๐ ๐ฏ๐ถ๐ธ๐ฒ ๐บ๐ฎ๐ป๐๐ณ๐ฎ๐ฐ๐๐๐ฟ๐ฒ๐ฟ ๐๐ถ๐๐ต ๐ฎ๐ฌ๐ฌ ๐ฒ๐บ๐ฝ๐น๐ผ๐๐ฒ๐ฒ๐ ๐ท๐๐๐ ๐ณ๐ผ๐๐ป๐ฑ ๐ผ๐๐ ๐๐ต๐ฒ๐ ๐ณ๐ฎ๐น๐น ๐๐ป๐ฑ๐ฒ๐ฟ ๐ก๐๐ฆ๐ฎ.
Other transport equipment, NACE C.30, Annex II. Nobody told them โ because under NIS2, nobody will. You have to figure it out yourself.
#NIS2 is what #GDPR did for personal data, but for cybersecurity. If you provide services that matter to the economy and you're above a certain size you secure your IT systems, report incidents, prove you're doing both. Across the EU, manufacturing, food, chemicals, waste management are hitting cybersecurity regulation for the first time.
That bike company now faces 10 mandatory risk management measures under Art. 21. A 24-hour incident reporting obligation โ running parallel to GDPR's 72-hour track to a different authority. And management body liability: Art. 20 requires personal board engagement. Germany went further with ยง 38(2) BSIG: the Managing Director/CEO is personally liable. Not the company, the person.
Transposition varies wildly in the #EU. Germany in force since December 2025, no transition. Italy live since October 2024. France, Netherlands, Spain still pending.
The German Federal Office for Information Security (BSI) offers a free scope check tool. It tells you whether you're affected. But it stops there.
So I built a NIS2 Navigator - a Claude Skill that runs scope classification, gap analysis across all 10 measures, and a prioritized roadmap in ~20 minutes. Deep German integration, plus profiles for Italy, France, Netherlands, Austria, Spain. Built on the Directive, ENISA guidance, and BSI #nis2know packages.