NIS2 (EU 2022/2555) is the EU directive on measures for a high common level of cybersecurity. It expands requirements to essential and important entities across 18 sectors, covering risk management, incident reporting, supply chain security, and management accountability.

What are the penalties for NIS2 non-compliance?

Fines up to EUR 10 million or 2% of global annual turnover for essential entities, and EUR 7 million or 1.4% for important entities. Management can also be held personally liable.

Does NIS2 apply the same way in every EU country?

No. NIS2 is an EU directive that sets a baseline, but each member state transposes it into national law. Scope, deadlines, and enforcement details may differ between countries.

How long does NIS2 implementation take?

Typical implementation takes 6-18 months depending on current maturity. With compliance automation software, this can be reduced to 3-6 months.

Is ISO 27001 sufficient for NIS2 compliance?

ISO 27001 covers many NIS2 requirements but key gaps remain: incident reporting timelines (24h/72h), supply chain obligations, and management accountability provisions specific to NIS2.

What is Article 21 of NIS2?

Article 21 defines 10 categories of cybersecurity risk-management measures that essential and important entities must implement, including risk analysis, incident handling, business continuity, supply chain security, and cryptography.

NIS2ISO 27001DORAGDPR

NIS2 directive is now in force across the EU

EU organisations must comply with NIS2. The clock is ticking.

Quantifier is an AI-native platform that prepares your organisation for NIS2 compliance across the EU.

Each EU member state implements NIS2 into national law — Quantifier supports compliance across jurisdictions.

Check your NIS2 readiness

We'll get in touch, or call us: (+48) 698 759 206

By submitting this form you consent to personal data processing in accordance with our Privacy Policy. Data controller: Quantifier sp. z o.o.

NIS2 is now a legal obligation

Personal liability of management for cybersecurity

Incident reporting within 24h / 72h

Requirements for suppliers and the supply chain

Mandatory ICT risk management

Fines up to EUR 10M or 2% of annual revenue

Check if NIS2 applies to you

Most organisations are not operationally ready

A typical approach to compliance does not meet NIS2 requirements.

Policies in Word documents

Risks in Excel spreadsheets

Incidents across different systems

No audit trail

No supplier monitoring

No continuous compliance

NIS2 requires a single operational system — not a set of scattered documents and spreadsheets.

Platform

AI-native NIS2 compliance platform for EU organisations

All NIS2 requirements in one system — from gap analysis to continuous compliance across EU jurisdictions.

AI policy mapping — automatic mapping of existing policies to NIS2 requirements using AI.
NIS2 risk register — central risk register linked to NIS2 directive articles.
Incident workflows — incident management with automatic 24h/72h reporting.
Supplier monitoring — assessment and continuous monitoring of supply chain security.
Evidence room — central repository of audit evidence and documentation.
Board dashboard — clear compliance status view for C-level and the board.
Continuous compliance — ongoing compliance monitoring with automatic alerts.

app.quantifier.ai/nis2

NIS2 Dashboard

Interactive command center for readiness, gaps, risks, incidents, suppliers, tasks, and audit preparation.

NIS2 Compliance Readiness Score

75%

AI Summary

Risk Management requires attention (Art. 21(2)(a)). Supply Chain Security partially implemented.

Good: 6Partial: 3Gap: 1

Compliance Domains Status

Risk Managementcompleted

85%

Assets & Measuresin progress

60%

HR & Trainingcompleted

90%

Incident Handlinggap

45%

Supply Chainin progress

70%

Business Continuitycompleted

80%

Policy Coverage

ISMS Policycompleted

Risk Assessment Policycompleted

Incident Handling Policypending

Supply Chain Security Policymissing

Business Continuity Policycompleted

See how it works

Implementation

4 steps to NIS2 compliance

The roadmap dynamically adapts to your organisation's maturity level.

Upload documents

Import existing policies, procedures and documentation. AI automatically recognises the structure and maps content to NIS2 requirements.

Policy & procedure importDocument structure recognitionAutomatic classification

AI maps to NIS2

Artificial intelligence analyses documents, identifies compliance gaps and generates a detailed gap analysis report.

AI Gap AnalysisGap identificationNIS2 article compliance report

Platform guides implementation

Step by step through governance, risk management, incidents and supply chain — with a dynamic roadmap.

Governance & PoliciesRisk ManagementIncident & Supply Chain

Monitor compliance

Continuous monitoring, automatic risk alerts and a real-time board dashboard.

Continuous MonitoringReal-time alertsBoard dashboard

When the inspector arrives — you're ready

Quantifier automatically prepares complete inspection documentation:

Inspection-ready policies

Risk register

Incident log

Control evidence

Audit trail

Responsibility assignment

NIS2 article mapping

Highlight: Documentation generated directly from the platform — zero manual preparation.

NIS2 requires continuous compliance

A one-off assessment is not enough. NIS2 demands an operational, continuous process.

Continuous monitoring

Automatic gap analysis

Regulatory updates

AI recommendations

Board dashboard

Risk alerts

Article 21 — Security Measures Mapped to Actions

NIS2 Article 21 defines 10 mandatory cybersecurity risk-management measures. Here is each requirement mapped to concrete actions your organisation must take.

Article 21 Requirement	Required Action	Evidence Needed
Risk analysis & security policies	Formal risk assessment, risk register, board-approved policies	Risk reports, policy docs, board approvals
Incident handling	Detection, response, recovery procedures; 24h/72h/30d reporting	Incident response plan, CSIRT notifications, incident log
Business continuity	BCP, disaster recovery, crisis management	BCP docs, DR test results, backup logs
Supply chain security	Supplier risk assessments, contractual security clauses	Due diligence reports, supplier contracts
Systems acquisition & development	Secure SDLC, vulnerability handling & disclosure	SDLC docs, vulnerability scans, patch records
Effectiveness assessment	Policies to evaluate cybersecurity measure effectiveness	Audit reports, penetration tests
Cyber hygiene & training	Security awareness, training for all staff including management	Training records, phishing simulations
Cryptography	Encryption policies, key management	Encryption policy, key management procedures
HR security & access control	Access control matrix, asset management, user lifecycle	Access logs, provisioning records
Multi-factor authentication	MFA deployment, secured emergency communications	MFA records, communication tool inventory

Why Use Software for NIS2 Compliance?

Manual compliance with NIS2 using spreadsheets and documents is not sustainable at scale. Here's what changes with a compliance automation platform.

Without Software	With Quantifier
Risk register in Excel	Centralised risk register linked to NIS2 articles with AI scoring
Manual evidence collection	Automated evidence collection mapped across multiple frameworks
Incident reporting via email	Structured incident workflows with automatic 24h/72h notifications
Supplier assessment once a year	Continuous supplier monitoring with real-time risk scoring
Point-in-time compliance checks	Continuous compliance monitoring with board dashboard
Siloed documentation	Single source of truth with version control and audit trail

See how it works

NIS2 Compliance Resources

Deep-dive articles to help you prepare for NIS2 requirements.

NIS2 FAQ

Check your NIS2 readiness level

Start with a free maturity assessment and find out what needs immediate attention.

Check your NIS2 readiness

We'll get in touch, or call us: (+48) 698 759 206

By submitting this form you consent to personal data processing in accordance with our Privacy Policy. Data controller: Quantifier sp. z o.o.

EU organisations must comply with NIS2. The clock is ticking.

Check your NIS2 readiness

NIS2 is now a legal obligation

Most organisations are not operationally ready

AI-native NIS2 compliance platform for EU organisations

NIS2 Dashboard

4 steps to NIS2 compliance

Upload documents

AI maps to NIS2

Platform guides implementation

Monitor compliance

When the inspector arrives — you're ready

NIS2 requires continuous compliance

Article 21 — Security Measures Mapped to Actions

Why Use Software for NIS2 Compliance?

NIS2 Compliance Resources

NIS2 Compliance Checklist 2026

NIS2 Directive — Complete Guide

NIS2 Requirements & Implementation

NIS2 FAQ

Check your NIS2 readiness level

Check your NIS2 readiness

EU organisations must comply with NIS2. The clock is ticking.

Check your NIS2 readiness

NIS2 is now a legal obligation

Most organisations are not operationally ready

AI-native NIS2 compliance platform for EU organisations

NIS2 Dashboard

4 steps to NIS2 compliance

Upload documents

AI maps to NIS2

Platform guides implementation

Monitor compliance

When the inspector arrives — you're ready

NIS2 requires continuous compliance

Article 21 — Security Measures Mapped to Actions

Why Use Software for NIS2 Compliance?

NIS2 Compliance Resources

NIS2 Compliance Checklist 2026

NIS2 Directive — Complete Guide

NIS2 Requirements & Implementation

NIS2 FAQ

What is NIS2?

What are the penalties for NIS2 non-compliance?

Does NIS2 apply the same way in every EU country?

How long does NIS2 implementation take?

Is ISO 27001 sufficient for NIS2 compliance?

What is Article 21 of NIS2?

Check your NIS2 readiness level

Check your NIS2 readiness