NIS2PME
PT Try it

About

Regulated cybersecurity shouldn't be a privilege of large companies

NIS2PME exists so that any Portuguese SME can understand, plan and demonstrate its NIS2 compliance, without five-figure consulting budgets.

The mission

Decree-Law 125/2025 brought cybersecurity obligations to thousands of small and medium-sized companies that had never had to think about this in a structured way. Large companies hire consultancies; SMEs are too often left between ignoring it (risky) and paying what they can't afford (impossible).

NIS2PME is the third way: a platform that translates the regulatory framework (the QNRCS 2026) into a guided journey of gap analysis, implementation and demonstration of compliance. In clear language and at zero cost.

The origin

The platform was developed by in the context of a master's degree in Information Security. That academic context shaped the project: the alignment with the QNRCS 2026 and Decree-Law 125/2025 was done with methodological rigour, control by control, domain by domain: not as a free interpretation of the regulation, but as a faithful application of what is regulated.

Why open-source?

Because in a cybersecurity tool, trust is not requested: it is demonstrated. All the code is published on GitHub under the AGPL-3.0 licence:

  • Auditable — anyone can verify what the platform does with the data;
  • No vendor lock-in — you can deploy, modify and maintain the platform yourself, forever;
  • No hidden business model — no data selling, no "premium" features that appear once you are already committed;
  • Improvable by everyone — code contributions, translations and feedback are welcome.

Commitments

Regulatory transparency. The platform is based on the public consultation draft of the QNRCS 2026. When the final version is published, the framework will be updated, and we say so openly, instead of pretending the regulation is already settled.

Privacy by principle. This site uses no cookies and no analytics. The on-premises version of the platform keeps your data entirely within your infrastructure.

Genuinely free. The software is free and the on-premises deployment will always be free.

The author

Daniel Barreiros

Developed in the context of a master's degree in Information Security, with the conviction that good security tools should be within reach of every company.

LinkedIn GitHub

Be part of this

Use the platform, contribute on GitHub, or simply tell us what we can improve.

Online platform coming soon

The online platform (hosted service with demo accounts) is in final preparation. Leave your email and we will let you know as soon as you can try it.

Used exclusively for the launch announcement. No newsletters, no third-party sharing.

Don't want to wait? The on-premises version is already available: deploy via Docker from GitHub