diff --git a/application/controllers/ServicesController.php b/application/controllers/ServicesController.php
index 444c174..a591df0 100644
--- a/application/controllers/ServicesController.php
+++ b/application/controllers/ServicesController.php
@@ -654,14 +654,9 @@ class ServicesController extends BaseController
         // ── 7. JWT accesso immediato (2h) ────────────────────────────────
         $issuedAt = time();
         $jwtPayload = [
-            'iss'     => 'nis2.agile.software',
-            'sub'     => $userId,
-            'org_id'  => $orgId,
-            'role'    => 'super_admin',
-            'provisioned' => true,
-            'iat'     => $issuedAt,
-            'exp'     => $issuedAt + 7200,
-            'type'    => 'access',
+            'user_id'     => $userId,   // campo standard atteso da requireAuth()
+            'iat'         => $issuedAt,
+            'exp'         => $issuedAt + JWT_EXPIRES_IN,
         ];
         $h   = $this->base64UrlEncode(json_encode(['alg' => 'HS256', 'typ' => 'JWT']));
         $p   = $this->base64UrlEncode(json_encode($jwtPayload));
diff --git a/simulate-nis2.php b/simulate-nis2.php
index 1f5d735..fc4a777 100644
--- a/simulate-nis2.php
+++ b/simulate-nis2.php
@@ -286,12 +286,20 @@ function ensureOrg(string $jwt, array $data): ?int
     return null;
 }
 
-/** Completa onboarding org. */
+/** Aggiorna dati org (onboarding simulato). */
 function completeOnboarding(string $jwt, int $orgId, array $data): void
 {
-    $res = api('POST', '/onboarding/complete', $data, $jwt, $orgId);
-    if (apiOk($res, 'onboarding')) {
-        ok("Onboarding completato org #$orgId");
+    // La sim crea l'org via ensureOrg, poi usa PUT per aggiornare i dati
+    // (evita il 409 di /onboarding/complete che presuppone wizard da zero)
+    $updateData = [];
+    if (isset($data['employee_count']))      $updateData['employee_count'] = $data['employee_count'];
+    if (isset($data['annual_turnover_eur'])) $updateData['annual_turnover_eur'] = $data['annual_turnover_eur'];
+    if (isset($data['vat_number']))          $updateData['vat_number'] = $data['vat_number'];
+    if (!empty($updateData)) {
+        $res = api('PUT', "/organizations/{$orgId}", $updateData, $jwt, $orgId);
+        if (apiOk($res, 'org.update')) {
+            ok("Dati org aggiornati: #$orgId");
+        }
     }
 }
 
@@ -300,7 +308,8 @@ function classifyOrg(string $jwt, int $orgId, array $data): void
 {
     $res = api('POST', '/organizations/classify', $data, $jwt, $orgId);
     if (apiOk($res, 'classify')) {
-        ok("Classificazione NIS2: {$data['nis2_type']} — Settore: {$data['sector']}");
+        $entityType = $res['data']['entity_type'] ?? ($data['nis2_type'] ?? '?');
+        ok("Classificazione NIS2: {$entityType} — Settore: {$data['sector']}");
     }
 }