Determine whether the EU NIS2 Directive applies to your organisation and understand your obligations in under 2 minutes.
Choose the sector and sub-sector that best describes your organisation's primary activity.
The NIS2 Directive (EU 2022/2555) is the European Union's updated cybersecurity framework replacing the original 2016 NIS Directive. It expands scope to 18 sectors, introduces stricter security requirements, mandatory 24-hour incident reporting, and personal liability for management in cases of non-compliance.
NIS2 applies to medium and large organisations across 18 sectors including energy, healthcare, transport, digital infrastructure, banking, and public administration. Small and micro organisations are generally exempt unless they provide critical services such as DNS, top-level domain registries, or qualified trust services.
Essential entities are large organisations in Annex I sectors (energy, transport, healthcare, digital infrastructure) and critical service providers regardless of size. They face proactive supervision and fines up to €10 million or 2% of global turnover. Important entities include medium organisations across all NIS2 sectors, with reactive supervision and fines up to €7 million or 1.4% of turnover.
NIS2 penalties reach up to €10 million or 2% of total annual turnover for essential entities, and up to €7 million or 1.4% of turnover for important entities. NIS2 also introduces personal liability for board members, who can be temporarily suspended from management functions.
Our free NIS2 compliance checker assesses the directive's applicability to your organisation in three steps: sector and sub-sector selection, organisation size assessment (employees and turnover), and special criteria check. Based on this data, the tool determines whether you are an essential entity, important entity, or outside NIS2 scope.