Splnit.eu
PlatformDemoEU RegulationsBlogEarly accessAboutPricing
||
Sign in
Design partner
← All articles
NIS22 minApril 28, 2026

NIS2 for SMBs: a practical guide

NIS2 is not only a legal obligation. For SMBs it means measurable security controls, evidence of risk management, and the ability to respond quickly to incidents.

Author: Marco Zoratto, founder of Splnit.eu

In this article

When to startWhat must be provableHow to make it a process

When to start

Start by assessing your sector, company size, and role in the supply chain. Even a company outside direct regulation may face customer pressure to prove cybersecurity processes.

The first practical step is an inventory of systems and owners. Without it, it is hard to decide where MFA belongs, who handles incidents, and which evidence an auditor or customer will ask for.

  • Assign a person responsible for cybersecurity.
  • List key systems, identities, and suppliers.
  • Introduce recurring checks for MFA, backups, and incident response.

What must be provable

The authority will not only look for the existence of a policy. You need records showing that a control actually runs, when it was last checked, and who handled exceptions.

Typical evidence includes identity provider exports, access review records, incident logs, vulnerability reports, and approved security policies.

How to make it a process

NIS2 can be managed as a set of repeatable controls. Each control has an owner, status, evidence, and next review date. That keeps compliance from becoming a one-off audit project that goes stale.

Related regulation overview

Open overview: NIS2 →

Turn NIS2 into a first control checklist

Start with MFA, incident response, and suppliers: Splnit.eu maps them to controls, owners, and evidence you can check continuously.

Open the NIS2 overview
Splnit.eu

Early access platform for EU compliance automation.

Monthly EU regulation briefing

Product

  • Monitoring
  • Integrations
  • Trust Center
  • Security
  • Status
  • Early access
  • About
  • Pricing
  • Compare
  • Partners

Regulations

  • NIS2
  • EU AI Act
  • GDPR
  • ISO 27001

Contact

Splnit.eu — Czech sole-trader operator, Olomouc

Olomouc, Czech Republic

hello@splnit.eu
GDPRNIS2ISO 27001Vyhl. č. 410/2025 Sb.

© 2026 Splnit · Všechna práva vyhrazena

PrivacyTermsCookiesDPA
||