R
Reglyze
enfritdept
Article 20(2) & 21(2)(g) NIS2 training

NIS2 training for the whole organization
10-minute intro free

Watch our free 10-minute lead-magnet now — no signup, no credit card. Then unlock the full bundle: Foundations modules for the management body, IT, and general staff, with PDF attestations and an auto-updating training register.

Lead Magnet · NIS2 em 10 minutos

10 min · mixed

1 / 5

Slide 1 — Capa

NIS2 em 10 minutos O que toda a PME europeia tem de saber — sem o jargão jurídico.

Um lead magnet Reglyze · edição 2026.

A NIS2 é a diretiva europeia que torna a higiene cibernética de base e a notificação obrigatória de incidentes um dever legal para dezenas de milhares de empresas europeias — e um dever pessoal dos dirigentes que as conduzem.

This module is awaiting expert review.

What's covered

Three tracks aligned with NIS2 obligations

Each role faces a different cyber-risk surface. We map the four Foundations modules to the audience that needs them most.

Management body

Article 20 obliges the management body to approve risk-management measures and follow training. Our board track covers governance duties, accountability, fines, and oversight cadence.

  • Article 20 oversight & approval responsibilities
  • NIS2 fines: who is personally liable and when
  • Reading a gap-assessment report
  • Decision points: investments, suppliers, incidents
IT & security teams

Article 21(2) defines ten minimum cybersecurity hygiene measures. The IT track makes these concrete with examples, control mappings, and incident-response procedures.

  • Hygiene baseline (Art. 21(2) a–j) deep-dive
  • Incident detection, classification, and reporting timing
  • Supply-chain risk assessment basics
  • Crosswalk with ISO 27001, SOC 2, DORA
General staff

Phishing, password hygiene, social engineering, and incident reporting — the everyday behaviors that decide whether an attack succeeds. Plain-language modules anyone can follow.

  • Phishing & social-engineering recognition
  • Password & MFA hygiene
  • How to report a suspected incident — and why timing matters
  • What 'an NIS2 incident' actually looks like at work
What you get

Audit-ready evidence, not just videos

Per-participant PDF attestations

Every learner who passes the quiz receives a Reglyze-signed attestation PDF — name, course, score, completion date, validity period. Downloadable any time.

Completion records, valid 12 months

Each attestation is logged in your organization's training register with a 365-day validity window. Auditors get a single export — your team gets reminders before lapses.

Plugged into the NIS2 register

Training records, gap assessments, and incidents share one organization-wide register. No spreadsheet drift, no broken evidence trail when an auditor calls.

Independent review

NIS2-aligned curriculum, anchored to the directive text

We anchor every Foundations module to a specific NIS2 article and publish a content hash so the version you watch is the version that was reviewed.

An external NIS2-specialist legal opinion on substantive coverage of Articles 20(2) and 21(2)(g) is being commissioned and will be linked here once delivered.

Curriculum version
v1.20.0
Content hash (SHA-256)
df1e1f39684ceb77710c3d58356b859a473950847ff0c38e7b5c873bc26759da
Articles in scope
NIS2 Directive (EU) 2022/2555 Article 20(2) — management body training duty
NIS2 Directive (EU) 2022/2555 Article 21(2)(g) — basic cyber hygiene practices and cybersecurity training
NIS2 Directive (EU) 2022/2555 Article 21(2)(a) + (e) — risk-based policies + security in maintenance, operationalised by IEC 62443 segmentation for SCADA-bearing entities (Annex I drinking water) AND for substation-bearing entities (Annex I energy / electricity DSO)
NIS2 Directive (EU) 2022/2555 Article 21(2)(d) + Article 21(3) — supply chain security + inherited risk for SCADA integrators (water) and meter OEM / KMS / field-services contractors (energy AMI rollout)
NIS2 Directive (EU) 2022/2555 Article 21(2)(j) — MFA at the L3.5 jump host for OT remote access (water) and substation-DMZ jump host (energy)
NIS2 Directive (EU) 2022/2555 Article 21(2)(c) — business continuity, including holdover oscillator + secondary time path as continuity controls for substation protection coordination (energy GPS-time integrity)
NIS2 Directive (EU) 2022/2555 Article 23(1)-(4) — three-deadline incident reporting cadence applied to water-sector playbooks (chlorine dosing, telemetry tampering) and energy-sector playbooks (frequency anomaly, mass-meter compromise, blackout-adjacent)
Regulation (EU) 2024/1366 — ENTSO-E Network Code on Cybersecurity (NCCS) — Art. 24-29 significance index + Art. 30-39 risk-management measures + Art. 38 reporting; complementary to NIS2 for HIE/CIE-designated DSOs; covered substantively in the Energy Sector Module 4
IEC 62443 (industrial automation cybersecurity) — 62443-2-1 CSMS, 62443-3-3 system technical SRs at SL-1 to SL-4, 62443-4-1 OEM secure development; the de-facto operational reference for manufacturing Article 21(2)(a)+(e) — Manufacturing Sector Module 4 ships the cookbook NIS2 21(2)(a)-(j) → IEC 62443
IEC 61511 (functional safety SIS lifecycle) clause 8.2.4 — cybersecurity risk assessment for SIS as part of the safety lifecycle; load-bearing for Manufacturing Sector Module 2 (process safety × cybersecurity intersection — Triton-class scenario; engineering-laptop chokepoint)
SEVESO Directive 2012/18/EU + national functional-safety transpositions (§19 StöV / 12. BImSchV in DE; ICPE in FR; D.lgs. 105/2015 in IT) — parallel reporting cadence alongside NIS2 Article 23 for SIS-bearing process plants; covered in Manufacturing Sector Modules 2 and 5

There is no NIS2 training certification authority — we deliberately avoid the words "certified" and "accredited" because they would be misleading. What we provide is an evidence-grade training programme designed to satisfy the directive's wording, with auditable records.

Pricing

Free intro, paid bundle, no surprises

Free€0

10-minute NIS2 intro (this video)

  • No signup required
  • Native EN & FR voice-over
  • Bookmark-friendly URL
Pro€149/year

Bundled NIS2 training (board, IT, staff)

  • All four Foundations modules
  • Per-participant PDF attestations
  • Training register integration
  • Up to 25 learners
Compare full pricing

DORA & sector-specific awareness training

Reglyze training is complementary to — not a replacement for — sector-specific awareness training under DORA (Regulation (EU) 2022/2554, applicable to financial entities) or curricula mandated by national regulators (e.g., ANSSI for OIVs/OSEs in France, BaFin/BSI for German finance, ANPD/APDC for Portuguese essential entities). If your organisation falls under DORA or a sector-specific regime, treat Reglyze as your NIS2 baseline and layer the sector-mandated curriculum on top.

Train your team this week

Watch the 10-minute intro now, then start your Reglyze trial to roll out the bundled training to your management body, IT team, and general staff.

Reglyze training is designed to satisfy NIS2 Article 20(2) (management-body training duty) and Article 21(2)(g) (basic cyber hygiene practices and cybersecurity training). Content NIS2-aligned against the directive text and national transpositions (ANSSI, BSI, ACN, APDC).

Running NIS2 across a client portfolio? See Reglyze for MSPs →