NIS2 tightens the requirements for cyber security in the EU

With the NIS2 directive, the EU expands the requirements for companies' and organizations' approach to risk management, security implementation, and readiness to handle cyber attacks. In general, businesses and organizations are pushed to integrate IT security into all their processes. This also involves increased supervision as well as direct management responsibility for non-compliance. If your company is affected by NIS2, you should start the work as soon as possible, as the compliance deadline is October 2024.


NIS2 - GAP analysis for companies covered by the new regulations

You have probably already heard about NIS2, which many companies are already referring to as the 'New GDPR.'

GDPR was a very resource- and time-intensive process for many companies to navigate. One of the key lessons from the process is that most started preparations relatively late. Companies underestimated the scope of the task and its significance to the core business. Therefore, we would recommend starting the NIS2 work sooner rather than later.

What can you expect from an NIS2 GAP analysis?

We review your systems and services to formulate recommendations on which systems need additional security and which services need to be modified to comply with NIS2 requirements. We also examine your contracts with itm8 and identify the need for changes. Subsequently, we create a prioritized list of actions and incorporate them into a roadmap with your collaboration. Additionally, we can conduct an extended analysis, providing an overview of your overall security architecture, monitoring capabilities, readiness level, and vendor relationships.


When do you need to comply with NIS2?

If your company is affected by the EU's NIS2 directive, your organization needs to be in compliance by mid-2024. itm8 can assist you on your journey to compliance by creating a GAP analysis for your organization. With a GAP analysis based on recognized frameworks such as NIST-CF, ISO 27001, and/or CIS-18.


What do you also gain from an analysis?

With a GAP analysis, we compare your organization's current maturity with the requirements of NIS2 to identify areas where your organization can strengthen its cybersecurity initiatives and achieve an acceptable level of compliance.



Measure your cybersecurity maturity against a recognized security framework such as NIST-CSF, CIS-18, or ISO 27001.



Identify areas that need improvement and create an overview of where you need to enhance your security posture to comply with NIS2 requirements.



Establish the foundation for guidance and strategic initiatives to enhance your organization's overall resilience.


Are you ready to get started?

Order a GAP analysis

Is your organization regulated by the NIS2 directive?

First and foremost, companies that are suppliers to NIS2-affected businesses can also expect to be impacted due to strengthened chain liability.

Organizations providing essential services and infrastructure in the EU will be regulated within the scope:

Medium-sized companies: 50-250 employees, turnover of 10m-50m EUR, up to 43 EUR balance.

Large companies: >250 employees, >50m EUR turnover, >43 EUR balance.


EU NIS2 regulates 16 sectors of operators in the EU:

Essential entities

  • Energy
  • Healthcare
  • Transport
  • Banks
  • Financial market infrastructure
  • Drinking water
  • Wastewater
  • Digital infrastructure
  • Space
  • Public administration

Important entities

  • Postal and courier services
  • Waste management
  • Chemicals
  • Food
  • Manufacturing
  • Digital Providers

Fill out the contact form, and we will get in touch with you regarding an NIS2 GAP analysis.