NIS2 compliance, handled.
The directive is in force. Your firm is likely in scope. We turn the obligation into a finite project: measured, documented, defensible.
Discuss NIS2 compliance →NIS2 is in force. Your firm is likely in scope. Your management is personally accountable.
Most Luxembourg firms cannot demonstrate they took reasonable precautions. We turn that obligation into a finite, documented, defensible programme.
Our services
NIS2 compliance Luxembourg: three ways we can help
Eyes on your network. While you sleep.
An attacker doesn't wait for office hours. We watch for the signs: unusual logins, malware, data leaving. We tell you the moment something breaks.
See how managed detection works →Are you actually ready?
A focused review of where your firm stands against NIS2. Plain-language report, prioritised gaps, fixed scope, fixed price.
Book a NIS2 readiness review →- Based in Luxembourg
- Six years of MSSP experience
- Independent. We don't resell hardware.
- GDPR & NIS2 specialists
The regulatory reality
NIS2 makes management personally accountable.
NIS2 is the EU directive (2022/2555) requiring member states to transpose it into national law. Belgium completed transposition in 2024. In Luxembourg, the transposition law (Bill 8364) was adopted by the Chamber of Deputies on 28 April 2026 and is pending publication in the Mémorial. Entry into force is imminent.
Under NIS2, management bodies are personally responsible for approving and overseeing their organisation's cybersecurity measures. Directors, board members, and senior managers can face personal liability if the organisation suffers an incident and cannot demonstrate it took reasonable precautions.
Fines for essential entities reach €10 million or 2% of global annual turnover, whichever is higher. For important entities the ceiling is €7 million or 1.4% of turnover.
This is not a technical question. It is a governance question. The answer starts with knowing where you stand.
Talk to us about your NIS2 position