Others innovate, Europe regulates: NIS2 from a micro-agency perspective

There is an old saying – the attribution of which is questionable, but very effective – that goes: US innovates, Asia copies, Europe regulates. And when a small agency has 150 pages of the NIS2 guidance in its hands, it’s hard not to think about it. The first reaction is: “It’s none of our business, we make websites”. Then, with a little digging, you realize that you may not be in direct view, but your customers – SMEs, government agencies, regulated companies – are. And that the supply chain, where you are only a small link, may have to take responsibility for safety, traceability and risk management.
This lecture is not a technical lesson, nor a legal exam. It is the story of how in Black Studio we started studying the guideline, asking ourselves questions, looking for solutions proportionate to our scale. I will share reflections, approaches and some concrete tools we use to avoid being caught unprepared. No claim to definitive answers, but a checklist – deliberately not exhaustive – that can be useful for those who, like us, are trying to orient themselves in an increasingly regulated context, but which is not always designed for those who work small.