NIS2 & NISG 2026: Consulting & Implementation
Is your company affected by NIS2? ITworx supports SMEs in Vorarlberg and the DACH region from the applicability assessment through implementation to ongoing operation.
What is NIS2 – and why now?
NIS2 is the EU-wide cybersecurity directive (EU 2022/2555). In Austria it is transposed by the NISG, which enters into force on 1 October 2026. In-scope organisations must demonstrate a minimum level of IT security, report incidents and secure their supply chain – or face significant fines.
Am I affected by NIS2?
Three questions for a first, non-binding orientation. Not a substitute for a legal assessment.
1 Does your company have at least 50 employees or more than €10 million annual turnover?
2 Do you operate in a NIS2 sector? (incl. energy, transport, health, digital infrastructure, ICT services, manufacturing, food, waste, chemicals, public administration)
3 Do you supply or serve customers that are themselves in scope of NIS2?
Size and sector indicate direct applicability. We recommend a readiness check and gap analysis soon.
Request a readiness checkEven without direct scope, NIS2-obligated customers require security evidence. We prepare you for that.
Request adviceSolid IT security still pays off – and requirements can change with growth or new customers. We are happy to review your situation.
Talk to usThe key dates
NIS2 becomes concrete in 2026. Starting early avoids time pressure.
The 10 minimum measures – and how we deliver them
NIS2 requires concrete technical and organisational measures. Each of them maps to our managed services.
Risk analysis & security policies
IT audit, risk analysis and security policies as the foundation.
Handling of security incidents
24/7 Managed Detection & Response (MDR) and SOC monitoring.
Backup & business continuity
Managed backup, disaster recovery and continuity planning (BCP).
Supply chain security
Securing and assessing suppliers and service providers.
Procurement, development & maintenance
Patch and vulnerability management across the lifecycle.
Effectiveness of measures
Ongoing security audits, reporting and metrics.
Cyber hygiene & training
Security awareness training and phishing simulations.
Cryptography & encryption
Encryption of e-mail, data, endpoints and VPN.
Access control & asset management
IAM, Zero Trust, permission concepts and device management.
MFA & secured communication
Multi-factor authentication and secured communication channels.
NIS2-ready in four steps
From the first check to ongoing operation – you have a single partner for everything.
1 · Readiness check
Clarify applicability and estimate the rough scope of action.
2 · Gap analysis
Target/actual comparison of the ten minimum measures with a prioritised plan.
3 · Implementation
Implement and harden technical and organisational measures.
4 · Operation & reporting
Ongoing monitoring, vulnerability management and incident reporting.
This page provides general orientation on NIS2/NISG and does not replace legal advice. The binding classification of your company follows from the law.
Frequently asked questions about NIS2
Is my company affected by NIS2?
When does NIS2 apply in Austria and Germany?
What are the penalties for non-compliance?
What is the difference between NIS2 and NISG?
We are a small business – does NIS2 still affect us?
How does ITworx support with NIS2?
Tackle NIS2 in good time – we support you.
Start with a no-obligation NIS2 readiness check. Together we clarify your applicability and the next steps.