Regulatory compliance and cyber security for cloud-native organisations.
NIS2, CRA, DORA, and the AI Act are in force or entering enforcement. Organisations that are not ready face fines, operational disruption, and personal director liability. Epitechnic helps organisations across the UK and EU get ready and stay compliant.
Offices in London, Warsaw, and Berlin. UK and EU jurisdictions covered in a single engagement.
- LondonUK NIS2 equivalents · Cyber Essentials
- WarsawPolish NIS2 transposition · UODO
- BerlinGerman NIS2 transposition · BSI
Three service lines. One proposition.
Epitechnic delivers regulatory compliance programmes, the technical security controls those programmes require, and the governance layer that connects them to the management body.
Regulatory Compliance Programmes
NIS2, CRA, DORA, and AI Act. From a five-day diagnostic establishing scope and readiness, through programme design and phased delivery, to sustained compliance after programme close.
NIS2 servicesTechnical Security Delivery
The security controls a compliance programme requires. Identity and access management, infrastructure and system security, supply chain security, zero trust architecture, and application security.
About EpitechnicSecurity Governance
Board reporting, governance design, policy frameworks, and evidence and audit readiness. The governance layer that sits above the technical controls and connects the programme to the management body.
About EpitechnicFour regulations. Live penalties. Director liability.
Each regulation below carries enforceable obligations now or within the next 18 months. Fines are calculated on global turnover, not EU revenue.
NIS2
In force since October 2024
Up to €10 million or 2% of global turnover
Applies across 18 sectors. Personal director liability for persistent non-compliance.
Cyber Resilience Act
Full enforcement from December 2027
Up to €15 million or 2.5% of global turnover
Applies to all products with digital elements placed on the EU market.
DORA
In force since January 2025
Up to 1% of average daily global turnover per day
Applies to financial entities and their critical ICT service providers.
AI Act
Rolling from August 2024 through 2026
Up to €35 million or 7% of global turnover for prohibited AI
Applies to providers and deployers of AI systems in the EU market.
Three things that are difficult to replicate.
Regulatory depth
We work across NIS2, CRA, DORA, AI Act, and their UK equivalents. Each engagement draws on direct programme experience across all four frameworks, not generic compliance advisory.
One firm, three jurisdictions
Offices in London, Warsaw, and Berlin give Epitechnic the ability to advise on UK cyber resilience frameworks and NIS2 obligations under German and Polish national transposition law from a single engagement team. No coordination overhead between national advisers.
Senior-led throughout
The people who sell the work deliver it. No partner-led sales and associate-led delivery. Senior involvement from the diagnostic through to programme close.
The NIS2 Readiness Diagnostic.
Five days. Fixed scope. Six defined outputs. The diagnostic establishes where the organisation stands before committing to a full programme, and produces a programme readiness brief written for the management body.
- Provisional scope statement — which entities are in scope, under which national laws, and what the key uncertainties are
- Governance readiness assessment — whether the sponsorship and board conditions exist for a programme to succeed
- Article 21 domain maturity map — where the organisation stands across all ten NIS2 obligation domains
- Incident readiness assessment — whether the organisation could meet the 24-hour early warning obligation today
- Supply chain exposure map — which supplier relationships carry the most significant security gaps
- Programme readiness brief — a four-page executive document summarising findings and decisions, written for the management body
Epitechnic holds Cyber Essentials Plus certification, independently verified by a UKAS-accredited certification body.