Maritime Cybersecurity | NIS 2 Training
Become a NIS 2 Directive Trained Professional (NIS2DTP)
Overview
The NIS 2 Directive of the European Union entered into force the 16th of January, 2023.
In Article 1 (subject matter of the NIS 2 Directive), we learn that NIS 2 lays down cybersecurity risk management measures and reporting obligations for entities of a type referred to in Annex I or II.
In Annex I (Sectors of High Criticality), we find that "Inland, sea and coastal passenger and freight water transport companies, not including the individual vessels operated by those companies", "Managing bodies of ports, including their port facilities, and entities operating works and equipment contained within ports" and "Operators of vessel traffic services (VTS)" are in the scope of the NIS 2 Directive.
More about the scope of the NIS 2 Directive
Sector: Transport.
Subsector: Water.
- Inland, sea and coastal passenger and freight water transport companies, not including the individual vessels operated by those companies.
- Managing bodies of ports, including their port facilities, and entities operating works and equipment contained within ports.
- Operators of vessel traffic services (VTS).
Note: “Vessel traffic service (VTS)” means a service designed to improve the safety and efficiency of vessel traffic and to protect the environment, which has the capability to interact with the traffic and to respond to traffic situations developing in the VTS area.
What does it mean for entities in the scope of the NIS 2 Directive?
According to Article 20 (Governance), the management bodies of essential and important entities must approve the cybersecurity risk-management measures taken by those entities, oversee its implementation, and can be held liable for infringements.
According to Article 20, Member States shall ensure that the members of the management bodies of essential and important entities are required to follow training, and shall encourage essential and important entities to offer similar training to their employees on a regular basis, in order that they gain sufficient knowledge and skills to enable them to identify risks and assess cybersecurity risk-management practices and their impact on the services provided by the entity.
According to Article 21 (Cybersecurity risk-management measures), essential and important entities must take appropriate and proportionate technical, operational and organisational measures to manage the risks posed to the security of network and information systems which those entities use for their operations or for the provision of their services, and to prevent or minimise the impact of incidents on recipients of their services and on other services.
Taking into account the "state-of-the-art" and, where applicable, relevant European and international standards, as well as the cost of implementation, the measures referred shall ensure a level of security of network and information systems appropriate to the risks posed. When assessing the proportionality of those measures, due account shall be taken of the degree of the entity’s exposure to risks, the entity’s size and the likelihood of occurrence of incidents and their severity, including their societal and economic impact.
The measures shall be based on an "all-hazards approach" that aims to protect network and information systems and the physical environment of those systems from incidents, and shall include "at least" the following:
(a) policies on risk analysis and information system security;
(b) incident handling;
(c) business continuity, such as backup management and disaster recovery, and crisis management;
(d) supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers;
(e) security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure;
(f) policies and procedures to assess the effectiveness of cybersecurity risk-management measures;
(g) basic cyber hygiene practices and cybersecurity training;
(h) policies and procedures regarding the use of cryptography and, where appropriate, encryption;
(i) human resources security, access control policies and asset management;
(j) the use of multi-factor authentication or continuous authentication solutions, secured voice, video and text communications and secured emergency communication systems within the entity, where appropriate.
Objectives
The program has been designed to provide with the skills needed to understand and support compliance with the NIS 2 Directive.
It also provides with the skills needed to pass the NIS 2 Directive Trained Professional (NIS2DTP) exam, and to receive the Certificate of Completion, that provides independent evidence to firms and organizations that you have a quantifiable understanding of the subject matter.
Target Audience
The program is beneficial to risk and compliance managers and professionals, auditors, consultants, suppliers and service providers that:
- work for EU companies and organizations that have to comply with the NIS 2 Directive,
- work for non-EU companies and organizations that have operations in EU Member States or provide services to EU citizens, and have to comply with the NIS 2 Directive.
Course Synopsis
Introduction.
- The NIS 2 Directive Trained Professional (NIS2DTP) exam.
- The certificate of completion.
Part 1
The European Union (EU). How does the legislative process work?
- Key institutions.
- The European Commission, the most important institution for risk and compliance professionals.
- How does the legislative process work?
- The European System of Financial Supervision (ESFS).
- Legal acts after the Treaty of Lisbon.
- Delegated acts, supplementing or amending certain non-essential elements of a basic act.
- Implementing acts.
- Regulatory technical standards (RTS), Implementing technical standards (ITS).
- The European Data Protection Supervisor and the European Data Protection Board.
- The Committee of European Auditing Oversight Bodies (CEAOB).
- The European External Action Service.
- The Common Foreign and Security Policy (CFSP).
- The Common Security and Defence Policy (CSDP).
- The European Network and Information Security Agency (ENISA).
- The European Multidisciplinary Platform Against Criminal Threats. (EMPACT).
- The European framework for Threat Intelligence-based Ethical Red Teaming (TIBER-EU).
- The Euro Cyber Resilience Board for pan-European Financial Infrastructures (ECRB).
- The Cyber Information and Intelligence Sharing Initiative (CIISI-EU).
- The High-Level Expert Group on Artificial Intelligence (AI HLEG).
Part 2
“An Open, Safe and Secure Cyberspace”, the EU's vision on how to prevent cyber disruptions and attacks, and respond to them.
- 1. Achieving cyber resilience.
- 2. Drastically reducing cybercrime.
- 3. Developing cyber defence policy and capabilities related to the Common Security and Defence Policy (CSDP).
- 4. Developing the industrial and technological resources for cyber-security.
- 5. Establishing an international cyberspace policy for the European Union and promote EU core values.
The NIS Directive (EU 2016/1148), the first piece of EU-wide cybersecurity legislation.
- 1. National capabilities.
- 2. Cross-border collaboration.
- 3. National supervision of critical sectors.
- The NIS Cooperation Group.
- The NIS Directive, important parts.
- Transposition of the NIS Directive.
Part 3
Introduction to the NIS 2 Directive.
- The “lex specialis derogat legi generali” (special law repeals general laws) doctrine, accepted by the EU and international law.
- NIS 2 as lex generalis, a general law.
- NIS 2 is a legal obligation only when there is no special law for a sector.
- NIS 2 and Regulation (EU) 2022/2554 (the Digital Operational Resilience Act - DORA).
- NIS 2 and Directive (EU) 2022/2557 (the Critical Entities Resilience Directive - CER).
- NIS 2 and Directive 95/46/EC (General Data Protection Regulation - GDPR).
- Before discussing Article 1 of the NIS 2 Directive.
- NACE Rev. 2.
- Annex I, Sectors of High Criticality.
- Annex II, Other Critical Sectors.
The Articles of the NIS 2 Directive
CHAPTER I, GENERAL PROVISIONS.
- Subject matter.
- Scope.
- Essential and important entities.
- Sector-specific Union legal acts.
- Minimum harmonisation.
- Definitions.
CHAPTER II, COORDINATED CYBERSECURITY FRAMEWORKS.
- National cybersecurity strategy.
- Competent authorities and single points of contact.
- National cyber crisis management frameworks.
- Computer security incident response teams (CSIRTs).
- Requirements, technical capabilities and tasks of CSIRTs.
- Coordinated vulnerability disclosure and a European vulnerability database.
- Cooperation at national level.
CHAPTER III, COOPERATION AT UNION AND INTERNATIONAL LEVEL.
- Cooperation Group.
- CSIRTs network.
- European cyber crisis liaison organisation network (EU-CyCLONe).
- International cooperation.
- Report on the state of cybersecurity in the Union.
- Peer reviews.
CHAPTER IV, CYBERSECURITY RISK-MANAGEMENT MEASURES AND REPORTING OBLIGATIONS.
- Governance.
- Cybersecurity risk-management measures.
- Union level coordinated security risk assessments of critical supply chains.
- Reporting obligations.
- Use of European cybersecurity certification schemes.
- Standardisation.
CHAPTER V, JURISDICTION AND REGISTRATION.
- Jurisdiction and territoriality.
- Registry of entities.
- Database of domain name registration data.
CHAPTER VI, INFORMATION SHARING.
- Cybersecurity information-sharing arrangements.
- Voluntary notification of relevant information.
CHAPTER VII, SUPERVISION AND ENFORCEMENT.
- General aspects concerning supervision and enforcement.
- Supervisory and enforcement measures in relation to essential entities.
- Supervisory and enforcement measures in relation to important entities.
- General conditions for imposing administrative fines on essential and important entities.
- Infringements entailing a personal data breach.
- Penalties.
- Mutual assistance.
CHAPTER VIII, DELEGATED AND IMPLEMENTING ACTS.
- Exercise of the delegation.
- Committee procedure.
CHAPTER IX, FINAL PROVISIONS.
- Review.
- Transposition.
- Amendments.
- Repeal.
- Entry into force.
The NIS 2 Directive for non-EU entities.
- Does NIS 2 apply to companies not established in the EU?
- Article 6 and Article 26 (Jurisdiction and territoriality).
- Preamble 116, Preamble 133.
Part 4
NIS 2, DORA, or both?
- The Commission's Guidelines about the relationship between the NIS 2 Directive and the Digital Operational Resilience Act (DORA), from 18 September 2023.
Commission Implementing Regulation (EU) 2024/2690 of 17 October 2024.
- Understanding the Commission Implementing Regulation (EU) 2024/2690 of 17 October 2024 laying down rules for the application of Directive (EU) 2022/2555 as regards technical and methodological requirements of cybersecurity risk-management measures and further specification of the cases in which an incident is considered to be significant with regard to DNS service providers, TLD name registries, cloud computing service providers, data centre service providers, content delivery network providers, managed service providers, managed security service providers, providers of online market places, of online search engines and of social networking services platforms, and trust service providers.
Other new EU Directives and Regulations.
- The Digital Operational Resilience Act (DORA).
- The Artificial Intelligence Act.
- The Critical Entities Resilience Directive (CER).
- The European Data Act.
- The European Data Governance Act (DGA).
- The European Cyber Resilience Act (CRA).
- The Digital Services Act (DSA).
- The Digital Markets Act (DMA).
- The European Chips Act.
- The Artificial Intelligence Liability Directive.
- The Framework for Artificial Intelligence Cybersecurity Practices (FAICP).
- The EU Cyber Solidarity Act.
- The Digital Networks Act (DNA).
- The European ePrivacy Regulation.
- The European Digital Identity Regulation.
- The European Media Freedom Act (EMFA).
- The Corporate Sustainability Due Diligence Directive (CSDDD).
- The Systemic Cyber Incident Coordination Framework (EU-SCICF).
- The European Health Data Space (EHDS).
- The European Financial Data Space (EFDS).
- The Financial Data Access (FiDA) Regulation.
- The Payment Services Directive 3 (PSD3), Payment Services Regulation (PSR).
- Internal Market Emergency and Resilience Act (IMERA).
- The European Space Law (EUSL).
Draft Council Recommendation on the EU Blueprint for cybersecurity crisis management (Cyber Blueprint).
- Is this presentation necessary?
- Council, Conclusions on the Future of Cybersecurity, 22 May 2024.
- The Integrated Political Crisis Response (IPCR).
- The EU Cyber Diplomacy Toolbox.
- The EU Hybrid Toolbox.
- The Law Enforcement Emergency Response Protocol (LERP).
- The Critical Infrastructure Blueprint.
- Commission, a revised Cybersecurity Blueprint in the form of a Council recommendation, 24 February 2025.
- The Common Foreign and Security Policy (CFSP).
- The Common Security and Defence Policy (CSDP).
- The Strategic Compass for Security and Defence.
- What is a “large-scale cybersecurity incident”.
- Regulation (EU) 2024/2847 (The Cyber Resilience Act).
- Regulation (EU) 2025/38 (The Cyber Solidarity Act).
- Preparedness for a crisis requires a comprehensive *all-hazards and all-threats* risk assessment.
- From the *all-hazards* risk assessment to the *all-hazards and all-threats* risk assessment.
- The determination of whether a cyber crisis exists or ceases to exist.
- The Solidarity Clause.
- Preparing for a Union level cyber crisis.
- Situational awareness and information sharing.
- Common exercises.
- "The use of at least one Union-based DNS infrastructure such as DNS4EU to ensure reliable DNS resolution during major crisis. "
- The Cross-Border Cyber Hubs.
- Responding to a cyber crisis at Union level.
- The Union Cyber Commanders Conference (CyberCo).
- "Union-level actors should use solutions based on the Matrix protocol for real-time communication."
- The European Critical Communication System (EUCCS).
- The EU Cyber Defence Coordination Centre.
- The Cyber Rapid Response Teams (CRRTs) under the Permanent Structured Cooperation (PESCO).
- The Hybrid Rapid Response Teams (HRRTs).
- Annexes.
- Relevant Union-level actors across the cyber crisis management life cycle.
- Relevant Union-level crisis mechanisms.
Become a NIS 2 Directive Trained Professional (NIS2DTP)
This is a Distance Learning with Certificate of Completion program, provided by Cyber Risk GmbH. The General Terms and Conditions for all legal transactions made through the Cyber Risk GmbH websites (hereinafter “GTC”) can be found at: https://www.cyber-risk-gmbh.com/Impressum.html
Each Distance Learning with Certificate of Completion program (hereinafter referred to as “distance learning program”) is provided at a fixed price, that includes VAT. There is no additional cost, now or in the future, for any reason.
We will send the distance learning program via email up to 24 hours after the payment (working days). Please remember to check the spam folder of your email client too, as emails with attachments are often landed in the spam folder.
You have the option to ask for a full refund up to 60 days after the payment. If you do not want one of our distance learning programs for any reason, all you must do is to send us an email, and we will refund the payment, no questions asked.
Your payment will be received by Cyber Risk GmbH (Dammstrasse 16, 8810 Horgen, Switzerland, Handelsregister des Kantons Zürich, Firmennummer: CHE-244.099.341). Cyber Risk GmbH will also send the certificates of completion to all persons that will pass the exam.
The all-inclusive cost is 297 USD (US Dollars). There is no additional cost, now or in the future, for this program.
First option: You can purchase the NIS 2 Directive Trained Professional (NIS2DTP) program with VISA, MASTERCARD, AMEX, Apple Pay, Google Pay etc.
Purchase the NIS2DTP program here (VISA, MASTERCARD, AMEX, Apple Pay, Google Pay etc.)
Second option: QR code payment.
i. Open the camera app or the QR app on your phone.
ii. Scan the QR code and possibly wait for a few seconds.
iii. Click on the link that appears, open your browser, and make the payment.
Third option: You can purchase the NIS 2 Directive Trained Professional (NIS2DTP) program with PayPal
What is included in the cost of the distance learning program:
A. The official presentations (1033 slides).
There 223 additional slides that cover the Commission Implementing Regulation (EU) 2024/2690 of 17 October 2024, laying down rules for the application of the NIS 2 Directive. There are no exam questions from this part of the program.
Note: There are 194 additional slides that explain the Draft Council Recommendation on the EU Blueprint for cybersecurity crisis management (Cyber Blueprint). Once you learn how everything connects, which regulations shape cybersecurity, who enforces them, and how different EU entities work together, you start navigating with confidence. It leads to expertise, and you’re not just walking the path any more, you can lead the way in your company or organisation. There are no exam questions from this part of the program.
The presentations are effective and appropriate to study online or offline. Busy professionals have full control over their own learning and are able to study at their own speed. They are able to move faster through areas of the course they feel comfortable with, but slower through those that they need a little more time on.
B. Up to 3 online exam attempts per year.
Candidates must pass only one exam. If they fail, they must study the official presentations and retake the exam. Candidates are entitled to 3 exam attempts every year.
If candidates do not achieve a passing score on the exam the first time, they can retake the exam a second time.
If they do not achieve a passing score the second time, they can retake the exam a third time.
If candidates do not achieve a passing score the third time, they must wait at least one year before retaking the exam. There is no additional cost for additional exam attempts.
To learn more, you may visit:
https://www.nis-2-directive.com/Distance_Learning_Programs_Exam_Certificate_of_Completion.pdf
C. The certificate of completion, with a scannable QR code for verification.
You will receive your certificate via email in Adobe Acrobat format (pdf), with a scannable QR code for verification, 7 business days after you pass the exam. A business day refers to any day in which normal business operations are conducted (in our case Monday through Friday), excluding weekends and public holidays.
D. Cyber Risk GmbH will develop a web page dedicated to each certified professional (https://www.cyber-risk-gmbh.com/Your_Name.htm).
When third parties scan the QR code on your certificate, they will visit this web page (https://www.cyber-risk-gmbh.com/Your_Name.htm), and they will be able to verify that you are a certified professional, and your certificates are valid and legitimate.
In this web page we will have your name, all the certificates you have received from us, and pictures of your certificates.
This is an example:
https://www.cyber-risk-gmbh.com/Monika_Meier.html
You can print your certificate that you will receive in Adobe Acrobat format (pdf). With the scannable QR code, all third parties can verify the authenticity of each certificate in a matter of seconds. Professional certificates are some of the most frequently falsified documents. Employers and third parties need an easy, effective, and efficient way to check the authenticity of each certificate. QR code verification is a good response to this demand.
E. If you purchase the NIS2DTP program now, you can receive all the updated and amended NIS2DTP programs at no cost until January 31, 2028.
Every time we have important developments that affect regulatory compliance with the NIS 2 Directive (NIS2), we will update and amend this training program, especially when we have important:
- Joint final draft technical standards, from the European Supervisory Authorities (ESAs) – the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), the European Securities and Markets Authority (ESMA).
- Regulatory Technical Standards (RTS),
- Implementing Technical Standards (ITS),
- Delegated Acts, that supplement or amend non‑essential parts of EU legislative acts, and
- Implementing Acts, that ensure that EU laws are applied uniformly.
The all-inclusive cost of your first program is $297. The all-inclusive cost of your second (and each additional) program is $197. It includes the exam, the certificate of completion, and all the updated and amended programs at no cost until January 31, 2028. You can take the exam and receive the certificate of completion only once. You cannot take the exam again, and it is not possible to receive a new certificate of completion every time you receive an updated and amended program at no cost.
If you want to take the exam again, to receive a certificate of completion having a later date on it, and to have both certificates of completion with different dates at your dedicated web page, you must purchase the updated program at a discounted cost ($197). This is not required, your original certificate will not expire.
In order to receive the updated and amended program (you have purchased the program in the past, and now you want to receive the updated and amended program at no cost), please follow the simple steps:
Please check the “Course synopsis” of the program at the registration page, to check if you have the latest version.
If we have updated the program, please send us an email with title: “Please send me the updated NIS2DTP program.”
In the email, please let us know which was the name and email address of the person or legal entity that had initially purchased the program.
You will receive the updated program in less than 48 hours (working days). Please remember to check your spam folder too.
Frequently Asked Questions for the distance learning programs.
1. I want to know more about Cyber Risk GmbH.
“Cyber Risk GmbH” is a company incorporated in Switzerland.
Registered address: Dammstrasse 16, 8810 Horgen, Switzerland.
Company number: CHE-244.099.341.
Cantonal Register of Commerce: Canton of Zürich.
Swiss VAT number: CHE-244.099.341 MWST.
EU VAT number: EU276036462. Cyber Risk GmbH is registered for EU VAT purposes in Germany (Bundeszentralamt für Steuern, One-Stop-Shop, Nicht EU-Regelung) for the sale of services in the EU. Cyber Risk GmbH declares and pays EU VAT in a single electronic quarterly return submitted to Germany, and the German Bundeszentralamt für Steuern forwards the EU VAT due to each member State of the EU.
Cyber Risk GmbH was founded in Horgen, Switzerland, by George Lekatis, a well-known expert in risk and compliance management. The company specializes in providing advanced cybersecurity, risk, and compliance training, helping organizations navigate and implement complex European, U.S., and international cybersecurity regulations. Additionally, Cyber Risk GmbH supports professionals in completing online training programs, passing exams, and obtaining Certificates of Completion, which serve as independent verification of their expertise for firms and organizations.
George Lekatis serves as the General Manager of Compliance LLC, a company incorporated in Wilmington, NC, with offices in Washington, DC. Compliance LLC provides risk and compliance management training in 58 countries. Several of its business units function as highly successful associations, offering a wide range of services to their members, including membership programs, regular updates (weekly or monthly), specialized training, and certification.
George is also the president of the International Association of Risk and Compliance Professionals (IARCP, https://www.risk-compliance-association.com). He leads the team responsible for developing and maintaining the Certified Risk and Compliance Management Professional (CRCMP) program. The CRCMP certification is widely regarded as a preferred credential by companies and organizations. For more information on the demand for CRCMPs, you may visit: https://www.risk-compliance-association.com/CRCMP_Jobs_Careers.pdf
Other business units of Compliance LLC:
- The Sarbanes-Oxley Compliance Professionals Association (SOXCPA), the largest Association of Sarbanes-Oxley professionals in the world. You may visit: https://www.sarbanes-oxley-association.com
- The Basel iii Compliance Professionals Association (BiiiCPA), the largest association of Basel iii Professionals in the world. You may visit: https://www.basel-iii-association.com
- The Solvency II Association, the largest association of Solvency II professionals in the world. You may visit: https://www.solvency-ii-association.com
Our instructors are professionals with extensive, real-world experience in their respective fields. They are equipped to deliver full-time, part-time, or short-form programs, all customized to suit your specific requirements. Beyond teaching, our instructors provide hands-on guidance, offering real-world insights that help bridge the gap between theory and practice. You will always be informed ahead of time about the instructor leading your program.
“Cyber Risk GmbH Training Programs” are training programs developed, updated and provided by Cyber Risk GmbH, and include:
a) In-House Instructor-Led Training programs,
b) Online Live Training programs,
c) Video-Recorded Training programs,
d) Distance Learning with Certificate of Completion programs.
“Cyber Risk GmbH websites” are all websites that belong to Cyber Risk GmbH, and include the following:
a. General, Sectors, Industries.
1. Hybrid Risk
4. The Hybrid Resilience Initiative (HRI)
6. Social Engineering Training
17. Sanctions Risk
18. American Privacy Rights Act of 2024 (APRA)
19. Travel Security
b. Understanding Cybersecurity.
4. What is Synthetic Identity Fraud?
6. What is Quantum Risk Management?
c. Understanding Cybersecurity in the European Union.
2. The Digital Operational Resilience Act (DORA)
3. The Critical Entities Resilience Directive (CER)
5. The European Data Governance Act (DGA)
6. The European Cyber Resilience Act (CRA)
7. The Digital Services Act (DSA)
8. The Digital Markets Act (DMA)
10. The Artificial Intelligence Act
11. The Artificial Intelligence Liability Directive
12. The Framework for Artificial Intelligence Cybersecurity Practices (FAICP)
13. The EU Cyber Solidarity Act
14. The Digital Networks Act (DNA)
15. The European ePrivacy Regulation
16. The European Digital Identity Regulation
17. The European Media Freedom Act (EMFA)
18. The Corporate Sustainability Due Diligence Directive (CSDDD)
19. The Systemic Cyber Incident Coordination Framework (EU-SCICF)
20. The European Health Data Space (EHDS)
21. The European Financial Data Space (EFDS)
22. The Financial Data Access (FiDA) Regulation
23. The Payment Services Directive 3 (PSD3), Payment Services Regulation (PSR)
24. The Internal Market Emergency and Resilience Act (IMERA)
26. The European Cyber Defence Policy
27. The Strategic Compass of the European Union
28. The European Space Law (EUSL)
30. The EU-US Data Privacy Framework
31. The European Cloud and AI Development Act
34. The EU Cyber Diplomacy Toolbox
2. Is there any discount available for the distance learning programs?
We do not offer a discount for your first program. You have a $100 discount for your second and each additional program.
After you purchase the NIS 2 Directive Trained Professional (NIS2DTP) program at $297, you can purchase:
a. The Artificial Intelligence Act Trained Professional (AIActTPro) program at $197. You can find more about the program at: https://www.artificial-intelligence-act.com/Artificial_Intelligence_Act_Trained_Professional_(AIActTPro).html .
b. The Digital Operational Resilience Act Trained Professional (DORATPro) program at $197. You can find more about the program at: https://www.digital-operational-resilience-act.com/Digital_Operational_Resilience_Act_Trained_Professional_(DORATPro).html .
c. The Critical Entities Resilience Directive Trained Professional (CERDTPro) program at $197. You can find more about the program at: https://www.critical-entities-resilience-directive.com/Critical_Entities_Resilience_Directive_Trained_Professional_(CERDTPro).html.
d. The Digital Services Act Trained Professional (DiSeActTPro) program at $197. You can find more about the program at: https://www.eu-digital-services-act.com/DiSeActTPro_Training.html.
e. The Digital Markets Act Trained Professional (DiMaActTPro) program at $197. You can find more about the program at: https://www.eu-digital-markets-act.com/DiMaActTPro_Training.html.
f. The Data Governance Act Trained Professional (DatGovActTP) program at $197. You can find more about the program at: https://www.european-data-governance-act.com/DatGovActTP_Training.html.
g. The European Chips Act Trained Professional (EChipsActTPro) program at $197. You can find more about the program at: https://www.european-chips-act.com/European_Chips_Act_Trained_Professional_(EChipsActTPro).html .
h. The Data Act Trained Professional (DataActTPro) program at $197. You can find more about the program at: https://www.eu-data-act.com/Data_Act_Trained_Professional_(DataActTPro).html .
In order to receive the URL for the discounted cost for your second and each additional program, please send us an email with title: “Please send me the URL for the discounted cost.”
In the email, please let us know:
a. Which was the name and email address of the person or legal entity that had purchased the first program.
b. Which is the program you want to purchase now at $197 instead of $297.
You will receive the URL for the discounted cost for your second and each additional program in less than 48 hours (working days). Please remember to check your spam folder too.
3. Are there any entry requirements or prerequisites required for enrolling in the training programs?
There are no entry requirements or prerequisites for enrollment in our programs. We believe that learning should be accessible to everyone, regardless of their background, academic credentials, or professional experience. In contrast to providers that set stringent prerequisites or entry barriers, our approach prioritizes accessibility and openness. We do not believe that the opportunity to learn and grow should be limited by prior qualifications. Whether you're just beginning your career, changing paths, or expanding your expertise, our programs are designed to support individuals at all levels. Each course provides a clear and structured learning path, allowing individuals at all levels to gain valuable insights, and build practical skills. Our approach empowers motivated learners from different industries and career stages to gain value and opportunity from the program.
4. I want to learn more about the exam.
You can take the exam online from your home or office, in all countries.
It is an open book exam. Risk and compliance management is something you must understand and learn, not memorize. You must acquire knowledge and skills, not commit something to memory.
You will be given 90 minutes to complete a 35-question exam. You must score 70% or higher.
The exam contains only questions that have been clearly answered in the official presentations.
All exam questions are multiple-choice, composed of two parts:
a. A stem (a question asked, or an incomplete statement to be completed).
b. Four possible responses.
In multiple-choice questions, you must not look for a correct answer, you must look for the best answer. Cross out all the answers you know are incorrect, then focus on the remaining ones. Which is the best answer? With this approach, you save time, and you greatly increase the likelihood of selecting the correct answer.
TIME LIMIT - This exam has a 90-minute time limit. You must complete this exam within this time limit, otherwise the result will be marked as an unsuccessful attempt.
BACK BUTTON - When taking this exam you are NOT permitted to move backwards to review/change prior answers. Your browser back button will refresh the current page instead of moving backward.
RESTART/RESUME – You CANNOT stop and then resume the exam. If you stop taking this exam by closing your browser, your answers will be lost, and the result will be marked as an unsuccessful attempt.
SKIP - You CANNOT skip answering questions while taking this exam. You must answer all the questions in the order the questions are presented.
When you are ready to take the exam, you must follow the steps described at "Question h. I am ready for the exam. What must I do?", at:
https://www.nis-2-directive.com/Distance_Learning_Programs_Exam_Certificate_of_Completion.pdf
5. How comprehensive are the presentations? Are they just bullet points?
The presentations are not collections of bullet points, they are thoughtfully structured, in-depth learning materials designed to provide clear explanations, context, and real-world relevance. Unlike slide decks that rely on brief summaries, our presentations guide you through each concept in a comprehensive and engaging manner. They are highly effective for both online and offline study, making them ideal for professionals who value substance and flexibility in their learning experience.
6. Do I need to buy books to pass the exam?
No. If you study the presentations, you can pass the exam. All the exam questions are clearly answered in the presentations. If you fail the first time, you must study more. You can:
- Highlight key terms and sections to help you focus during review.
- Add digital sticky notes (just like Post-it notes) anywhere in the document to remind yourself where specific answers or explanations are.
- Underline or circle text using freehand drawing tools.
- Add bookmarks to easily navigate to important sections.
- Search each document using keywords to quickly find what you need.
7. Is it an open book exam? Why?
Yes, it is an open book exam. Risk and compliance management is a field that requires deep understanding, critical thinking, and the ability to apply principles in real-world situations, not simply the ability to memorize facts. The goal of our certification programs is to help you build lasting knowledge and practical skills that you can confidently use in your professional role.
In real-life scenarios, risk and compliance professionals have access to regulations, frameworks, and reference materials, and are expected to use them thoughtfully. Our open book exam reflects this reality by assessing your comprehension and ability to apply what you've learned, rather than testing your memory.
8. Do I have to take the exam soon after receiving the presentations?
No, there is no fixed exam date. You may take the exam at any time that suits you within four (4) years from the date of your payment. Your access to the training materials, including any future updates, will remain available to you at no additional cost during this four-year period.
Cyber Risk GmbH reserves the right to amend the General Terms and Conditions (GTC) at any time. Any changes will become effective upon publication on our websites, and will apply exclusively to training programs purchased after the date of modification.
For our distance learning and online certification programs, the General Terms and Conditions (GTC) in effect at the time of purchase shall apply for a period of four (4) years from the date of payment. After the expiry of this four-year period, the participant’s access to the program and the right to take the exam shall expire. Any future participation in the program shall require a new enrollment and will be subject to the General Terms and Conditions in force at that time.
Cyber Risk GmbH may, at its sole discretion, extend the four-year period for individual participants or for a group of participants. Such an extension is a voluntary option of Cyber Risk GmbH and shall not create any obligation, entitlement, or precedent for future cases.
9. Do I have to spend more money in the future to keep my certificate of completion valid?
No. Your certificate of completion is issued with lifetime validity and does not expire. There are no renewal fees, no hidden costs, and no requirement to retake the exam in the future. Once certified, you remain certified.
10. Ok, the certificate of completion never expires, but things change.
Things do change. While many organizations introduce mandatory recertification as a recurring revenue stream, we’ve taken a different approach. Although we were advised to "introduce multiple recurring revenue streams to keep business flowing", we made a conscious decision to prioritize long-term value for our clients over short-term profit. That’s why no recertification is required for our programs.
Instead, we are committed to keeping you informed and up to date, at no cost. We invite you to visit our Reading Room each month and explore our newsletter, where you’ll find valuable insights, regulatory updates, timely alerts, and new opportunities. This ongoing access ensures you remain current and well-informed in a dynamic and constantly evolving field.
Our newsletter is the most extensive monthly cybersecurity and compliance intelligence report available anywhere worldwide. This is a curated report for decision-makers, executives, and security professionals who cannot afford blind spots. Our extensive editorial provides expert analysis on the most pressing cyber, regulatory, and geopolitical risks impacting businesses today. Busy professionals don’t avoid long reports, they avoid reports that waste their time. You may visit:
https://www.cyber-risk-gmbh.com/Reading_Room.html
11. Which is your refund policy?
Cyber Risk GmbH maintains a clear and customer-friendly refund policy. You are entitled to request a full refund within 60 days of your payment, no questions asked. If, for any reason, you decide that one of our programs or services is not right for you, simply send us an email within this 60-day window.
Once we receive your request, we will process your refund within one business day. There are no forms to fill out, no explanations required, and no delays. Our goal is to provide a risk-free and stress-free experience.
12. I want to receive a printed certificate. Can you send me one?
Unfortunately, we do not issue printed certificates. Instead, you will receive your official certificate via email in Adobe Acrobat (PDF) format, which includes a scannable QR code for instant verification. Certificates are issued within 7 business days after you pass the exam. Please note that business days refer to Monday through Friday, excluding weekends and public holidays.
To ensure authenticity and transparency, the association creates a dedicated web page for each certified professional (cyber-risk-gmbh.com/Your_Name.html). This page will include your full name, a list of all certificates you have earned from us, and images of your certificates.
When a third party scans the QR code on your certificate, they are directed to your personalized verification page. This allows employers, clients, and other stakeholders to easily confirm that your certification is valid, current, and legitimately issued.
Professional certificates are among the most frequently falsified documents. Providing a secure, scannable QR code with direct access to official verification offers a fast, reliable, and efficient solution. You may also print your certificate from the PDF file at any time, with the embedded QR code ensuring instant and reliable validation.
13. Why should I choose your training programs?
I. Recognition and Credibility. Cyber Risk GmbH is trusted by professionals and organizations around the world (please look below, "Cyber Risk GmbH, some of our clients"). Our specialized training programs help participants master complex cybersecurity, risk, and compliance requirements and demonstrate their competence through examination. Our clients include leading companies and organizations. Their trust in our programs reflects the high standards of quality, accuracy, and professionalism that define every Cyber Risk GmbH training program.
II. Flexible and Convenient Learning: Our training programs are designed with flexibility in mind. Participants can access course materials and complete the exam anytime, from anywhere. This is especially beneficial for professionals with demanding schedules who need to learn at their own pace.
III. Affordable, All-Inclusive Pricing: Each program is offered at a low, all-inclusive price. There are no hidden fees or additional costs, now or in the future, for any reason.
IV. Discounts on Additional Programs: When you enroll in a second program, you receive a $100 discount. This means the all-inclusive cost for your second (and every additional) program is $197 (compared to the regular price of $297). There are no hidden fees or recurring charges.
V. Multiple Exam Attempts Included: Each program includes up to three exam attempts per year at no additional cost, as outlined above.
VI. No Recertification Required: Your certificates are issued with lifetime validity. No recertification is required, and your credentials will not expire.
VII. Potential for Career Advancement and Industry Recognition: There is a clear and growing demand for qualified professionals in risk and compliance management. Trained managers and employees are often recognized by employers, may enjoy broader career opportunities, and may be preferred for promotions or new roles. Specialized training and Certificates of Completion demonstrate your commitment to continuous learning.
However, it’s important to note that no training can guarantee a new or better job. Career advancement depends on many factors, including supply and demand, market conditions, and timing. Training is important, but it is only a part of a larger professional development journey.
VIII. The fit and proper requirement in regulations: Firms and organizations hire and promote fit and proper professionals who can provide evidence that they are qualified. Employers need assurance that managers and employees have the knowledge and skills needed to mitigate risks and accept responsibility. Supervisors and auditors ask for independent evidence that professionals are qualified, and that controls can operate as designed, because the persons responsible for these controls have the necessary knowledge and experience.
IX. Increased Earning Potential: Professionals who invest in gaining new skills may become eligible for higher-paying roles. Training and ongoing professional development may significantly enhance your earning potential and contribute to long-term career success. However, it’s important to understand that increased earnings are not guaranteed. Compensation and career advancement depend on various factors. Training is a valuable tool, but not a guarantee on your path to career growth.
Cyber Risk GmbH, some of our clients
