NIS2 compliance software

The cybreg software enables you to ensure compliance with the NIS2 directive and meet the legislative obligations under the new Cyber Security Act (CSA).

Internal regulations, incident management, risk management, roles and responsibilities.
Automation of cybersecurity processes within supply chains.
Our experts will guide you through the GAP analysis and the entire implementation process.
The legal team at FINREG PARTNERS will ensure compliance in your internal regulations and security policies

NIS2 implementation

Cybreg includes a wizard that guides you through the entire process of implementing the ZKB requirements. With cybreg, you get a key tool for compliance with the Cyber Law (NIS2).

Our cybersecurity experts can guide you through the GAP analysis and the entire implementation process.

The legal team at FINREG PARTNERS will ensure that your internal regulations and security policies comply with the applicable regulations.

Identification and valuation of assets

The cybreg software includes the company’s ICT assets, their interconnections and dependencies, including responsible persons and other attributes. Identifying and evaluating assets from a cybersecurity perspective is one of the basic steps in implementing measures based on the BCR. Read more here.

Risk Management

The cybreg software will ensure the management and maintenance of the risk catalogue in accordance with the requirements of the ZKB, including risk mapping and calculation of the resulting risk rating.

For each risk, a strategy (risk acceptance or risk mitigation) can be selected, including any additional information. Cybreg documents everything and allows you to demonstrate proactive risk management.

The software includes a holistic overview of the organisation’s risks, including asset valuation and interconnectedness with other compliance elements.

Declaration of applicability according to the ZKB

The applicability statement is a key document that determines what security measures are relevant and how they are implemented. By linking the asset register, risk management and catalogue of measures, cybreg makes this document easy to create, continuously update and maintain in an auditable form without unnecessary manual work.

How to create a Declaration of Applicability under the CCC

Incident Management

Documentation and management of incidents according to the requirements of the new cyber law (or NIS2).

Managing cyber events and incidents. Detailed interdependencies with assets, processes, risks and other elements. Individual steps can be automated.

Cybreg allows you to respond to security incidents in a timely and correct manner within the framework of prepared plans. Monitor deadlines for mandatory incident reporting as well as document and demonstrate work on security incidents.

Managing security policies

Documentation of security policies and measures with links to assets, processes, risks. Document versioning. Approval process. Distributing policies to staff and ensuring they are familiar with the regulations.

Automated supplier audits

The software allows you to automate and simplify mandatory supplier audits and meet relevant NIS2 requirements. Linking to tasks and the ability to send out automated questionnaires within the cybreg application.

Customization, Automation and Integration

We can customize the cybreg software according to your needs. The basis of the range of functionalities is the wide possibility of automating individual processes and the associated savings in cybersecurity compliance costs. Of course, it is possible to integrate with other tools used within the organization such as Jira, Asana, MS Teams, Slack, Service Now and others.

Frequently Asked Questions

Everything you need to know about the NIS2 directive in a Cybreg environment.

What is the NIS2 Directive?

NIS2 (Network and Information Security Directive 2) is a European directive on the security of networks and information systems. In the Czech Republic, it has been transposed by the new Cyber Security Act (ZKB), effective from 1 November 2025, which expands the range of regulated entities from several hundred to thousands of organisations.

Who is affected by NIS2?

NIS2 covers medium and large enterprises in critical sectors – energy, transport, banking, healthcare and public administration. In the Czech Republic, the specific obligations are defined by the CCB and supervision is provided by the NUCIB.

What is the difference between NIS2 and ZKB?

NIS2 is a European directive, the ZKB is its Czech transposition – the Act on Cyber Security effective from 1 November 2025.The ZKB specifies the requirements of NIS2 for the Czech environment and adds specific obligations to the NUCIB, including the mandatory registration of a regulated service within 60 days.

What is the risk of failing to comply with NIS2?

Failure to comply with the obligations under the NIS2/ZKB may lead to administrative sanctions and fines of up to EUR 10 million or 2% of the worldwide annual turnover for the underlying entities. Management responsibility for cyber security also applies.

How to implement NIS2 compliance in a company?

Cybreg offers a guide to the entire NIS2 implementation process – from GAP analysis to risk catalog management and security policy management to automated vendor audits. FINREG PARTNERS’ legal team ensures compliance of internal regulations with applicable legislation.

How does NIS2 relate to DORA?

NIS2 and DORA are complementary regulations. NIS2 applies to a broader range of actors across sectors, while DORA is specific to the financial sector with an emphasis on digital resilience and ICT risks. The cybreg software covers both regulations in one system.

What is the role of the NCIB in the implementation of NIS2?

The National Cyber and Information Security Bureau (NCIS) is the key regulator overseeing compliance with the BCR. Organisations must declare a regulated service within 60 days and meet other statutory deadlines once registered.