Back to blog
NIS2complianceSMB

NIS2: SMBs with 50+ employees must prepare now

Published on 2026-03-206 min readFlorian

NIS2 is no longer just for large enterprises

NIS2 extends to companies with 50+ employees in essential and important sectors.

Key obligations

  • Cybersecurity risk management policy
  • Technical security measures
  • Incident notification within 24h (alert) and 72h (report)
  • Management liability
  • Supply chain security

    • Related articles

    Three adjacent analyses to keep exploring the same attack surface.

    ISO 27001compliance

    ISO 27001 for SMBs: is it suitable and where to start?

    Cost, timeline, benefits vs complexity for SMBs. How external review work helps prepare certification, and lighter alternatives.

    2026-02-18 · 7 min read
    NIS2ANSSI

    NIS2 in France on April 11, 2026: where transposition really stands

    As of April 11, 2026, France still has not fully finalized NIS2 transposition. Here is what is official, what is still moving, and what companies should do now.

    2026-04-11 · 8 min read
    AItrends

    AI and cybersecurity: threat or opportunity for SMBs?

    AI generates vulnerable code but also helps detect flaws. How CleanIssue uses AI-augmented auditing while finding AI-generated vulnerabilities.

    2026-03-04 · 7 min read

    Sources

    Written by Florian
    Reviewed on 2026-03-20

    Editorial analysis based on official vendor, project, and regulator documentation.

    Related services

    If this topic maps to a real risk in your stack, these are the most relevant CleanIssue audits.

    External Review

    Get a fast, clear read on your product’s real external exposure.

    Full Audit

    Document all priority flaws and get a real remediation plan.

    Ongoing Review

    Track new exposure as your stack changes over time.

    Need an external review of your HR SaaS?

    Share your product, stack, and client context. We will come back with the right review scope.

    Discuss your audit