Evaluate your organization's readiness for NIS2 compliance. Measure your actual operational capabilities across the key domains mandated by the EU Directive.
Choose the category that best describes your organization under NIS2.
NIS2 applies different supervisory regimes and penalties based on entity classification. Essential entities face proactive supervision and higher penalties (up to €10M or 2% of turnover), while Important entities face reactive supervision.
This assessment model is engineered by Kerem Ozturk, former CISO at ING Bank Turkiye and Principal Consultant at DXC Technology. It reflects the exact governance and technical prerequisites utilized to secure European essential entities against NIS2 mandates.
The NIS2 Directive is the EU's updated Network and Information Security regulation applying to "Essential" and "Important" entities across critical sectors including Energy, Transport, Banking, Healthcare, Digital Infrastructure, and Manufacturing. With enforcement now active, organizations must demonstrate compliance or face penalties of up to €10M or 2% of global turnover.
NIS2 goes beyond documentation — it requires operational capabilities. Incident reporting within 24 hours (early warning), supply chain security measures, risk management processes, business continuity planning, cryptography policies, and multi-factor authentication are all mandatory requirements under Article 21.
We evaluate your readiness across all 10 Article 21 measures: Risk Management (a), Incident Handling (b), Business Continuity (c), Supply Chain Security (d), Network Security (e), Security Effectiveness (f), Cyber Hygiene (g), Cryptography (h), Access Control (i), and Authentication (j).
