NIS2 Requirements. Met On-Premise.
One appliance or VM enforces network segmentation, access control, and incident detection across IT and OT. Audit-ready evidence for Article 21. No cloud dependency.
Trusted by leading companies
On-premise per Architektur. Souverän per Design.
Der CLOUD ACT gibt US-Behörden die rechtliche Befugnis, amerikanische Cloud-Anbieter zur Offenlegung von Daten zu zwingen, einschließlich Daten, die physisch in europäischen Rechenzentren gespeichert sind. Für Betreiber im Geltungsbereich von NIS2 Artikel 21 oder von Frankreichs LPM benannte OIV ist On-Premise keine konfigurierbare Präferenz. Es ist eine strukturelle Anforderung, um die souveräne Kontrolle über kritische Systeme zu behalten. Access Gate ist eine Appliance oder VM, die innerhalb Ihres Perimeters läuft, sodass die Frage der ausländischen Gerichtsbarkeit über OT-Verkehr von vornherein nicht aufkommt.
- 01
Ein EU-Rechenzentrum ist kein Rechtsschild
Eine "EU-Rechenzentrum-Option" eines US-Anbieters eliminiert nicht das CLOUD ACT-Risiko. Die Gerichtsbarkeit folgt dem Mutterkonzern, nicht dem Standort des Servers. Access Gate hat keinen ausländischen Mutterkonzern und keine Remote-Steuerungsebene.
- 02
Souveränität ist mehr als Datenresidenz
On-Premise-Souveränität erfordert, dass das System, das Zugriffsentscheidungen kontrolliert, unter Ihrer eigenen Rechtsprechung arbeitet, ohne Drittanbieter-Zugriff. Access Gate läuft vollständig unter der Kontrolle des Betreibers, nicht eines Anbieters.
- 03
NIS2 Artikel 21(2)(d) macht dies zu einer Vorstandsfrage
Artikel 21(2)(d) verlangt das Risikomanagement der Lieferketten-Cybersicherheit. Eine US-amerikanische Steuerungsebene ist eine strukturelle Lieferketten-Abhängigkeit außerhalb der europäischen Gerichtsbarkeit, und diese Exposition fließt bis zur Verantwortung der Geschäftsführung.
What NIS2 Requires.
A 60-second summary of who must comply, what the directive obligates, when sanctions apply, and what is at stake.
Who Must Comply
Essential and important entities across 18 sectors — energy, transport, water, healthcare, banking, digital infrastructure, manufacturing of critical products, and more. Generally any organization with 50+ employees or €10M+ annual turnover operating in scope.
What You Must Do
Article 21 mandates 10 cybersecurity risk-management measures: risk policies, incident handling, business continuity, supply chain security, network security, effectiveness assessment, cyber hygiene, encryption, access control, and MFA. Article 23 requires incident reporting within 24 hours.
When It Applies
EU Member States transposed NIS2 into national law by October 2024. Sanctions are live across most jurisdictions today. Audits and enforcement actions are already happening, particularly in Germany, France, Belgium, and the Netherlands.
Penalties at Stake
Up to €10M or 2% of global annual turnover for essential entities. Up to €7M or 1.4% for important entities. Senior management is personally liable — board-level accountability is built into the directive.
On-premise Appliance
Connect Access Gate to your existing network. No re-cabling.
Secure IT & OT On-Premise
Control how your systems, from servers to PLCs, and HMIs connect to corporate systems. Network-level policies. No agents to install.
Article 21 Measures Mapped
Continuous enforcement. Audit-ready evidence for every NIS2 requirement on demand.
Measure by Measure.
NIS2 Article 21(2) defines 10 security measures. Here is how each applies to on-premise IT and OT environments and what Access Gate covers.
Establish and maintain risk management policies for all information systems.
Access Gate provides continuous asset discovery, network mapping, and policy enforcement. Risk is managed through microsegmentation and deny-by-default rules. Policy changes are version-controlled.
Detect, report, and respond to security incidents within 24 hours of awareness.
Session anomaly detection, automated alerting, and forensic session replay. Every connection is logged with user identity, timestamp, and payload. Incident evidence is generated continuously and exportable on demand.
Maintain operations during and after security incidents. Backup management and disaster recovery.
Access Gate deploys adjacent to the network, not inline. If the appliance is unavailable, production traffic continues. Policy configurations are exportable for backup. Disaster recovery plans remain a customer responsibility.
Manage cybersecurity risks in supplier and service provider relationships.
Vendor access is scoped per session: specific assets, specific protocols, specific time windows. MFA enforced. Every vendor session is recorded with full audit trail. No persistent VPN tunnels. Access revoked automatically when the session ends.
Secure the acquisition, development, and maintenance of network and information systems. Vulnerability handling and disclosure.
Overlay microsegmentation isolates assets without network redesign. Deny-by-default blocks unauthorized connections. Passive asset discovery identifies unmanaged devices. No active scanning that could disrupt OT operations.
Assess the effectiveness of cybersecurity risk management measures.
Segmentation baselines, access policy audits, and session log analysis provide continuous assessment data. Evidence packages generated on demand for auditors and regulators.
Basic cyber hygiene practices and cybersecurity training for staff.
Access Gate enforces hygiene through policy: MFA required, least-privilege access, session timeouts. Training content and delivery remain a customer responsibility.
Policies and procedures on the use of cryptography and encryption.
FIPS-validated TLS cipher suites on all access paths. AES-128/256 GCM with ECDHE key exchange. Encryption enforced at the proxy layer without modifying production equipment.
Human resources security, access control policies, and asset management.
Identity-based access control with MFA, RBAC per user, per asset, per protocol. Automatic asset inventory through passive network discovery. Access policies enforced at the network layer.
Use of MFA, continuous authentication, and secured communications.
MFA enforced at the proxy boundary before any session reaches the asset. TOTP tokens work offline for air-gapped environments. Secured communications via FIPS-validated TLS.
How Guichon Valves secured OT and IT for NIS2.
of OT-IT flows segmented and auditable for NIS2 compliance. Deployed without production disruption.
Trusted by leading companies
“The Trout Access Gate gave us a clear path to CMMC compliance without disrupting our manufacturing operations.”
Ready for your NIS2 audit?
See how the Access Gate enforces Article 21 measures and provides audit-ready evidence across your infrastructure.
Download the Access Gate Datasheet.
Get the complete product overview with technical capabilities, deployment model, compliance alignment, and customer references.
What's Inside
Product architecture, deployment model, key capabilities (proxy enforcement, micro-DMZs, identity-based access), compliance alignment, and real-world customer deployments.
See It in Action
Request a live demo to see how the Access Gate deploys on your network without rewiring or downtime.
Common Questions About NIS2 Compliance.
Article 21 cybersecurity measures enforced and continuously monitored. Audit-ready evidence generated on demand.
NIS2 is the EU directive on cybersecurity for essential and important entities — energy, transport, manufacturing, water, digital infrastructure, and more. If you operate in these sectors within the EU, it applies.
Article 21 requires risk management, incident handling, access control, encryption, network security, and supply chain protection. The Access Gate enforces these at the network level — one appliance or VM, all measures.
Yes. Deploys inline on your existing network. No re-cabling, no IP changes. Guichon Valves segmented production and IT in hours with zero downtime.
Real-time anomaly detection with pre-formatted reports. NIS2 requires initial notification within 24 hours and a full report within 72 hours — evidence is ready on demand.
Built-in bastion host with MFA. Scoped to specific systems, time-limited, fully recorded. Every vendor session logged for audit.
Yes. Syslog and API integration with your existing SIEM, SOC, and compliance platforms. The Access Gate adds the enforcement layer — no rip-and-replace.
Go Deeper on NIS2.
Foundational guides, Article 21 deep dives, sector implementation playbooks, and cross-framework analyses — written for IT and OT teams preparing for NIS2 audits.