Planning service robots in a hospital, a utility, or another regulated facility? Then you are not just choosing a robot. You are adding an IT system to an environment with elevated security and reporting duties. KRITIS and NIS-2 do not demand a specific robot brand. They demand that you know where data lives, who has access, and how you respond when something goes wrong.
What KRITIS and NIS-2 are about
KRITIS regulation obliges operators of critical infrastructure to implement state-of-the-art security and to report significant incidents. The NIS-2 directive widens the set of affected entities and sets requirements for risk management, supply-chain security, incident reporting, and management accountability. The exact obligations depend on national transposition and on whether your facility falls within scope. That assessment is one to make with your security and legal owners.
For robot deployments the core is simple: a networked robot becomes part of your attack surface and your data processing. The same basic principles apply as for any other system in a regulated environment.
Which architecture decisions matter now
Four points decide, in practice, whether a robot project complicates your obligations or supports them:
- Data location and operating model. If control runs on-premise or even offline, operational data stays inside your environment. That reduces dependence on external services and simplifies the assessment of data flows.
- Access and traceability. Roles, permissions, and a traceable record of who triggered what are the basis for audits and incident handling.
- Network and segmentation. Robots, doors, and elevators should be connected in a controlled way, not flat into every network. A common integration layer makes those boundaries visible and governable.
- Vendor independence. If one supplier controls the whole chain, you inherit their risks and their reporting paths. A neutral layer between robots and your IT keeps control with you.
How Axiona helps
Axiona is the vendor-agnostic layer between robots and the outside world. It is built for encapsulated, auditable operation and can run on-premise or offline, depending on the operating model. You connect robots, doors, elevators, and third-party systems through adapters instead of hard-wiring them together. Access runs through roles and policies.
An important caveat: software does not make you KRITIS or NIS-2 compliant on its own. Compliance is an organizational process. Axiona is built to support that process rather than stand in its way, by keeping data location, access, and integration under your control.
Evidence from real operation
The underlying technology emerged from the SMART FOREST 5G Clinics research project at Deggendorf Institute of Technology and has been in real operation since 2023 in two hospitals, the Arberlandklinik Viechtach and the Kliniken am Goldenen Steig in Freyung. There, service robots are coordinated with door and elevator integration, deployable on-premise. We have published the data-protection assessment of voice-controlled systems in hospitals together with researchers.
Next step
If you are planning robotics in a regulated environment, the architecture view pays off before procurement. Talk to us about your project, or read more about our approach to sovereignty and security.