The synopsis breaks down NIS2 as yet another piece of legislation that sets out the familiar requirements for minimum security measures, risk management and incident reporting. For these well-known requirements, established procedures are available throughout their lifecycle, comprising design (Test of Design), implementation (Test of Implementation) and verification (Test of Evidence). Ultimately, we demonstrate that you do not need to use a sledgehammer to crack a nut in order to comply with NIS2: you require neither a complete ISMS nor a management engagement concept, nor an ICT risk management framework in accordance with DORA.