372.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-7 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:20px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-7 fusion-sep-none fusion-title-text fusion-title-size-three\" style=\"--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:24px;--awb-margin-left-small:0px;\"><h3 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:32;line-height:1.26;\">What this means for SMEs<\/h3><\/div><div class=\"fusion-text fusion-text-11\"><p>A single compromised supplier can disrupt IT systems, cause data breaches, and interrupt business operations. The more complex the supply chain, the larger the attack surface. NIS2-regulated customers are aware of this \u2013 and will take action.<\/p>\n<\/div><div class=\"fusion-text fusion-text-12\"><blockquote>\n<p><strong>Practical tip:<\/strong> Ask your five largest customers whether they fall under NIS2. If they do, contractual cybersecurity requirements will soon be passed on to you. <b style=\"color: var(--awb-color6);\">Being prepared now gives you a clear competitive advantage. <\/b>We would be happy to assist you in achieving compliance.<\/p>\n<\/blockquote>\n<\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-7 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1372.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-8 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:20px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-8 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-text-color:var(--awb-color6);--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:24px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:54;line-height:1.14;\">NIS2 Checklist for SMEs: 10 Measures<\/h2><\/div><div class=\"accordian fusion-accordian\" style=\"--awb-border-size:1px;--awb-icon-size:24px;--awb-content-font-size:20px;--awb-icon-alignment:left;--awb-hover-color:#f4f4f6;--awb-border-color:rgba(0,0,0,0.08);--awb-background-color:#ffffff;--awb-divider-color:rgba(0,0,0,0.08);--awb-divider-hover-color:rgba(0,0,0,0.08);--awb-icon-color:#ffffff;--awb-title-color:#000000;--awb-content-color:#000000;--awb-icon-box-color:#000000;--awb-toggle-hover-accent-color:#f86011;--awb-title-font-family:&quot;DM Sans&quot;;--awb-title-font-weight:500;--awb-title-font-style:normal;--awb-title-font-size:22px;--awb-content-font-family:&quot;DM Sans&quot;;--awb-content-font-style:normal;--awb-content-font-weight:400;\"><div class=\"panel-group fusion-toggle-icon-unboxed\" id=\"accordion-13130-1\"><div class=\"fusion-panel panel-default panel-1d058bb6b9e04c050 fusion-toggle-no-divider\"><div class=\"panel-heading\"><h4 class=\"panel-title toggle\" id=\"toggle_1d058bb6b9e04c050\"><a aria-expanded=\"false\" aria-controls=\"1d058bb6b9e04c050\" role=\"button\" data-toggle=\"collapse\" data-parent=\"#accordion-13130-1\" data-target=\"#1d058bb6b9e04c050\" href=\"#1d058bb6b9e04c050\"><span class=\"fusion-toggle-icon-wrapper\" aria-hidden=\"true\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/span><span class=\"fusion-toggle-heading\">1. Clarify applicability and registration with the BSI<\/span><\/a><\/h4><\/div><div id=\"1d058bb6b9e04c050\" class=\"panel-collapse collapse \" aria-labelledby=\"toggle_1d058bb6b9e04c050\"><div class=\"panel-body toggle-content fusion-clearfix\">\n<p><span style=\"background-color: rgba(0, 0, 0, 0);\">The registration deadline with the German Federal Office for Information Security (BSI) was in March 2026. Companies that have not yet registered should do so immediately. Registration is completed via the BSI portal and requires information about company size, sector, and responsible security personnel.<\/span><\/p>\n<p><b>Immediate action: <\/b>Conduct a BSI applicability assessment and complete registration without delay.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel panel-default panel-2d0aed5de81ea3109 fusion-toggle-no-divider\"><div class=\"panel-heading\"><h4 class=\"panel-title toggle\" id=\"toggle_2d0aed5de81ea3109\"><a aria-expanded=\"false\" aria-controls=\"2d0aed5de81ea3109\" role=\"button\" data-toggle=\"collapse\" data-parent=\"#accordion-13130-1\" data-target=\"#2d0aed5de81ea3109\" href=\"#2d0aed5de81ea3109\"><span class=\"fusion-toggle-icon-wrapper\" aria-hidden=\"true\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/span><span class=\"fusion-toggle-heading\">2. Make information security a management priority<\/span><\/a><\/h4><\/div><div id=\"2d0aed5de81ea3109\" class=\"panel-collapse collapse \" aria-labelledby=\"toggle_2d0aed5de81ea3109\"><div class=\"panel-body toggle-content fusion-clearfix\">\n<p>NIS2 establishes the personal responsibility of senior management. Delegating responsibility solely to the IT department is no longer sufficient. Managing directors and board members are personally liable in the event of non-compliance.<\/p>\n<p><b>Immediate action: <\/b>Appoint and formally document an Information Security Officer (ISO) at management level.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel panel-default panel-fc619fbdefdaeba87 fusion-toggle-no-divider\"><div class=\"panel-heading\"><h4 class=\"panel-title toggle\" id=\"toggle_fc619fbdefdaeba87\"><a aria-expanded=\"false\" aria-controls=\"fc619fbdefdaeba87\" role=\"button\" data-toggle=\"collapse\" data-parent=\"#accordion-13130-1\" data-target=\"#fc619fbdefdaeba87\" href=\"#fc619fbdefdaeba87\"><span class=\"fusion-toggle-icon-wrapper\" aria-hidden=\"true\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/span><span class=\"fusion-toggle-heading\">3. Enable multi-factor authentication (MFA)<\/span><\/a><\/h4><\/div><div id=\"fc619fbdefdaeba87\" class=\"panel-collapse collapse \" aria-labelledby=\"toggle_fc619fbdefdaeba87\"><div class=\"panel-body toggle-content fusion-clearfix\">\n<p>MFA is one of the most effective and fastest measures against unauthorised access \u2014 even if passwords have been compromised. NIS2 explicitly requires MFA for all critical systems.<\/p>\n<p><b>Immediate action: <\/b>Enable MFA for email, VPN, cloud access, and ERP systems. This can typically be implemented within a few hours.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel panel-default panel-d1b7f9ac463d259ba fusion-toggle-no-divider\"><div class=\"panel-heading\"><h4 class=\"panel-title toggle\" id=\"toggle_d1b7f9ac463d259ba\"><a aria-expanded=\"false\" aria-controls=\"d1b7f9ac463d259ba\" role=\"button\" data-toggle=\"collapse\" data-parent=\"#accordion-13130-1\" data-target=\"#d1b7f9ac463d259ba\" href=\"#d1b7f9ac463d259ba\"><span class=\"fusion-toggle-icon-wrapper\" aria-hidden=\"true\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/span><span class=\"fusion-toggle-heading\">4. Implement patch and update management<\/span><\/a><\/h4><\/div><div id=\"d1b7f9ac463d259ba\" class=\"panel-collapse collapse \" aria-labelledby=\"toggle_d1b7f9ac463d259ba\"><div class=\"panel-body toggle-content fusion-clearfix\">\n<p>Known software vulnerabilities are the most common entry point for cyberattacks. NIS2 requires a structured approach to regularly updating all IT systems.<\/p>\n<p><b>Immediate action:<\/b> Define a fixed patch cycle (e.g. monthly) and document it in writing. Apply critical patches within 72 hours. Conduct regular penetration tests.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel panel-default panel-708791f825f49b6cc fusion-toggle-no-divider\"><div class=\"panel-heading\"><h4 class=\"panel-title toggle\" id=\"toggle_708791f825f49b6cc\"><a aria-expanded=\"false\" aria-controls=\"708791f825f49b6cc\" role=\"button\" data-toggle=\"collapse\" data-parent=\"#accordion-13130-1\" data-target=\"#708791f825f49b6cc\" href=\"#708791f825f49b6cc\"><span class=\"fusion-toggle-icon-wrapper\" aria-hidden=\"true\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/span><span class=\"fusion-toggle-heading\">5. Establish a backup strategy and recovery testing<\/span><\/a><\/h4><\/div><div id=\"708791f825f49b6cc\" class=\"panel-collapse collapse \" aria-labelledby=\"toggle_708791f825f49b6cc\"><div class=\"panel-body toggle-content fusion-clearfix\">\n<p>Data backups alone are no longer sufficient, as NIS2 requires documented recovery testing. Only those who regularly test their backups can respond quickly in an emergency.<\/p>\n<p><b>Immediate action: <\/b>Implement the 3-2-1 backup rule (3 copies, 2 different media, 1 offsite) and schedule quarterly recovery tests.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel panel-default panel-5c282e597871993ab fusion-toggle-no-divider\"><div class=\"panel-heading\"><h4 class=\"panel-title toggle\" id=\"toggle_5c282e597871993ab\"><a aria-expanded=\"false\" aria-controls=\"5c282e597871993ab\" role=\"button\" data-toggle=\"collapse\" data-parent=\"#accordion-13130-1\" data-target=\"#5c282e597871993ab\" href=\"#5c282e597871993ab\"><span class=\"fusion-toggle-icon-wrapper\" aria-hidden=\"true\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/span><span class=\"fusion-toggle-heading\">6. Review access rights and permissions<\/span><\/a><\/h4><\/div><div id=\"5c282e597871993ab\" class=\"panel-collapse collapse \" aria-labelledby=\"toggle_5c282e597871993ab\"><div class=\"panel-body toggle-content fusion-clearfix\">\n<p>Excessive access rights represent an underestimated security risk. The principle of least privilege is a core component of NIS2 requirements.<\/p>\n<p><b>Immediate action: <\/b>Review all user accounts and access rights. Disable inactive accounts and reduce admin privileges to the minimum necessary.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel panel-default panel-76c8e994a10bb75f0 fusion-toggle-no-divider\"><div class=\"panel-heading\"><h4 class=\"panel-title toggle\" id=\"toggle_76c8e994a10bb75f0\"><a aria-expanded=\"false\" aria-controls=\"76c8e994a10bb75f0\" role=\"button\" data-toggle=\"collapse\" data-parent=\"#accordion-13130-1\" data-target=\"#76c8e994a10bb75f0\" href=\"#76c8e994a10bb75f0\"><span class=\"fusion-toggle-icon-wrapper\" aria-hidden=\"true\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/span><span class=\"fusion-toggle-heading\">7. Define an incident response process<\/span><\/a><\/h4><\/div><div id=\"76c8e994a10bb75f0\" class=\"panel-collapse collapse \" aria-labelledby=\"toggle_76c8e994a10bb75f0\"><div class=\"panel-body toggle-content fusion-clearfix\">\n<p>NIS2 requires affected companies to report security incidents: significant incidents must be reported to the BSI within 24 hours, followed by a full report within 72 hours.<\/p>\n<p><b>Immediate action:<\/b> Establish a simple incident response plan: Who is informed and when? Who reports to the BSI? Who communicates externally?<\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel panel-default panel-e18a01d2782489114 fusion-toggle-no-divider\"><div class=\"panel-heading\"><h4 class=\"panel-title toggle\" id=\"toggle_e18a01d2782489114\"><a aria-expanded=\"false\" aria-controls=\"e18a01d2782489114\" role=\"button\" data-toggle=\"collapse\" data-parent=\"#accordion-13130-1\" data-target=\"#e18a01d2782489114\" href=\"#e18a01d2782489114\"><span class=\"fusion-toggle-icon-wrapper\" aria-hidden=\"true\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/span><span class=\"fusion-toggle-heading\">8. Review supply chains and service providers<\/span><\/a><\/h4><\/div><div id=\"e18a01d2782489114\" class=\"panel-collapse collapse \" aria-labelledby=\"toggle_e18a01d2782489114\"><div class=\"panel-body toggle-content fusion-clearfix\">\n<p>NIS2 also extends to the supply chain. Customers and contracting parties will increasingly require proof of security measures from their suppliers.<\/p>\n<p><b>Immediate action:<\/b> Review contracts with IT service providers and critical suppliers for security requirements and update them if necessary.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel panel-default panel-31b9e585ef2ac3fc2 fusion-toggle-no-divider\"><div class=\"panel-heading\"><h4 class=\"panel-title toggle\" id=\"toggle_31b9e585ef2ac3fc2\"><a aria-expanded=\"false\" aria-controls=\"31b9e585ef2ac3fc2\" role=\"button\" data-toggle=\"collapse\" data-parent=\"#accordion-13130-1\" data-target=\"#31b9e585ef2ac3fc2\" href=\"#31b9e585ef2ac3fc2\"><span class=\"fusion-toggle-icon-wrapper\" aria-hidden=\"true\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/span><span class=\"fusion-toggle-heading\">9. Conduct employee training<\/span><\/a><\/h4><\/div><div id=\"31b9e585ef2ac3fc2\" class=\"panel-collapse collapse \" aria-labelledby=\"toggle_31b9e585ef2ac3fc2\"><div class=\"panel-body toggle-content fusion-clearfix\">\n<p>Human error is the most common cause of security incidents. NIS2 requires verifiable training for both management and employees.<\/p>\n<p><b>Immediate action:<\/b> Plan at least one annual security awareness training and document participation. We recommend phishing simulations as a particularly effective training component.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel panel-default panel-f6f7eca59e4a98c2c fusion-toggle-no-divider\"><div class=\"panel-heading\"><h4 class=\"panel-title toggle\" id=\"toggle_f6f7eca59e4a98c2c\"><a aria-expanded=\"false\" aria-controls=\"f6f7eca59e4a98c2c\" role=\"button\" data-toggle=\"collapse\" data-parent=\"#accordion-13130-1\" data-target=\"#f6f7eca59e4a98c2c\" href=\"#f6f7eca59e4a98c2c\"><span class=\"fusion-toggle-icon-wrapper\" aria-hidden=\"true\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/span><span class=\"fusion-toggle-heading\">10. Document security policies in writing<\/span><\/a><\/h4><\/div><div id=\"f6f7eca59e4a98c2c\" class=\"panel-collapse collapse \" aria-labelledby=\"toggle_f6f7eca59e4a98c2c\"><div class=\"panel-body toggle-content fusion-clearfix\">\n<p>Verbal agreements are no longer sufficient. NIS2 requires documented policies covering information security, password management, access rights, and emergency procedures.<\/p>\n<p><b>Immediate action: <\/b>Create a basic set of information security policies \u2014 this is also feasible for SMEs without ISO 27001 certification.<\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-8 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1372.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-9 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:20px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:0px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-9 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-text-color:var(--awb-color6);--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:24px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:54;line-height:1.14;\">Overview: NIS2 Checklist at a Glance<\/h2><\/div><div class=\"fusion-text fusion-text-13\"><\/div>\n<div class=\"table-1\">\n<table width=\"100%\">\n<thead>\n<tr>\n<th align=\"left\">#<\/th>\n<th align=\"left\">Measure<\/th>\n<th align=\"left\">Effort<\/th>\n<th align=\"left\">Priority<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"left\">1<\/td>\n<td align=\"left\">Complete BSI registration<\/td>\n<td align=\"left\">Low<\/td>\n<td align=\"left\">\ud83d\udd34 Immediate<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">2<\/td>\n<td align=\"left\">Appoint an Information Security Officer (ISO)<\/td>\n<td align=\"left\">Low<\/td>\n<td align=\"left\">\ud83d\udd34 Immediate<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">3<\/td>\n<td align=\"left\">Enable MFA<\/td>\n<td align=\"left\">Low<\/td>\n<td align=\"left\">\ud83d\udd34 Immediate<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">4<\/td>\n<td align=\"left\">Implement patch management<\/td>\n<td align=\"left\">Medium<\/td>\n<td align=\"left\">\ud83d\udd34 Immediate<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">5<\/td>\n<td align=\"left\">Backup &amp; recovery testing<\/td>\n<td align=\"left\">Medium<\/td>\n<td align=\"left\">\ud83d\udfe0 This week<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">6<\/td>\n<td align=\"left\">Review access rights<\/td>\n<td align=\"left\">Low<\/td>\n<td align=\"left\">\ud83d\udfe0 This week<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">7<\/td>\n<td align=\"left\">Create an incident response plan<\/td>\n<td align=\"left\">Medium<\/td>\n<td align=\"left\">\ud83d\udfe0 This week<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">8<\/td>\n<td align=\"left\">Review supply chain<\/td>\n<td align=\"left\">Medium<\/td>\n<td align=\"left\">\ud83d\udfe1 This month<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">9<\/td>\n<td align=\"left\">Plan employee training<\/td>\n<td align=\"left\">Medium<\/td>\n<td align=\"left\">\ud83d\udfe1 This month<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">10<\/td>\n<td align=\"left\">Document policies<\/td>\n<td align=\"left\">High<\/td>\n<td align=\"left\">\ud83d\udfe1 This month<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-9 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1372.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-10 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:20px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:0px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-10 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-text-color:var(--awb-color6);--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:24px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:54;line-height:1.14;\">What happens if you do not comply?<\/h2><\/div><div class=\"fusion-text fusion-text-14\"><div>The consequences of non-compliance with NIS2 are severe:<\/div>\n<ul>\n<li><strong>Fines<\/strong> of up to \u20ac10 million or 2% of global annual turnover<\/li>\n<li><strong>Personal liability<\/strong> of management in case of proven violations<\/li>\n<li><strong>Exclusion from supply chains<\/strong> if customers require compliance proof<\/li>\n<li><strong>Reputational damage<\/strong> in case of publicly known security incidents<\/li>\n<\/ul>\n<div>According to the BSI, around <strong>29,500 companies<\/strong> in Germany have been affected since December 2025.<\/div>\n<\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-10 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1372.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-11 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:20px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:0px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-11 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-text-color:var(--awb-color6);--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:24px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:54;line-height:1.14;\">How long does NIS2 implementation take?<\/h2><\/div><div class=\"fusion-text fusion-text-15\"><div>From our consulting experience with SMEs, full NIS2 implementation typically takes 3 to 6 months:<\/div>\n<ul>\n<li>Weeks 1-2: Assessment and initial analysis<\/li>\n<li>Weeks 3-6: Implement quick wins (MFA, backups, patch management)<\/li>\n<li>Weeks 7-12: Review supply chains and establish governance structures<\/li>\n<li>Weeks 13-15: Test and document incident response scenarios<\/li>\n<\/ul>\n<p><b>Whoever starts now, can implement this with precision and structure and does not have to scramble at the last minute<\/b>. Find the full roadmap here: <a href=\"https:\/\/netxconsult.de\/en\/it-projects-2026\/nis2-implementation-enterprises\/\">NIS2 Implementation \u2013 Immediate Measures and Long-Term Roadmap<\/a><\/p>\n<\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-11 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1372.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-12 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:94px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-12 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-text-color:var(--awb-color6);--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:24px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:54;line-height:1.14;\">Conclusion<\/h2><\/div><div class=\"fusion-text fusion-text-16\"><p>NIS2 is not just a bureaucratic obligation \u2013 it is an opportunity to strengthen your IT security in a structured way.<br \/>\nCompanies that act early are not only compliant, but also more resilient to cyberattacks and better positioned in competitive tenders.<\/p>\n<p>The 10 measures outlined in this checklist provide a practical starting point. Many can be implemented within just a few days \u2013 without major investments.<\/p>\n<\/div><div class=\"fusion-text fusion-text-17\"><blockquote>\n<p><strong>Note:<\/strong> This article provides general guidance on NIS2 and does not replace individual legal or compliance advice. Every company has a different starting point. Feel free to contact us and we will assess your specific situation together.<\/p>\n<\/blockquote>\n<\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-12 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1372.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-13 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:94px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-13 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-text-color:var(--awb-color6);--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:24px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:54;line-height:1.14;\">Request your free NIS2 consultation<\/h2><\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-13 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1372.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-14 fusion_builder_column_2_3 2_3 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:66.666666666667%;--awb-margin-top-large:20px;--awb-spacing-right-large:2.88%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:2.88%;--awb-width-medium:66.666666666667%;--awb-order-medium:0;--awb-spacing-right-medium:2.88%;--awb-spacing-left-medium:2.88%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-18\"><div>Not sure where to start? netX consult supports SMEs throughout the entire NIS2 implementation process, from initial assessment to operational execution and employee training. <span style=\"background-color: rgba(0, 0, 0, 0);\"><b>We offer a <\/b><\/span><b style=\"background-color: rgba(0, 0, 0, 0);\">15-minute free consultation without obligation or sales pressure No obligation<\/b><\/div>\n<div>With over 20 years of experience in complex IT environments, we know how to implement even demanding compliance requirements pragmatically.<strong> <span style=\"color: var(--awb-color6);\">Book your consultation now below.<\/span><\/strong><\/div>\n<\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-15 fusion_builder_column_1_3 1_3 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:33.333333333333%;--awb-margin-top-large:20px;--awb-spacing-right-large:5.76%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:5.76%;--awb-width-medium:33.333333333333%;--awb-order-medium:0;--awb-spacing-right-medium:5.76%;--awb-spacing-left-medium:5.76%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-image-element\" style=\"--awb-caption-title-font-family:var(--h2_typography-font-family);--awb-caption-title-font-weight:var(--h2_typography-font-weight);--awb-caption-title-font-style:var(--h2_typography-font-style);--awb-caption-title-size:var(--h2_typography-font-size);--awb-caption-title-transform:var(--h2_typography-text-transform);--awb-caption-title-line-height:var(--h2_typography-line-height);--awb-caption-title-letter-spacing:var(--h2_typography-letter-spacing);\"><span class=\" fusion-imageframe imageframe-none imageframe-2 hover-type-none\" style=\"border-radius:8px;\"><img decoding=\"async\" width=\"2560\" height=\"1707\" title=\"Young business people in the room\" src=\"https:\/\/netxconsult.de\/wp-content\/uploads\/2025\/11\/young-business-people-in-the-room-2025-02-22-16-06-57-utc-scaled.jpg\" alt class=\"img-responsive wp-image-12647\" srcset=\"https:\/\/netxconsult.de\/wp-content\/uploads\/2025\/11\/young-business-people-in-the-room-2025-02-22-16-06-57-utc-200x133.jpg 200w, https:\/\/netxconsult.de\/wp-content\/uploads\/2025\/11\/young-business-people-in-the-room-2025-02-22-16-06-57-utc-400x267.jpg 400w, https:\/\/netxconsult.de\/wp-content\/uploads\/2025\/11\/young-business-people-in-the-room-2025-02-22-16-06-57-utc-600x400.jpg 600w, https:\/\/netxconsult.de\/wp-content\/uploads\/2025\/11\/young-business-people-in-the-room-2025-02-22-16-06-57-utc-800x533.jpg 800w, https:\/\/netxconsult.de\/wp-content\/uploads\/2025\/11\/young-business-people-in-the-room-2025-02-22-16-06-57-utc-1200x800.jpg 1200w, https:\/\/netxconsult.de\/wp-content\/uploads\/2025\/11\/young-business-people-in-the-room-2025-02-22-16-06-57-utc-scaled.jpg 2560w\" sizes=\"(max-width: 640px) 100vw, 400px\" \/><\/span><\/div><\/div><\/div><\/div><\/div><div id=\"Kontakt\" class=\"fusion-container-anchor\"><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-14 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-padding-top:60px;--awb-padding-right:0px;--awb-padding-bottom:105px;--awb-background-color:#ffffff;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-justify-content-space-around fusion-flex-content-wrap\" style=\"max-width:1372.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-16 fusion_builder_column_5_6 5_6 fusion-flex-column fusion-flex-align-self-flex-start fusion-animated\" style=\"--awb-padding-top:50px;--awb-padding-right:50px;--awb-padding-bottom:50px;--awb-padding-left:50px;--awb-overflow:hidden;--awb-bg-color:#ffffff;--awb-bg-color-hover:#ffffff;--awb-bg-size:cover;--awb-box-shadow:24px 24px 45px 50px rgba(0,0,0,0.1);;--awb-border-color:rgba(0,0,0,0.08);--awb-border-right:1px;--awb-border-bottom:1px;--awb-border-left:1px;--awb-border-style:solid;--awb-border-radius:12px 12px 12px 12px;--awb-width-large:83.333333333333%;--awb-margin-top-large:20px;--awb-spacing-right-large:50px;--awb-margin-bottom-large:20px;--awb-spacing-left-large:50px;--awb-width-medium:50%;--awb-order-medium:2;--awb-spacing-right-medium:7.68%;--awb-spacing-left-medium:7.68%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-margin-bottom-small:10px;--awb-spacing-left-small:1.92%;\" data-animationType=\"fadeInRight\" data-animationDuration=\"1.0\" data-animationOffset=\"top-into-view\" data-scroll-devices=\"small-visibility,medium-visibility,large-visibility\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-separator fusion-full-width-sep\" style=\"align-self: center;margin-left: auto;margin-right: auto;width:100%;\"><\/div><div class=\"fusion-title title fusion-title-14 fusion-sep-none fusion-title-center fusion-title-text fusion-title-size-four displaynone\" style=\"--awb-margin-bottom:10px;--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:2px;--awb-margin-left-small:0px;--awb-margin-bottom-medium:4px;--awb-font-size:45px;\"><h4 class=\"fusion-title-heading title-heading-center fusion-responsive-typography-calculated\" style=\"margin:0;font-size:1em;--fontSize:45;line-height:1.4;\"><p class=\"fusion-title-heading title-heading-center fusion-responsive-typography-calculated\">15 Minuten kostenlose Kurzberatung<\/p><\/h4><\/div><div class=\"fusion-title title fusion-title-15 fusion-sep-none fusion-title-center fusion-title-text fusion-title-size-div displaynone\" style=\"--awb-text-color:#777777;--awb-margin-bottom:5px;--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:2px;--awb-margin-left-small:0px;--awb-margin-bottom-medium:4px;--awb-font-size:25px;\"><div class=\"fusion-title-heading title-heading-center title-heading-tag fusion-responsive-typography-calculated\" style=\"margin:0;font-size:1em;--fontSize:25;line-height:1.04;\">Ihre IT-Beratungsdienstleister<\/div><\/div><div class=\"fusion-builder-row fusion-builder-row-inner fusion-row fusion-flex-align-items-flex-start fusion-flex-justify-content-space-around fusion-flex-content-wrap\" style=\"--awb-flex-grow:0;--awb-flex-grow-medium:0;--awb-flex-grow-small:0;--awb-flex-shrink:0;--awb-flex-shrink-medium:0;--awb-flex-shrink-small:0;width:104% !important;max-width:104% !important;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column_inner fusion-builder-nested-column-0 fusion_builder_column_inner_1_4 1_4 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:25%;--awb-margin-top-large:20px;--awb-spacing-right-large:7.68%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:7.68%;--awb-width-medium:25%;--awb-order-medium:0;--awb-spacing-right-medium:7.68%;--awb-spacing-left-medium:7.68%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column_inner fusion-builder-nested-column-1 fusion_builder_column_inner_1_4 1_4 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:25%;--awb-margin-top-large:20px;--awb-spacing-right-large:50px;--awb-margin-bottom-large:20px;--awb-spacing-left-large:7.68%;--awb-width-medium:25%;--awb-order-medium:0;--awb-spacing-right-medium:50px;--awb-spacing-left-medium:7.68%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-center fusion-content-layout-row\"><ul style=\"--awb-line-height:34px;--awb-icon-width:34px;--awb-icon-height:34px;--awb-icon-margin:14px;--awb-content-margin:48px;--awb-circlecolor:var(--awb-color6);--awb-circle-yes-font-size:17.6px;\" class=\"fusion-checklist fusion-checklist-2 fusion-checklist-default type-icons\"><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-phone-alt fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p><a href=\"tel:+4998182633300\">+4998182633300<\/a><\/p>\n<\/div><\/li><\/ul><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column_inner fusion-builder-nested-column-2 fusion_builder_column_inner_1_4 1_4 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:25%;--awb-margin-top-large:20px;--awb-spacing-right-large:7.68%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:50px;--awb-width-medium:25%;--awb-order-medium:0;--awb-spacing-right-medium:7.68%;--awb-spacing-left-medium:50px;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><ul style=\"--awb-line-height:34px;--awb-icon-width:34px;--awb-icon-height:34px;--awb-icon-margin:14px;--awb-content-margin:48px;--awb-circlecolor:var(--awb-color6);--awb-circle-yes-font-size:17.6px;\" class=\"fusion-checklist fusion-checklist-3 fusion-checklist-default type-icons\"><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-at fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\"><a href=\"mailto:kontakt@netxconsult.de\">kontakt@netxconsult.de<\/a><\/div><\/li><\/ul><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column_inner fusion-builder-nested-column-3 fusion_builder_column_inner_1_4 1_4 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:25%;--awb-margin-top-large:20px;--awb-spacing-right-large:7.68%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:7.68%;--awb-width-medium:25%;--awb-order-medium:0;--awb-spacing-right-medium:7.68%;--awb-spacing-left-medium:7.68%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><\/div><\/div><\/div><div style=\"text-align:center;\"><a class=\"fusion-button button-flat button-xlarge button-default fusion-button-default button-1 fusion-button-default-span fusion-button-default-type\" style=\"--awb-margin-top:30px;--button_text_transform:none;\" target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/outlook.office.com\/book\/G1340917bdb1c44ec8c31bacfc56734cb@netxconsult.de\/?ismsaljsauthenabled\"><span class=\"fusion-button-text awb-button__text awb-button__text--default\">Jetzt Termin buchen<\/span><\/a><\/div><div class=\"fusion-text fusion-text-19\" style=\"--awb-content-alignment:center;--awb-font-size:12px;--awb-line-height:24px;--awb-text-color:#777777;--awb-margin-top:40px;--awb-text-font-family:&quot;Open Sans&quot;;--awb-text-font-style:normal;--awb-text-font-weight:400;\"><p style=\"margin-bottom: 0px; margin-top: 10px;\">Mit meinem Klick auf \u201eJetzt Termin buchen\u201d erteile ich freiwillig meine Einwilligung in die Verarbeitung meiner personenbezogenen<br \/>\nDaten zu Zwecken der Kontaktaufnahme. Ich kann die datenschutzrechtliche Einwilligung jederzeit mit Wirkung f\u00fcr die Zukunft widerrufen. Durch den Widerruf der Einwilligung wird die Rechtm\u00e4\u00dfigkeit der aufgrund der Einwilligung bis zum Widerruf erfolgten Verarbeitung nicht ber\u00fchrt. Mit meiner Handlung best\u00e4tige ich ebenfalls, die\u00a0<a href=\"https:\/\/netxconsult.de\/datenschutzerklaerung\/\">Datenschutzerkl\u00e4rung<\/a>\u00a0und das\u00a0<a href=\"https:\/\/www.netxconsult.de\/docs\/Tdoc-en.pdf\">Transparenzdokument<\/a>\u00a0gelesen und zur Kenntnis genommen zu haben.<\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div>\n<div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-15 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1372.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-17 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:20px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><style type=\"text\/css\">#accordian-1 .fusion-panel:hover,#accordian-1 .fusion-panel.hover{ background-color: #ffffff } #accordian-1 .fusion-panel { border-color:rgba(0,0,0,0.08); border-width:0px; background-color:rgba(255,255,255,0); }.fusion-accordian #accordian-1 .panel-title a .fa-fusion-box:before{ font-size: 32px;width: 32px;}.fusion-accordian #accordian-1 .panel-title a .fa-fusion-box{ color: #f86011;}.fusion-accordian #accordian-1.fusion-toggle-icon-right .fusion-toggle-heading{ margin-right: 50px;}.fusion-accordian  #accordian-1 .panel-title a{font-family:\"DM Sans\";font-style:normal;font-weight:500;}.fusion-accordian  #accordian-1 .panel-title a:not(:hover){}.fusion-accordian  #accordian-1 .toggle-content{font-family:\"DM Sans\";font-style:normal;font-weight:400;}.fusion-accordian #accordian-1 .panel-title a:hover,.fusion-accordian #accordian-1 .panel-title a.hover { color: #f86011;}.fusion-faq-shortcode .fusion-accordian #accordian-1 .fusion-toggle-boxed-mode:hover .panel-title a { color: #f86011;}.fusion-accordian #accordian-1.fusion-toggle-icon-unboxed .panel-title a:hover .fa-fusion-box,.fusion-accordian #accordian-1.fusion-toggle-icon-unboxed .panel-title a.hover .fa-fusion-box { color: #f86011; }<\/style><div class=\"fusion-faq-shortcode\" style=\"\"><div class=\"fusion-faqs-wrapper\"><div class=\"accordian fusion-accordian\"><div class=\"panel-group  fusion-toggle-icon-right fusion-toggle-icon-unboxed\" id=\"accordian-1\"><div class=\"fusion-panel fusion-toggle-no-divider fusion-toggle-boxed-mode panel-default fusion-faq-post fusion-faq-post-13180 nis2-directive-faq-blog \"><span class=\"entry-title rich-snippet-hidden\">Does NIS2 also apply to small companies with fewer than 50 employees?<\/span><span class=\"vcard rich-snippet-hidden\"><span class=\"fn\"><a href=\"https:\/\/netxconsult.de\/en\/blog\/author\/selinab\/\" title=\"Posts by Selina Bassignana\" rel=\"author\">Selina Bassignana<\/a><\/span><\/span><span class=\"updated rich-snippet-hidden\">2026-05-29T12:08:50+02:00<\/span><div class=\"panel-heading\"><h4 id=\"faq_1-13180\" class=\"panel-title toggle\"><a data-toggle=\"collapse\" class=\"collapsed\" data-target=\"#collapse-1-13180\" href=\"#collapse-1-13180\" aria-expanded=\"false\"><div class=\"fusion-toggle-icon-wrapper\"><div class=\"fusion-toggle-icon-wrapper-main\"><div class=\"fusion-toggle-icon-wrapper-sub\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/div><\/div><\/div><div class=\"fusion-toggle-heading\">Does NIS2 also apply to small companies with fewer than 50 employees?<\/div><\/a><\/h4><\/div><div id=\"collapse-1-13180\" aria-labelledby=\"faq_1-13180\" class=\"panel-collapse collapse\"><div class=\"panel-body toggle-content post-content\"><p><span class=\"TextRun SCXW201313536 BCX0\" lang=\"DE-DE\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW201313536 BCX0\">Generally not\u2014but there are exceptions. Companies <\/span><span class=\"NormalTextRun SCXW201313536 BCX0\">,<\/span><span class=\"NormalTextRun SCXW201313536 BCX0\"> <\/span><span class=\"NormalTextRun ContextualSpellingAndGrammarErrorV2Themed SCXW201313536 BCX0\">that provide critical services<\/span><span class=\"NormalTextRun SCXW201313536 BCX0\">  (e.g., in healthcare or digital infrastructure) may also be affected below the thresholds. In addition, large companies subject to NIS2 are increasingly requiring compliance evidence from their suppliers. <\/span><\/span><span class=\"EOP SCXW201313536 BCX0\" data-ccp-props=\"{\"201341983\":0,\"335559738\":240,\"335559739\":240,\"335559740\":342}\"> <\/span><\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel fusion-toggle-no-divider fusion-toggle-boxed-mode panel-default fusion-faq-post fusion-faq-post-13179 nis2-directive-faq-blog \"><span class=\"entry-title rich-snippet-hidden\">Can I implement NIS2 as a SME myself or do I need external consultants?<\/span><span class=\"vcard rich-snippet-hidden\"><span class=\"fn\"><a href=\"https:\/\/netxconsult.de\/en\/blog\/author\/selinab\/\" title=\"Posts by Selina Bassignana\" rel=\"author\">Selina Bassignana<\/a><\/span><\/span><span class=\"updated rich-snippet-hidden\">2026-05-29T12:06:02+02:00<\/span><div class=\"panel-heading\"><h4 id=\"faq_1-13179\" class=\"panel-title toggle\"><a data-toggle=\"collapse\" class=\"collapsed\" data-target=\"#collapse-1-13179\" href=\"#collapse-1-13179\" aria-expanded=\"false\"><div class=\"fusion-toggle-icon-wrapper\"><div class=\"fusion-toggle-icon-wrapper-main\"><div class=\"fusion-toggle-icon-wrapper-sub\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/div><\/div><\/div><div class=\"fusion-toggle-heading\">Can I implement NIS2 as a SME myself or do I need external consultants?<\/div><\/a><\/h4><\/div><div id=\"collapse-1-13179\" aria-labelledby=\"faq_1-13179\" class=\"panel-collapse collapse\"><div class=\"panel-body toggle-content post-content\"><p><span class=\"TextRun SCXW108597267 BCX0\" lang=\"DE-DE\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW108597267 BCX0\">Simple immediate measures like MFA-Activation or setup your back up system can be done internally and immedaitely.  <\/span>For governance structures, principle guidance and supply chain review we recommend external support &#8211; especially if no internally dedicated IT security team has been appointed.<\/span><span class=\"EOP SCXW108597267 BCX0\" data-ccp-props=\"{\"201341983\":0,\"335559738\":240,\"335559739\":240,\"335559740\":342}\"> <\/span><\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel fusion-toggle-no-divider fusion-toggle-boxed-mode panel-default fusion-faq-post fusion-faq-post-13178 nis2-directive-faq-blog \"><span class=\"entry-title rich-snippet-hidden\">What is the first step in implementing NIS2?<\/span><span class=\"vcard rich-snippet-hidden\"><span class=\"fn\"><a href=\"https:\/\/netxconsult.de\/en\/blog\/author\/selinab\/\" title=\"Posts by Selina Bassignana\" rel=\"author\">Selina Bassignana<\/a><\/span><\/span><span class=\"updated rich-snippet-hidden\">2026-05-29T12:01:13+02:00<\/span><div class=\"panel-heading\"><h4 id=\"faq_1-13178\" class=\"panel-title toggle\"><a data-toggle=\"collapse\" class=\"collapsed\" data-target=\"#collapse-1-13178\" href=\"#collapse-1-13178\" aria-expanded=\"false\"><div class=\"fusion-toggle-icon-wrapper\"><div class=\"fusion-toggle-icon-wrapper-main\"><div class=\"fusion-toggle-icon-wrapper-sub\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/div><\/div><\/div><div class=\"fusion-toggle-heading\">What is the first step in implementing NIS2?<\/div><\/a><\/h4><\/div><div id=\"collapse-1-13178\" aria-labelledby=\"faq_1-13178\" class=\"panel-collapse collapse\"><div class=\"panel-body toggle-content post-content\"><p><span class=\"TextRun SCXW185709569 BCX0\" lang=\"DE\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW185709569 BCX0\">The first step is to assess whether you are affected. The BSI provides a free online tool for this: betroffenheitspruefung-nis-2.bsi.de. After that, you should complete the BSI registration, if you have not already done so.  <\/span><\/span><span class=\"EOP SCXW185709569 BCX0\" data-ccp-props=\"{\"201341983\":0,\"335559738\":240,\"335559739\":240,\"335559740\":342}\"> <\/span><\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel fusion-toggle-no-divider fusion-toggle-boxed-mode panel-default fusion-faq-post fusion-faq-post-13177 nis2-directive-faq-blog \"><span class=\"entry-title rich-snippet-hidden\">What is NIS2 in simple terms?<\/span><span class=\"vcard rich-snippet-hidden\"><span class=\"fn\"><a href=\"https:\/\/netxconsult.de\/en\/blog\/author\/selinab\/\" title=\"Posts by Selina Bassignana\" rel=\"author\">Selina Bassignana<\/a><\/span><\/span><span class=\"updated rich-snippet-hidden\">2026-05-29T12:00:35+02:00<\/span><div class=\"panel-heading\"><h4 id=\"faq_1-13177\" class=\"panel-title toggle\"><a data-toggle=\"collapse\" class=\"collapsed\" data-target=\"#collapse-1-13177\" href=\"#collapse-1-13177\" aria-expanded=\"false\"><div class=\"fusion-toggle-icon-wrapper\"><div class=\"fusion-toggle-icon-wrapper-main\"><div class=\"fusion-toggle-icon-wrapper-sub\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/div><\/div><\/div><div class=\"fusion-toggle-heading\">What is NIS2 in simple terms?<\/div><\/a><\/h4><\/div><div id=\"collapse-1-13177\" aria-labelledby=\"faq_1-13177\" class=\"panel-collapse collapse\"><div class=\"panel-body toggle-content post-content\"><p><span class=\"TextRun SCXW161069523 BCX0\" lang=\"DE\" data-contrast=\"auto\" xml:lang=\"DE\"><span class=\"NormalTextRun SCXW161069523 BCX0\">NIS2 is an EU directive on cybersecurity that has been in effect in Germany since December 2025. It requires companies with 50 or more employees in 18 sectors to implement specific IT security measures\u2014with personal liability for management. <\/span><\/span><span class=\"EOP SCXW161069523 BCX0\" data-ccp-props=\"{\"201341983\":0,\"335559738\":240,\"335559739\":240,\"335559740\":342}\"> <\/span><\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel fusion-toggle-no-divider fusion-toggle-boxed-mode panel-default fusion-faq-post fusion-faq-post-12795 nis2-directive-faq-blog nis2richtliniefaq \"><span class=\"entry-title rich-snippet-hidden\">What Penalties Will We Face for Non-Compliance?<\/span><span class=\"vcard rich-snippet-hidden\"><span class=\"fn\"><a href=\"https:\/\/netxconsult.de\/en\/blog\/author\/manuelnetx\/\" title=\"Posts by Manuel Mayer\" rel=\"author\">Manuel Mayer<\/a><\/span><\/span><span class=\"updated rich-snippet-hidden\">2025-11-07T14:16:47+01:00<\/span><div class=\"panel-heading\"><h4 id=\"faq_1-12795\" class=\"panel-title toggle\"><a data-toggle=\"collapse\" class=\"collapsed\" data-target=\"#collapse-1-12795\" href=\"#collapse-1-12795\" aria-expanded=\"false\"><div class=\"fusion-toggle-icon-wrapper\"><div class=\"fusion-toggle-icon-wrapper-main\"><div class=\"fusion-toggle-icon-wrapper-sub\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/div><\/div><\/div><div class=\"fusion-toggle-heading\">What Penalties Will We Face for Non-Compliance?<\/div><\/a><\/h4><\/div><div id=\"collapse-1-12795\" aria-labelledby=\"faq_1-12795\" class=\"panel-collapse collapse\"><div class=\"panel-body toggle-content post-content\"><p>The amount of the penalty depends on the sector and the severity of the infringement, and can be up to 10 million Euros or 2% of the global annual turnover. This is another reason not to take the NIS2 directive lightly. <\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel fusion-toggle-no-divider fusion-toggle-boxed-mode panel-default fusion-faq-post fusion-faq-post-12792 nis2-directive-faq-blog nis2-umsetzung \"><span class=\"entry-title rich-snippet-hidden\">Is it Primarily IT or Management that Needs to Act?<\/span><span class=\"vcard rich-snippet-hidden\"><span class=\"fn\"><a href=\"https:\/\/netxconsult.de\/en\/blog\/author\/manuelnetx\/\" title=\"Posts by Manuel Mayer\" rel=\"author\">Manuel Mayer<\/a><\/span><\/span><span class=\"updated rich-snippet-hidden\">2025-11-07T14:16:46+01:00<\/span><div class=\"panel-heading\"><h4 id=\"faq_1-12792\" class=\"panel-title toggle\"><a data-toggle=\"collapse\" class=\"collapsed\" data-target=\"#collapse-1-12792\" href=\"#collapse-1-12792\" aria-expanded=\"false\"><div class=\"fusion-toggle-icon-wrapper\"><div class=\"fusion-toggle-icon-wrapper-main\"><div class=\"fusion-toggle-icon-wrapper-sub\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/div><\/div><\/div><div class=\"fusion-toggle-heading\">Is it Primarily IT or Management that Needs to Act?<\/div><\/a><\/h4><\/div><div id=\"collapse-1-12792\" aria-labelledby=\"faq_1-12792\" class=\"panel-collapse collapse\"><div class=\"panel-body toggle-content post-content\"><p>Collaboration is crucial: Both the IT department and management must take action. The IT department implements technical security measures, while management ensures that resources, policies, and processes are in place. Both levels must work together to meet the requirements of the NIS2 directive and ensure the company&#8217;s cybersecurity. As non-compliance is often due to management issues, management should take the situation particularly seriously.   <\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/p>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":29,"featured_media":13195,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[335,247],"tags":[331],"class_list":["post-13130","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-en_cloud","category-it-security-en","tag-nis2-en"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>NIS2 Checklist for SMEs: 10 Measures You Must Implement Now<\/title>\n<meta name=\"description\" content=\"NIS2 has been in force since December 2025. Use our checklist to assess within 5 minutes whether your SME is affected \u2013 and which measures you must implement immediately.\u2028\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/netxconsult.de\/en\/blog\/nis2-checklist-sme\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NIS2 Checklist for SMEs: 10 Measures You Must Implement Now\" \/>\n<meta property=\"og:description\" content=\"NIS2 has been in force since December 2025. Use our checklist to assess within 5 minutes whether your SME is affected \u2013 and which measures you must implement immediately.\u2028\" \/>\n<meta property=\"og:url\" content=\"https:\/\/netxconsult.de\/en\/blog\/nis2-checklist-sme\/\" \/>\n<meta property=\"og:site_name\" content=\"netX consult\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-29T10:11:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-15T16:14:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/netxconsult.de\/wp-content\/uploads\/2026\/06\/NIS2-Illustration.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Selina Bassignana\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Selina Bassignana\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/blog\\\/nis2-checklist-sme\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/blog\\\/nis2-checklist-sme\\\/\"},\"author\":{\"name\":\"Selina Bassignana\",\"@id\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/#\\\/schema\\\/person\\\/c7451ec97bf810dcaccdbf10d16424db\"},\"headline\":\"NIS2 Checklist for SMEs: 10 Measures You Must Implement Now\",\"datePublished\":\"2026-05-29T10:11:14+00:00\",\"dateModified\":\"2026-06-15T16:14:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/blog\\\/nis2-checklist-sme\\\/\"},\"wordCount\":11923,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/blog\\\/nis2-checklist-sme\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/netxconsult.de\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/NIS2-Illustration.png\",\"keywords\":[\"NIS2\"],\"articleSection\":[\"EN_Cloud\",\"IT security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/netxconsult.de\\\/en\\\/blog\\\/nis2-checklist-sme\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/blog\\\/nis2-checklist-sme\\\/\",\"url\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/blog\\\/nis2-checklist-sme\\\/\",\"name\":\"NIS2 Checklist for SMEs: 10 Measures You Must Implement Now\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/blog\\\/nis2-checklist-sme\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/blog\\\/nis2-checklist-sme\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/netxconsult.de\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/NIS2-Illustration.png\",\"datePublished\":\"2026-05-29T10:11:14+00:00\",\"dateModified\":\"2026-06-15T16:14:38+00:00\",\"description\":\"NIS2 has been in force since December 2025. Use our checklist to assess within 5 minutes whether your SME is affected \u2013 and which measures you must implement immediately.\\u2028\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/blog\\\/nis2-checklist-sme\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/netxconsult.de\\\/en\\\/blog\\\/nis2-checklist-sme\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/blog\\\/nis2-checklist-sme\\\/#primaryimage\",\"url\":\"https:\\\/\\\/netxconsult.de\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/NIS2-Illustration.png\",\"contentUrl\":\"https:\\\/\\\/netxconsult.de\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/NIS2-Illustration.png\",\"width\":\"1200\",\"height\":\"630\",\"caption\":\"Illustration zur NIS2\u2011Compliance f\u00fcr KMU: Person arbeitet am Laptop unter Zeitdruck, w\u00e4hrend Sicherheitswarnungen und Angriffe sichtbar sind; ein Schutzschild symbolisiert Ma\u00dfnahmen zur Einhaltung von IT\u2011Sicherheitsanforderungen.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/blog\\\/nis2-checklist-sme\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"NIS2 Checklist for SMEs: 10 Measures You Must Implement Now\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/\",\"name\":\"netX consult\",\"description\":\"IT-Beratung\",\"publisher\":{\"@id\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/#organization\",\"name\":\"netX consult e.K.\",\"url\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/netxconsult.de\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/netX-Logo-MS-Teams.png\",\"contentUrl\":\"https:\\\/\\\/netxconsult.de\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/netX-Logo-MS-Teams.png\",\"width\":241,\"height\":240,\"caption\":\"netX consult e.K.\"},\"image\":{\"@id\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/netxconsult\\\/about\",\"https:\\\/\\\/www.youtube.com\\\/@netXconsult\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/#\\\/schema\\\/person\\\/c7451ec97bf810dcaccdbf10d16424db\",\"name\":\"Selina Bassignana\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a1f62d6d650c15eebd44c98722b8ba5742702fd8937a622f8a17b864344892be?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a1f62d6d650c15eebd44c98722b8ba5742702fd8937a622f8a17b864344892be?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a1f62d6d650c15eebd44c98722b8ba5742702fd8937a622f8a17b864344892be?s=96&d=mm&r=g\",\"caption\":\"Selina Bassignana\"},\"url\":\"https:\\\/\\\/netxconsult.de\\\/en\\\/blog\\\/author\\\/selinab\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"NIS2 Checklist for SMEs: 10 Measures You Must Implement Now","description":"NIS2 has been in force since December 2025. Use our checklist to assess within 5 minutes whether your SME is affected \u2013 and which measures you must implement immediately.\u2028","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/netxconsult.de\/en\/blog\/nis2-checklist-sme\/","og_locale":"en_US","og_type":"article","og_title":"NIS2 Checklist for SMEs: 10 Measures You Must Implement Now","og_description":"NIS2 has been in force since December 2025. Use our checklist to assess within 5 minutes whether your SME is affected \u2013 and which measures you must implement immediately.\u2028","og_url":"https:\/\/netxconsult.de\/en\/blog\/nis2-checklist-sme\/","og_site_name":"netX consult","article_published_time":"2026-05-29T10:11:14+00:00","article_modified_time":"2026-06-15T16:14:38+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/netxconsult.de\/wp-content\/uploads\/2026\/06\/NIS2-Illustration.png","type":"image\/png"}],"author":"Selina Bassignana","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Selina Bassignana","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/netxconsult.de\/en\/blog\/nis2-checklist-sme\/#article","isPartOf":{"@id":"https:\/\/netxconsult.de\/en\/blog\/nis2-checklist-sme\/"},"author":{"name":"Selina Bassignana","@id":"https:\/\/netxconsult.de\/en\/#\/schema\/person\/c7451ec97bf810dcaccdbf10d16424db"},"headline":"NIS2 Checklist for SMEs: 10 Measures You Must Implement Now","datePublished":"2026-05-29T10:11:14+00:00","dateModified":"2026-06-15T16:14:38+00:00","mainEntityOfPage":{"@id":"https:\/\/netxconsult.de\/en\/blog\/nis2-checklist-sme\/"},"wordCount":11923,"commentCount":0,"publisher":{"@id":"https:\/\/netxconsult.de\/en\/#organization"},"image":{"@id":"https:\/\/netxconsult.de\/en\/blog\/nis2-checklist-sme\/#primaryimage"},"thumbnailUrl":"https:\/\/netxconsult.de\/wp-content\/uploads\/2026\/06\/NIS2-Illustration.png","keywords":["NIS2"],"articleSection":["EN_Cloud","IT security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/netxconsult.de\/en\/blog\/nis2-checklist-sme\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/netxconsult.de\/en\/blog\/nis2-checklist-sme\/","url":"https:\/\/netxconsult.de\/en\/blog\/nis2-checklist-sme\/","name":"NIS2 Checklist for SMEs: 10 Measures You Must Implement Now","isPartOf":{"@id":"https:\/\/netxconsult.de\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/netxconsult.de\/en\/blog\/nis2-checklist-sme\/#primaryimage"},"image":{"@id":"https:\/\/netxconsult.de\/en\/blog\/nis2-checklist-sme\/#primaryimage"},"thumbnailUrl":"https:\/\/netxconsult.de\/wp-content\/uploads\/2026\/06\/NIS2-Illustration.png","datePublished":"2026-05-29T10:11:14+00:00","dateModified":"2026-06-15T16:14:38+00:00","description":"NIS2 has been in force since December 2025. Use our checklist to assess within 5 minutes whether your SME is affected \u2013 and which measures you must implement immediately.\u2028","breadcrumb":{"@id":"https:\/\/netxconsult.de\/en\/blog\/nis2-checklist-sme\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/netxconsult.de\/en\/blog\/nis2-checklist-sme\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/netxconsult.de\/en\/blog\/nis2-checklist-sme\/#primaryimage","url":"https:\/\/netxconsult.de\/wp-content\/uploads\/2026\/06\/NIS2-Illustration.png","contentUrl":"https:\/\/netxconsult.de\/wp-content\/uploads\/2026\/06\/NIS2-Illustration.png","width":"1200","height":"630","caption":"Illustration zur NIS2\u2011Compliance f\u00fcr KMU: Person arbeitet am Laptop unter Zeitdruck, w\u00e4hrend Sicherheitswarnungen und Angriffe sichtbar sind; ein Schutzschild symbolisiert Ma\u00dfnahmen zur Einhaltung von IT\u2011Sicherheitsanforderungen."},{"@type":"BreadcrumbList","@id":"https:\/\/netxconsult.de\/en\/blog\/nis2-checklist-sme\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/netxconsult.de\/en\/"},{"@type":"ListItem","position":2,"name":"NIS2 Checklist for SMEs: 10 Measures You Must Implement Now"}]},{"@type":"WebSite","@id":"https:\/\/netxconsult.de\/en\/#website","url":"https:\/\/netxconsult.de\/en\/","name":"netX consult","description":"IT-Beratung","publisher":{"@id":"https:\/\/netxconsult.de\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/netxconsult.de\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/netxconsult.de\/en\/#organization","name":"netX consult e.K.","url":"https:\/\/netxconsult.de\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/netxconsult.de\/en\/#\/schema\/logo\/image\/","url":"https:\/\/netxconsult.de\/wp-content\/uploads\/2022\/05\/netX-Logo-MS-Teams.png","contentUrl":"https:\/\/netxconsult.de\/wp-content\/uploads\/2022\/05\/netX-Logo-MS-Teams.png","width":241,"height":240,"caption":"netX consult e.K."},"image":{"@id":"https:\/\/netxconsult.de\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/netxconsult\/about","https:\/\/www.youtube.com\/@netXconsult"]},{"@type":"Person","@id":"https:\/\/netxconsult.de\/en\/#\/schema\/person\/c7451ec97bf810dcaccdbf10d16424db","name":"Selina Bassignana","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/a1f62d6d650c15eebd44c98722b8ba5742702fd8937a622f8a17b864344892be?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/a1f62d6d650c15eebd44c98722b8ba5742702fd8937a622f8a17b864344892be?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a1f62d6d650c15eebd44c98722b8ba5742702fd8937a622f8a17b864344892be?s=96&d=mm&r=g","caption":"Selina Bassignana"},"url":"https:\/\/netxconsult.de\/en\/blog\/author\/selinab\/"}]}},"_links":{"self":[{"href":"https:\/\/netxconsult.de\/en\/wp-json\/wp\/v2\/posts\/13130","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/netxconsult.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/netxconsult.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/netxconsult.de\/en\/wp-json\/wp\/v2\/users\/29"}],"replies":[{"embeddable":true,"href":"https:\/\/netxconsult.de\/en\/wp-json\/wp\/v2\/comments?post=13130"}],"version-history":[{"count":4,"href":"https:\/\/netxconsult.de\/en\/wp-json\/wp\/v2\/posts\/13130\/revisions"}],"predecessor-version":[{"id":13197,"href":"https:\/\/netxconsult.de\/en\/wp-json\/wp\/v2\/posts\/13130\/revisions\/13197"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/netxconsult.de\/en\/wp-json\/wp\/v2\/media\/13195"}],"wp:attachment":[{"href":"https:\/\/netxconsult.de\/en\/wp-json\/wp\/v2\/media?parent=13130"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/netxconsult.de\/en\/wp-json\/wp\/v2\/categories?post=13130"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/netxconsult.de\/en\/wp-json\/wp\/v2\/tags?post=13130"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}