← 블로그로 돌아가기
NIS2 COMPLIANCE 12분 읽기

NIS2 규정 준수 체크리스트: 모든 DACH 기업이 2027년까지 완료해야 할 10단계

Germany, Austria, and Switzerland each implement NIS2 differently. This DACH-specific checklist gives you the exact 10 steps — with country-specific requirements, real deadlines, and 벌금 amounts — so you can achieve compliance before enforcement begins.


DACH 기업에 특화된 NIS2 체크리스트가 필요한 이유

The EU NIS2 Directive (2022/2555) was supposed to be transposed by October 17, 2024. Reality looks different: Germany's NIS2UmsuCG is still working through parliament, Austria passed its NISG 2024 in mid-2025, and Switzerland — while not an EU member — has aligned its Information Security Act (ISG) with NIS2 principles.

The bottom line: enforcement is coming in 2026-2027, and companies that haven't started preparing will face fines up to €10 million or 2% of global turnover for essential entities.

This checklist is built for the DACH reality — three countries, three legal frameworks, one directive.


1단계: NIS2 분류 결정

What to do:

⚡ Action Item: Complete your entity classification by mapping your sector, size, and country-specific criteria. Document the result — you'll need it for registration.

2단계: 국가 기관 등록

What to do:

⚡ Action Item: Identify your national competent authority, prepare registration documents, and set a deadline for submission — ideally Q1 2026.

3단계: 사이버보안 거버넌스 구조 지정

What to do:

⚡ Action Item: Present NIS2 management liability implications to your board. Get formal acknowledgment and budget approval documented.

4단계: 종합 위험 평가 실시

What to do:

⚡ Action Item: Launch a 위험 평가 project. For German companies, align with BSI IT-Grundschutz. Deadline: complete initial assessment within 6 months.

5단계: 기술적 보안 조치 구현

What to do (NIS2 Article 21.2 requirements):

⚡ Action Item: Map your current security controls against all 10 sub-requirements of Article 21.2. Identify and prioritize gaps.

6단계: 사고 보고 절차 수립

What to do:

⚡ Action Item: Create incident response templates for each reporting stage. Run a tabletop exercise to test your 24-hour early warning capability.

7단계: 지속적 취약점 관리 구현

What to do:

⚡ Action Item: If you're not scanning continuously, start today. KENSAI's free scan gives you immediate visibility into your external attack surface — exactly what NIS2 auditors will check first.

8단계: 공급망 보안

What to do:

⚡ Action Item: Create a critical supplier register. Send security questionnaires to your top 20 suppliers within 30 days.

9단계: 감사 및 감독 준비

What to do:

⚡ Action Item: Conduct an internal NIS2 readiness assessment. 점수 yourself against each Article 21 requirement. Fix critical gaps before external auditors arrive.

10단계: 지속적 규정 준수 문화 구축

What to do:

⚡ Action Item: Create a 12-month NIS2 compliance roadmap with quarterly milestones. Present it to the board and get sign-off.

DACH 벌금 비교

CountryEssential EntitiesImportant EntitiesManagement Liability
GermanyUp to €10M or 2% global turnoverUp to €7M or 1.4% global turnoverPersonal liability for Geschäftsführer/Vorstand
AustriaUp to €10M or 2% global turnoverUp to €7M or 1.4% global turnoverManagement body accountability per NISG 2024
SwitzerlandUp to CHF 100,000 (ISG)Sector-specific 벌금Individual liability for negligent non-reporting

2026-2027 NIS2 타임라인

QuarterMilestone
Q1 2026Complete entity classification and registration
Q2 2026Finish 위험 평가 and gap analysis
Q3 2026Implement technical measures and 사고 보고
Q4 2026Supply chain security and audit preparation
Q1 2027Internal audit, remediation, and continuous compliance

시행을 기다리지 마세요

The biggest mistake DACH companies make is treating NIS2 as a future problem. With Germany's NIS2UmsuCG expected to pass in 2026 and Austria already enforcing NISG 2024, the compliance window is closing fast.

Companies that start now will have a structured, manageable path to compliance. Those that wait will face rushed implementations, higher costs, and potential 벌금.

Start Your NIS2 Compliance Journey

See where your organization stands today. KENSAI's free external scan checks your attack surface against NIS2 requirements.

Run Free NIS2 Scan →

Published by KENSAI Research Team · 2026-02-28