NIS2 applies to your organisation. You have ten security measures to implement, 24-hour incident reporting timelines, and management accountability that is now personal liability. Complara maps every requirement into actionable checklists so nothing falls through the cracks.
10-day free trial · No credit card required · Setup in 3 minutes
NIS2 mandates a risk-based approach to cybersecurity with ten minimum security measures, strict incident reporting timelines, and — for the first time — personal liability for management bodies. EU member states were required to transpose NIS2 into national law by October 2024.
Policies on risk analysis and information system security, backed by a formal risk management process covering confidentiality, integrity, and availability.
Early warning to your national CSIRT within 24 hours, incident notification within 72 hours, and a final report within one month — including root cause and cross-border impact.
Security policies for ICT suppliers and service providers, including assessments of supply chain risks and contractual security requirements.
Backup management, disaster recovery, and crisis management procedures to ensure operational continuity following incidents.
Network access control, multi-factor authentication, and privileged access management across all critical systems.
Management bodies must approve, oversee, and take accountability for cybersecurity measures. Personal liability applies for non-compliance.
NIS2 covers ten security measure categories. Complara maps each into specific, assignable tasks your team can track from gap assessment to ready-to-audit.
Import Complara's NIS2 checklist template and see instantly which of the ten security measure categories your organisation still needs to address.
Attach risk registers, incident response plans, penetration test reports, and supplier security questionnaires to each requirement.
Generate a readiness report to present to your management body — satisfying the NIS2 requirement for executive oversight of your cybersecurity posture.
Map overlapping controls between NIS2, ISO 27001, and SOC 2 to avoid duplicate work when you're pursuing multiple frameworks.
NIS2 entities in financial services often also fall under DORA. Many use ISO 27001 as their underlying security framework to satisfy NIS2 requirements efficiently.
NIS2 (Network and Information Systems Directive 2) is the EU's updated cybersecurity framework that replaced the original NIS Directive in 2023. It expands coverage to more sectors, strengthens minimum security requirements, and introduces personal management liability for cybersecurity non-compliance.
NIS2 applies to medium and large organizations in essential sectors (energy, transport, banking, health, digital infrastructure) and important sectors (postal, waste, chemicals, food, manufacturing, digital services). Generally: 50+ employees or €10M+ revenue in a covered sector.
Early warning within 24 hours → Incident notification within 72 hours → Final report within 1 month. All reports go to your national CSIRT or competent authority.
Risk analysis · Incident handling · Business continuity and disaster recovery · Supply chain security · Procurement and vulnerability handling · Cyber hygiene and training · Cryptography · Human resources security and access control · Multi-factor authentication · Secure communications. Read the full NIS2 guide →
All ten security measures. Plain-English tasks. Evidence storage and board-level reporting built in.