Emergency Support
EN | DE
All News

KRITIS & NIS-2 Made Simple

What Companies Really Need to Know (and How CLYSO Helps)
What Companies Really Need to Know (and How CLYSO Helps)
Clyso Author
Kristina Seel
Dec 8, 2025 • Company News

Legal texts are often complex, packed with jargon, and hard to understand. This is especially true for technical regulations such as KRITIS or NIS-2, which now affect a rapidly growing number of companies — including many that never considered themselves part of “critical infrastructure.

This article explains KRITIS and NIS-2 in clear, practical language.
We’ll cover:

  • What these regulations actually mean
  • Who is affected
  • What companies must do in practice
  • Why storage infrastructures play a central role
  • And how a Ceph Support Contract from CLYSO provides the security and compliance companies need

1. Why KRITIS and NIS-2 Exist

Modern society depends entirely on reliable IT systems.

  • If a storage cluster fails, hospital systems go offline.
  • If a data center collapses, public services shut down.
  • If networks break down, entire industries can be disrupted.

KRITIS and NIS-2 exist to make sure this doesn’t happen.

In short: these regulations aim to prevent IT incidents from becoming societal crises.

2. KRITIS — Explained in Simple Terms

KRITIS refers to critical infrastructures — sectors where outages have severe consequences:

  • Energy
  • Water
  • Healthcare
  • Transportation
  • IT & Telecommunications
  • Finance
  • Public Administration

If IT in these sectors fails, essential services for the population may be disrupted.
Therefore, the government requires: “These organizations must protect their IT to a higher standard.”

This means they must ensure:

  • Stable system operation
  • Redundant and resilient infrastructure
  • Reliable data storage
  • Incident reporting
  • Defined emergency procedures

Many medium-sized companies are now realizing: “We’re actually part of this, too.”

3. What’s New with NIS-2?

The EU’s new NIS-2 Directive expands and strengthens cybersecurity requirements across Europe.
Compared to previous regulations, NIS-2 applies to:

  • More industries
  • More companies (including medium-sized businesses)
  • More technical requirements
  • Stricter reporting obligations
  • Higher liability for executives
  • Mandatory security measures

Put simply, NIS-2 states: “Prove that your IT systems are secure, stable, and resilient — at all times.”

This explicitly includes data storage systems.

4. What Companies Must Do (In Plain English)

Here are the key obligations — without legal jargon:

  1. Understand and manage risks : Identify potential failure points. - Document how risks are reduced.
  2. Secure systems technically : Firewalls, access control, monitoring, updates.
  3. Ensure secure data storage - This includes:
  • Redundancy (data stored multiple times)
  • High availability
  • Backups
  • Disaster recovery capabilities

✔ 4. Report incidents : Many incidents must be reported to the authorities within 24 hours.
✔ 5. Create emergency response plans

Who does what when something goes wrong?
Many companies now ask: “How are we supposed to handle all of this on our own?”

This is where storage experts like CLYSO come in.

5. Why Storage Systems Like Ceph Are Critical

Data is the backbone of every business process. - If data becomes unavailable, entire operations stop.

KRITIS and NIS-2 require:

  • High availability
  • Redundant data storage
  • Monitoring and fault detection
  • Resilient systems
  • Secure updates
  • Reliable recovery processes

A Ceph cluster naturally supports these requirements — when it is professionally managed.

Without expertise, however, Ceph can become challenging: cluster architecture, OSD failures, rebalancing, monitoring, upgrades, performance tuning, and more.

That’s why experienced Ceph specialists are essential.

6. How CLYSO Helps Companies Become KRITIS & NIS-2 Ready

CLYSO offers specialized Ceph Support Contracts that directly address these regulatory requirements. As Joachim Kraftmayer, CEO of CLYSO, states:
“KRITIS support is fully covered by a Ceph Support Contract from CLYSO.”

  • With CLYSO, organizations receive:
  • Professional Ceph cluster support
  • 24/7 monitoring and health checks
  • Architecture consulting & risk assessments
  • High availability and redundancy concepts
  • Secure updates & operational maintenance
  • Incident response support
  • Assistance during KRITIS/NIS-2 audits and documentation

This ensures companies meet critical infrastructure requirements without needing in-house storage specialists.

7. What Companies Should Do Now

Here’s a simple 3-step plan:

  1. Determine whether your organization is affected by NIS-2 or KRITIS. (You may be surprised by the answer.)
  2. Evaluate your current storage infrastructure. - Is it truly resilient and compliant?
  3. Consult with specialists — like CLYSO. - A professionally maintained storage system prevents outages and ensures compliance.

Conclusion: Clarity Instead of Legal Complexity — CLYSO Supports Secure IT Operations

Regulatory requirements can seem overwhelming, but their goal is simple: Ensuring the stability and security of essential IT infrastructures.

With a Ceph Support Contract from CLYSO, companies gain the technical expertise needed to meet KRITIS and NIS-2 requirements — and operate their storage systems safely, reliably, and compliant with modern standards.

We would be happy and able to support you.

Your CLYSO Team