Services · Assessment
NIS2: are you in scope — and what does it mean in practice?
First, a scoping memo with a reasoned answer to whether your business is likely covered by the NIS2 rules. Then, if relevant, a full gap assessment against the baseline principles from NSM — the Norwegian National Security Authority — with a board brief. Sober and precise: many who fear NIS2 aren’t covered, and many who are covered need less than they think.
Assessment
Price
from NOK 8,000
excl. VAT · scoping NOK 8,000–15,000 · full assessment NOK 30,000–80,000
All prices excl. VAT.
What’s included
- A scoping memo: a reasoned assessment of whether you’re likely in scope — with clear reservations where the rules aren’t final
- The regulatory status in plain language: what applies today, and what’s coming
- The full assessment: a gap analysis against the NSM baseline, scaled to your business
- A risk-ranked action list — what should be done first, and what can wait
- A board brief: 2–3 pages management actually reads, without technical jargon
- A foundation you can use to answer security requirements from customers and in tenders
How we work
- 01
Free intro call
We clarify your industry, size and why NIS2 has come up — often it’s a customer requirement. You get a fixed price for the scoping memo.
- 02
Scoping memo
A reasoned answer to whether you’re likely in scope, what applies if so, and a recommendation on the road ahead. Many stop here — that’s perfectly fine.
- 03
Full gap assessment
If relevant: interviews and a technical review against the NSM baseline, with risk-ranked findings.
- 04
Report and board brief
We go through the findings with you and deliver the report, the action list and a short brief management can act on.
A fit for you if
- have received security requirements or a questionnaire from a customer and wonder what NIS2 actually demands of you
- are in an industry that may be covered — energy, transport, health, waste, digital infrastructure, or a supplier to one
- want a sober answer before spending money on measures
- need something concrete to put in front of the board or management
Common questions
What does a NIS2 assessment cost?
The scoping memo costs NOK 8,000–15,000 excl. VAT and answers whether you’re likely in scope. The full gap assessment against the NSM baseline costs NOK 30,000–80,000 excl. VAT, depending on size and complexity. You choose after the scoping — nothing is automatic.
How long does it take?
The scoping memo is usually delivered within 1–2 weeks. The full assessment normally takes 3–5 weeks from kickoff, depending on access to people and systems.
Is NIS2 Norwegian law yet?
No, not yet. As of mid-2026, the NIS2 expansion has not been adopted as Norwegian law — what applies today is the Digital Security Act (digitalsikkerhetsloven), which covers far fewer businesses. The bill is in progress, and everything we deliver on NIS2 is clearly marked as based on non-final legislation. For most, the real driver is security requirements from customers who are themselves covered — those are arriving now, regardless of the legislative timeline.
What can the report be used for — and not?
The report is an assessment and gap analysis with a clearly defined scope: it shows where you stand against the NSM baseline and what you should do. It is not a certification, not a legally binding answer on whether you’re in scope, and not legal advice — final legal interpretations are referred to a lawyer. It works well as a basis for board discussions and for answering customer requirements.
We’re a small supplier — does this concern us?
Often yes, but indirectly: businesses that are covered push security requirements down onto their suppliers. If you’re getting those questionnaires, a gap assessment against the NSM baseline is usually the most sensible answer — whether or not you’re covered yourself.
Often bought together with
Security review (NSM baseline principles)
Interviews, a technical check and vulnerability scanning — a top-10 action list in a report management understands.
NOK 14,900–29,900
Security posture assessment (NIST CSF 2.0)
A maturity scorecard across six functions, top-10 actions and a 12-month roadmap — a neutral yardstick.
from NOK 12,000
Sikker Drift — IT support for small businesses
Support, patching and backup at a fixed monthly price — no lock-in.
NOK 590–990/user/mo