NIS-2 Management Training · Legally Required
Section 38 (3) BSIG requires executives of particularly important and important facilities to undergo regular cybersecurity training. We deliver exactly that – tailored to your industry and your organisation.
Complimentary initial consultation. We respond within 24 hours.
We have received your request and will get back to you within 24 hours.
Or email us directly: nis2@muehlcyberconsulting.com
With the NIS-2 Implementation Act (NIS-2UmsuG), in force since December 2025, management bears personal responsibility for implementing cybersecurity measures – and must demonstrably be trained to do so.
Approximately 30,000 companies across 18 sectors – from energy and healthcare to food production and manufacturing. Affected are particularly important facilities (250+ employees or €50M+ annual revenue) and important facilities (50+ employees or €10M+ annual revenue).
Management must undergo cybersecurity training regularly – at least every three years, minimum approximately four hours. The obligation is non-delegable: managing directors, board members, and authorised signatories must personally participate. Training must be sector-specific.
Fines of up to €10 million or 2% of global annual turnover (particularly important facilities) or up to €7 million or 1.4% (important facilities). Additionally, personal civil liability of management – a waiver by the company is excluded by law.
The BSI states it explicitly: training content must be "appropriate, current, and sector-specific." A generic online course for all industries is not legally sufficient.
| Generic Online Training | MuehlCyberConsulting Training |
|---|---|
| ✕ General cybersecurity topics | ✓ Industry-specific threat scenarios |
| ✕ No reference to your risk exposure | ✓ Analysis of your specific company situation |
| ✕ No sector reference (B3S, ISO sector standards) | ✓ Incorporates sector-specific standards and requirements |
| ✕ Compliance proof legally questionable | ✓ Documented training per BSI guidelines |
| ✕ No personal point of contact | ✓ Experienced consultant, 30+ years of practical experience |
| ✕ Technical jargon, hard to follow | ✓ Management language, clear and practical |
The NIS-2 training delivers concrete value to your leadership team – far beyond meeting a legal obligation.
You demonstrably fulfil § 38 (3) BSIG. Your training certificate is documented in an audit-proof manner – ready for regulators, auditors, and insurers.
As a managing director or board member, you protect yourself from personal civil liability. Your participation in the training is your demonstrable protection.
You understand cyber risks in your industry context – without needing technical expertise. You delegate more effectively, prioritise better, and act more confidently in crisis situations.
Cyberattacks cost mid-sized companies hundreds of thousands of euros on average. Well-informed leadership teams respond faster, minimise downtime, and reduce damage.
NIS-2 compliance is increasingly required by suppliers, customers, and authorities. Your documented training strengthens your position in the supply chain and in tenders.
Our training is designed for decision-makers, not IT professionals. Strategic, practical, in your language – without technical jargon. Ideal for the entire executive team.
From first contact to certificate – a structured, lean process that respects your schedule.
We gather information about your sector, company size, and the existing knowledge level of your management team to understand your specific requirements.
We develop a tailored agenda that incorporates your sector standards, typical threat scenarios, and your specific regulatory obligations.
Live training for your management team, approximately 4 hours. Interactive, without technical jargon, with real-world case studies from your industry.
You receive a participation certificate and all documents for your compliance archive – ready for regulatory authorities and auditors.
We are an independent cybersecurity consulting firm with proven experience in critical infrastructure, regulated sectors, and executive advisory.
Our training is not designed for IT departments – it is designed for you as a decision-maker. Strategic, practical, jargon-free.
Learn more → muehlcyberconsulting.comFill in the form and we will get back to you within 24 hours to answer your questions without obligation.
We have received your request and will get back to you within 24 hours.