Paderborn/Berlin – A new learning portal is intended to make it easier for small and medium-sized companies to implement the EU cybersecurity directive NIS2. The start takes place just in time for stricter rules and the threat of fines.
German companies now have access to a digital learning platform that is specifically tailored to the requirements of the NIS2 directive. It was developed by the Software Innovation Campus Paderborn (SICP) with partners. It complements what already exists “FitNIS2” navigator and is aimed specifically at medium-sized businesses. The introduction is urgent: Stricter compliance deadlines have been in effect in Germany since the beginning of the year due to the NIS2 Implementation Act.
The platform builds a bridge between abstract legal requirements and everyday security in companies. The focus is „Micro-Learning“ – i.e. short, modular learning units that can be integrated into everyday work. The core of the offering is video-based „Learning Nuggets“which are available on-demand.
The didactics relies on clarity: teaching instead of dry theory True Crime Case Studies the real consequences of security vulnerabilities. The first modules cover basic protection according to NIS2, threat analysis and defense against phishing attacks. Interactive quizzes and practical tasks are intended to consolidate what has been learned. In doing so, the creators are addressing a core problem: many SMEs are aware of the need for action, but fail to implement it in practice without disrupting operations.
Advertisement
According to experts, many medium-sized companies are poorly prepared for cyber attacks – and NIS2 implementation significantly increases the risk of liability and fines. A free guide compactly summarizes current threats, practical awareness measures and immediately actionable protection steps so that companies can meet compliance requirements without major investments. Ideal for business leaders and IT managers who need to prioritize training and security vulnerabilities. Get your free cybersecurity guide now
Diagnosis and remedy from a single source
The learning platform has been available since mid-2025 FitNIS2 Navigator a closed ecosystem. While the Navigator acts as a diagnostic tool and checks your own compliance status, the new platform provides tailored training to close identified gaps.
The demand for such support is high: the initial analysis of the navigator was carried out in the second half of 2025 alone 1.500 Mal used, hundreds of companies completed a complete self-assessment. The project is funded by the Federal Ministry of Economics (BMWK). The partners include “Deutschland Sicher im Netz eV” (DsiN) and the University of Hohenheim, who ensure legally secure and educationally effective content.
High pressure due to expanded regulation
The launch of the platform comes at the right time. The NIS2 directive massively expands the circle of regulated “critical sectors” – in Germany it is now estimated 30,000 companies directly affected, from waste management to food production to mechanical engineering.
But the pressure indirectly affects many more companies. Large corporations now classified as “essential” or “important” entities must secure their supply chains. This Trickle-down effect forces suppliers to prove their cybersecurity in order not to lose orders. The risks are existential: Managing directors are personally liable for poor risk management, and the fines for non-compliance can be extremely high.
Planned expansions for specific industries
The project is designed dynamically. For 2026 are Industry-specific learning paths planned that address the special threat situations, for example in healthcare or engineering. In-depth modules on IT security culture, ransomware defense and emergency management are also planned.
“Our goal is to turn compliance from a mandatory exercise into a core competency,” explains Dr. Simon Oberthür from SICP. Such provider-neutral and cost-effective solutions could be crucial for German medium-sized businesses to remain competitive in a regulated digital market.
Advertisement
By the way: If phishing occurs in the learning modules – this anti-phishing package offers clear 4-step instructions with practical case studies, CEO fraud prevention and checklists that can be integrated directly into employee training. A free download to quickly detect targeted email attacks and strengthen the resilience of your supply chain. Request a free anti-phishing package
