What are the main requirements of NIS2?

NIS2 requires essential and important entities to implement risk management measures, incident reporting protocols, and supply chain security to enhance overall cybersecurity resilience.

How does a NIS2 gap analysis help?

A gap analysis identifies your current security posture versus the NIS2 requirements, providing a prioritized roadmap to achieve compliance efficiently.

What industries are affected by the NIS2 Directive?

The NIS2 Directive affects sectors of high criticality, including energy, transport, banking, health, and digital infrastructure, as well as 'important' sectors like postal services, waste management, and food production.

NIS2 Compliance Services

NIS2 compliance services designed to help organisations understand gaps, prioritise actions, and move towards compliance with confidence.

Learn more Contact sales

Gabrielius Vinciūnas

Head of Information Security

g.vinciunas@balticamadeus.com

Paulius Užkurėlis

Business Development Manager

p.uzkurelis@balticamadeus.com

NIS2 Compliance Offers

NIS2 gap analysis

Independent assessment to understand current readiness for NIS2 requirements.

Assessment of current practices in relation to NIS2 requirements across governance, processes, and controls.

Cyber security risk analysis covering organisational and technical risks.

Documentation of missing security policies, controls, and risk areas.

Compliance roadmap with prioritised actions and milestones.

Deliverables:

A compliance report with the NIS2 roadmap and defined improvement actions.

Request this service

NIS2 implementation

Practical support to implement the organisational and technical requirements of NIS2.

Creation of required NIS2 policies and documentation.

Information Security Management System (ISMS) setup and alignment.

Implementation of risk management, incident handling, and security policies.

Expert guidance provided by a CISO throughout the implementation phase.

Deliverables:

A complete set of NIS2 policies, plans, and procedures aligned with regulatory requirements.

Request this service

CISO for NIS2

Flexible access to senior security expertise to support NIS2 compliance on demand.

On-demand security advisory and decision support.

Guidance on risk management and compliance roadmap.

Hands-on support with NIS2 implementation activities.

Flexible expert hours covering a wide range of security tasks.

Deliverables:

Ongoing senior-level security leadership to guide NIS2 compliance and risk management.

Request this service

Our NIS2 Compliance Process

Gap analysis

We start by reviewing current practices to understand how they align with NIS2 requirements. This step highlights existing strengths, gaps, and areas that require attention across governance, processes, and controls.

Compliance roadmap

Findings are translated into a clear and realistic roadmap. Prioritised actions help teams focus on what matters first, without overloading internal resources.

Execution

We support the implementation of agreed changes across policies, processes, and controls. This includes ISMS setup and hands-on support where additional expertise is needed.

04

Validation

Implemented measures are reviewed to confirm they are applied consistently and documented clearly. This step helps organisations feel confident about their level of readiness.

05

Ongoing advisory

We provide ongoing CISO-level support to help organisations stay aligned with NIS2 requirements as risks and priorities change.

Why Baltic Amadeus

Compliance-first approach.

Certified experts.

Senior security guidance.

Certifications

Award badge with three gold stars, text 'Recommended Windows VPN', and a pink button labeled 'Check Offers'.

Informacijos saugumo vadovo kursas

Certification mark for TÜV Thüringen with a red checkmark and a red mask symbol.

ISO 27001

CISSP

CISM

FAQ

Where can I learn more about the NIS2 Directive requirements?

The best place to start is the official NIS2 Directive published by the EU. National regulators also provide guidance on how the directive is applied locally, which can help clarify practical expectations, e.g., Cyber Security Act (liet. Kibernetinio saugumo įstatymas), published by Parliament of the Republic of Lithuania.

We are ISO 27001 certified. Will that make us compliant?

ISO 27001 is a strong starting point, but it does not automatically mean NIS2 compliance. NIS2 goes further, especially around governance, incident reporting, and management responsibilities, so additional work is usually required.

How long does it take to get NIS2 compliant?

The timeline depends on organisational size, existing security maturity, and regulatory scope. It can take from 6 months to 2 years. Most organisations work towards NIS2 compliance in stages, starting with a gap analysis and then addressing priorities step by step.