NIS2 compliance
Portugal's new cybersecurity law is in force. Let's solve it together.
Decree-Law 125/2025 entered into force on 3 April 2026. It covers 18 sectors, ~7,000 entities in Portugal, and imposes fines of up to €10M or 2% of turnover. You have until 3 April 2027 to reach compliance.
Approach
How we get you compliant
- 1. AssessmentIn 2 weeks, we map where you stand against the 10 minimum controls from Article 27. We identify gaps, rank them by risk, and quantify effort. You get an executive report and a prioritised roadmap.
- 2. ImplementationWe execute the roadmap in 4-week sprints. We implement governance (cybersecurity officer, policy, board training), technical controls (MFA, encryption, segmentation, tested backups), and processes (incident response, supply chain). Everything is documented for audit.
- 3. Continuous operationCompliance is just the start. 24/7 SOC, threat hunting, CNCS reporting within legal deadlines, quarterly phishing simulations, and annual board reviews. NIS2 is an ongoing regime — we run it for you.
Start with a 2-week assessment.
No commitment. You walk away with an executive report, prioritised roadmap, and effort estimates per control.
Book a NIS2 Assessment