NIS2 extended the scope of regulated entities to thousands of Slovak companies — food production, logistics, waste, engineering from 50 employees up. Fines reach €10 million or 2 % of turnover. And auditors ask about your software too.
What the law expects from your software
Access management: an individual account per user, role-based permissions, logs of who changed what. Multi-factor authentication for administrators. Encryption in transit and at rest. Backups with tested restore — not just “we back up” but “we can be back in 4 hours”. And incident reporting within 24 hours, which is impossible without monitoring.
Where companies fail most often
On old internal systems: a shared “warehouse123” password, no logs, an unencrypted database on a server under the stairs. The paradox is that NIS2-driven modernisation usually pays for itself — the same changes the law requires also cut outages and error rates.
The sensible route: a gap analysis of your software against NIS2 requirements (part of our Audit 48), prioritisation by risk and a fixed remediation plan. Inspectors ask for documentation — have it before they ring.