Contact us

NIS2 Gap Analysis and Action Plan

From 1 January 2025, the NIS2 directive will take effect in Sweden (Swedish Cybersecurity Act). Strengthen your cybersecurity readiness with a NIS2 gap analysis to face the stricter regulations and requirements of NIS2 confidently. With our experienced cybersecurity lawyers, rest assured that you will get relevant advice and an overview to craft a relevant cybersecurity strategy. The rapid evolution of technology and its adoption has placed immense pressure on businesses to remain compliant with ever-changing regulations. The revised Network and Information Security Directive (NIS2) sets the benchmark for cybersecurity standards within the EU.

We offer our standardised process and legal advice. We offer our service in two phases that can be purchased separately or combined.

With a blend of deep legal knowledge and practical business insights, we guide organizations to integrate NIS2 requirements seamlessly.

Why is NIS2 Compliance Non-negotiable?

NIS2 is an EU directive coming into effect in October 2024 setting baseline requirements for network and information system security. New enforcement requirements are introduced, along with heavy fines and personal liability for management in case of non-compliance. NIS2 expands the cybersecurity requirements and sanctions across the EU, introducing stricter requirements for certain sectors.

NIS2 will take effect in Sweden on 1 January 2025 by the Swedish Cybersecurity Act.

NIS2 Gap analysis will answer if your organisation is in scope

The NIS 2 gap analysis would answer to what extent your organisation is affected by the regulation. Previously, providers of (A) socially important services (i.e. energy, transport, banking, financial market infrastructure, healthcare, supply and distribution of drinking water and digital infrastructure) and providers of (B) digital services, internet-based marketplaces, internet-based search engines or cloud services) were covered. The NIS2 Directive expands the sectors of actors that are impacted to include:

  • Sewage and waste management
  • District heating or district cooling, hydrogen gas
  • Food
  • Public Administration
  • Health, including healthcare providers, research laboratories, pharmaceuticals, medical device manufacturing
  • The manufacturing industry, including medical/diagnostic devices, computers, electronics, optics, machinery, motor vehicles, trailers, semi-trailers, other transport equipment
  • Research organisations
  • Postal operations
  • Space operations
  • Digital infrastructure and IT services including DNS, name registries, trust services, data centres, cloud computing, electronic communication services, managed services and managed security services.

Even with state-of-the-art cybersecurity measures, vulnerabilities can exist. NIS2 aims to standardize and elevate cybersecurity practices across the EU. How prepared is your organization to adapt and excel? Let us perform a NIS2 gap analysis or provide you with a second opinion of your current status and maturity.

What happens in the case of non-compliance with NIS2?

NIS2 introduces personal liability (fines) and personal criminal liability (penalties) for individuals at the board level or in a managerial position if they fail to comply with their NIS2 obligations. Under NIS2, management bodies would be considered those individual senior managers who (a) are responsible or act as a representative for the entity covered under NIS2, (b) have the authority to make decisions on the legal entity’s behalf and/or (c) have the authority to exercise control over the legal entity.

In certain instances, the enforcement authorities may impose temporary prohibitions on the management, including the chief executive officer and legal representatives, from executing managerial functions.

Sanctions include GDPR-like fines based on global turnover. For an essential entity, the penalties are higher, the highest of a minimum of 10 million EUR or 2 % of global turnover. For an important entity, fines are in the lower tier, a minimum of 7 million EUR or 1.4% of turnover.

Strategic NIS2 Compliance Readiness

Strategically position your business for success in the face of evolving regulations:

  • NIS2 Gap Analysis Identification: We analyze your business and cybersecurity risk management practices, pinpointing areas of material non-compliance or vulnerability.
  • Actionable Roadmap: We provide a clear, step-by-step action plan tailored to bridge identified gaps and align with NIS2.
  • Legal & Operational Alignment: Ensure that your operational changes resonate with legal requirements, striking a feasible and business-relevant balance.
  • Implementation: Support the implementation of the framework across your organisation.
  • Cross-border Expertise: Benefit from our deep understanding of how NIS2 interacts with national laws across different EU member states.
  • Partner Coordination: We liaise with your existing cybersecurity, IT, and operational partners, ensuring holistic compliance.
  • Soft Audit of your NIS2 Readiness: We perform audits of the NIS2 readiness to ensure that your implementation is successful.

Step 1: Start with determining if your organisation is within the scope of NIS2

First, we start with an initial workshop with you and Sharp Cookie Advisors. Our team prepares materials relevant to your organisation.
Second, we perform a high-level analysis of your business. The result of the workshop and of our analysis is a documentation of the impact of NIS2 on your organisation and business.

This first phase is offered to clients in a price range of SEK 20 000 (excluding VAT). Any price estimates are estimates and will be confirmed in writing upon your request.

Step 2: Your organisation is within the scope of NIS2; the need for a NIS2 gap analysis and an action plan

First, we start with a workshop where we map the main requirements together - IT security readiness, management of cybersecurity incidents, and overview of core suppliers. An outcome of the workshop is to set the conditions of the continued review and analysis.

Second, we produce a high-level report of the perceived compliance gaps to NIS2 and relevant legislation. The gap analysis will provide an outline of the status of NIS2 readiness in the main areas of your organisation, with suggestions for prioritisation and business impact assessments. You will be provided with an outline of an action plan to mitigate the potential gaps.

Third, the report and action plan will be presented in an executive version, which our seasoned experts will be available to present to your management.

This second phase is offered to clients in a price range of SEK 45 000 - 90 000 (excluding VAT). Any price estimates are estimates and will be confirmed in writing upon your request.

What Our NIS2 Gap-Analysis and Action Plan Offers

  • Detailed scrutiny of your existing governance and practices against NIS2 requirements.
  • Review of NIS2 incident reporting practices and procedures.
  • Alignment with your obligations under the GDPR.
  • Alignment of any sector-specific regulations, such as the EU Electronic Communications Code for the Telecom sector, the DORA for the Fintech sector, and the Patient Data Act and MDR regulations for the Healthcare sector.
  • Clear, actionable recommendations to address potential areas of non-compliance or vulnerability.
  • Training and workshops tailored to your needs, enhancing organization-wide awareness and adherence.
  • Liaison with national competent authorities, ensuring transparent and effective communication.
  • Strategic insights on integrating NIS2 compliance as a core business advantage.

Engagement Flexibility Tailored to Your Needs

Every organization is unique, and our service offerings reflect this. While our standard engagement operates on an hourly basis, we offer volume-driven pricing and extended engagement retainers tailored to fit your specific requirements.

Initiate Your NIS2 Gap Analysis Project Today

Begin a partnership that prioritizes your business's regulatory compliance and overall success in the digital realm. In our introductory consultation, we'll deeply understand the nuances of your operations and chart out the optimal path for NIS2 compliance. Equip your business with the strategic advantage of being NIS2-ready with the help of Sharp Cookie Advisors.

Contact us to get your complimentary NIS2 checklist and self-assessment today.


Let's get in touch

No obligations for the first contact; clear costs; confirmation before billing starts and often fixed prices.
Copyright © 2015-2023 All rights reserved Sharp Cookie Advisors AB
cross-circle linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram