top of page
cybersecurity.webp

Network and Information Security (NIS 2)

Most of European Union countries, including Luxembourg, are still lagging behind in transposing the NIS 2 Directive into their national legislation. As a result, some companies offering comprehensive gap analysis or remediation frameworks for NIS 2 compliance to in-scope entities may be prematurely capitalizing on their clients' trust.
These premature services risk being misaligned with the final transposed requirements, potentially leading to inefficiencies or missteps in achieving compliance. It is crucial for businesses to remain cautious and ensure that their compliance efforts align with the finalized national implementations of the directive.
The primary service that compliance-focused companies, such as Thot IT Solutions, can genuinely and effectively provide at this stage is a Scope Analysis. This service assesses whether an entity falls within the scope of the NIS 2 Directive.

Our Offer

2 Steps Gap Analysis

Step 1: Evaluation Based on Size

  •  Assess whether the entity qualifies as an Essential Entity (operating in highly critical sectors) or an Important Entity (operating in other critical sectors), as defined in Article 3 of the NIS 2 Directive.

  • If the entity meets the size criteria outlined in the directive, it is classified as an In-Scope Entity “by size” (a term we use here to reflect this specific categorization based on financial and staffing criteria).

Step 2: Evaluation Excluding Size

  •  Analyze whether the entity is explicitly listed in the limitative categories outlined in Article 2 of the NIS 2 Directive, regardless of its size.

  • Entities falling within these categories are inherently critical to the directive's objectives and are classified as In-Scope Entities “by essence” (a term we use here to denote classification based on the nature of operations).

bottom of page