How is NIS2 different from the original NIS Directive?

NIS2 dramatically expands scope — it now covers ~160,000 EU entities across 18 sectors (vs. ~7,000 under NIS1), introduces personal liability for management bodies, mandates 24-hour early warning and 72-hour incident notification, and standardises 10 risk-management measures across all member states. Most importantly for our purposes, it makes workforce and management-body training an explicit legal obligation rather than implicit best practice.

Are we an essential or important entity?

Essential entities are large organisations in Annex I sectors (energy, transport, banking, financial market infrastructure, health, drinking water, wastewater, digital infrastructure, ICT service management, public administration, space). Important entities are medium organisations in Annex I or any size in Annex II sectors (postal/courier, waste, chemicals, food, manufacturing, digital providers, research). The classification drives both the obligations and the maximum fine tier. Our quote-prep call clarifies this in 5 minutes.

How long does a typical enterprise rollout take?

Most rollouts are live for the workforce within 5 business days of contract signature. Multi-entity rollouts (groups operating across EU member states) typically take 7–10 business days due to per-entity setup, but each entity completes independently.

Do you cover the Article 20 management-body training requirement?

Yes — every enterprise rollout includes a 45-minute management-body briefing covering Article 20 governance obligations, personal liability, risk-management measures, and incident reporting. It's specifically designed to satisfy supervisor expectations of board-level training without taking a full day.

How does pricing work for a team of 500 employees?

Enterprise pricing is volume-based with discount tiers at 25, 50, 100, 250, and 500+ seats. A 500-seat rollout typically lands 35–40% below list price. Multi-year terms unlock further discounts and include the annual refresher cycle. Multi-entity discounts apply for groups operating across multiple member states. Request a custom proposal for an exact quote.

Can we add custom modules — e.g. our incident response plan?

Yes. We routinely add policy attestations and custom modules: incident response plans, vendor risk procedures, business continuity playbooks, asset management standards. Your CSM scopes the additions during onboarding.

Do you offer single sign-on and SCIM?

Yes — SAML 2.0, OIDC, and SCIM provisioning are included on enterprise plans. New joiners are auto-enrolled into the right modules based on department; leavers are de-provisioned automatically.

Can we white-label certificates and learner emails?

Yes — your logo is added to certificates and learner-facing emails on every enterprise plan. Single-tenant white-label and custom domain are available on request.

NIS2 Compliance Training

Done-for-you NIS2 training for your whole team

We deliver mandatory NIS2 training across your workforce and management body — Article 20 governance, Article 21 risk-management measures, incident reporting, and supply-chain obligations. Managed rollout, audit-ready evidence. Live for your team in under a week.

Get a Team Quote Browse the Course Catalog

100,000+ professionals trained
Article 20 management-body briefing included
Live for your team in 5 business days

admin.compliquest.com / nis2 / training

NIS2 Programme · Q2 2026

Training completion overview

● LIVE

847

Enrolled

92%

Completed

4.8★

Rating

Overdue

All Employees

100%

Management Body

96%

IT & Security

88%

Incident Response

74%

Audit-ready

Article 39 met

Records signed & timestamped

Certificate Issued

847 employees

4-WEEK ROLLOUT

Programmes running at

RocheCoca-ColaSamsungHuaweiMicrosoftJPMorgan ChaseVolkswagenShellNestléSiemensBMWUnileverAXALufthansaPfizerAdidasRocheCoca-ColaSamsungHuaweiMicrosoftJPMorgan ChaseVolkswagenShellNestléSiemensBMWUnileverAXALufthansaPfizerAdidas

// why teams choose us

Why NIS2 training is mandatory — not optional

NIS2 Article 20(2) explicitly requires essential and important entities to ensure that members of their management body and their employees follow regular cybersecurity training. Article 20(1) makes the management body personally liable for non-compliance. Article 21 mandates a documented set of risk-management measures including awareness training, incident handling, and supply-chain security — all of which require workforce training to operate. Supervisory authorities across EU member states have begun audits and the first fines have already landed.

Article 20(2) — workforce + management body training is a direct legal requirement, not best practice

Article 20(1) — management bodies are personally liable for cybersecurity governance failures, including training gaps

Article 21 — risk-management measures (incident handling, supply chain, encryption, access control) all depend on trained staff

Article 23 — incident reporting within 24 hours; staff must know how to escalate or you miss the window

02 — Curriculum

Role-based
by default.

Different roles face different risks. Training tailored to job responsibilities.

01
All Employees
All Employees
02
Management Body
Management Body
03
IT & Security
IT & Security
04
Incident Response
Incident Response
05
Procurement & Vendor Risk
Procurement & Vendor Risk
06
AI Users
AI Users

03 — Process

From kickoff to fully trained in under four weeks.

weeks avg.

92%

completion

01Step
Week 1 · Discovery
Scope your risk
A 60-min working session with a specialist. We map your obligations, current training gaps, and regulator priorities in your jurisdiction.
- Compliance scan
- Regulator review
- Role-based gap analysis
02Step
Week 2–3 · Build
Tailor & integrate
Your processes, contacts, and policies go into the modules. We brand the LMS, wire SSO, and connect HRIS so enrolment is automatic.
- Custom scenarios
- White-label LMS
- HRIS / SSO sync
03Step
Week 4+ · Operate
Deploy & evidence
Roll out to all staff. Automated nudges hit non-completers. Manager dashboards in real time. Audit-ready records when regulators ask.
- Automated nudges
- Real-time dashboards
- Evidence pack

Ready to scope your programme?

Book a 30-min discovery call — no slides, no pitch, just specifics.

// platform & delivery

What every enterprise rollout includes

Managed rollout in 5 business days

Dedicated customer success manager handles enrolment, role mapping, kickoff communications, and reminder cadence.

Article 20 audit-ready evidence

Dated certificates per learner, exportable completion logs, and management-body training records that meet supervisory authority documentation expectations.

Manager dashboard & reporting

Track completion across teams, departments, and entities. Export evidence packages for supervisory authorities and customer security questionnaires.

Single sign-on (SSO) & SCIM

SAML 2.0, OIDC, and SCIM provisioning. New joiners enrolled automatically. Leavers de-provisioned. Zero admin overhead.

Annual refresher cycle built-in

Multi-year licensing rolls learners forward each year with content updates as member-state transposition guidance evolves.

Custom modules & policy attestations

Your logo on certificates, co-branded learner emails, and the option to attach your incident response plan or vendor risk policy to any module.

// from a customer

NIS2 made annual security training a board-level obligation. The managed rollout meant we hit the deadline without burning internal capacity, and the management-body briefing got our directors aligned in 45 minutes — exactly what Article 20(2) asks for.

Head of Information Security, Volkswagen

Manufacturing — 1,500+ employees trained

★★★★★

// by the numbers

€10M

or 2% of global turnover

€7M

or 1.4% of global turnover

Personal

liability for management body members

// frequently asked

Common questions.

Don't see your question? Send us a note — we usually reply same day.

Ask a question

Yes — Article 20(2) explicitly requires essential and important entities to ensure their management body members and employees follow regular cybersecurity training. The NIS2 Cooperation Group has published guidance reinforcing this, and supervisory authorities across EU member states have begun audits. Failure to comply exposes the organisation to fines up to €10M or 2% of global turnover, and management bodies to personal liability under Article 20(1).

Related guides

Cybersecurity

NIS2 Directive: Who Must Comply? The Definitive Guide to Scope, Sectors, and Obligations in 2026

Education

Compliance Glossary: Key Terms and Definitions 2026

Cybersecurity

Best Cybersecurity Awareness Training Providers (2026)

Ready when you are

Ready to brief us on your team rollout?

Tell us your entity classification (essential or important), your sector, and your headcount. We'll come back with a curriculum proposal, pricing, and a rollout plan within 1 business day.

Get a Team Quote Browse the Course Catalog

// programme summary

Time to deploy

4 weeks

Audience

All staff + role tiers

Languages

12 included

Updates

Quarterly, automatic

Pricing

Done-for-you NIS2 training for your whole team

100,000+ professionals trained

Article 20 management-body briefing included

Live for your team in 5 business days

What every enterprise rollout includes

Managed rollout in 5 business days

Dedicated customer success manager handles enrolment, role mapping, kickoff communications, and reminder cadence.

Article 20 audit-ready evidence

Dated certificates per learner, exportable completion logs, and management-body training records that meet supervisory authority documentation expectations.

Manager dashboard & reporting

Track completion across teams, departments, and entities. Export evidence packages for supervisory authorities and customer security questionnaires.

Single sign-on (SSO) & SCIM

SAML 2.0, OIDC, and SCIM provisioning. New joiners enrolled automatically. Leavers de-provisioned. Zero admin overhead.

Annual refresher cycle built-in

Multi-year licensing rolls learners forward each year with content updates as member-state transposition guidance evolves.

Custom modules & policy attestations

Your logo on certificates, co-branded learner emails, and the option to attach your incident response plan or vendor risk policy to any module.

Common questions.

Don't see your question? Send us a note — we usually reply same day.

Ask a question

Done-for-you NIS2 training for your whole team

Why NIS2 training is mandatory — not optional

Role-basedby default.

From kickoff to fully trained in under four weeks.

Scope your risk

Tailor & integrate

Deploy & evidence

What every enterprise rollout includes

Managed rollout in 5 business days

Article 20 audit-ready evidence

Manager dashboard & reporting

Single sign-on (SSO) & SCIM

Annual refresher cycle built-in

Custom modules & policy attestations

Common questions.

NIS2 Directive: Who Must Comply? The Definitive Guide to Scope, Sectors, and Obligations in 2026

Compliance Glossary: Key Terms and Definitions 2026

Best Cybersecurity Awareness Training Providers (2026)

Ready to brief us on your team rollout?

Done-for-you NIS2 training for your whole team

Why NIS2 training is mandatory — not optional

Role-basedby default.

From kickoff to fully trained in under four weeks.

Scope your risk

Tailor & integrate

Deploy & evidence

What every enterprise rollout includes

Managed rollout in 5 business days

Article 20 audit-ready evidence

Manager dashboard & reporting

Single sign-on (SSO) & SCIM

Annual refresher cycle built-in

Custom modules & policy attestations

Common questions.

NIS2 Directive: Who Must Comply? The Definitive Guide to Scope, Sectors, and Obligations in 2026

Compliance Glossary: Key Terms and Definitions 2026

Best Cybersecurity Awareness Training Providers (2026)

Ready to brief us on your team rollout?

Role-based
by default.

Role-based
by default.