NIS2 directive
Related service Cybersecurity
DEFINITION
EU cybersecurity directive (in force 2024-10-17) imposing concrete obligations on 'important' and 'essential' organisations · 24-hour incident reporting, supply-chain risk, MFA.
- Threat model→
A structured exercise that walks the system's actors, attack surface, risks, and controls. Day one of every DField project · before any code.
- Penetration test (pentest)→
Manual + tooled attack simulation that reveals what an attacker could achieve. We deliver findings as PRs in your repo, not an 80-page PDF.
- DevSecOps→
Security as a continuously-running CI step (SAST, DAST, SCA, IaC scan), not an annual project. Runs against every push; every sprint closes at least one security bug.
- MFA (Multi-factor auth)→
Two or more factors (TOTP, WebAuthn, biometric) beyond a password. Table-stakes in SaaS today · enterprise procurement disqualifies you without it.
- SOC 2→
A US audit framework for confidentiality, integrity, availability, and privacy controls. For SaaS, the Type II audit (6-12 months of observation) is the standard enterprise baseline.
- ISO 27001→
International standard for Information Security Management Systems (ISMS). Often preferred in Europe instead of or alongside SOC 2. 3-year certification cycle.
- 0102 Jun 2026H1 2026 in review: what changed for EU software teams→
- 0214 May 2026Hiring a European Engineering Studio · 2026 US & UAE Guide→
- 0314 May 2026The EU AI Act in practice: a 2026 guide for AI teams→
- 0414 May 2026What a Real Penetration Test Delivers in 2026→
- 0514 May 2026Brief a software studio so the quotes come back accurate→
- 0614 May 2026The cost of software after launch: what nobody budgets for→
- 0714 May 2026GDPR, NIS2, AI Act, MiCA: which EU rules hit your software?→
- 0809 May 2026Building a SaaS in Hungary · 2026 regulatory + tax checklist→