NIS2 compliance for Latvian and EU businesses
We get your organisation NIS2-ready in 6–10 weeks. We run a gap audit, write the policies and registers, and roll out the technical controls.
We work within the Latvian regulator's requirements. CloudHosting is itself a registered essential entity under NIS2 since 2024, so we know the requirements from the inside. Get in touch and we will assess your situation on a 30-minute call.
NIS2 defines two categories of entity, but both carry the same obligations.
Essential entities
Energy, transport, banking, financial market infrastructure, healthcare, drinking water, digital infrastructure and ICT service management. Criteria: 250 or more staff or €50M+ turnover. Proactive supervision applies, including on-site inspections.
Important entities
Postal services, waste management, the chemical and food industries, manufacturing, digital service providers and research. Criteria: 50 or more staff or €10M+ turnover. Supervision is reactive, triggered by incidents or third-party reports.
Penalties
For essential entities: up to €10M or 2% of global turnover. For important entities: up to €7M or 1.4%. Management bears personal liability if the NIS2 measures are not approved and overseen.
Latvian deadlines
Latvia transposed NIS2 through the National Cyber Resilience Law in 2024. Registration in the SIDR portal is mandatory. Supervision audits began in 2026.
Audit, documentation and infrastructure, all in one place.
Gap audit
A two-week assessment against the 10 NIS2 risk-management measures (Article 21 of the law). You receive a clearly written report and a costed plan, mapped also to ISO 27001 controls.
Policies and registers
Information security policy, asset register, supplier register, incident register and business-continuity plan. We use ISO 27001-aligned templates that we adapt to your infrastructure.
Technical controls
Multi-factor authentication (MFA) on all administrative access paths, encrypted backups in a second geographic region, vulnerability management and network segmentation. We implement in our cloud or yours.
Cybersecurity training
Annual staff and management training, mandatory under Article 20 of the law. We deliver it in Latvian, Russian or English, on-site or as a recording.
Supervision-audit preparation
We respond to the regulator on your behalf, prepare the technical evidence pack and walk the auditor through the controls under review. Since 2024 we have prepared more than 40 organisations for supervision.
From kickoff to SIDR registration in 6–10 weeks.
Week 1–2 · Gap audit
Workshops on-site or remotely, evidence collection and controls mapping. Output: a prioritised gap report and a fixed-price remediation plan.
Week 3–5 · Documentation
Together with your team we develop the policies, registers and business-continuity plan. You review and sign off. Output: a ready document pack you can submit to the regulator.
Week 4–8 · Technical implementation
MFA rollout, backup encryption, network segmentation and logging. Runs in parallel with documentation, done by us or jointly with your team.
Week 8–10 · SIDR registration
Together we complete the SIDR portal forms and finish with a tabletop exercise.
Ongoing · Annual service contract
Monthly check-in, quarterly tabletop exercise and annual policy review. A fixed monthly fee.
Three NIS2 packages by the scale of your organisation.
A fixed scope of work and a fixed price. Pick the closest one, and we will agree the exact scope on an intro call.
- Gap assessment
- Risk assessment
- Security policies
- Incident response procedure (document)
- Management presentation
- Remediation roadmap
- Full assessment
- ISO 27001 mapping
- Technical audit
- Business-continuity and disaster-recovery plans
- Supplier security review
- Tabletop exercise
- Internal audit
- Governance framework
- Multi-site audits
- SOC and SIEM review
- Operational technology (OT) security
- Red Team assessment
- Vendor governance
- Board reporting
- Audit readiness