Energy firms and burgeoning companies in the small and medium energy sector, along with start-ups, are now able to engage in trading activities via our outlined website pathway, as dictated by the new Cybersecurity law NIS-2.

The European Union's Network and Information Security Directive 2 (NIS-2) is being transposed into German law, and it's a game-changer for the energy sector. A significant number of companies, particularly start-ups and small to medium-sized enterprises (SMEs), are gearing up to implement the new requirements by the end of the year.

To help these businesses navigate the complexities of NIS-2, a collaborative project has developed the NIS-2 Roadmap. This comprehensive guide, created in collaboration with int[cube], Cyber Policy Haus, and the Gesellschaft für Informatik e.V. (GI), demonstrates how to implement the key NIS-2 requirements using concrete examples.

The roadmap addresses six central thematic areas, based on a two-month online mentoring program with seven start-ups and SMEs in the electricity sector. It underscores that compliance can also be a driver for economic growth, operational safety, and sustainable resilience for small startups.

One of the key benefits of the NIS-2 Roadmap is that it addresses a gap in the market. Many start-ups and SMEs, while not large enough to fall directly under NIS-2 regulation, still have to meet requirements due to their role as suppliers to larger players in the supply chain. These businesses have often been overlooked, but the NIS-2 Roadmap provides practical, industry-specific guidance that fills this gap.

The mentoring served as the basis for the development of the NIS-2 Roadmap. Participants found implementation to be simpler and more cost-effective than initially thought. Pre- and post-surveys showed that participants felt more confident in implementation and valued mentoring as a valuable tool for building resilience.

The project involved innovative training methods such as cohort mentoring, hands-on exercises, live polls, and role-playing. The roadmap and mentoring, thanks to their modular structure, have scalability effects - content can be easily multiplied, and new groups can select their relevant topics from the same building blocks.

In addition to the NIS-2 Roadmap, another publication focuses on heating monitoring in residential buildings as a means to ensure smooth and efficient operation of the system. This initiative is part of a broader effort to create a sustainable knowledge base that extends beyond the project and fulfills a core goal of the industry platform for cybersecurity.

Meanwhile, the "Industry Platform for Cybersecurity in the Electricity Industry" website offers practical assistance for energy start-ups to implement NIS-2 compliance without expensive and time-consuming certification. The Future Energy Lab is also creating an innovative cyber lab serving as a central platform for three practical cyber exercises in the energy sector.

In conclusion, the NIS-2 Roadmap provides a much-needed resource for energy start-ups and SMEs navigating the complexities of NIS-2 compliance. It offers a practical, industry-specific guide, filled with concrete examples and innovative training methods, making it an invaluable tool for building resilience and ensuring compliance in the energy sector.

Energy firms and burgeoning companies in the small and medium energy sector, along with start-ups, are now able to engage in trading activities via our outlined website pathway, as dictated by the new Cybersecurity law NIS-2.