With new European regulations such as the NIS2 Directive, the Critical Entities Resilience Directive and the Cyber Resilience Act, the requirements for companies are increasing significantly. These requirements are also becoming relevant for many Swiss organizations – for example through business relationships with the EU, supply chain requirements, or regulatory obligations. Many companies are facing similar questions: Which regulations apply to us? Which measures are actually required? And how can different compliance requirements be implemented efficiently and in a practical manner?
SYNSPACE Switzerland supports companies in making complex EU regulations understandable, implementing them in a structured way, and documenting them in an audit-ready manner – with a risk-based approach that combines compliance and operational security.
-
Typical challenges our clients face:
In Short: What are NIS2, CER and the Cyber Resilience Act (CRA)?
New EU regulations such as the NIS2 Directive, the Critical Entities Resilience Directive and the Cyber Resilience Act strengthen cybersecurity and resilience requirements for companies in Europe. They affect operators of critical infrastructures, numerous industrial companies, as well as manufacturers of digital products and components. The objective of these regulations is to systematically manage cyber risks, protect supply chains, and increase the resilience of critical services. Many Swiss companies are also affected – for example through their role in European supply chains or through business activities in the EU market.
-
Core elements of the regulation:
-
Together, these regulations create a Europe-wide framework for cybersecurity, resilience, and product security, requiring companies to implement structured risk management and sustainable security governance.
Industries with increased EU regulatory requirements
These industries are particularly affected by European cybersecurity and resilience regulations – whether due to their role as critical infrastructure, as operators of digital services, or as manufacturers of connected products:
Our Services
-
Regulatory Gap Analysis -
Policy & Governance Framework
-
Compliance Strategy & Roadmap
-
Audit Preparation & Support
Our 4-Phase Approach
Scope & Applicability
Analysis of the company structure, services, and products to determine which regulatory requirements are relevant and to what extent they apply.
Gap Analysis & Risk Assessment
Assessment of the current maturity level compared to regulatory requirements, as well as identification of security risks, vulnerabilities, and compliance gaps.
Strategy & Roadmap Development
Development of a structured implementation strategy with prioritized measures, governance structures, and a realistic implementation roadmap.
Implementation Support & Audit Preparation
Support in the practical implementation of security and compliance measures as well as preparation for audits, evidence, and regulatory assessments.
Key Deliverables
Enablement of your teams through Trainings & Workshops
- In-House – delivered on-site at your organization
- Virtual – online, interactive sessions
- Public Courses – open enrollment trainings
- Train-the-Trainer – enable internal multipliers
- Hands-on – real use cases from our consulting practice
- Interactive – workshops instead of traditional lectures
- Up-to-date – latest regulations and standards
- Swiss context – relevant, practical examples
- Enablement-focused – your teams become internal experts
- Role-based – tailored for executive and operational levels
Duration: 1 day (Executive: 3h) | Level: Executive & Operational | Target Audience: C-Level, Compliance Officers, Risk Managers
Content:
- NIS2 Directive – Requirements & Scope
- CER Directive – Resilience of critical entities, management liability & fines, implementation roadmap
Benefits: Regulatory clarity for decision-makers
Duration: 1 day (Executive: 3h) | Level: Executive & Operational | Target Audience: Specialists and managers from product development, quality management, regulatory affairs, IT security, manufacturers of digital products distributed in the EU
Content:
- CRA Scope – which products are affected? Essential Requirements
- Product Lifecycle Security
- CE Marking & Conformity Assessment
Benefits: Regulatory clarity for decision-makers
Duration: 1 day | Level: Executive & Operational | Target Audience: Security Officers, IT Managers, Compliance Officers, Management
Content:
- Overview of current cybersecurity regulations and standards
- ISO/IEC 27001 – Fundamentals of an Information Security Management System (ISMS)
- NIS2 Directive – Requirements for cybersecurity risk management and incident reporting
- Cyber Resilience Act – Security requirements for products with digital components
- Critical Entities Resilience Directive – Protection of critical infrastructures and resilience requirements
- Differences and interdependencies between regulation, standards, and practical implementation
- Governance, responsibilities, and management obligations
Benefits: Participants gain a clear overview of current cybersecurity standards and EU regulations as well as their practical implications for organization, products, and compliance strategies.
Workshops:
- 0.5–1 day – Current state vs. NIS2/CER/CRA
- 1 day – Leveraging synergies between regulations
