Homepage » Robin Data ComplianceOS® » NIS2 Directive
Since 13 November 2025, the German NIS2 Implementation Act has been binding without a transition period: make your organisation audit-proof now. Implement the new cybersecurity requirements quickly and seamlessly with Robin Data ComplianceOS® and certified consulting.
Increase your organisation's cyber security and protect yourself against attacks and data loss.
Reduce your liability risks, we keep an eye on your obligations in accordance with the NIS2 directive.
Avoid high fines and penalties for violating safety requirements.
Our consultants support you with all NIS2 requirements from risk management to reporting.
The German NIS 2 Implementation Act was passed on 13 November 2025 and applies without a transition period. The goal: a significantly higher common level of security for business and administration. The new legislation affects more organisations than ever before: its scope now extends to public and private organisations in 18 sectors, starting at 50 employees or €10 million in annual turnover/annual balance sheet total. This includes, for example, healthcare, energy supply, digital infrastructure, manufacturers of goods and all relevant parts of the digital sector (e.g. data centres, cloud and software providers). Even medium-sized organisations that were not previously considered critical infrastructure can now be classified as „important institutions“. You should therefore check immediately whether your organisation falls under the new law.
Prepare your organisation for the requirements; Robin Data will provide you with comprehensive support. A Majority of legal obligations you fulfil with the implementation of a Information Security Management System (ISMS) in accordance with ISO 27001. We explain what additional obligations exist and how you can implement them in a verifiable manner with our Robin Data ComplianceOS software.
The NIS 2 Directive is revolutionising the cybersecurity landscape and marks a turning point for the digital resilience of organisations. Since 13 November, the German...
11 December 2025 from 3:00 p.m. to 4:00 p.m.
Free of charge
The organisational measures for implementing NIS2 are comprehensive. Prepare yourself with the Implementation of an ISMS according to ISO 27001 before!
What do affected organisations need to do?
Affected organisations must Minimum requirements to strengthen organisational cyber security. Significant security incidents must be reported to the BSI - the Federal Office for Information Security be reported. Responsible for the realisation and liable The company management is responsible for any defects. Organisational management will bear responsibility in future for implementing all these measures and must monitor their effectiveness. Our consultants relieve your management team by preparing and reporting on the necessary steps in a structured manner. This allows you to maintain an overview of your compliance at all times.
Establishment of a formal Information Security Management System (ISMS) in accordance with proven standards (ISO 27001 or BSI basic protection). Creation of security guidelines and procedures that are supported by management (security policy).
ongoing risk analyses Your IT and processes, as well as appropriate Risk treatment measures. Documentation of all identified cyber risks for reporting to management, because ultimately, management must actively manage the risks.
Establish a incident response process, reporting thresholds and emergency plan. Significant security incidents must within 24 hours Initial reports must be submitted to the authorities (BSI) within 72 hours, followed by detailed reports and a final report within one month at the latest. We can assist you in preparing these processes and coordinating reports.
Set the business continuity secure, through regular backups, disaster recovery plans and crisis exercises. NIS2 requires concepts for Maintaining business operations in an emergency. Our consultants review your emergency manuals and work with you to set up emergency communication channels so that your organisation remains operational even in the event of an emergency.
Secure your Supply Chain NIS2 requires the systematic integration of IT security at service providers and suppliers. We support you in this endeavour., Analysing risks in the supply chain and control. For example, establish security requirements in contracts, third-party risk management and an up-to-date supplier register.
Ensure SSecurity in the procurement, development and maintenance of IT systems. This includes vulnerability management (detection and reporting of vulnerabilities) and requirements for your IT/software developers to work according to secure development standards. ComplianceOS® offers modules for documenting and tracking vulnerabilities.
Raise awareness among employees on a regular basis. NIS2 requires Security awareness training and basic cyber hygiene practices within the organisation. With our Academy programme, we train your team in safe behaviour while also meeting the compliance requirements for regular further training for your staff – right up to management level, who must also participate in training courses.
Use strong authentication (e.g. MFA), protect data using cryptography (encryption) and implement protocols for secure network and communication channels.
The majority of NIS2 obligations are in the area of information security
One Majority of legal obligations you fulfil with the implementation of a Information security management system (ISMS) in accordance with ISO 27001.
Our certified security experts can assume the role of external ISB in your organisation upon request. They bring in-depth expertise to NIS2 and ISO 27001 and accompany you from risk analysis to the implementation of individual measures. As external ISBs, we ensure that all obligations are continuously fulfilled and documented. This significantly reduces the liability risks for your management.
Our compliance management platform Robin Data ComplianceOS® digitises your ISMS and makes NIS2 implementation easier. Modules for data protection, information security, risk management and supplier management work together seamlessly
Order procedure
"In the audit of our information security management system by Robin Data GmbH, the current maturity level of our ISMS was audited against the standard of the IT-Grundschutz. Internal and external processes and documents were reviewed and open measures were documented."
Marco Voigt, Head of IT at Merseburg Municipality
Request a quote from an external ISB
We would be happy to provide you with an offer suitable for the implementation of the NIS-2 directive.
Combine your desired products and compliance fields
Implement GDPR-compliant documentation, use templates
Establish standards, increase information security
Improve processes, increase effectiveness and efficiency
Increase legal certainty and reduce liability risks
Identify, assess and manage risks
Assess protection needs and minimise failures
Conduct audits, continuously improve processes
Establish a court-proof reporting office for whistleblowers
Keeping an eye on key figures, evaluating performance
Record supplier risk, avoid grievances
Optimise workflows and automate processes
Connecting external systems and interacting across the board
Manage employee health and safety
Minimise environmental risks and raise environmental awareness
Articles, videos and whitepapers can be found here.
What does the NIS 2 Directive mean for organisations in Germany? Implementation obligations, sanctions, tips for implementation
Learn more about information security and read the step-by-step explanation on how to implement an information security management system.
Learn how the City of Merseburg developed a DSMS and ISMS based on Robin Data ComplianceOS® and introduced a continuous improvement process.
The Robin Data GmbH team will advise you on our solutions without obligation and free of charge and answer your questions by phone or e-mail.
In the one-hour appointment, we present a function of our software solutions, such as the deletion concept or the TOMs, to you in detail.
Information Robin Data solutions, events and developments in compliance, data protection and information security.
Find out more about the functions of our Robin Data software and legal texts in the area of data protection in our Help Centre.
 |
 |
 |
 |
 |
