Cybersecurity Awareness E-Learning

Interactive training under Art. 20 NIS2 and § 38 BSIG. 35 slides, quiz with a 50-question pool, printable certificate. Reading time ~2 hours — as of 2 May 2026.

Order now →

One-off price EUR 390 Offline capable

Practitioner note: This e-learning is practitioner training material, not legal advice. We are compliance specialists, not a law firm. The German NIS2UmsuCG is in force since 6 December 2025 (BGBl. I 2025 No. 301).

At a glance

Why this e-learning?

Mandatory since 17.10.2024 / Germany since 06.12.2025 — Art. 21 NIS2 / § 38 BSIG (cybersecurity awareness for all staff)

One-time price 390 €No subscription. License for unlimited employees within your company.

Fully offline-capableNo server, no cloud lock-in — a single HTML file is enough.

Unlimited employeesOne license covers every employee in your company — no per-seat fees.

Quiz + certificate50-question pool, printable certificate — audit-ready.

Self-hostableIntranet or your own server — no third-party dependency.

Refresher mode anytimeAnnual repeat training at the press of a button — no extra cost.

GDPR-compliantNo tracking cookies, no server-side answer logging.

Course content

8 chapters, 35 slides

EU Directive 2022/2555 and the German NIS2UmsuCG since 6 December 2025: who qualifies as an “essential” or “important” entity, when obligations apply, and the fine framework (10M EUR / 2% for essential entities under § 60 BSIG).

The CIA triad — confidentiality, integrity, availability — translated into daily work: what it means for your files, emails and systems, with concrete SME examples.

Multi-factor authentication, passphrases over complex strings, password managers, the zero-trust principle — the minimum requirements under § 30 BSIG and Art. 21 NIS2.

Recognize phishing in under 30 seconds: sender spoofing, dangerous attachments, quishing via QR code, business email compromise — with live examples and a decision tree for the recipient.

Secure use of laptops, smartphones and hotspots: VPN obligation, screen privacy, automatic lock, loss procedures, BYOD policy boundaries.

The 24-hour early warning, 72-hour incident notification, and one-month final report under § 32 BSIG: what to report, to whom, and the role of every staff member in the chain.

Supplier risks under Art. 21(2)(d) NIS2 plus physical security: visitor protocol, tailgating prevention, clean-desk policy, hardware theft, third-party remote access controls.

The five most important reflexes: install updates, MFA everywhere, report suspicious emails, no USB sticks from unknown sources, communicate incidents early — ending with a personal action card.

Cybersecurity Awareness E-Learning

Single module — Art. 21 NIS2 / § 38 BSIG.

EUR 390

one-time price

One-time price 390 € · No subscription
Fully offline-capable — no server, no cloud lock-in
Unlimited employees within your company
Quiz with 50-question pool + printable certificate (audit-ready)
Self-hostable (Intranet, own server) — no third-party dependency
Refresher mode anytime
GDPR-compliant: no tracking cookies, no server-side answer logging

Order e-learning →

Sources

Directive (EU) 2022/2555 — NIS2 (as of 14 December 2022, transposition deadline 17 October 2024) — Art. 20 management training, Art. 21 mandatory measures, Art. 23 incident reporting
BSIG 2025 (BSI Act consolidated post-NIS2UmsuCG) (as of 6 December 2025) — § 30 mandatory measures, § 32 reporting chain (24h/72h/30d), § 38 management training and personal liability
NIS2UmsuCG — Federal Law Gazette I 2025 No. 301 (as of 5 December 2025)
Regulation (EU) 2022/2554 — DORA (applicable since 17 January 2025) — lex specialis to NIS2 for the financial sector