NIS2 compliance consulting for businesses

NIS2 applies to medium and large enterprises in essential and important sectors: energy, transport, healthcare, digital infrastructure, public administration, manufacturing, food and others. SMEs that are part of the supply chain of these sectors may also be affected. In Piacenza and Emilia-Romagna, the manufacturing and logistics landscape means many businesses may potentially fall within scope. We can help you verify whether you are included.

Penalties can reach 10 million euros or 2% of global annual turnover for essential entities, and 7 million euros or 1.4% for important entities. The board of directors and management are personally responsible for overseeing security measures.

Operational obligations have been in force since 1 January 2026. Full compliance is required by October 2026. Time to comply is limited: starting now is essential to avoid penalties and protect your business.

ISO/IEC 27001 certification covers a large part of the NIS2 requirements relating to risk management, security governance and technical measures. It is not sufficient on its own (NIS2 also requires incident notification and supply chain management), but it is the strongest starting point. AtWorkStudio is certified to ISO/IEC 27001, 27017, 27018 and ISO 9001.

The first step is an assessment based on a recognised framework such as NIST CSF 2.0. We offer a free online assessment at nist.atws.app/en/: 106 questions, an instant report and a gap analysis against NIS2 requirements. From there we define a tailored compliance plan.

It is the process required by article 30 of the Italian Legislative Decree 138/2024 that obliges the entity to identify the NIS activities and services performed, map them to the macro-areas defined by ACN and assign a relevance category. It is not just data entry on the portal: categorisation will become the basis on which ACN will calibrate future obligations proportionately. It must be integrated with inventory, risk analysis, business continuity and supplier management. See the ACN clarifications from the Clusit event of 29 April 2026.

Yes, if they are non-fungible suppliers whose absence would compromise the continuity of NIS activities or services. The ACN template defines three categories: ICT supply, non-fungible supply and non-fungible ICT supply. A raw material supplier, a specific industrial component or a hard-to-replace logistics service can be relevant even if it does not deliver technology. The key is fungibility, not the ICT nature.

No. In Italy, today, there are no private entities certified as NIS2 compliance auditors with an ACN mandate. Organisations can be supported by qualified consultants or auditors to verify their adequacy level, but no third party can officially «certify» NIS2 compliance on behalf of the authority. Be wary of those proposing quick and reassuring labels: independent verification is useful, «miraculous» certification is something else.

Yes. Our office is in Piacenza and we operate across Italy. We support manufacturing, logistics and service companies in Piacenza and Emilia-Romagna through the NIS2 compliance journey, from gap analysis to full compliance. As Clusit members and with certifications to ISO/IEC 27001, 27017, 27018 and ISO 9001, we guarantee a structured and verifiable approach.