★ ★ ★
EU NIS2 Directive · Directive (EU) 2022/2555
Are You NIS2
Ready?
14 questions assessing your organisation's readiness across Article 21 cybersecurity measures, Article 23 incident reporting, supply-chain expectations, and governance accountability — producing a scored gap report and a prioritised remediation roadmap.
NIS2 Directive 2022/2555
€10M / 2% Turnover · Essential Entities
€7M / 1.4% Turnover · Important Entities
Article 21 · 10 Security Measures
Article 23 · Incident Reporting
10
Art. 21 Measures
14
Domains Assessed
112
Max Points
€10M+
Max Fine Exposure
No data collected · runs entirely in your browser
Scope: NIS2 applies to essential entities (energy, transport, banking, health, drinking water, wastewater, digital infrastructure, ICT service management, public administration, space) and important entities (postal, waste management, chemicals, food, manufacturing, digital providers, research). Size thresholds generally: 50+ employees or €10M+ turnover — though some sectors have no threshold. Non-EU organisations providing services to EU recipients may also be in scope.
Fines: Essential entities — up to €10 million or 2% of global annual turnover. Important entities — up to €7 million or 1.4% of global annual turnover. Personal liability of management bodies applies in repeated infringements.
Fines: Essential entities — up to €10 million or 2% of global annual turnover. Important entities — up to €7 million or 1.4% of global annual turnover. Personal liability of management bodies applies in repeated infringements.
⚠ Please answer all questions before generating your report.
This tool provides indicative guidance only and does not constitute legal advice. NIS2 implementation varies by EU member state.