Cybersecurity Check — Does Your Company Need to Act?

What is the NIS2 Directive?

NIS2 (Network and Information Security Directive 2) is an EU cybersecurity regulation that came into force in January 2023.
It replaces the original NIS Directive and significantly expands the scope of companies required to meet cybersecurity standards.
Member states were required to transpose NIS2 into national law by October 2024.
Non-compliance can result in fines of up to €10 million or 2% of global annual turnover.
Executive management is personally liable for NIS2 compliance — cybersecurity is now a matter of corporate governance.

Which companies does NIS2 apply to?

NIS2 applies to medium and large companies (50+ employees or €10M+ revenue) in 18 critical sectors.
Essential entities: energy, transport, banking, health, water, digital infrastructure, public administration, space.
Important entities: postal services, waste management, chemicals, food, manufacturing, digital providers, research.
Even if your company is small, NIS2 may apply if you are a critical supplier to essential entities in the supply chain.

Why ISO 27001 also matters

ISO 27001 defines the global standard for information security management systems (ISMS).
It provides a framework for risk management, access control, incident response, and continuous improvement.
Increasingly required by large clients, public institutions, and supply chain partners as a contractual condition.
Achieving ISO 27001 certification demonstrates due diligence and significantly reduces regulatory risk.

Frequently Asked Questions

How do I know if NIS2 applies to my company?

NIS2 applies if your company operates in one of 18 critical sectors AND meets the size threshold (50+ employees or €10M+ annual revenue). Use our free cybersecurity check tool above to find out in under 2 minutes.

What are the penalties for NIS2 non-compliance?

For essential entities: up to €10 million or 2% of global annual turnover. For important entities: up to €7 million or 1.4% of global annual turnover. Senior management can also be held personally liable.

What is the NIS2 compliance deadline?

The EU NIS2 Directive required national transposition by October 17, 2024. Companies in scope should be actively working on compliance now. Non-compliant organizations are already at risk of regulatory action.

Get Started with Quantifier

Join hundreds of organizations that have automated their compliance with Quantifier.

Schedule a Demo