Who we are
Two founders trying to cut the NIS2 bill in half. No consulting firm, no VC backing. Just the conviction that compliance shouldn't cost six figures.
Cover
Investor Presentation · 2026
nisd2.eu
Free NIS2 compliance for European SMEs
Turning a €30,000–€80,000 consulting project into an open-source platform
Cologne · 2026
02 / Problem
160,000+ European companies. No affordable compliance tool.
NIS2 applies across all 27 EU member states (no transition period)
Most affected companies are SMEs: under 250 employees, no CISO, no compliance budget
Existing tools: €7,500–€100,000/year. Consulting: €30,000–€80,000 per project
ENISA estimates 160,000–180,000 obligated entities EU-wide — the majority newly in scope for the first time
03 / Solution
The platform is the documentation. Free, forever.
Requirements register, risk management, supplier portal, incident tracking
BSIG-specific (not a generic ISO mapper)
Open source (AGPL-3.0), no lock-in, data export always available
eIDAS timestamp sign-off, audit-proof log, PDF export for auditors
04 / Traction
Live since Q1 2026. Growing without paid ads.
223
Registered users
114
CEO courses started
23
CEO courses completed
BSI enforcement window opens 2026. Inbound CISO + IHK conversations already active.
05 / Market
160,000–180,000 companies obligated across the EU.
TAM: 160–180k EU entities (ENISA/BSI) · SAM: 135–155k EU SMEs · SOM: ~400 paying customers by Year 3
06 / Business Model
Free platform. Revenue from what surrounds it.
Consulting-referral commissions (~65% of Year-2 revenue, avg €1,000–2,000 per referral)
Own NIS2 implementation work (~18% of Year-2 revenue, €75/h, 5h/week from Oct 2026)
Licenses + hosted cloud, €49–299/month by company size (~9% of Year-2 revenue)
Partner-training referrals from awareness + ISO training vendors (~8% of Year-2 revenue)
07 / Competition
Nobody else is free, open-source, and BSIG-specific.
Market gap
US platforms (Vanta, Drata): €7,500–€100k/year, English, ISO-centric
German SaaS (DataGuard, NIS2Compass): demo walls, 3-year lock-in
Consulting (KPMG, Sopra Steria): €30,000–€80,000 per project
nisd2.eu
Free forever. Open source. No lock-in.
BSIG-specific (covers the 20% of NIS2 that ISO 27001 misses)
IHK chambers can endorse us (no vendor conflict)
08 / Why Now
Enforcement starts 2026. The window to build authority is open.
1
Regulation live
NIS2 in force Dec 6, 2025. No transition period.
2
62% unregistered
Most obligated German companies still haven't filed with the BSI.
3
Enforcement starting
First fines and §38 personal-liability cases expected 2026–2027.
4
No market leader
US providers too expensive. German providers closed. Window is open.
5
Channels opening
IHK chambers actively seeking NIS2 material for their 3.5M members.
An open-source platform can build authority now, before the market consolidates.
09 / Financials
Profitable from Year 1. First Managing Director salary January 2027.
| Year | Revenue | Net result |
|---|---|---|
| 2026 (Jul–Dec, Y1) | €8,800 | +€4,667 |
| 2027 (full year) | €99,300 | +€44,420 |
| 2028 (full year) | €304,100 | +€174,090 |
Model assumptions
IHK Köln business plan v1.4 (Stand 10.06.2026). Conservative path. No grants in base case. Phase 1 Gründungszuschuss covers Jul–Dec 2026 living costs, so no Managing Director salary in Y1.
10 / Roadmap
Four milestones to market leadership.
Q1 2026
Platform live. BSI registration deadline 6 March. Plan v1.4 cleared by IHK Köln 10 June.
Q3 2026
Gründungszuschuss Phase 1 (Jul–Dec). Own NIS2 implementation line starts Oct. First referral commissions.
Q1 2027
First Managing Director salary. Gründungszuschuss Phase 2 (Jan–Sep). Affiliate contracts close.
Q1 2028
~400 paying SMEs via partners. €304k revenue. Stammkapital + reserve reach €25k GmbH threshold.
11 / Team
Built by people who read the regulation in its original language.
Simon Orzel
Managing Director · 51%
Based in Cologne. 10 years in full-stack B2B software engineering. Former Founding Engineer at EventFirst (Top-5 US VC Funded). Deep expertise in modern webstack, LLM/RAG, and regulatory framework translation. Technical lead and architecture.
Cory Hisey
Co-Founder · 49%
Based in Osnabrück. M.Eng Mechatronics and cyber-physical systems (focus: embedded systems and AI integration). Handles business development, partnerships, and client-facing implementation support.
nisd2.eu
Simon Orzel
Geschäftsführer / Technical Co-Founder
10+ years in software engineering across security-critical industries. Senior engineer and tech lead building systems for a top 5 EU bank, Europe's largest motion plastics manufacturer, and VC-backed platforms. Researched and mapped the full NIS2 legal chain (Directive, CIR 2024/2690, BSIG, IT-Grundschutz) to build the NISD2 platform, the 47-lesson managing director course, and the 116-question gap assessment. Also builds AI-powered legal tech for German case law. Based in Cologne.
Cory Hisey
COO / Co-Founder
M.Eng Mechatronics with a focus on embedded systems and AI integration. Handles business development, partnerships, and client-facing implementation support. Background in software engineering across Python, TypeScript, and IoT systems. Bridges the gap between technical compliance requirements and the business reality of companies that need to implement them. Based in Germany.
Why us
We're not a consulting firm. We're not selling you a tool and then charging for the training to use it. We built everything on this platform by reading the actual law, the implementing regulation, and the BSI guidance. Every lesson in the managing director course cites its legal basis. Every requirement in the platform maps to a specific BSIG paragraph. We're engineers who decided compliance shouldn't cost six figures.
Our Mission
The €31 billion problem, and our plan to fix it.
NIS2 will cost European businesses €31.2 billion every year (Frontier Economics, 2023). That is 0.31% of every regulated company's revenue. Forever.
We do not cut hardware. We do not cut security tools. Those are real and necessary.
Where we charge. Training courses for management and staff. Guided consultancy for company-specific decisions: risk treatment trade-offs, supplier negotiations, complex incident response. Premium features as they develop. Self-host licensing for entities that need to run the platform internally.