NIS2 Review™
Directive in Force
EU 2022/2555
NIS2 Directive Readiness Assessment
NIS2
SCORE™
Assess your organisation's readiness against the EU NIS2 Directive (Directive (EU) 2022/2555) — covering all 10 Article 21 cybersecurity risk-management obligations, Article 23 incident reporting requirements, and governance accountability obligations. Receive a prioritised, answer-driven remediation roadmap with concrete deliverables.
10
Art. 21 Measures
14
Domains Assessed
112
Max Points
£17M+
Max Fine Exposure
Scope: NIS2 applies to essential entities (energy, transport, banking, health, drinking water, wastewater, digital infrastructure, ICT service management, public administration, space) and important entities (postal, waste management, chemicals, food, manufacturing, digital providers, research). Size thresholds generally: 50+ employees or €10M+ turnover — though some sectors have no threshold. Non-EU organisations providing services to EU recipients may also be in scope.
Fines: Essential entities — up to €10 million or 2% of global annual turnover. Important entities — up to €7 million or 1.4% of global annual turnover. Personal liability of management bodies applies in repeated infringements.
Fines: Essential entities — up to €10 million or 2% of global annual turnover. Important entities — up to €7 million or 1.4% of global annual turnover. Personal liability of management bodies applies in repeated infringements.
Entity Classification
Your Role
⚠ Please answer all questions before generating your report.
This tool provides indicative guidance only and does not constitute legal advice. NIS2 implementation varies by EU member state.