In force since October 2024 · Hungarian implementation

NIS2 Compliance and cybersecurity

NIS2 directive compliance for medium and large enterprises in Hungary and across the EU. Audit, risk management, incident handling, technical controls, training. Fines reach up to EUR 10 million or 2% of annual turnover - with personal liability for executive officers. NIS2 audit from HUF 1,500,000 (~€3,800), full programme in 6-9 months.

Request a NIS2 gap audit Book a 30-min consult

Audit from HUF 1.5M (~€3,800) Full programme 6-9 months CISO-as-a-Service NKH incident reporting

Trusted Partners

Proud to work with leading companies

Who is affected

Who does NIS2 affect in Hungary and the EU?

If you are a medium-sized or large company in one of the 18 named sectors - it is mandatory. If you are a supplier to one of them - it is contractually mandatory.

Essential sectors (mandatory)

Energy, transport, banking and financial services, healthcare, drinking-water supply, digital infrastructure (DNS, IXP, TLD), public administration, space.

Important sectors (mandatory)

Postal services, waste management, chemical manufacturing, food, manufacturing (medical devices, vehicles, machinery), digital service providers (online marketplace, search engine, social media), research.

Size threshold

Medium-sized companies (50+ employees OR EUR 10M annual turnover) and large enterprises. Authority in Hungary: National Cyber Defence Authority (NKH), formerly NBSZ NKI.

6 obligations

The 6 main obligations of NIS2

The directive prescribes controls in 6 areas. All six must be addressed together - none of them is optional.

01

Risk management

Cybersecurity risk analysis, threat modelling, business continuity plan. Identification and prioritisation of the company's critical systems.

02

Incident handling

Incident reporting workflow: 24-hour early warning, 72-hour detailed report, 1-month closing report to the National Cyber Defence Authority (NKH, formerly NBSZ NKI in Hungary).

03

Business continuity

Backup, disaster recovery, crisis communication. RTO and RPO defined and tested. Standby systems documented.

04

Supply chain security

Supplier and service-provider security audit. Assessment of cloud providers, SaaS tools, and third-party access - with contractual coverage.

05

Technical controls

Access control (SSO, MFA), encryption (TLS, at-rest encryption), patch management, security monitoring (SIEM), logging, and audit log.

06

Training and awareness

Regular cybersecurity training for staff, phishing simulation, documented cybersecurity responsibility for executives.

Fines

NIS2 fines and liability

The point of NIS2 is not to encourage "nice-to-have" cybersecurity - it is to penalise its absence with extreme amounts.

Essential sector

EUR 10 million or 2% of global annual turnover (whichever is higher)

Important sector

EUR 7 million or 1.4% of global annual turnover (whichever is higher)

Hungarian specifics

Personal liability of executive officers - possible disqualification from management positions in case of non-compliance

How We Work

Our Process

Meticulous planning, seamless execution, and creative problem-solving -- that's how we achieve remarkable results.

01

Concept

No cookie-cutter solutions here. We map out your business goals, market landscape, and competition, then build a strategy designed to deliver measurable results.

01

Concept

No cookie-cutter solutions here. We map out your business goals, market landscape, and competition, then build a strategy designed to deliver measurable results.

01

Concept

No cookie-cutter solutions here. We map out your business goals, market landscape, and competition, then build a strategy designed to deliver measurable results.

02

Design

Wireframes, prototypes, and UI/UX designs built on real user insights. Every click, every layout is engineered to maximize conversions and engagement.

02

Design

Wireframes, prototypes, and UI/UX designs built on real user insights. Every click, every layout is engineered to maximize conversions and engagement.

02

Design

Wireframes, prototypes, and UI/UX designs built on real user insights. Every click, every layout is engineered to maximize conversions and engagement.

03

Development

Agile development with cutting-edge technologies, weekly demos, and full transparency. You'll always know exactly where your project stands.

03

Development

Agile development with cutting-edge technologies, weekly demos, and full transparency. You'll always know exactly where your project stands.

03

Development

Agile development with cutting-edge technologies, weekly demos, and full transparency. You'll always know exactly where your project stands.

04

Testing

Automated and manual testing across every platform and browser. Nothing goes live until it's been tested to the breaking point and passed with flying colors.

04

Testing

Automated and manual testing across every platform and browser. Nothing goes live until it's been tested to the breaking point and passed with flying colors.

04

Testing

Automated and manual testing across every platform and browser. Nothing goes live until it's been tested to the breaking point and passed with flying colors.

05

Launch & Support

Launch day is just the beginning. Monitoring, performance optimization, and ongoing support ensure your solution gets better every single day.

05

Launch & Support

Launch day is just the beginning. Monitoring, performance optimization, and ongoing support ensure your solution gets better every single day.

05

Launch & Support

Launch day is just the beginning. Monitoring, performance optimization, and ongoing support ensure your solution gets better every single day.

01

Concept

No cookie-cutter solutions here. We map out your business goals, market landscape, and competition, then build a strategy designed to deliver measurable results.

01

Concept

No cookie-cutter solutions here. We map out your business goals, market landscape, and competition, then build a strategy designed to deliver measurable results.

01

Concept

No cookie-cutter solutions here. We map out your business goals, market landscape, and competition, then build a strategy designed to deliver measurable results.

02

Design

Wireframes, prototypes, and UI/UX designs built on real user insights. Every click, every layout is engineered to maximize conversions and engagement.

02

Design

Wireframes, prototypes, and UI/UX designs built on real user insights. Every click, every layout is engineered to maximize conversions and engagement.

02

Design

Wireframes, prototypes, and UI/UX designs built on real user insights. Every click, every layout is engineered to maximize conversions and engagement.

03

Development

Agile development with cutting-edge technologies, weekly demos, and full transparency. You'll always know exactly where your project stands.

03

Development

Agile development with cutting-edge technologies, weekly demos, and full transparency. You'll always know exactly where your project stands.

03

Development

Agile development with cutting-edge technologies, weekly demos, and full transparency. You'll always know exactly where your project stands.

04

Testing

Automated and manual testing across every platform and browser. Nothing goes live until it's been tested to the breaking point and passed with flying colors.

04

Testing

Automated and manual testing across every platform and browser. Nothing goes live until it's been tested to the breaking point and passed with flying colors.

04

Testing

Automated and manual testing across every platform and browser. Nothing goes live until it's been tested to the breaking point and passed with flying colors.

05

Launch & Support

Launch day is just the beginning. Monitoring, performance optimization, and ongoing support ensure your solution gets better every single day.

05

Launch & Support

Launch day is just the beginning. Monitoring, performance optimization, and ongoing support ensure your solution gets better every single day.

05

Launch & Support

Launch day is just the beginning. Monitoring, performance optimization, and ongoing support ensure your solution gets better every single day.

01

Concept

No cookie-cutter solutions here. We map out your business goals, market landscape, and competition, then build a strategy designed to deliver measurable results.

01

Concept

No cookie-cutter solutions here. We map out your business goals, market landscape, and competition, then build a strategy designed to deliver measurable results.

01

Concept

No cookie-cutter solutions here. We map out your business goals, market landscape, and competition, then build a strategy designed to deliver measurable results.

02

Design

Wireframes, prototypes, and UI/UX designs built on real user insights. Every click, every layout is engineered to maximize conversions and engagement.

02

Design

Wireframes, prototypes, and UI/UX designs built on real user insights. Every click, every layout is engineered to maximize conversions and engagement.

02

Design

Wireframes, prototypes, and UI/UX designs built on real user insights. Every click, every layout is engineered to maximize conversions and engagement.

03

Development

Agile development with cutting-edge technologies, weekly demos, and full transparency. You'll always know exactly where your project stands.

03

Development

Agile development with cutting-edge technologies, weekly demos, and full transparency. You'll always know exactly where your project stands.

03

Development

Agile development with cutting-edge technologies, weekly demos, and full transparency. You'll always know exactly where your project stands.

04

Testing

Automated and manual testing across every platform and browser. Nothing goes live until it's been tested to the breaking point and passed with flying colors.

04

Testing

Automated and manual testing across every platform and browser. Nothing goes live until it's been tested to the breaking point and passed with flying colors.

04

Testing

Automated and manual testing across every platform and browser. Nothing goes live until it's been tested to the breaking point and passed with flying colors.

05

Launch & Support

Launch day is just the beginning. Monitoring, performance optimization, and ongoing support ensure your solution gets better every single day.

05

Launch & Support

Launch day is just the beginning. Monitoring, performance optimization, and ongoing support ensure your solution gets better every single day.

05

Launch & Support

Launch day is just the beginning. Monitoring, performance optimization, and ongoing support ensure your solution gets better every single day.

The programme

The complete NIS2 compliance programme

4 phases over 6-9 months. From audit to ongoing CISO-as-a-Service - individually or as a package.

NIS2 audit (4-6 weeks)

Gap analysis: where you stand today against NIS2 requirements. Risk assessment, map of critical systems, list of missing controls. Output: NIS2 compliance roadmap.

Technical implementation (2-6 months)

SSO, MFA, security monitoring (SIEM - e.g. Wazuh / Splunk / Elastic Security), patch management, audit logging, backup and DR systems. WAF, DDoS protection, endpoint security.

Process implementation (1-3 months)

Incident response procedure (IR playbook), business continuity plan (BCP), disaster recovery plan (DRP), supplier audit process, training materials.

Continuous monitoring & updates

Monthly SIEM monitoring, quarterly penetration testing, annual audit refresh, regulatory tracking. External CISO-as-a-Service available.

FAQ

NIS2 compliance - Frequently Asked Questions

What is NIS2 and who does it affect in Hungary and the EU?

NIS2 (Network and Information Security 2) is EU directive 2022/2555 unifying cybersecurity requirements. It has been in force in Hungary since October 2024, implemented by Act LXIX of 2024 on cybersecurity certification and supervision. It affects medium-sized and large companies (50+ employees or EUR 10M turnover) across 18 sectors: energy, banking, healthcare, transport, digital infrastructure, manufacturing, food, chemicals, waste management, postal services, public administration, etc. Similar transposition exists across all EU member states.

What are the fines for NIS2 violations?

Essential sector: up to EUR 10 million or 2% of global annual turnover (whichever is higher). Important sector: EUR 7 million or 1.4%. On top of that, the Hungarian implementation explicitly extends to the personal liability of executives - in extreme cases, disqualification from management positions. NIS2 is a risk not only for the company but for the leadership personally.

How much does NIS2 compliance cost for an SMB?

Typical cost of a complete NIS2 compliance programme: NIS2 audit + roadmap HUF 1.5–4M (~€3,800–€10,300, 4-6 weeks). Technical implementation (SIEM, MFA, backup, monitoring) HUF 5–25M (~€12,800–€64,000), depending on company size. Process documentation and training HUF 1–3M (~€2,500–€7,700). Continuous monitoring + external CISO-as-a-Service HUF 200,000–800,000/month (~€500–€2,050/month). Total first year is HUF 7–30M (~€18,000–€77,000) for medium-sized companies - a very favourable investment compared to a EUR 7–10M fine.

What is the difference between NIS2 and GDPR?

GDPR (2018) regulates data processing - handling of personal data, lawful basis, data subject rights. NIS2 (2024) regulates cybersecurity - protection of systems and networks against attacks and incidents. A company can fall under both. Example: GDPR requires notification of a data breach to data subjects within 72 hours; NIS2 requires an early cybersecurity incident warning to the authority within 24 hours. NIS2 typically supplements GDPR, it does not replace it.

How long does it take to achieve NIS2 compliance?

NIS2 audit + roadmap: 4-6 weeks. Full implementation: 6-9 months for a medium-sized company, 12-18 months for a large enterprise. During the audit we prioritise critical gaps - the highest-risk areas can be closed in 1-2 months, but the full programme requires real organisational maturity. The Hungarian implementation provides a transitional period, but the authority has already begun inspections in 2025-2026.

Do you offer a full NIS2 implementation or only consultancy?

Both. Consultancy (NIS2 audit + roadmap): 4-6 weeks, fixed-price project. Full implementation: technical (SIEM, MFA, monitoring, backup), process (IR playbook, BCP, DRP), and cultural (training, awareness) - 6-9 months, delivered in stages. CISO-as-a-Service: monthly external cybersecurity officer function if you do not have an in-house specialist. All three options are available individually or as a package.

Is NIS2 only a technology requirement, or organisational too?

Both - and that is exactly the most important difference compared to older cybersecurity regulations. NIS2 explicitly names management responsibility, training, supply-chain security, and risk management - it is not just a technical control checklist but requires organisational maturity. Technology is only ~40% of NIS2; the remaining 60% is processes, documentation, training, and management commitment.

I am a supplier to NIS2-regulated customers - am I affected too?

Partially yes. If you are part of the supply chain of a NIS2-affected company (e.g. SaaS provider, dev agency, IT outsourcing), your customer will contractually require NIS2-grade security controls - often equivalent to ISO 27001 or SOC 2 certification level. So you have no direct NIS2 legal obligation, but the commercial obligation typically demands the same level. We also offer a NIS2-readiness audit for suppliers.

AI capabilities

How AI fits into this solution

What AI can do, how to integrate it, what to comply with - and how to keep your data on-prem.

● What AI can do here

Log analysis (SIEM-AI)

AI-driven log analysis: unusual logins, privilege escalation, lateral movement detected.
Incident classification

Supports NIS2 reporting deadlines (24/72h): automatic severity scoring and report draft generation.
Phishing filter

AI email classifier trained on your own patterns - higher hit rate than generic filters.
Vulnerability prioritisation

CVE lists weighted by AI against your infrastructure context.

● How we integrate it

AI on local data only

Under NIS2 security data must not leave to a third-party cloud - every AI feature runs on-prem or in sovereign cloud.
Human in the loop

Critical actions (block, revoke) are only suggested by AI; SOC analyst approves.
Audit trail

Every AI decision and its inputs logged, traceable during NIS2 audit.

Compliance

GDPR

Personal data is processed only on a documented legal basis. Data minimisation, purpose limitation, and audit trail enforced by design.
EU AI Act

Risk-based classification of every AI use case (minimal / limited / high risk). Mandatory transparency, human oversight, and CE-style conformity for high-risk systems.
NIS2

In essential and important sectors AI must follow security-by-design: access control, logging, incident reporting, supply-chain risk for any model provider.
ISO 27001 / SOC 2

When required: ISO 27001 / SOC 2-aligned controls, including key management, RBAC, audit, vulnerability management.

Local / on-prem deployment

Ollama / llama.cpp

Open-weight models (Llama 3.x, Mistral, Qwen, Gemma) running on your own GPU server or even CPU. Zero data sent to third parties.
vLLM / TGI

Production-grade inference servers for self-hosted endpoints. Concurrent users, streaming, function calling supported.
Sovereign cloud

For organisations without on-prem GPU: deployment on EU / Hungarian sovereign cloud (e.g. dedicated tenant), with data residency contracts.
Hybrid

Sensitive content always local; for non-sensitive batch tasks frontier models (Claude, GPT) via DPA-backed API where allowed.

Data security model

No training on your data

Whether self-hosted or vendor API, we contractually exclude your data from any training set.
PII redaction before prompt

Automatic PII detection and masking before any prompt leaves your perimeter - pseudonymisation as a hard rule.
Per-role access

Every AI surface uses your existing IAM (Entra ID / Keycloak / Okta) - the AI only sees what the user is allowed to see.
Full audit

Every prompt, response, and tool call logged with user, time, and source - replayable on demand.

How it connects

What technical projects does NIS2 compliance pull in?

NIS2 is not paperwork - it touches IT architecture, logging, AI use, and access control.

SIEM, logging, and anomaly detection are typically built using AI development and local LLMs on locally-run models. For industrial organisations, NIS2 also extends to the MES / SCADA system, where shop-floor controller security is a priority.

Reporting obligations and audit trails are implemented as part of a system integration project, so every integration in/out data is logged. The full cyber roadmap is part of a digital transformation programme.

Solutions

You might also want - different angles of the same digital transformation.