# CloudSoul > Security operations and compliance as one EU-operated platform. CloudSoul runs your security stack 24/7 and turns its output into audit-ready evidence for NIS2, ISO 27001, and DORA. CloudSoul is a Luxembourg-headquartered SaaS designed for European mid-market organisations. It combines two pillars in a single subscription: Risk and Compliance (controls, policies, frameworks, evidence engine) and Security Operations (24/7 SOC, SIEM, EDR, vulnerability management, backup, BCP/DRP). Data stays in Europe under EU sovereignty. ## Product - [Platform](https://www.cloudsoul.net/platform): End-to-end overview of the two pillars and how they share live telemetry. - [Risk and Compliance](https://www.cloudsoul.net/platform#risk-and-compliance): Business + IT profile, action plan, risk register, policy library, framework mapping (NIS2, ISO 27001, DORA, GDPR), evidence engine and reports. - [Security Operations](https://www.cloudsoul.net/platform#security-operations): 24/7 threat detection and response (SIEM + EDR + SOC), exposure management (CSPM + vulnerability + patch), resilience (backup + BCP/DRP). - [Pricing](https://www.cloudsoul.net/pricing): Annual contracts, monthly billing, size-based tiers (no per-seat). Calculator on the page. ## Solutions - [NIS2 compliance](https://www.cloudsoul.net/solutions/nis2): Article 20 (management accountability), Article 21 (risk-management measures), Article 23 (incident reporting). Each obligation mapped to a CloudSoul delivery. ## Resources - [Blog](https://www.cloudsoul.net/resources/blog): Long-form articles on NIS2, ISO 27001, DORA, supply-chain risk, sector-specific guides. - [Case studies](https://www.cloudsoul.net/resources/case-studies): Customer outcomes with measurable metrics. - [News](https://www.cloudsoul.net/resources): Product and company announcements. ## Blog posts - [NIS2 in Luxembourg: How the Law of 5 May 2026 Transposes the EU Directive](https://www.cloudsoul.net/resources/blog/nis2-luxembourg-implementation-law): Luxembourg transposed NIS2 through the Law of 5 May 2026, designating ILR, HCPN and CIRCL as the institutional pillars. What every essential and important entity needs to know. - [Coordinated Vulnerability Disclosure: A New Framework for Researchers](https://www.cloudsoul.net/resources/blog/nis2-vulnerability-disclosure-framework): Understand NIS2 Article 12 coordinated vulnerability disclosure framework. Learn how researchers, vendors, and CSIRTs interact in Europe's new CVD process. - [NIS2 for Manufacturing: Cars, Electronics, and Machinery](https://www.cloudsoul.net/resources/blog/nis2-manufacturing-sector): Understand NIS2 requirements for manufacturers of vehicles, electronics, and machinery. Learn what 'important entities' must implement under Annex II. - [Proportionality in Practice: Right-Sizing Your NIS2 Measures](https://www.cloudsoul.net/resources/blog/nis2-proportionality-compliance): Master NIS2 proportionality requirements. Learn how to assess, scale, and justify cybersecurity measures for essential and important entities. - [NIS2 for the Financial Sector: Understanding the DORA Relationship](https://www.cloudsoul.net/resources/blog/nis2-financial-sector-dora-relationship-banking): NIS2 and DORA for financial sector: understand how cybersecurity frameworks overlap for banks, payment institutions, and investment firms. - [Cooperation Group, CSIRTs Network, EU-CyCLONe: EU Coordination at Scale](https://www.cloudsoul.net/resources/blog/nis2-cooperation-group-eu-cyclone-csirt-network): NIS2 cross-border coordination: Cooperation Group, EU-CyCLONe platform, and CSIRT network for collective incident response and intelligence sharing. - [Cybersecurity Certification and Standards Under NIS2](https://www.cloudsoul.net/resources/blog/nis2-cybersecurity-certification-standards-iso-27001): NIS2 certification and standards under Articles 24-25: EU schemes, ISO 27001, and security certification requirements for designated entities. - [National Cybersecurity Strategies Under NIS2: What Article 7 Requires](https://www.cloudsoul.net/resources/blog/nis2-national-cybersecurity-strategy-article-7): NIS2 Article 7 requirements for national strategies: policy framework, sectoral governance, research, and risk assessment mandates for Member States. - [NIS2 for MSPs and MSSPs: From Vendor to Regulated Entity](https://www.cloudsoul.net/resources/blog/nis2-msp-mssp-managed-service-providers-regulated): NIS2 scope for MSPs and MSSPs: understand how managed service providers become regulated entities under Annex I, Sector 9. - [NIS2 and GDPR: Where Cybersecurity Meets Data Protection](https://www.cloudsoul.net/resources/blog/nis2-gdpr-overlap-cybersecurity-data-protection): Understand NIS2-GDPR overlap: how cybersecurity obligations under NIS2 Articles 21, 35 complement GDPR Articles 32, 33-34 data protection requirements. - [What Makes an Incident 'Significant'? Understanding the Reporting Threshold](https://www.cloudsoul.net/resources/blog/nis2-significant-incident-reporting-threshold-definition): Understand NIS2's significant incident threshold under Article 23(3): criteria for mandatory 24-hour reporting to authorities and CSIRTs. - [NIS2 for Transport: Aviation, Rail, Maritime, and Road](https://www.cloudsoul.net/resources/blog/nis2-transport-aviation-rail-maritime-road): NIS2 for transport sector: understand obligations for aviation, rail, maritime, and road operators under Annex I, Sector 2. - [The NIS2 Institutional Architecture: Authorities, CSIRTs, and Contact Points](https://www.cloudsoul.net/resources/blog/nis2-institutional-architecture-csirts-authorities): Understand NIS2's governance structure: competent authorities, CSIRTs, single contact points, and their roles in incident response and coordination. - [Administrative Fines Under NIS2: The EUR 10M and EUR 7M Frameworks](https://www.cloudsoul.net/resources/blog/nis2-administrative-fines-eur-10-million-penalties): Understand NIS2 administrative fines under Articles 34-35: EUR 10 million for major violations, EUR 7 million for non-compliance. Enforcement, appeals, and mitigation. - [NIS2 for Healthcare: Hospitals, Pharma, and Medical Device Manufacturers](https://www.cloudsoul.net/resources/blog/nis2-healthcare-hospitals-pharma-compliance): NIS2 for healthcare sector: understand obligations for hospitals, pharmaceutical manufacturers, and medical device makers under Annex I, Sector 5. - [NIS2, CER Directive, and DORA: Navigating Overlapping Frameworks](https://www.cloudsoul.net/resources/blog/nis2-dora-cer-overlapping-regulations): Navigate overlapping EU cybersecurity regulations: NIS2, DORA, and CER. Understand scope, Article 4 distinctions, and governance architecture. - [The All-Hazards Approach: Why NIS2 Goes Beyond Digital Threats](https://www.cloudsoul.net/resources/blog/nis2-all-hazards-approach-physical-security): NIS2 Article 21 mandates all-hazards approach: cyber, physical (fire, theft, flooding) and environmental security. Learn what this means in practice. - [NIS2 for Digital Infrastructure: Cloud, Data Centres, DNS, and CDNs](https://www.cloudsoul.net/resources/blog/nis2-digital-infrastructure-cloud-data-centre): NIS2 digital infrastructure sector (cloud, data centres, DNS, CDNs) most harmonised. Implementing acts, ENISA registry, and compliance guidance explained. - [Essential vs. Important Entities: Classification, Obligations, and Supervision](https://www.cloudsoul.net/resources/blog/nis2-essential-important-entities-comparison): Understand NIS2 essential and important entity classification. Differences in obligations, supervision, and enforcement implications explained clearly. - [NIS2 Enforcement Powers: What Regulators Can Do and How to Prepare](https://www.cloudsoul.net/resources/blog/nis2-enforcement-powers-penalties-fines): Understand NIS2 enforcement powers (Articles 32-34). What regulators can do, penalty tiers, serious infringements, and how to minimize enforcement risk. - [NIS2 for the Energy Sector: Compliance Across Electricity, Oil, Gas, and Hydrogen](https://www.cloudsoul.net/resources/blog/nis2-energy-sector-compliance-guide): Energy sector NIS2 guide covering electricity, oil, gas, hydrogen, nuclear considerations, supply chain vulnerabilities, and implementation roadmap. - [Supply Chain Security Under NIS2: Managing Third-Party Risk](https://www.cloudsoul.net/resources/blog/nis2-supply-chain-security-vendor-risk): Master NIS2 supply chain security (Article 21(2)(d)). Vendor assessment, contractual controls, monitoring, and coordinated risk assessments explained. - [The NIS2 Incident Reporting Framework: Step-by-Step Guide](https://www.cloudsoul.net/resources/blog/nis2-incident-reporting-timeline-guide): Master NIS2 incident reporting: 24-hour and 72-hour timelines, notification process, what to report, and how to comply with Article 23. - [Board-Level Cybersecurity Accountability Under NIS2](https://www.cloudsoul.net/resources/blog/nis2-board-accountability-governance): NIS2 Article 20 makes boards liable for cybersecurity. Understand governance requirements, approval duties, oversight, training, and personal liability. - [Article 21 Decoded: The 10 Cybersecurity Risk-Management Measures](https://www.cloudsoul.net/resources/blog/nis2-article-21-10-measures): Master NIS2 Article 21's 10 mandatory cybersecurity risk-management measures. Detailed breakdown with implementation guidance for each measure. - [From NIS1 to NIS2: What Changed and Why It Matters](https://www.cloudsoul.net/resources/blog/nis1-vs-nis2-key-differences): Understand the evolution from NIS1 to NIS2. Learn scope expansion, fragmentation fixes, enforcement changes, and what matters for your compliance. - [NIS2 Scope Demystified: How to Determine If Your Organisation Is In Scope](https://www.cloudsoul.net/resources/blog/nis2-scope-applicability-guide): Decode NIS2 scope in 6 minutes. Check if you're in scope: Annex I/II sectors, size rules, exceptions, and Member State discretion explained clearly. - [The Ultimate Guide to NIS2 Compliance: Everything You Need to Know](https://www.cloudsoul.net/resources/blog/nis2-compliance-ultimate-guide): Complete NIS2 compliance guide covering scope, obligations, reporting, enforcement, and sectors. Essential reading for CISOs and compliance teams. - [Is €50K for ISO27001 Worth It? Probably Not the Way You're Spending It.](https://www.cloudsoul.net/resources/blog/is-eu50k-for-iso27001-worth-it): SMEs spend €50-80K on ISO 27001 certification without fixing real security gaps. Learn when the investment makes sense and what to do instead. ## Case studies - [Inside InWarmte's regulatory compliance journey](https://www.cloudsoul.net/resources/case-studies/inside-inwarmtes-regulatory-compliance-journey): InWarmte exclusively supplies sustainable and environmentally friendly energy from thermal energy storage systems, heat pumps and solar energy systems. InWarmte works with their clients to find the best solutions for both new and existing buildings. InWarmte offers support in the development, implementation and operation of these systems. - [Scaling fast without compromising security](https://www.cloudsoul.net/resources/case-studies/scaling-fast-without-compromising-security): Elora is redefining how businesses leverage artificial intelligence. For years, employees across industries have been burdened with repetitive tasks: customer service inquiries, routine phone support, and help desk tickets, that consume valuable time and resources. These tasks are costly, time-intensive, and often lead to frustration among workers who could otherwise focus on higher-value activities. ## Company - [About](https://www.cloudsoul.net/company): Mission, team, contact. - [Trust centre](https://www.cloudsoul.net/trust-centre): CloudSoul's own security posture, certifications, sub-processors. ## Contact - Sales: sales@cloudsoul.net - Security: security@cloudsoul.net - Press: press@cloudsoul.net - General: info@cloudsoul.net ## Localised versions The site is published in English (default), French (/fr/), and German (/de/). Every page above is available in each locale — replace the path prefix to switch. ## Optional Legal pages, included for completeness. Skip if context is tight. - [Terms of use](https://www.cloudsoul.net/policies/terms-of-use) - [Privacy](https://www.cloudsoul.net/policies/privacy) - [Cookies](https://www.cloudsoul.net/policies/cookie) - [Acceptable use](https://www.cloudsoul.net/policies/acceptable-use) - [Refund](https://www.cloudsoul.net/policies/refund)