EXPERTISE
NIS2
The EU's updated cybersecurity directive expanded scope across 18 sectors, strict incident reporting, supply-chain security, and personal accountability for management.
What it is — and why it matters.
NIS2 is the EU's updated cybersecurity legislation, significantly expanding the scope and depth of obligations across member states. It replaces the original NIS Directive and reaches a much broader range of organisations including healthcare, energy, transport, digital infrastructure, public administration, manufacturing, and the food supply chain. It requires appropriate technical and organisational measures to manage cybersecurity risk, reporting of significant incidents within strict timelines, and secured supply chains. Critically, it introduces accountability for management bodies. Senior leadership can be held directly responsible for failures.
Who this affects.
NIS2 applies across 18 sectors, split into essential entities (high-criticality sectors like energy, transport, banking, health, digital infrastructure, public administration) and important entities (postal services, waste, chemicals, food, manufacturing, digital providers). It generally applies to medium-sized organisations and above, though some entities are in scope regardless of size.
What's involved
How we help.
Scoping & applicability | Essential vs important, sector and supply-chain analysis to confirm if and how NIS2 applies to you.
Gap analysis | A clear read of where you stand against NIS2's requirements.
Governance & accountability | The structures and management oversight the directive demands.
Risk-management measures | The technical and organisational measures, designed and orchestrated.
Incident response & reporting | Processes that meet the 24h / 72h / one-month timelines.
Supply-chain security | Assessing and governing the suppliers in your scope.
Ongoing managed compliance | Run as part of your managed office, not a one-off project.
Compliance
Within your managed office.
NIS2 sits under Compliance and connects directly to Governance and Risk. We build it into your Managed Security & Risk Office as a natural part of the program — not a separate workstream — integrated alongside every other framework and regulation that applies to you.
Related expertise
Topic
Enterprise Security Architecture
A business-driven, enterprise-wide architecture that links security to strategy — from business context down to logical and physical design, so every control traces back to a goal.
Topic
Information Security Architecture
The structured design of security controls across your technical estate — identity, network, data, cloud, endpoints — as one coherent system aligned to your risks.
Topic
Security Strategy
Setting direction and priorities for security — a sequenced, realistic roadmap aligned to your objectives and risk, not a wish list of everything.
Within your managed office.
NIS2 sits under Compliance and connects directly to Governance and Risk. We build it into your Managed Security & Risk Office as a natural part of the program — not a separate workstream — integrated alongside every other framework and regulation that applies to you.
CTRL Disrupt
Your Managed Security & Risk Office.
Based in the Netherlands.
EXPERTISE
ISO 27001
NIS2
BIO2.0
EU AI Act
AI Security & Compliance
Marshalllaan 2
2625 GZ Delft
The Netherlands
© 2026 CTRL Disrupt Consulting B.V. · KvK 87198983 · All rights reserved.