Skip to content

NIS2

Directive (EU) 2022/2555 — cybersecurity obligations for essential and important entities across 18 sectors. Member-state transposition deadline was 17 October 2024; national implementations differ, so always check your own member state's law.

Planned branches

Area Planned artefacts
Scoping Am-I-in-scope checklist (essential vs. important entity)
Governance (Art. 20) Management-body accountability matrix
Risk-management measures (Art. 21) The ten measures mapped to concrete controls and documents
Incident notification (Art. 23) 24h / 72h / one-month reporting timeline reference
Supply chain Supplier security requirements checklist

Under construction

This branch opens after the core DORA set ships. New artefacts are announced on the blog.

Primary sources