Online tool and learning platform provide support for NIS2 Directive
Since the beginning of the year, the new EU Directive on Network and Information Security (NIS2) has also been in force in Germany. This obliges numerous companies to implement higher levels of cyber security. The SICP – Software Innovation Campus Paderborn supports SMEs with the projects KMU.kompetent.sicher and FitNIS2 in assessing their vulnerability and optimising their cybersecurity strategy. The new learning platform has now been launched.
NIS2 is the revised EU directive from 2022 and affects approximately 30,000 companies from 18 sectors, ranging from healthcare to transport and telecommunications. Due to its integration into supply chains and the digital networking often associated with this, the directive also affects many small and medium-sized enterprises (SMEs). ‘SMEs in particular often struggle with limited resources in the area of IT security and are dependent on vendor-independent support,’ says Prof. Dr. Simon Thanh-Nam Trang from Paderborn University. This is precisely where two projects come in, in which the SICP – Software Innovation Campus Paderborn, a research and innovation network of Paderborn University with industry partners, is involved.
KMU.kompetent.sicher offers tailor-made e-learning with NIS2 relevance
In the KMU.kompetent.sicher project, SICP is working with the University of Hohenheim, the InnoZent OWL innovation network and IT service provider coactum to develop a training platform to provide practical support to SMEs in implementing the NIS2 Directive. The project is funded by the Federal Ministry for Economic Affairs and Energy with around one million euros and will run for another two years.
After the first year of the project, the project partners have reached an important milestone: the learning platform has now been launched. It consists of practice-oriented ‘learning nuggets’, i.e. small modular (video) learning units, quiz questions and interactive tasks to apply what has been learned. With the help of storytelling elements such as true crime examples, it shows, for example, how phishing, a form of internet fraud, works, what the consequences are and what measures can protect against it. The learning paths ‘NIS2 basic protection’ and ‘Assessing threats correctly’ cover topics tailored to NIS2. Further learning paths are planned, such as IT security culture, risk management, backup management, secure handling of emails, emergency management, password security and ransomware.
Overall, the project aims to train management and employees. The concept includes a control loop to identify training needs for the company and anchor them sustainably in the culture.
Who is affected by the NIS2 Implementation Act and what needs to be done? The FitNIS2 Navigator finds out
In the ‘FitNIS2’ project, the SICP has developed the FitNIS2 Navigator in cooperation with Deutschland sicher im Netz e.V. and the Cybersecurity Transfer Office. In the first step, the online tool analyses whether a company is covered by the directive. In the second step, the current degree of compliance with NIS2 requirements is analysed, and in the third step, users receive clear recommendations on how to meet the NIS2 requirements. The project is funded by the Federal Ministry for Economic Affairs and Energy (BMWE) for a total of two years until August 2026. The free FitNIS2 Navigator has been available since June 2025 at: fitnis2.de.
Just three months after the tool was released, the FitNIS2 Navigator impact assessment had been completed 1,500 times. In addition, 700 participants completed the self-assessment for compliance with NIS2 requirements. This means that the planned usage targets for the first half of the year were achieved. The navigator is currently being expanded to include specific requirements for small businesses based on the CyberRiskCheck from the Federal Office for Information Security (BSI). Industry-specific criteria will also be added in the next project phase. In future, SMEs will receive targeted information on their NIS2 impact and possible overlaps with other relevant regulations, depending on their sector.
‘Both projects thus provide a free introduction to the topic of NIS2. A comprehensive range of events within the projects complements the information on offer,’ says Dr Simon Oberthür, Head of the Digital Sovereignty Innovation Division at SICP – Software Innovation Campus Paderborn.
This text was translated automatically.
