Maximum

Kertos automates your compliance standards, such as ISO 27001, GDPR, SOC 2, or the EU AI Act – from the initial analysis to the audit and as a sustainable solution far beyond.

Get a demo
Leading companies trust us with their Nis2 Compliance Journey
AskUI
pliant
Stallkamp
Grohe
A&O
Blacklane
Lixil
Personio
FINN
Any Bill
Augmented Industries
Aware
Contract Hero
Deeploi
Enpal
Flink
Kyon Energy
Muffintech
Neotaste
Reusch Law
Wellster
Gaia
CHOOSE YOUR FRAMEWORK

One platform,

The all-in-one compliance solution for growing companies of all sizes.

Essential Entities

Stricter oversight. Proactive supervision. Higher penalties.

  • Energy (electricity, gas, oil, hydrogen, district heating)
  • Transport (air, rail, water, road)
  • Banking & financial infrastructure
  • Healthcare (hospitals, labs, pharma)
  • Drinking water & wastewater
  • Digital infrastructure (DNS, data centers, cloud)
  • ICT service providers (MSPs, MSSPs)
  • Public administration
  • Space

Threshold: 250+ employees OR €50M+ revenue
Penalty: Up to €10 million or 2% global turnover

The proof of data security and data protection in cloud services.

Get a demoDiscover Kertos

Rethinking Compliance:

Our platform makes information security easier, reduces complexity and accompanies you through to successful certification with expert support.

€10M

satisfied customers

2%

audit success

24h

industries covered

≈ 80%

faster than usual

WHY NIS2 is different

Personal Liability for Executives

NIS2 isn't just another compliance checkbox. For the first time, EU cybersecurity regulation holds individual executives personally accountable — not just the company.

What Article 20 Requires

Under NIS2, management bodies must:

  • Approve cybersecurity risk management measures
  • Oversee implementation of those measures
  • Complete regular cybersecurity training
  • Be held personally liable for failures

This isn't corporate liability passed to individuals. This is direct, personal accountability written into law.

  • €10M
    Personal fines (not covered by most D&O insurance)

  • Management ban
    Temporary prohibition from executive positions

  • Criminal liability
    In cases of gross negligence

  • Reputational damage
    Follows the individual, not the company

Not sure which category applies? Our 2-minute assessment tells you exactly where you stand.

Find out if you're affected

How Kertos Gets You NIS2 Compliant

One platform, many frameworks

No more Excel chaos or expensive consultants: Kertos is your central platform for ISO 27001, SOC 2, TISAX®, GDPR, and the EU AI Act – all compliance frameworks in one place. Our solution makes your organization audit-ready, automates processes, and helps your team reach its goals faster.

Read more
Smart integrations, automated workflows

Leverage over 100 integrations to seamlessly connect your compliance processes with the tools you already use – from email and ticketing systems to CRMs. Automate repetitive tasks, optimize workflows, and reduce manual effort so your team can focus on what truly matters.

Read more

NIS2 Compliant in weeks, not months

Traditional consulting takes months and costs hundreds of consulting hours. Here's how Kertos gets you there in weeks with 80% less manual work.

1

Assessment & Setup

2

Policies & Documentation

3

Technical Controls

4

Training & Awareness

5

Incident Readiness

6

Validation & Registration

NIS2 IN GERMANY

The NIS2UmsuCG Is Now in Effect

Germany transposed NIS2 through the NIS-2-Umsetzungs- und Cybersicherheitsstärkungsgesetz. If you operate in Germany, these are the specifics that matter.

BSI Registration Is Mandatory

All affected entities must register with the Bundesamt für Sicherheit in der Informationstechnik (BSI).

  • Designate a point of contact
  • Provide IP ranges and domain names
  • Update within 2 weeks of any changes
  • Failure to register = immediate non-compliance

Kertos generates your registration documentation automatically.

German Classification Terms

NIS2 uses EU terminology. German law uses different labels.

  • Essential Entities vs. Besonders wichtige Einrichtungen
  • Important Entities vs. Wichtige Einrichtungen
  • Critical Infrastructure vs. KRITIS-Betreiber

Know which category applies to you — it determines your obligations and supervision level.

KRITIS + NIS2 = Both Apply

Classified as KRITIS operator? NIS2 adds requirements — it doesn't replace obligations.

  • 24-hour incident reporting (vs. 72h for KRITIS)
  • Personal liability for management
  • Expanded supply chain requirements
  • BSI registration under new categories

Kertos manages both frameworks from one platform.

Why German Companies Choose a German Platform

US platforms built for SOC 2 and retrofitted for Europe don't understand the nuance. Kertos was built here, for here.

  • 🇩🇪 German-built: Developed in Germany, by a German team, for German requirements
  • 🔒 German data residency: Your compliance data stays in Germany — no transatlantic transfers
  • 🗣️ German-language support: Native support as standard, not an afterthought
  • 📋 BSI expertise: We understand German regulatory context firsthand
  • SOC 2 Type II certified: We practice what we preach

Kertos manages both frameworks from one platform.

Book a Demo
TESTIMONIALS

What our

Compliance that convinces: Whether B2C, B2B, startup, scale-up or SME, Kertos is the right solution for companies with growing compliance requirements.

Jonas Menesklou
Jonas Menesklou
CEO & Co-Founder
ISO 27001

"We especially appreciate the Trust Center"

After having a disappointing experience with a US-based provider, we wanted a platform that truly supports us efficiently and saves time. With Kertos, we achieved ISO 27001 certification in just 2.5 months—without external consultants and without blocking our team. Everything was clearly structured, well managed, and technically well thought out. The decisive factor for us was also the integrated Trust Center: it allows us to immediately demonstrate to our customers how seriously we take security.

Florian Fesch
Florian Fesch
Co-Founder, Tech & Product
ISO 27001

“Sustainably optimizing internal processes”

Kertos enabled us to significantly accelerate the complex ISO 27001 certification process and sustainably improve our internal workflows. The intuitive platform, combined with extensive automation, provided substantial relief—truly a game-changer for growing companies with high security requirements.

Janina Möllmann
Janina Möllmann
CEO @GAIA Technologies
ISO 27001

“ISO 27001 certification within a few weeks”

With Kertos, we were able to achieve our ISO27001 certification within a few weeks. It was immediately obvious that this was a powerful compliance automation solution developed in and for the European market!

Stefan Hessel
Stefan Hessel
Salary Partner & Head of Digital Business, reuschlaw
ISO 27001

“Reliable partner for all compliance issues”

For us, Kertos is the reliable partner for all compliance issues. Whether it's ISO27001 certification or data protection, we really appreciate Kertos' expertise and support.

Matthias Knoche
Matthias Knoche
COO, McMakler
GDPR

“Unique solution for European companies”

Kertos offers a unique compliance automation solution for European companies, which, thanks to the combination of expertise and automation, stands out significantly from the mass processing of large compliance companies on other continents.

Julian Lübke
Julian Lübke
Co-Founder & CEO, deeploi
GDPR

“Real compliance powerhouse”

Kertos quickly and precisely guided us through the GDPR and ISO27001 certification compliance jungle. The Kertos platform was easy to implement and is a real compliance powerhouse due to the high level of automation.

Adrian Kapsalis
Adrian Kapsalis
CEO of Kyon Energy
ISO 27001

“Adapts to our changing needs”

Kertos adapts to our changing needs so we can focus on growing our business.

Mirco Roth
Mirco Roth
Co-Founder & CTO, Augmented Industries
ISO 27001

“Absolutely impressed us”

From start to ISO 27001 in 2.5 months? — With Kertos, this goal was possible. We were absolutely impressed by the combination of technical innovation, comprehensive expert knowledge and flexible adaptation to our business needs.

Ferdinand Schmidt-Thomé
Ferdinand Schmidt-Thomé
Co-Founder, Aware
GDPR

“Flexible and scalable solution for GDPR compliance”

As a health-tech company that deals with sensitive customer data, we have found a flexible and scalable solution to comply with the GDPR in Kertos. It strengthens the trust of our customers, sets new standards through automation, and the support team is consistently responsive and reliable when it comes to urgent concerns — Kertos is therefore the all-in-one solution that really pays off for us.

All success stories
Integrations

Over 100

Simply connect and get started: With numerous integrations, connecting your IT landscape is child's play.

Discover integrations
RessourceS

Discover our ressources

Find useful whitepapers, videos, and practical tools to help you efficiently achieve your compliance goals.

NIS2 Registration: Your Country-by-Country Deadline Calendar

A country-by-country breakdown of NIS2 registration deadlines across all 27 EU Member States.

Read now
Germany's NIS2 Law Has Passed: 5 Things Every CEO Must Know

5 critical actions for German CEOs before the March 2026 registration deadline.

Read now
What ENISA's 170-Page NIS2 Guidance Really Means

Breaking down ENISA's technical guidance into the 13 core implementation areas you must address.

Read now
The Hidden Cost of NIS2: Why Most Companies Are Overspending

Where NIS2 budgets actually go and how automation reduces costs by 80%.

Read now
NIS2 and DORA: How to Achieve Both Without Doubling Your Workload

How to achieve both NIS2 and DORA compliance efficiently using the 70% overlap between frameworks.

Read now
NIS2 Self-Assessment: Is Your Company Affected?

A 5-minute test to determine if your company falls under NIS2 scope.

Read now
NIS2 Risk Management: A Practical Guide to Article 21

How to build a risk management program that satisfies NIS2 requirements and improves security.

Read now
NIS2 FAQ: 50 Questions Answered

Everything you need to know about NIS2, answered directly in 50 common questions.

Read now
NIS2 Business Continuity and Crisis Management Guide

What NIS2 requires for business continuity and how to build programs that work during real incidents.

Read now
NIS2 Executive Liability: What European Leaders Must Know

What personal liability under NIS2 means, what triggers it, and how executives can protect themselves.

Read now
NIS2 Management Training Requirements: What Executives Must Learn

What NIS2 requires for management training, what it must cover, and how to document it.

Read now
NIS2 Implementation Roadmap: From Zero to Compliant in 6 Months

A realistic 6-month timeline for achieving genuine NIS2 compliance with operational capability.

Read now
NIS2 Compliance Checklist: The Complete Requirements Guide

Every NIS2 obligation broken down into actionable checklist items for implementation and verification.

Read now
NIS2 Supply Chain Security: What Article 21 Means for Your Vendors

What NIS2 Article 21(2)(d) demands for supply chain security and how to address it.

Read now
NIS2 vs ISO 27001: Which Do You Need and How They Work Together

How NIS2 and ISO 27001 relate, where they overlap, where they differ, and how to build an efficient compliance strategy.

Read now
NIS1 vs NIS2: What Changed and Why It Matters

Understanding the seven major changes from NIS1 to NIS2 and what they mean for your compliance.

Read now
What is NIS2? The Complete Guide for European Companies

Everything you need to know about NIS2: what it is, who it affects, what it demands, and how to achieve compliance.

Read now
Compliance und Ethik

Eine Diskussion über die Bedeutung von Ethik in der Compliance.

Read now
No items found.
No items found.