NIS 2 Training — Complete Guide and PECB Certification
PECB-certified NIS 2 Directive training for professionals building EU-compliant cybersecurity programmes. Sessions in Lausanne, Paris, and online.
NIS 2: the directive and the certification
The NIS 2 Directive sets baseline cybersecurity and incident-reporting obligations for essential and important entities across the EU, and increasingly shapes how Swiss organizations are assessed in supply chains.
The NIS 2 Directive (EU 2022/2555) significantly raises the bar for cybersecurity governance across the EU. In France alone, around 10,000 entities and tens of thousands more across the Union must now implement a structured, demonstrable cybersecurity program. This includes:
- Systematic risk management
- Documented incident response plans
- Supply chain and third‑party security controls
- Mandatory incident notification to the competent authority within 24 hours
For professionals tasked with leading, coordinating, or overseeing this program, recognized certification is now both a competitive differentiator and, in some sectors, an emerging regulatory expectation.
Abilene Academy, a PECB Titanium Partner, delivers the two official NIS 2 certifications aligned with these needs:
- NIS 2 Foundation (2 days)
Designed for professionals who must understand, explain, and communicate NIS 2 requirements, including:
- Scope of NIS 2 and which entities are affected
- Core obligations (governance, risk management, incident reporting)
- Roles and responsibilities of management and key stakeholders
- NIS 2 Lead Implementer (5 days)
Intended for those who will design, lead, and maintain the NIS 2 compliance programme, including:
- Structuring and implementing Article 21 security measures
- Building and testing incident response and crisis management processes
- Integrating supply chain security into contracts and vendor management
- Preparing for audits, supervisory actions, and sanctions
For a detailed breakdown of regulatory obligations, Article 21 measures, transposition timelines, notification deadlines, and compliance costs, see our complete NIS 2 guide.
Which organisations are subject to NIS 2?
NIS 2 directly applies to EU-established organizations in one of 18 covered sectors that exceed 50 employees or €10M annual turnover. These are classified as either essential entities (e.g., energy, transport, banking, health, digital infrastructure) or important entities (e.g., chemicals, food, manufacturing, digital providers).
Non-EU organizations are not directly regulated by NIS 2, but they are indirectly in scope. Under Article 21(2)(d), every NIS 2-obligated entity must assess and manage risks arising from its direct suppliers. As a result, any organization—regardless of location—providing digital, infrastructure, or managed security services to an EU essential or important entity will face equivalent security requirements via contracts.
For the current transposition status in all 27 EU member states, see the European Commission’s official tracker: https://digital-strategy.ec.europa.eu/en/policies/nis2-directive
| Country | Transposition status | Authority |
|---|---|---|
| 🇩🇪 Germany | In force | BSI (Bundesamt für Sicherheit in der Informationstechnik) |
| 🇧🇪 Belgium | In force | CCN — Centre for Cybersecurity Belgium |
| 🇳🇱 Netherlands | In force | NCSC-NL (Nationaal Cyber Security Centrum) |
| 🇮🇹 Italy | In force | ACN (Agenzia per la Cybersicurezza Nazionale) |
| 🇵🇹 Portugal | In force | CNCS (Centro Nacional de Cibersegurança) |
| 🇨🇿 Czech Republic | In force | NUKIB |
| 🇭🇷 Croatia | In force | HAKOM |
| 🇱🇹 Lithuania | In force | NKSC |
| 🇱🇻 Latvia | In force | CERT.LV |
| 🇱🇺 Luxembourg | In force | ILR (most sectors) + CSSF (financial/digital infra sectors) |
| 🇫🇷 France | ⏳ In progress — July 2026 at earliest | ANSSI |
| 🇪🇸 Spain | ⏳ In progress — law expected 2026 (BOE) | INCIBE / CCN-CERT |
| 🇪🇺 Other EU member states (15 not listed) | ⚠️ To verify — check ec.europa.eu | See European Commission tracker |
Switzerland
Switzerland is not directly subject to NIS 2 as it is not an EU member state. However, Swiss companies providing services to EU essential or important entities — cloud, MSP, IT integration, pharma, financial services — will face equivalent security requirements imposed contractually under Article 21(2)(d). Switzerland has its own Information Security Act (ISG), in force since 1 January 2024, with a mandatory incident reporting obligation for critical infrastructure operators that applied from 1 April 2025. The competent authority is BACS (Bundesamt für Cybersicherheit / Federal Office for Cybersecurity).
View sessions in LausanneUnited Kingdom
The UK left the EU before NIS 2 came into force and has its own NIS Regulations 2018. The Cyber Security and Resilience Bill, introduced to Parliament on 12 November 2025, is the UK equivalent of NIS 2 — broader scope (MSPs, data centres), similar 24-hour notification timelines. As of April 2026 the bill is still in parliamentary scrutiny and has not yet received Royal Assent. UK companies with EU subsidiaries operating in NIS 2 sectors are subject to the directive through those entities.
View online sessionsUSA and North America
US and Canadian companies with EU operations through subsidiaries are directly subject to NIS 2 for those entities if they meet sector and size thresholds. There is no direct US equivalent of NIS 2. The NIST Cybersecurity Framework 2.0 has partial alignment with NIS 2 Article 21 measures but remains voluntary. NIS 2 Lead Implementer certification is increasingly requested in US-headquartered companies managing EU operations.
View online sessionsMorocco and North Africa
Morocco has its own cybersecurity framework coordinated by the DGSSI (Direction Générale de la Sécurité des Systèmes d'Information). NIS 2 does not apply directly to Moroccan organisations, but those providing services to EU essential or important entities will face equivalent security requirements imposed contractually under Article 21(2)(d). There is no formal equivalence mechanism between Moroccan cybersecurity law and NIS 2.
Online training availableFoundation or Lead Implementer — which path is right for you?
The choice between NIS 2 Foundation and NIS 2 Lead Implementer depends on your role in your organisation’s NIS 2 compliance programme, not on your current level of knowledge of the directive.
NIS 2 Foundation (2 days) is ideal if you:
- Need to understand the directive’s requirements and their impact on your organisation
- Must explain NIS 2 obligations to your leadership team or board
- Coordinate compliance activities with internal teams or external consultants
- Need to meet the management training obligation explicitly required by NIS 2
- Work as legal counsel, DPO, auditor, or business manager directly affected by NIS 2
NIS 2 Lead Implementer (5 days) is ideal if you:
- Are responsible for running or leading your organisation’s NIS 2 compliance programme
- Advise clients on how to achieve and maintain NIS 2 compliance
- Need to demonstrate formal, independent competence to clients, regulators, or in procurement processes
- Need practical skills in:
- Performing NIS 2 gap analyses
- Implementing Article 21 risk management measures
- Managing supply chain security requirements
Preparing for the PECB NIS 2 exam
The Foundation exam (≈1 hour, closed book) tests understanding of scope, the 10 Article 21 measures, and the regulatory framework. The Lead Implementer exam (≈2 hours, open book) is scenario-based: gap analysis cases, notification procedure simulations, crisis management. A consistent pattern our trainers see in sessions: experienced practitioners know the technical measures of Article 21 inside out — but almost none have ever simulated a 24-hour notification to a national competent authority. That procedural gap is precisely what Lead Implementer training addresses in live exercises.
| Criterion | Foundation | Lead Implementer |
|---|---|---|
| Duration | 2 days | 5 days |
| Target audience | CISOs, IT managers, legal, compliance, management | CISOs, consultants, programme managers owning compliance |
| PECB exam | 1 hour, closed book (⚠️ verify with PECB) | 2 hours, open book (⚠️ verify with PECB) |
| Passing score | 70% | 70% |
| Prerequisites | None | Foundation recommended or equivalent experience |
| Certification awarded | PECB NIS 2 Foundation | PECB NIS 2 Lead Implementer |
| Best if you... | Need to understand NIS 2, brief your board, coordinate compliance | Own the compliance programme or advise clients on NIS 2 |
Courses
NIS 2 Directive Foundation
This course provides a practical introduction to the NIS 2 Directive for professionals responsible for cybersecurity governance, compliance, and regulatory oversight. Participants gain clarity on what NIS 2 requires, who it applies to, and how organizations are expected to structure cybersecurity.
NIS 2 Directive Lead Implementer
The NIS 2 Directive Lead Implementer is a 4-day PECB certification training program that equips professionals to implement a cybersecurity program compliant with the EU NIS 2 Directive. Participants sit the official PECB NIS 2 Lead Implementer certification exam at the end of the course.
Your PECB NIS 2 Certification Path
NIS 2 Directive Foundation
Master the directive structure, scope criteria (companies, public bodies, suppliers), 10 Article 21 measures, and notification obligations. The right starting point for managers, legal teams, and anyone who needs to brief their organisation on NIS 2 — including satisfying the directive’s explicit management training obligation.
NIS 2 Directive Lead Implementer
Become the operational expert for NIS 2 compliance in your organisation or for your clients. Covers gap analysis, risk management, supply chain security, incident notification procedures, and preparation for competent authority inspections.
Practitioner trainers with real-world NIS 2 experience
Henri HAENNI
Expert in Business Continuity, Risk Management and Information Security Governance Consulting for large multinational corporations, government organization and internal organizations Certified international trainer and Lecturer at Sorbonne University Paris 1
Alexis HIRSCHHORN
Expert in Information and Cyber Security, Cloud Security, Risk Management and Governance Consulting for large multinational corporations, government entities and international organizations Management Systems Certified Lead Auditor
Frequently asked questions about NIS 2 and PECB certification
Train with practitioners. Pass with confidence.
Abilene Academy is the only PECB Titanium Partner in Switzerland — the highest accreditation tier in the industry — delivering certified training in information security, data protection, AI governance, and GRC compliance. 99% exam pass rate. 2,500+ professionals trained across 120+ countries and trusted by 600+ organizations. Multilingual programmes available.
- 99%
- Exam pass rate
- 2,500+
- Professionals trained
- 120+
- Countries reached
- Titanium
- The only PECB Titanium Partner in Switzerland
- ✓
- Certification included
- Multilingual
- EN · FR · ES · DE · IT and more