NIS2: SMBs with 50+ employees must prepare now
> TL;DR: The NIS2 directive extends cybersecurity obligations to SMBs. Here's what changes.
NIS2 is no longer just for large enterprises
NIS2 extends to companies with 50+ employees in essential and important sectors.
Key obligations
Key Takeaways
Building HR, payroll, or recruiting software? CleanIssue performs security audits for HR SaaS in real-world conditions, no source code access needed. For a first read of your exposure, start with an external review of your application.
Related articles
Three adjacent analyses to keep exploring the same attack surface.
ISO 27001 for SMBs: is it suitable and where to start?
Cost, timeline, benefits vs complexity for SMBs. How external review work helps prepare certification, and lighter alternatives.
NIS2 and HR SaaS: what changes for French vendors in 2026
The NIS2 directive is now in effect. HR SaaS vendors serving essential entities are directly impacted. Here's what you need to know.
NIS2 in France on April 11, 2026: where transposition really stands
As of April 11, 2026, France still has not fully finalized NIS2 transposition. Here is what is official, what is still moving, and what companies should do now.
Sources
Editorial analysis based on official vendor, project, and regulator documentation.
Related services
If this topic maps to a real risk in your stack, these are the most relevant CleanIssue audits.