NIS-2, the revised EU directive from 2022, now affects around 30,000 companies from 18 sectors – from health to transport to telecommunications
[datensicherheit.de, 11.01.2026] The new EU directive for network and information security (NIS-2) has also been in force in Germany since the beginning of 2026: This obliges numerous companies to comply with one higher levels of cybersecurity. According to a report from the University of Paderborn, the “Software Innovation Campus Paderborn” (SICP) supports Small and medium-sized companies (SME) with the projects “KMU.kompetent.sicher” and “FitNIS2” are helping to achieve their goals Concern to check and their Cybersecurity strategy to optimize. The new learning platform has now been activated.
Figure: Screenshot of the “FitNIS2 Navigator” homepage
“FitNIS2” project: In cooperation with Deutschland Sicher im Netz eV and the “Transferstelle Cybersecurity”, the SICP has developed a web navigator for checking the impact and self-assessment
NIS-2 with impact via supply chains also on SMEs
Table of Contents
- NIS-2 with impact via supply chains also on SMEs
- “KMU.kompetent.sicher” is intended to offer tailor-made e-learning related to NIS-2
- NIS-2 fitness for management and employees
- “FitNIS2” navigator determines whether the NIS 2 implementation law is affected
- In the future, SMEs will receive targeted information on how NIS 2 affects them, depending on their sector
NIS-2 as the revised EU directive from 2022 now affects approx. 30,000 companies from 18 sectors – from health to transport to telecommunications. However, due to its integration into supply chains and the digital networking that is often associated with it, this directive also affects many SMEs.
- “SMEs in particular often struggle limited resources in the area of IT security and are dependent on provider-independent support.”explains Prof. Dr. Simon Thanh-Nam Trang from the University of Paderborn.
This is exactly what two projects in which the SICPa research and innovation association of the University of Paderborn with business partners, is involved.
In the project “SME.competent.safe” The SICP, together with the University of Hohenheim, the innovation network “InnoZent OWL” and the IT service provider coactum, is developing a training platform to provide practical support to SMEs in implementing the NIS 2 guideline.
- This project is funded by the Federal Ministry for Economic Affairs and Energy (BMWE) with around one million euros runs for another two years.
After the first year of the project, the project partners have now reached an important milestone: the learning platform “KMU.kompetent.sicher.” be now unlocked been. This consists of practice-oriented “learning nuggets”, i.e. small modular (video) learning units, quiz questions and interactive tasks to apply what you have learned.
NIS-2 fitness for management and employees
With the help of Storytelling elements such as “true crime” examples For example, the aim is to show how phishing, a form of internet fraud, works, what consequences arise from it and what measures can protect.
- Die Lernpfade “NIS2-Grundschutz” and “Assessing threats correctly” are intended to cover topics tailored to NIS-2. Further learning paths are planned such as “IT security culture”, “Risk management”, “Backup management”, “Secure handling of emails”, “Emergency management”, “Password security” and “Ransomware”.
Overall, the project aims to train management and employees. The concept includes one control circuitin order to identify the respective training needs for the company and to anchor them sustainably in its culture.
In the project “FitNIS2” The SICP developed the “FitNIS2” navigator in cooperation with Deutschland Sicher im Netz eV and the “Transferstelle Cybersecurity”. In the first step, the online tool analyzes whether a company is covered by the directive. In the second step, the current level of fulfillment of the NIS 2 requirements is analyzed and in the third step, users receive clear recommendations for action on how they can meet the NIS 2 requirements.
- This project will be run by the BMWE for a total of two years funded until August 2026. The free “FitNIS2 Navigator” has been available online since June 2025.
Just three months after the release of this “tool”, the impact check of the “FitNIS2 Navigator” had been completed 1,500 times. In addition, 700 participants completed the self-assessment to meet NIS-2 requirements. That’s it planned usage goals achieved become.
In the future, SMEs will receive targeted information on how NIS 2 affects them, depending on their sector
This navigator is currently being used specific requirements for small businesses based on the “CyberRiskCheck” from the Federal Office for Information Security (BSI). Industry-specific criteria will also be added in the next project phase.
- In the future, SMEs will receive – depending on their sector affiliation – targeted information on how they are affected by NIS 2 possible overlaps with other relevant regulations.
“Both projects are a free introduction to the NIS 2 topic. A comprehensive one Event offer The information provided in the projects is supplemented.”comments Dr. Simon Oberthür, head of the SICP innovation area „Digital Sovereignty“.
Further information on the topic:
UNIVERSITY OF PADERBORN
The University of Paderborn is one of the medium-sized, research and transfer-oriented universities in Germany. 70 study programs are spread across our five faculties – cultural studies, economics, mechanical engineering, natural sciences, electrical engineering, computer science and mathematics. There are also around 166 subject combinations in the teaching area.
UNIVERSITY OF PADERBORN
Prof. Dr. Simon Thanh-Nam Trang / Faculty of Economics » Department 3: Business Informatics » Business Informatics, especially sustainability
UNIVERSITY OF PADERBORN
Dr. Simon Oberthür
SiCP
SICP – Software Innovation Campus Paderborn / Innovation through cooperation
SME.competent.safe.
NIS-2 testing and training platform
FitNIS2 Navigator
Is your company affected by the NIS2 directive?
Federal Office for Information Security
CyberRiskCheck – effective protection for small and micro companies according to DIN SPEC 27076
WIKIPEDIA
NIS-2 policy
datensicherheit.de07.01.2026
BSI portal now activated for the second step towards NIS 2 registration / Companies affected by the entry into force of the NIS 2 Implementation Act must register as a “NIS 2 facility” and must always report “significant security incidents” to the BSI
datensicherheit.de11.12.2025
NIS-2 officially in force: Proliance recommendations for action for companies / On November 13, 2025, the NIS-2 package of measures was finally approved in the Bundestag – a turning point for German medium-sized businesses
datensicherheit.de06.11.2025
Almost a quarter of SME executives ignore the business relevance of cybersecurity / 23 percent of IT managers at German SMEs deny their “C-level” an understanding of the business relevance of their operational cybersecurity