This website uses cookies

To provide the highest level of service we use cookies on this site.
Your continued use of the site means that you agree to their use in accordance with our terms and conditions.

Services

NIS2 / UKSC

Revolution or evolution?
Find out how far you are from compliance.

The Act on the National Cybersecurity System (UKSC) implements the NIS2 Directive and introduces new obligations for critical and important operators.

A Zero Audit provides an organization with a clear picture of where it stands today, what is missing, and what needs to be done to meet the Act’s requirements.


Is your organization subject to the UKSC?


The UKSC applies to organisations operating in the sectors listed in Annex 1 (key) or Annex 2 (important) of the Act that exceed the threshold for a medium-sized enterprise. For some categories, the threshold is lower or does not apply, in particular for managed security service providers (MSSPs).

The first step is the organization assessment, which we provide as a separate service or as part of a zero audit.


Dates from UKSC:

3 October 2026

entry in the list of key and important operators

3 April 2027

implementation of the procedures set forth in Article 8 of the UKSC

Every 3 years

a compliance audit for key entities (Article 15 of the UKSC)

What is a Zero Audit (Gap Analysis)?

We identify real gaps between UKSC requirements and the actual state of security and procedures within the organization.
We don’t just assess compliance on paper.
We verify whether the provisions in the policies are reflected in the IT architecture and day-to-day processes.

How much does it cost?

UKSC Zero Audit:

Starting at 3 800 EUR net.

We agree on the specific price after a brief preliminary interview. It depends on the number of companies, the size of the organization, and the presence of an IT environment.

Additional work outside the agreed-upon scope is billed on a time-and-materials basis.


What exactly does a zero audit include??

01

Documentation Review

8 working days of a cybersecurity consultant’s time spent reviewing the provided documentation (policies, procedures, BCP, supplier contracts). We review up to 300 pages as part of the standard scope.

02

Interviews with Key Staff Members

A series of 4 meetings (up to 2 hours each) with individuals responsible for IT, security, and business processes to verify the assumptions in the documentation against actual practice.

03

Gap Analysis Report

UKSC compliance map, prioritized list of gaps, and implementation schedule. We identify which areas require improvement and which need to be created from scratch.

04

Estimating the Next Phase

Estimated workload and cost of the implementation phase. A starting point for planning the budget to achieve compliance.


Three Steps to Compliance

01

Eligibility

We verify whether the entity is subject to the UKSC and whether it qualifies as a significant or critical entity.

02

Zero audit

We identify gaps and create a roadmap along with a work schedule.

03

Implementation

Together with the client’s team, we create or adapt policies and procedures, support management, prepare for integration with the S46 system, and advise on the implementation of technical measures.
This phase is priced separately — based on the results of the baseline audit..

FAQ

Q:

What does the zero-audit report contain?

An assessment of compliance with UKSC requirements, broken down by area, a compliance map, gap priorities, and an implementation roadmap. It is a technical and organizational document that outlines what needs to be implemented, modified, or supplemented.

Q:

Does the service include the development of new procedures?

Q:

What documents are required?

Q:

Will the company meet the UKSC requirements after the audit?

Q:

What is the difference between a key operator and an important one?

Q:

Do you work with companies based outside of Poland?

Do you have questions regarding NIS2?

Contact us
We'd be happy to help

LEGAL STATUS AS OF THE DATE OF PUBLICATION: ACT ON THE NATIONAL CYBERSECURITY SYSTEM (Journal of Laws 2026, Item 252) IMPLEMENTING DIRECTIVE (EU) 2022/2555 (NIS2).