en
Support
Status
Shop
With the NIS2 Implementation Act (NIS2UmsuCG / NIS-2 Implementation and Cybersecurity Strengthening Act) coming into force on December 6, 2025, the legal requirements for information security are increasing significantly. Affected companies will have to document their processes, risks, and measures even more consistently in the future—a central component of NIS2 compliance. verinice can help with this.
The law now requires a larger number of organizations to:
- have an appropriate information security management system (ISMS)
- Regular risk analyses
- The implementation of technical and organizational measures
- Complete compliance and security documentation
This puts greater emphasis on the quality of documentation.
verinice: Tool-supported ISMS documentation for NIS2
With the verinice domain NIS2, all legal requirements can be mapped in a structured and audit-proof manner – from risk analysis to complete verification for authorities. verinice supports, among other things:
- Model-based risk assessment and control of measures
- Clear role and responsibility structures
- Consistent, auditable ISMS documentation
- Combined use with ISO 27001 and BSI IT-Grundschutz
This creates an efficient and robust basis for NIS2 compliance. The national implementation law has already been taken into account in the NIS2 domain for verinice – further details from the NIS2UmsuCG will be included in one of the future updates (see roadmap).
Why combining NIS2, ISO 27001, IT-Grundschutz, and data protection makes so much sense
Information security, data protection, and compliance go hand in hand today. Under NIS2, organizations benefit particularly from an integrated approach. verinice offers a common platform with a uniform data model for this purpose, so that:
- Risks, threats, and measures do not have to be maintained multiple times.
- ISO controls, IT-Grundschutz modules, and data protection TOMs are linked with each other.
- Responsibilities, processes, and audit reports remain consistent.
- Organizations obtain a holistic view of compliance.
Particularly helpful: Those who already work according to ISO 27001 or IT-Grundschutz can easily see in verinice which NIS2 requirements are already met. The platform makes dependencies visible, adopts existing measures, and shows in a structured way which additional steps are necessary for complete NIS2 compliance. This reduces duplication of work and makes optimal use of synergies. The result: less redundancy, greater consistency, and a clear overview of your own compliance status.
Flexible: Use the NIS2 domain individually or in combination
The verinice NIS2 domain can be booked independently in verinice.cloud – ideal for organizations that only want to implement their NIS2 obligations. The domain can also be seamlessly combined with others. NIS2 is already included in these bundles:
- ISO 27001
- BSI IT-Grundschutz
- Data protection (GDPR)
All domains work within a common system, use the same model levels, and are technically interlinked. This results in an integrated ISMS that meets several regulatory requirements at the same time, rather than a patchwork of individual solutions.
Deepen your knowledge: Webinars on verinice and NIS2
The verinice team offers ongoing free webinars that make it easier to get started with NIS2 and work with the new ISMS platform. The webinars show:
- how the NIS2 domain is used in practice,
- how risks, measures, and responsibilities are documented,
- how NIS2 can be combined with ISO 27001, IT-Grundschutz, and data protection.
The current dates can be found at verinice.com/webinars.
In addition, the verinice team is offering a workshop on data protection and NIS2 as part of verinice.XP 2026.
