Does my SME fall under NIS2?

Not every SME falls directly under NIS2, but supply-chain responsibility can affect you indirectly. Large clients in critical sectors increasingly include demonstrable cybersecurity in their procurement conditions. Without compliance you risk losing contracts.

What does NIS2 compliance cost for an SME?

Lupasafe covers the cybersecurity risk-management measures of Article 21 of the NIS2 Directive (EU) 2022/2555 from 7.99 euro per user per month. This includes phishing simulations, e-learning, dark web monitoring, Microsoft 365 cloud audit and audit-ready compliance reports. No setup fees, no hidden costs.

Do I need an IT department to get started with Lupasafe?

No. Lupasafe is specifically designed for organisations without a dedicated IT-security team. Implementation takes less than 60 minutes and the platform fully automates training rollout, phishing simulations and reporting. Your existing IT partner can easily co-view the dashboard.

How quickly can I get started with NIS2 compliance?

Within 60 minutes you have insight into your current NIS2 status across the key Article 21 cybersecurity risk-management measures. The first phishing simulation can be sent the same week and the e-learning curriculum starts immediately after onboarding. Most SMEs are fully operational within 30 days.

Cybersecurity and NIS2 for SMEs: demonstrably secure in 2026

The NIS2 Directive holds management bodies personally accountable. Your customers and clients are asking for evidence. Lupasafe helps SMEs become NIS2 compliant, with no IT department and no major investment required.

Run the NIS2 scan See pricing

Why NIS2 directly affects SMEs

Four challenges your organisation faces right now, regardless of sector.

Management accountability

Under Article 20 of the NIS2 Directive (EU) 2022/2555, management bodies are personally accountable for cybersecurity. "Our IT provider takes care of that" is no longer a valid answer.

Supply-chain responsibility

Customers that fall under NIS2 must demonstrate that their suppliers, including you, work securely. No compliance means no contract.

No IT department

Most SMEs do not have a dedicated cybersecurity team. Lupasafe automates what would otherwise take hours of manual work.

Evidence, not policy

Auditors and clients want measurable data: training records, phishing results, compliance reporting. Paper policies are no longer enough.

"90% of cyber attacks start with a human error. At the first phishing test, an average of 40% of employees share a sensitive password."

Lupasafe benchmark data 2026

One dashboard for the NIS2 risk-management measures

Lupasafe covers the cybersecurity risk-management measures of Article 21 of the NIS2 Directive. Insight into your status within 60 minutes.

Current status

Green, amber or red across every key NIS2 risk-management measure. No surprises at the audit.

Progress over time

See month over month how your security posture improves. Evidence for auditors and clients.

Next best action

Exactly what to do to become audit-ready. No guesswork, no spreadsheets.

One place for all documents and evidence. Share with every stakeholder (your organisation, IT partner, auditor) and download everything for your auditor. One source of truth.

View the complete NIS2 checklist with every key risk-management measure →

Everything you need, deeply integrated

No standalone tools. Every module feeds your compliance dashboard automatically.

Security awareness training and e-learning

A 36-month curriculum, available in EN, NL, ES, DE and FR, 5 to 10 minutes per month per employee. Practical scenarios that match the daily work of your team.

More about security awareness training →

Phishing simulations

Quarterly simulations, from classic email to QR codes and smishing. Measure employee awareness and reduce risk measurably.

More about phishing simulations →

Dark web monitoring

20 billion+ records. Detect leaked passwords before criminals do.

Email security (DMARC)

A digital stamp that proves "this email really comes from our company".

Microsoft 365 cloud audit

MFA, permissions, segregation of duties: exactly what auditors ask for.

NIS2 and ISO 27001 reporting

Audit-ready reports covering the cybersecurity risk-management measures of Article 21.

40% Share a password at the first test

60 min From sign-up to full NIS2 status insight

€7.99 Per user per month

SMEs leading the way

Total Packaging

Total Packaging uses Lupasafe as an all-in-one security monitoring tool. Real-time insight into cyber threats, demonstrable NIS2 compliance and a culture of security awareness across the company.

Read the case study →

Your organisation?

Discover how quickly your business can become NIS2 compliant. Start with a free assessment and get insight into your status within 60 minutes.

Run the NIS2 scan

Who is this for?

Lupasafe is built for SMEs that want fast, affordable and demonstrable cybersecurity.

✓ 5 to 250 employees
✓ No dedicated IT-security team
✓ Demonstrate NIS2 compliance to customers and auditors
✓ Fast start, insight within 60 minutes
✓ Transparent costs, no surprises

Ready to make your business NIS2 proof?

Start with a free 30-day assessment. No credit card required. Insight into your NIS2 status within 60 minutes.

Run the NIS2 scan Start free assessment

NIS2 checklist for SMEs: 10 steps

The practical checklist to make your organisation NIS2 compliant.Read more →

NIS2 supply-chain responsibility

What supply-chain responsibility means for you as a director.Read more →

Setting up a NIS2 awareness campaign

Why the NIS2 Article 21 staff-training requirements ask more than just e-learning.Read more →

Disclaimer: This page is based on publicly available information, customer conversations and our own product knowledge (March 2026). NIS2 requirements can vary per organisation. Consult a legal advisor for specific advice on your situation. Spotted an inaccuracy? Let us know via our contact form, we are happy to update it.