NIS2 Compliance Pressure? We Provide Evidence.
Harden Windows Endpoints in 5 Minutes — with Audit Documentation.
~30,000 companies must implement technical security measures under BSI Law §30 — and they'll
require the same from YOU as their supplier.
NoID Privacy applies 630+ Microsoft
Security Baseline settings — fully documented for compliance evidence.
NoID Privacy hardens your Windows endpoints using Microsoft Security Baseline (state of the art under §30 BSIG) — an important building block for your NIS2 implementation. We do not replace risk assessments, ISMS, or compliance consulting. But we implement selected technical measures on Windows endpoints that the law expects as part of an overall NIS2 risk management strategy.
⚡ TL;DR — In 60 Seconds
- NIS2 Implementation Act is in force — approx. 30,000 companies in Germany are affected
- BSI Law §30 requires technical measures for IT systems
- Executives personally liable under §38 for risk management
- NoID Privacy implements 630+ settings based on Microsoft Security Baseline
- HTML Compliance Reports document the security state (for audits)
📊 NIS2 at a Glance
Who is affected by NIS2?
- ≥250 employees OR
- >€50M revenue AND >€43M balance sheet
- ≥50 employees OR
- >€10M revenue AND >€10M balance sheet
18 Sectors: Energy, Transport, Banking, Healthcare, Water, Digital Infrastructure, Space, Postal, Waste, Chemicals, Food, Manufacturing, Research, and more.
Under BSI Law §38, executives are personally obligated to approve, implement, and oversee the risk management measures under §30. In case of breaches, they may be held personally liable under applicable corporate law. This makes cybersecurity a board-level issue.
📜 What does BSI Law §30 require?
The law requires "appropriate, proportionate and effective technical and organizational measures" for all IT systems used to provide services — including office IT.
The 10 Mandatory Measures under §30 Para. 2:
| §30 Requirement | NoID Privacy Contribution | Status |
|---|---|---|
| 1. Risk Analysis & Security Concepts | Verify report provides current state (no risk framework) | ⚡ Input |
| 2. Incident Handling | Reduces incidents through ASR prevention (no incident process) | ⚡ Prevention |
| 3. Backup & Recovery | Configuration only — no business data! | ⚡ Config Only |
| 4. Supply Chain Security | Helps YOU pass your client's audit (we don't audit your suppliers) | ⚡ Supplier-Side |
| 5. Procurement/Maintenance & Vulnerabilities | Configuration mgmt ✓, Network security ✓ (no patch mgmt) | ⚡ Config & Net |
| 6. Effectiveness Assessment | Verify mode checks technical implementation (no audit concept) | ⚡ Technical |
| 7. Cyber Hygiene & Training | — | ❌ Not Our Scope |
| 8. Cryptography & Encryption | DoH, Credential Guard*, TLS Policies (no crypto concept) | ⚡ Implemented |
| 9. Access Control & Personnel | LSA Protection, RDP Hardening, Admin Shares (no policy) | ⚡ Technical |
| 10. MFA & Voice/Video/Text Security | — (§30: MFA + secure voice, video, text communication) | ❌ Not Our Scope |
🛡️ What NoID Privacy Implements
Each module addresses specific NIS2 requirements:
📋 Module 1: Security Baseline (425 Settings)
NIS2 Relevance: §30 Para. 2 No. 1, 6, 7
- 335 Registry Policies (Computer + User)
- 67 Security Template Settings
- 23 Advanced Audit Policies
- Based on Microsoft Security Baseline for Windows 11 (current version)
→ Establishes baseline configuration according to state of the art
🔩 Module 2: ASR Rules (19 Rules)
NIS2 Relevance: §30 Para. 2 No. 2 (Incident Handling)
- Blocks Office macro attacks
- Prevents credential theft (LSASS protection)
- Stops ransomware encryption
- Blocks PSExec/WMI lateral movement
→ Proactive attack prevention instead of reactive detection
Module 3: DNS Security (5 Checks)
NIS2 Relevance: §30 Para. 2 No. 8 (Cryptography)
- DNS-over-HTTPS (DoH) with Quad9, Cloudflare, or AdGuard
- Encrypted DNS queries against eavesdropping
- Malware domain blocking at DNS level
→ Encrypted communication + malware protection
Module 4: Privacy (78 Settings)
NIS2 Relevance: §30 Para. 2 No. 9 (Access Control)
- Disables Windows telemetry
- Removes bloatware (reduces attack surface)
- Blocks unnecessary data flows
→ Minimizes data exposure and attack surface
Module 5: Anti-AI (32 Policies)
NIS2 Relevance: §30 Para. 2 No. 9 (Access Control)
- Blocks Copilot and Recall
- Prevents AI-based data exfiltration
- 15 features completely disabled
→ Control over AI features and data processing
Module 6: Edge Hardening (24 Policies)
NIS2 Relevance: §30 Para. 2 No. 5, 8
- Secure browser configuration
- SmartScreen enforcement
- TLS/HTTPS policies
→ Secure web access following BSI recommendations
Module 7: Advanced Security (50 Settings)
NIS2 Relevance: §30 Para. 2 No. 9 (Access Control)
- Credential Guard* (password protection)
- LSA Protection (against Mimikatz)
- RDP hardening or disabling
- Firewall hardening (LLMNR, NetBIOS, mDNS blocked)
- Admin Shares control
→ Protection against credential theft and lateral movement
📋 BAVR: Documentation for Evidence
BSI Law §30 requires documentation of implementation. The BAVR system (Backup → Apply → Verify → Restore) documents configuration changes — not business data:
The Verify mode checks all 630+ settings and creates a detailed report. This documents:
- Which settings are active
- Which modules were applied
- Timestamp of last verification
- Deviations from target state
For Audits: During a BSI audit, you can present the Verify Report as technical evidence that hardening measures have been implemented on endpoints.
⚠️ What NoID Privacy is NOT
Honesty is important to us. NoID Privacy is a building block, not the complete solution:
❌ NoID Privacy does NOT replace:
- Data Backup — We only backup system configuration, not business data (documents, emails, databases)!
- Patch Management — We harden settings but don't replace installing updates
- Risk Assessment — You must evaluate your specific risks yourself
- ISMS (ISO 27001) — We are not a management system
- Compliance Consulting — Consult a NIS2 expert
- Training — Employee awareness is needed separately
- Incident Response — We prevent attacks but don't respond to ongoing ones
- Multi-Factor Authentication — MFA is a separate measure
- Supply Chain Auditing — We don't audit suppliers
- Server Hardening — We are optimized for Windows 11 clients
✅ NoID Privacy IS:
- Endpoint Hardening based on Microsoft Security Baseline
- Technical Measures for Windows 11 workstations
- Documentable through BAVR reports
- Reversible — one click to roll back if issues arise
- Cost-effective — Shell free, GUI one-time €39.99
💼 Who is this relevant for?
👨💻 Freelancers & Contractors
Problem: Big clients (NIS2 Entities) must audit suppliers. Without hardening, you're a liability — risking VPN access and contracts.
Solution: Send the NoID Privacy Verify Report as proof. Keep the contract.
🏢 SMBs & IT Providers
Problem: NIS2 applies but no dedicated security team. Customers asking for compliance support you can't easily provide.
Solution: Scalable endpoint hardening for all clients — in minutes, not weeks.
👔 Executives & CEOs
Problem: Personal liability under §38. If breached, you must prove "state of the art" measures were in place.
Solution: Documented Microsoft Security Baseline implementation.
📚 Sources & References
- BSI Law 2025: gesetze-im-internet.de
- OpenKRITIS NIS2 Overview: openkritis.de
- BSI NIS2 Information: bsi.bund.de
- Microsoft Security Baseline: learn.microsoft.com
💰 Fair Pricing. Finally.
Rent is for apartments, not security software.
Power User (1-Device)
One-time purchase
Lifetime license (works forever)
1 year of updates
included
1 license = 1 device
Business (5-Devices)
~€30/license
Lifetime licenses
1 year of updates included
1
license =
5 devices
Update Pass (1-License)
+1 year feature updates
+2 years security updates
One-time
payment
1
license = 1 device
You keep the latest version released during your active period — forever.