nis²insights.com

In force since 17 Oct 2024·Day 564·

In force · 17 Oct 2024Penalties activeDay 564

160,000
organisations
must comply.
Is yours one?

An independent editorial resource for NIS2. Two minutes to know if you’re affected, and a concrete plan to get there.

Get my NIS2 scoreRead the guide
Fig. 01 · Affected entities by member stateLive
In scopeOutside EU131,600 entities · 18 sectors

160,000

entities affected across Europe

18

sectors covered

€10M

maximum fine

72h

to report an incident

§01 · Where to start

Three questions every European board now has to answer.

01 / 03

Is my organisation affected?

Answer 3 questions to find out if NIS2 applies to your sector and size.

Run the test02 / 03

What must I implement?

Governance, risk management, 72h notification: the 21 measures to deploy, explained simply.

Read the guide03 / 03

What I risk

Fines up to €10M, personal liability for directors, bans from exercising management roles.

See the sanctions

§02 · The path

Three steps to NIS2 compliance. Under ten minutes from start to plan.

Assess your situation

Essential or important entity? Our tool determines your classification in 3 questions.

Measure your gaps

21 checkpoints covering governance, technical measures and incidents. Tick what is in place.

Act with a clear plan

Get a compliance score and a prioritised action list, ready to share with your board.

Start the assessment

§03 · Coverage

18 sectors. Two tiers of accountability. One baseline.

Healthcare professional in a hospital corridor — example of an Essential entity under NIS2Health · Essential entity
  1. 01EnergyEssential
  2. 02TransportEssential
  3. 03BankingEssential
  4. 04Financial marketsEssential
  5. 05HealthEssential
  6. 06Drinking waterEssential
  7. 07WastewaterEssential
  8. 08Digital infrastructureEssential
  9. 09ICT service mgmtEssential
  10. 10Public administrationEssential
  11. 11SpaceEssential
  12. 12Postal & courierImportant
  13. 13Waste managementImportant
  14. 14ChemicalsImportant
  15. 15FoodImportant
  16. 16ManufacturingImportant
  17. 17Digital providersImportant
  18. 18ResearchImportant

§04 · The bulletin

Understand NIS2 in depth.

NIS2 Article 20: 5 boardroom responsibilities directors cannot delegateGovernance

NIS2 Article 20: 5 boardroom responsibilities directors cannot delegate

Article 20 of Directive 2022/2555 moves cybersecurity formally into the boardroom. Here are the five responsibilities that now fall personally on directors.

Apr 18, 2025·10 min
NIS2 incident notification: the practical 72-hour guideIncident management

NIS2 incident notification: the practical 72-hour guide

A cyber incident strikes. The NIS2 clock starts. Here is exactly what you must do, hour by hour.

Apr 11, 2025·9 min
NIS2 supply chain security: 5 clauses to require from your suppliersSupply chain

NIS2 supply chain security: 5 clauses to require from your suppliers

Article 21(2)(d) of Directive 2022/2555 explicitly mandates supply chain security. Here are 5 concrete contractual clauses to add to every critical supplier contract.

Apr 09, 2025·7 min
Read all articles
Boardroom mid-discussion — the moment a board agrees to commission the assessmentAction · Run the checklist

§ Action

Ready to put numbers on this?

Take the 21-point assessment. Score in two minutes. Walk away with a prioritised action plan ready to share with your board.

Run the checklist