CRITICAL INFRASTRUCTURE
NIS2 and KRITIS compliance for utilities
Since December 6, 2025, the NIS2UmsuCG is in effect. Utilities, energy providers and waste management must meet NIS2, BSI IT-Grundschutz and ISO 27001. Kopexa delivers ready-to-use frameworks with automatic cross-mapping.
Overall progress
72%
Trusted by leading organizations
Timeline
From current state to KRITIS compliance
Assessment & scoping
Determine whether your organization falls under KRITIS or NIS2, verify thresholds and define ISMS scope. In Kopexa, you immediately see which frameworks apply.
Implement controls
Implement NIS2 requirements, BSI IT-Grundschutz modules and KRITIS-specific measures. Cross-mapping leverages synergies between frameworks to avoid duplicate effort.
Collect & review evidence
Store evidence centrally in Kopexa, document internal audits and verify compliance readiness. Structured preparation for BSI audits and NIS2 reporting.
Demonstrate compliance & report
Structured compliance evidence for the BSI, set up incident reporting channels and ensure continuous compliance. Your KRITIS proof is complete.
Assessment & scoping
Determine whether your organization falls under KRITIS or NIS2, verify thresholds and define ISMS scope. In Kopexa, you immediately see which frameworks apply.
Implement controls
Implement NIS2 requirements, BSI IT-Grundschutz modules and KRITIS-specific measures. Cross-mapping leverages synergies between frameworks to avoid duplicate effort.
Collect & review evidence
Store evidence centrally in Kopexa, document internal audits and verify compliance readiness. Structured preparation for BSI audits and NIS2 reporting.
Demonstrate compliance & report
Structured compliance evidence for the BSI, set up incident reporting channels and ensure continuous compliance. Your KRITIS proof is complete.
Utilities and providers start with the assessment and are audit-ready in 10-16 weeks. With cross-mapping between NIS2, BSI IT-Grundschutz and KRITIS, you save up to 40% of implementation time.
Deep dives
Explore KRITIS compliance topics in detail.
NIS2 for Critical Infrastructure Operators
Which NIS2 obligations apply to utilities, energy providers and waste management, and how to meet them.
KRITIS Requirements under IT-SiG 2.0
Thresholds, reporting obligations and audit requirements under BSI-KritisV and BSIG §8a.
BSI IT-Grundschutz as Implementation Framework
How BSI IT-Grundschutz structures your ISMS and simplifies KRITIS compliance evidence.
FAQ
Frequently asked questions about KRITIS and NIS2
Related links
KRITIS compliance. Structured and demonstrable.
Let us show you in 30 minutes how Kopexa makes your utility audit-ready.