NIS2Maximum

Kertos automates your compliance standards, such as ISO 27001, GDPR, SOC 2, or the EU AI Act – from the initial analysis to the audit and as a sustainable solution far beyond.

Get a demo
AskUI
pliant
Stallkamp
Grohe
A&O
Blacklane
Lixil
Personio
FINN
Any Bill
Augmented Industries
Aware
Contract Hero
Deeploi
Enpal
Flink
Kyon Energy
Muffintech
Neotaste
Reusch Law
Wellster
Gaia
CHOOSE YOUR FRAMEWORK

One platform, Your Company?

The all-in-one compliance solution for growing companies of all sizes.

Essential Entities

Stricter oversight. Proactive supervision. Higher penalties.
  • Energy (electricity, gas, oil, hydrogen, district heating)
  • Transport (air, rail, water, road)
  • Banking & financial infrastructure
  • Healthcare (hospitals, labs, pharma)
  • Drinking water & wastewater
  • Digital infrastructure (DNS, data centers, cloud)
  • ICT service providers (MSPs, MSSPs)
  • Public administration
  • Space
Treshold
250+ employees or €50M+ revenue
Treshold
Up to €10 million or
2% global turnover

Important Entities

Significant obligations. Reactive supervision. Self-assessment required.
  • Manufacturing (medical devices, electronics, machinery, vehicles)
  • Food production & distribution
  • Chemical production
  • Postal & courier services
  • Waste management
  • Digital providers (marketplaces, search engines, social platforms)
  • Research organizations
  • Software Companies
Treshold
50+ employees or
€10M+ revenue
Treshold
Up to €7 million or
1.4% global turnover
Not sure which category applies?
Our 2-minute assessment tells you exactly where you stand.
Get a demo

Kertos at a Glance
Non-Compliance

Kertos is the no-code solution for intuitive compliance. We help fast-growing companies like Enpal, Blacklane, and Flink automate their data privacy and information security processes, saving them hundreds of hours of manual work.

2 Offices

With offices in Berlin and Munich, we’re driving Kertos forward at the heart of innovation.

More than 60 Team Members

Over 60 talented colleagues are shaping the future of compliance with us.

About 30% Women

We’re proud of our team’s diversity but know there’s still room to grow.

16 Nationalities

Our team combines perspectives from 15 nationalities, fueling our success.

WHY IS NIS2  DIFFERNET

Personal Liability for
Executives

NIS2 isn't just another compliance checkbox. For the first time, EU cybersecurity regulation holds individual executives personally accountable — not just the company.

What Article 20 Requires

Under NIS2, management bodies must:

  • Approve cybersecurity risk management measures
  • Oversee implementation of those measures
  • Complete regular cybersecurity training
  • Be held personally liable for failures
This isn't corporate liability passed to individuals. This is direct, personal accountability written into law.
€10M

Personal fines (not covered by most D&O insurance)

Management ban

Temporary prohibition from executive positions

Criminal liability

In cases of gross negligence

Reputational damage

Follows the individual, not the company

Not sure which category applies?
Our 2-minute assessment tells you exactly where you stand.
Find out if you're affected
LOREM IPSUM

How Kertos Gets You
NIS2 Compliant

All 10 Article 21 Measures - Covered
NIS2 mandates 10 specific security controls.Kertos maps every requirement to actionable tasks, pre-built policies, and automated evidence collection. No gaps. No guesswork.
24-Hour Incident Reporting - Built In
NIS2 requires initial incident notification within 24 hours. Kertos includes pre-configured workflows, notification templates, and audit trails so you never miss the window.
Executive Liability - Documented
Personal liability means executives need proof they approved and oversaw security measures. Kertos creates the documentation trail that protects leadership when regulators ask questions.
ISO 27001 Overlap - 70% Head Start
Already certified? ISO 27001 covers most of what NIS2 requires. Kertos shows exactly where you're already compliant and what's left to close the gap.
LOREMIPSUM

NIS2 Compliant in weeks, not months

Traditional consulting takes months and costs hundreds of consulting hours. Here's how Kertos gets you there in weeks with 80% less manual work.

Assessment & Setup
Policies & Documentation
Technical Controls
Training & Awareness
Incident Readiness
Validation & Registration
NIS2 IN GERANY

The NIS2UmsuCG Is
Now in Effect

Germany transposed NIS2 through the NIS-2-Umsetzungs- und Cybersicherheitsstärkungsgesetz. If you operate in Germany, these are the specifics that matter.

BSI Registration Is Mandatory

All affected entities must register with the Bundesamt für Sicherheit in derInformationstechnik (BSI).

  • Designate a point of contact
  • Provide IP ranges and domain names
  • Update within 2 weeks of any changes
  • Failure to register = immediate non-compliance
Talk to an Expert
Kertos prepares everything for you automatically.

German Classification Terms

NIS2 uses EU terminology. German law uses different labels.

  • Essential Entities vs. Besonders wichtige Einrichtungen
  • Important Entities vs. Wichtige Einrichtungen
  • Critical Infrastructure vs. KRITIS-Betreiber
Book a demo now
It determines your obligations and supervision level.

KRITIS + NIS2 = Both Apply

Classified as KRITIS operator? NIS2 adds requirements - it doesn't replace obligations.

  • 24-hour incident reporting (vs. 72h for KRITIS)
  • Personal liability for management
  • Expanded supply chain requirements
  • BSI registration under new categories
Check if you’re affected
Kertos aligns both frameworks automatically.

Why German Companies Choose a German Platform

Us platforms built for SOC 2 and retrofitted for Europe don't understand the nuance. Kertos was built here, for here.

  • German-built
    Developed in Germany, by a German team, for German requirements
  • German data residency:
    Your compliance data stays in Germany - no transatlantic transfers
  • German-language support:
    Native support as standard, not an afterthought
  • OBSI expertise:
    We understand German regulatory context firsthand
  • SOC 2 Type II certified:
    We practice what we preach
Talk to an Expert
Kertos aligns both frameworks automatically.
Avoid Penalties
Book a demo
TESTIMONIALS

What our customers say

Compliance that convinces: Whether B2C, B2B, startup, scale-up or SME, Kertos is the right solution for companies with growing compliance requirements.

Jonas Menesklou
Jonas Menesklou
CEO & Co-Founder
ISO 27001

"We especially appreciate the Trust Center"

After having a disappointing experience with a US-based provider, we wanted a platform that truly supports us efficiently and saves time. With Kertos, we achieved ISO 27001 certification in just 2.5 months—without external consultants and without blocking our team. Everything was clearly structured, well managed, and technically well thought out. The decisive factor for us was also the integrated Trust Center: it allows us to immediately demonstrate to our customers how seriously we take security.

Florian Fesch
Florian Fesch
Co-Founder, Tech & Product
ISO 27001

“Sustainably optimizing internal processes”

Kertos enabled us to significantly accelerate the complex ISO 27001 certification process and sustainably improve our internal workflows. The intuitive platform, combined with extensive automation, provided substantial relief—truly a game-changer for growing companies with high security requirements.

Janina Möllmann
Janina Möllmann
CEO @GAIA Technologies
ISO 27001

“ISO 27001 certification within a few weeks”

With Kertos, we were able to achieve our ISO27001 certification within a few weeks. It was immediately obvious that this was a powerful compliance automation solution developed in and for the European market!

Stefan Hessel
Stefan Hessel
Salary Partner & Head of Digital Business, reuschlaw
ISO 27001

“Reliable partner for all compliance issues”

For us, Kertos is the reliable partner for all compliance issues. Whether it's ISO27001 certification or data protection, we really appreciate Kertos' expertise and support.

Matthias Knoche
Matthias Knoche
COO, McMakler
GDPR

“Unique solution for European companies”

Kertos offers a unique compliance automation solution for European companies, which, thanks to the combination of expertise and automation, stands out significantly from the mass processing of large compliance companies on other continents.

Julian Lübke
Julian Lübke
Co-Founder & CEO, deeploi
GDPR

“Real compliance powerhouse”

Kertos quickly and precisely guided us through the GDPR and ISO27001 certification compliance jungle. The Kertos platform was easy to implement and is a real compliance powerhouse due to the high level of automation.

Adrian Kapsalis
Adrian Kapsalis
CEO of Kyon Energy
ISO 27001

“Adapts to our changing needs”

Kertos adapts to our changing needs so we can focus on growing our business.

Mirco Roth
Mirco Roth
Co-Founder & CTO, Augmented Industries
ISO 27001

“Absolutely impressed us”

From start to ISO 27001 in 2.5 months? — With Kertos, this goal was possible. We were absolutely impressed by the combination of technical innovation, comprehensive expert knowledge and flexible adaptation to our business needs.

Ferdinand Schmidt-Thomé
Ferdinand Schmidt-Thomé
Co-Founder, Aware
GDPR

“Flexible and scalable solution for GDPR compliance”

As a health-tech company that deals with sensitive customer data, we have found a flexible and scalable solution to comply with the GDPR in Kertos. It strengthens the trust of our customers, sets new standards through automation, and the support team is consistently responsive and reliable when it comes to urgent concerns — Kertos is therefore the all-in-one solution that really pays off for us.

All success stories
Integrations

Over 100 Integrations available

Simply connect and get started: With numerous integrations, connecting your IT landscape is child's play.

Discover integrationsDiscover Kertos
Ressourcen

Entdecke unsere Ressourcen

Finde nützliche Whitepapers, Videos und praxisorientierte Tools, die dir helfen, deine Compliance-Ziele effizient zu erreichen.

How to Quickly Get ISO 27001 Certified
Article
InfoSec
How to Quickly Get ISO 27001 Certified

The Traditional Approach vs. the Modern Path. Faster certification, less effort, zero chaos.

Jetzt lesen
Buyer’s Guide to Choosing the Best ISO 27001 Compliance Tools for Simplified ISMS Management in 2026
Artikel
InfoSec
Buyer’s Guide to Choosing the Best ISO 27001 Compliance Tools for Simplified ISMS Management in 2026

Everything you should take into account when choosing the best ISO 27001 compliance automation solution.

Jetzt lesen
The future of cybersecurity in Europe: What comes after NIS2?
blog
InfoSec
The future of cybersecurity in Europe: What comes after NIS2?

With the NIS2 Directive, Europe is entering a new era of digital security. But what does the future look like — and what opportunities and challenges does this bring for companies, authorities and society as a whole?

Jetzt lesen
No items found.
No items found.

📅 Schedule Your 5min Compliance Check

Please enter your business email to continue. We require a company email address to ensure we can best serve your organization.

📞 5min Compliance Check