Managing Director
Personal liability for NIS-2 violations. You need evidence, not audit PDFs in a drawer.
COMPLIANCE
NIS-2 Consulting for German Mid-Market
From scoping assessment to BSI registration in 90 days
NIS-2 has been applicable law in Germany since October 2024. We get you to compliance level within 90 days — pragmatic, documented, with executive liability in mind. Not a theoretical audit but a practical implementation partner.
FOR WHOM?
Who benefits specifically?
IT Manager
Implement regulations without headcount increase. We deliver the technical foundation, you keep control.
Compliance Officer
Audit-ready documentation, not just tool lists. You get exportable reports at the push of a button.
HOW WE WORK
Structured 4-step process.
01
Scoping assessment
Based on your industry, headcount, and revenue, we check whether you qualify as an 'important' or 'essential' entity — and which obligations specifically apply.
02
Gap analysis
Structured assessment of your current security posture against the 10 NIS-2 requirements. Written measures catalog with priorities.
03
Technical implementation
Vyrex Node on all relevant systems, MFA, logging, patch management, incident response process — built, documented, tested.
04
BSI registration
We accompany you through registration at the BSI, review all mandatory entries, and hand over the emergency contact process.
WHAT YOU GET
Concrete deliverables.
Written scoping assessment with executive briefing
Gap analysis as 30-page report
Technical implementation via Vyrex Node + Edge
Incident response plan, written
Training material for employees
BSI registration support
Audit-ready logs with 365-day retention
Quarterly compliance reports at the push of a button
REQUIREMENTS MAPPING
The 10 NIS-2 obligations, fully covered.
NIS-2 lists ten specific security requirements. Vyrex covers seven of them technically and provides templates and consulting for the other three (training, supply chain, crisis management).
- Risk analysis and security policies — structured with Vyrex risk engine
- Incident handling — incident response via Vyrex Ops
- Business continuity — backup monitoring and restore tests
- Security in development and operations — automated patch management
- Effectiveness assessment — quarterly reports
- Cryptography — TLS enforcement and disk-encryption audit
- Access control and MFA — Authentik integration
FAQ
Frequently asked.
How long does a complete NIS-2 implementation take?
Realistically 90 days. Faster only if IT landscape and processes are already documented. Slower if Active Directory needs cleanup or backups must be rebuilt.
What does NIS-2 consulting at Vyrex cost?
The scoping assessment is free. The gap analysis starts at €2,900 one-time. Technical implementation runs via Vyrex packages from €299 monthly. Complete 90-day packages including consulting start at €6,900.
Is Vyrex liable for NIS-2 violations?
Vyrex contractually warrants proper delivery of technical services. Legal and entrepreneurial responsibility remains with the customer. We work closely with specialist lawyers who close this liability gap.
Can existing tools be integrated?
Yes. Vyrex integrates with existing firewalls, endpoint protection, AD, and mail servers. You don't need to tear down working IT but extend existing structures with NIS-2 obligations.
What happens after the 90 days?
You are NIS-2 compliant and Vyrex continues as an ongoing managed service. Quarterly re-audits maintain compliance; changes in the legal framework are promptly addressed via the compliance dashboard.
NEXT STEP
Start NIS-2 consulting with Vyrex.
Free security check with first action plan within two business days — non-binding and without sales pressure.