NIS 2 Foundation Course

Q: Does the course include the Portuguese national framework?

Yes. The course addresses the relationship between NIS 2 and its national transposition, with particular attention to Decree-Law No. 125/2025 and the practical implications for organisations and technical teams in Portugal.

In the context of Directive (EU) 2022/2555 (NIS 2), the NIS 2 Foundation course creates a solid basis of operational regulatory literacy to understand what NIS 2 requires, to whom it applies, what the responsibilities are, and how these requirements impact the day-to-day operation of organisations.

Registration Request
Companies: request a proposal

Quick Access: Introduction· Why this course exists· What this course enables· Frameworks and standards· Value· Objectives· Target audience· Programme· Exam & Certification· Other information· Benefits· Logistics· FAQs· Registration

Upcoming dates

Confirmed dates.
Synchronous, live training. Interaction with the trainer and the group.

26 March 2026
Live Online • next edition

23 April 2026
Live Online • base price

Duration: 2 days / 16h
Language: available in Portuguese or English
Training: practical and case-study based
Exam: 1h
PROFESSIONAL LEVEL — practical application of methods in a professional context

Why this course exists

To provide technical and operational teams with a clear, practical and structured understanding of NIS 2 and its national transposition.

NIS 2 reinforced the European cybersecurity framework, broadening the scope of covered entities and strengthening organisational, technical, reporting and accountability obligations.
This course exists to support technical and operational professionals in understanding what NIS 2 requires, to whom it applies, what the responsibilities are, and how those requirements impact day-to-day operations.

What this course enables you to do

Understand

Understand the context, objectives and rationale of the NIS 2 Directive, as well as its articulation with the national framework.

Identify

Identify covered entities, applicability criteria, main obligations and individual and organisational responsibilities.

Interpret

Interpret practical reporting obligations, deadlines, required measures and the impact of NIS 2 on day-to-day technical operations.

Collaborate

Collaborate more effectively with NIS 2 compliance and governance teams, understanding the role of technical functions in compliance.

Frameworks, standards and best practices addressed throughout the course

Directive (EU) 2022/2555 – NIS 2
Scope and covered entities
Organisational and technical obligations
Incident management and reporting
Deadlines, flows and reporting communication
Responsibilities and sanctions
Supervision and competent authorities
Operational regulatory literacy
Relationship with ISO/IEC 27001 (context)
Relationship with ISO 22301 (context)
Support for technical and operational teams

Value for the organisation

Cross-functional regulatory literacy on NIS 2, shared by technical and operational teams.
Better understanding of the impact of NIS 2 on day-to-day operations, reducing friction between technical and compliance teams.
Greater consistency in the execution of technical and organisational controls through understanding of their legal framework.
Reduction of operational errors in incident situations, particularly with regard to reporting, deadlines and communication.
A common knowledge base that facilitates the implementation and governance of the NIS 2 programme by the responsible teams.

Introduction

The NIS 2 Foundation course is a regulatory framework course intended for technical and operational professionals who need to understand what NIS 2 requires, to whom it applies, what the responsibilities are, and how those requirements impact the day-to-day operation of organisations.

The course provides a clear and structured view of NIS 2, including its rationale, scope, required measures, reporting obligations, and individual and organisational responsibilities.

It is not an implementation course nor a compliance leadership course. Its objective is to create operational regulatory literacy, enabling technical teams to understand why certain controls, processes and decisions are required, and how their daily work contributes to compliance.

This course prepares participants for the Certified NIS 2 Foundation personal certification.

This Training Plan and all associated documents are protected by Copyright and registered as a literary work with IGAC.

General Objectives

At the end of this course, participants will be able to:

Understand the context, objectives and rationale of the NIS 2 Directive.
Identify covered entities and applicability criteria.
Recognise the main organisational and technical obligations imposed by NIS 2.
Understand incident reporting duties and the respective deadlines.
Recognise individual and organisational responsibilities in an NIS 2 context.
Interpret the impact of NIS 2 on day-to-day technical operations, namely in networks, SOC, security and continuity.
Prepare to collaborate effectively with NIS 2 compliance and governance teams.

Target Audience

IT, network and systems professionals.
SOC analysts and security operations teams.
Professionals in operational cybersecurity (detection, response, forensics, hunting).
Technical managers and operational leads supporting NIS 2 compliance.
Professionals who interact with compliance and governance teams, without NIS 2 leadership functions.

Prerequisites

There are no mandatory formal prerequisites. However, general knowledge of IT and/or cybersecurity and basic familiarity with networks, systems and technical operations are recommended. No prior legal knowledge is required.

In addition, other specific requirements may apply, where relevant, depending on the quotation/proposal presented (please consult the proposal).

Programme

Context and Objectives of NIS 2

Why NIS 2 emerged
Strategic objectives of the Directive
Essential differences compared to NIS (2016)
The role of cybersecurity in digital resilience

Scope of Application and Covered Entities

Essential and Important Entities
Inclusion and exclusion criteria
Responsibility of the organisation and of management
Practical impact for technical teams

Organisational and Technical Obligations

Required risk management measures
Technical and organisational measures from an operational perspective
Relationship with existing technical controls
The role of technical teams in compliance

Incident Management and Reporting

What constitutes a relevant incident under NIS 2
Notification obligations
Reporting deadlines and content
Coordination between technical and compliance teams

Responsibilities, Sanctions and Supervision

Individual and organisational responsibilities
Sanctions regime
Supervision and competent authorities
Impact of non-compliance on operations

Exam(s) and Certification

Exam “Certified NIS 2 Foundation”

The exam assesses operational understanding and interpretation of NIS 2, focusing on the regulatory framework, practical obligations, operational scenarios and reporting.

Domain 1: Context, objectives and rationale of NIS 2
Domain 2: Covered entities, applicability criteria and responsibilities
Domain 3: Organisational and technical measures, incidents and reporting
Domain 4: Supervision and sanctions

Language(s): Portuguese and English.
Duration: 1 hour.
Format: Multiple choice.
Number of questions: 40.
Pass mark: 70%.
Results: Pass or Fail.
Issuing entity: Behaviour (legal entity), through its certification service Behaviour Certification Services.
Retake: 1 free retake within a maximum period of 2 months after the result of the initial exam.

Certification

After successfully completing the exam and accepting/signing the applicable agreement and Code of Ethics, the candidate obtains the Certified NIS 2 Foundation credential, issued by Behaviour (legal entity), through its certification service Behaviour Certification Services.

Behaviour® professional certification (proprietary scheme), with international market recognition. The scheme is designed and operated based on good practices in people certification, principles of impartiality and exam quality, and applicable international references (including the principles of ISO/IEC 17024).

A Certificate and a Digital Certification Badge (i.e., “badge”) will be issued to participants who successfully complete the certification exam and satisfy all requirements of the certification for which they are applying.

Certification programmes are valid only for individuals (not companies), and the award and maintenance of certification depend on the exam result, professional experience, and compliance with the applicable agreement/code of ethics.

If the professional does not comply with the agreement/code of ethics, the certification is not granted or is revoked.

Other Information

General Information

Training delivered in Portuguese or English.
Training materials in Portuguese or English, in accordance with the awarded conditions.
Behaviour digital Training Attendance Certificate with 16 CPD/CPE credits.
Online Certification Exam, in Portuguese or English. The exam may be taken up to 2 months from the course start date.
If the candidate does not pass the exam, they are entitled to one free retake within a maximum period of 2 months from the release date of the initial exam result.
Digital Certification Diploma and Digital Certification Badge after successfully passing the exam and completing the application process. This process has no associated cost.

Trainer(s)

The trainers are consultants with experience in cybersecurity, regulation, technical operations and compliance, ensuring a clear, practical approach focused on the operational impact of NIS 2 and DL 125/2025.

Benefits

View benefits

Creates cross-functional regulatory literacy across technical and operational teams.
Improves coordination between IT, security, SOC, continuity and compliance.
Reduces dependence on informal or incomplete interpretations of NIS 2.
Strengthens understanding of the impact of reporting, deadlines and responsibilities on day-to-day operations.
Provides a common basis for later progression to more advanced technical, operational or governance pathways.

Logistics

Useful information

Live Online (synchronous time): 09h30–13h00 and 14h00–17h30 (Lisbon time), with short breaks
Classroom (synchronous time): 09h30–13h00 and 14h00–17h30 (Lisbon time), with short breaks
14 hours of synchronous training, distributed across 2 consecutive days
Estimated 2 hours of guided autonomous work, intended for content consolidation and exam preparation, carried out flexibly outside the synchronous sessions
Requirements: computer with stable internet, browser, PDF reader, audio/video

Hotels in Lisbon

Find out where you can stay in Lisbon, near Behaviour, for classroom training.

Frequently Asked Questions

Objective answers to the most common questions about the NIS 2 Foundation course

Do I need legal knowledge to participate?

No. Familiarity with IT, networks, systems or technical operations is recommended, but no prior legal knowledge is required.

Is this an NIS 2 implementation course?

No. This is a regulatory framework and operational literacy course. It helps participants understand what NIS 2 requires and how it impacts technical execution, but it does not cover end-to-end governance or programme implementation.

Does this course replace the Certified NIS2 Compliance Lead Manager?

No. NIS 2 Foundation creates cross-functional regulatory literacy within technical and operational teams. The Certified NIS2 Compliance Lead Manager is the leadership course responsible for governing, implementing and ensuring the organisation’s compliance. They are complementary, not interchangeable.

What will I be able to do in practice after this course?

After the course, the participant will be able to understand the scope and obligations of NIS 2, interpret deadlines and reporting duties, recognise responsibilities, and collaborate more effectively with compliance and governance teams.

Is the course suitable for technical and operational teams?

Yes. The course was designed precisely for IT, network, SOC, security operations and technical management professionals who need to understand the regulatory framework and the operational impact of NIS 2.

Does the course include the Portuguese national framework?

When the course is delivered in Portuguese, it addresses the relationship between NIS 2 and its national transposition, with particular attention to Decree-Law No. 125/2025 and its practical implications for organisations and technical teams in Portugal. This national legal framework is not included in the English delivery.

For general questions about registration, delivery modes, exams, certification and recertification, please consult the BEHAVIOUR® FAQs.

Registration

Complete the form to request your registration for the preferred edition. Check the upcoming dates.

Request more information

If you would like help to frame the course within your professional or organisational context, contact us and we will indicate the most suitable path.

Request Information

Companies: request a proposal

For team registrations, we provide volume conditions and a proposal tailored to the organisational need.

Request Proposal