NIS-2 Directive
Assess your organization's readiness for NIS-2 requirements. Risk management, incident reporting, and supply chain security.
Start AssessmentCovered Sectors
NIS-2 significantly expands the scope of entities required to implement cybersecurity measures.
Essential Entities
Large entities in critical sectors with heightened obligations.
- Energy (electricity, oil, gas, hydrogen)
- Transport (air, rail, water, road)
- Banking and financial market infrastructure
- Health sector
- Drinking water and wastewater
- Digital infrastructure
- ICT service management (B2B)
- Public administration
- Space
Important Entities
Medium entities and other critical sectors.
- Postal and courier services
- Waste management
- Chemical manufacturing
- Food production and distribution
- Manufacturing (medical devices, computers, vehicles)
- Digital providers (online marketplaces, search engines, social platforms)
- Research organizations
Key Requirements
Risk Management
Implement appropriate technical and organizational measures to manage risks.
Incident Reporting
24-hour early warning, 72-hour notification, 1-month final report.
Supply Chain Security
Address cybersecurity risks in relationships with direct suppliers.
Governance
Management body approval and oversight of cybersecurity measures.
Penalties for Non-Compliance
Management can be held personally liable for compliance failures.
What Our Assessment Covers
- Applicability Assessment
- Risk Management Measures
- Incident Reporting Procedures
- Supply Chain Security
Determine Your NIS-2 Obligations
Our assessment helps you understand if NIS-2 applies to your organization and what steps you need to take.
Begin Assessment