NIS2 Directive — EU 2022/2555

Remote Access That Passes Your Client's NIS2 Audit

Under NIS2's supply chain security clause, your MSP's remote access tool is inside your client's compliance scope. ProxyLink is built from the ground up for European compliance — EU-hosted, open protocol, full audit trail.

What NIS2 Requires From Your Remote Access Tool

NIS2 Article 21 mandates specific technical controls. Here's what that means for MSPs and the tools they use to access client infrastructure.

Supply chain security (Art. 21.2d)

Your MSP's remote access tool is a third-party supplier in your client's NIS2 supply chain. It must meet the same security standards as any other vendor with access to their systems.

Access control & authentication (Art. 21.2i)

MFA required. Every session must be authenticated. Generic shared credentials are non-compliant. ProxyLink gates every session behind your team's authenticated account.

Audit logging (Art. 21.2j)

Every access event must be recorded: who accessed what, when, from where. ProxyLink maintains an immutable audit log with CSV export for every proxy link, tunnel, and session.

Encryption in transit (Art. 21.2h)

All data in transit must be encrypted. ProxyLink uses WireGuard (ChaCha20-Poly1305) for tunnel traffic — a modern, audited, open-source protocol with no proprietary black box.

Data residency — EU jurisdiction

NIS2 favors EU-based processors. ProxyLink is hosted on Hetzner Germany (Falkenstein). Session relay and storage run entirely on our own EU server — no third-party remote-access relay network. WireGuard tunnel traffic connects directly to our German endpoint; web traffic is fronted by Cloudflare's edge for TLS and WAF protection.

Session recording for forensic readiness

After a security incident, you need to know exactly what happened during remote sessions. ProxyLink records SSH, RDP, and VNC sessions with timestamped playback.

Important for MSPs

Your Remote Access Tool Is In Your Client's NIS2 Audit

When an MSP connects to a client's network, that MSP becomes a third-party supplier under NIS2. Your client's compliance officer will ask: "What remote access tool does your MSP use, where is it hosted, and does it log every session?" TeamViewer and AnyDesk — both breached in 2024 — cannot answer this cleanly. ProxyLink can.

How ProxyLink Compares for NIS2 Compliance

Requirement ProxyLink TeamViewer AnyDesk Splashtop
EU-hosted infrastructure
Open protocol (WireGuard)
Immutable audit log Partial
Session recording Higher tiers only
No breach history
No agent required on network devices
MFA enforced
Zero third-party routing

TeamViewer and AnyDesk were both breached in 2024. ProxyLink has no breach history.

Everything Built for Compliance

Immutable audit log
Every connection logged with timestamp, actor, IP, device, and outcome. CSV export for your client's compliance report.
Session recording
SSH, RDP, and VNC sessions recorded with timestamped playback. Stored on EU infrastructure.
WireGuard encryption
ChaCha20-Poly1305 encryption, open-source and independently audited. No proprietary black box.
EU data residency
Hosted on Hetzner Germany. All traffic processed within EU jurisdiction. GDPR-compliant by design.
Role-based access
Owner → Engineer → Employee. Engineers see only their assigned client groups. Employees see only assigned devices.
Access links with expiry
Share time-limited, credential-free access URLs with auditors or clients. Revokable instantly.
No agent on network devices
Cameras, PBX systems, switches — accessible without installing software on the device. Smaller attack surface.
NIS2 client compliance portal
Token-gated portal your client can access to review their own audit log. No ProxyLink account required.

Start Building Your NIS2-Compliant Remote Access Stack

Free access. No credit card. Full MSP feature set during early access.

Get free access →

Questions? Email [email protected]