Network and Information Security Directive 2
NIS2 Compliance Platform — Achieve Cybersecurity Compliance Before the Deadline
EU cybersecurity compliance made structured. 37-question assessment covering all NIS2 requirements, risk management framework, incident reporting workflow, and audit-ready exports in PDF, JSON, or XML.
GDPR compliant
EU-hosted (Frankfurt)
End-to-end encrypted
Integrates with
What is NIS2 Compliance?
NIS2 (Network and Information Security Directive 2) is the EU's cybersecurity law requiring essential and important entities to implement robust security measures. It covers 18 sectors including energy, transport, health, digital infrastructure, and ICT service management. NIS2 strengthens the original NIS directive with stricter requirements and higher penalties.
Who Must Report?
NIS2 applies to: (1) Essential entities — energy, transport, banking, health, water, digital infrastructure, ICT service management, public administration, space. (2) Important entities — postal services, waste, chemicals, food, manufacturing, digital providers, research. Size thresholds: 50+ employees or €10M+ revenue.
Deadlines
NIS2 entered into force January 2023. Member states must transpose into national law by October 17, 2024. Organizations must be compliant from that date. Non-compliance penalties: up to €10M or 2% global turnover for essential entities, €7M or 1.4% for important entities.
NIS2 vs Other Standards
NIS2 vs original NIS: (1) More sectors covered (18 vs 7), (2) Stricter security measures (10 minimum requirements), (3) Management liability (C-suite personally responsible), (4) Supply chain security mandatory, (5) Incident reporting within 24 hours (vs 72 hours).
Why NIS2 Reporting Software?
Manual NIS2 reporting takes 8-12 weeks. With Regtrue, teams complete it in 3-5 weeks.
Common NIS2 Mistakes
- ✕Incomplete risk assessment — missing asset inventory or threat analysis
- ✕No incident response plan — required 24-hour reporting capability
- ✕Supply chain gaps — third-party vendors not assessed
- ✕Missing management sign-off — C-suite liability requires documented approval
- ✕No audit trail — cannot prove compliance to authorities
- ✕Outdated policies — not aligned with NIS2 10 minimum requirements
How Regtrue Helps
- ✓Guided 37-question assessment covering all NIS2 Article 21 requirements
- ✓Built-in risk management framework with asset inventory
- ✓Incident reporting workflow with 24/72 hour timeline tracking
- ✓Supply chain security assessment module
- ✓Management accountability documentation
- ✓Evidence linking — attach policies, audits, certifications
- ✓Export in PDF, JSON, XML for regulatory submission
NIS2 Evidence Checklist
Evidence required for audit-ready NIS2 compliance. All can be linked to questionnaire answers in Regtrue.
- 1
Risk Analysis Documentation
Asset inventory, threat assessment, vulnerability scans, risk register, risk treatment plans, residual risk acceptance
- 2
Security Policies
Information security policy, acceptable use policy, access control policy, incident response policy, business continuity policy
- 3
Incident Handling Procedures
Incident response plan, escalation procedures, communication templates, 24-hour notification workflow, post-incident review process
- 4
Business Continuity Plan
BCP document, disaster recovery plan, backup procedures, RTO/RPO definitions, crisis management plan, test results
- 5
Supply Chain Security
Vendor risk assessments, supplier security questionnaires, third-party audit reports, contractual security requirements
- 6
Access Control Records
User access matrix, privileged access management, authentication mechanisms, access review logs, MFA implementation
- 7
Encryption & Cryptography
Encryption policies, key management procedures, certificate inventory, cryptographic standards documentation
- 8
HR Security Documentation
Security awareness training records, background check procedures, onboarding/offboarding checklists, confidentiality agreements
- 9
Network Security Evidence
Network diagrams, firewall rules, penetration test reports, vulnerability assessment results, SIEM configuration
- 10
Management Accountability
Board-level security briefings, management sign-off records, security budget approvals, compliance attestations
Note: All evidence can be linked directly to questionnaire answers in Regtrue. Your export includes a complete evidence pack with traceability map showing which evidence supports which answer.
NIS2 Export Formats
Export your NIS2 report in any format auditors need. Each export includes full evidence traceability.
PDF
PDF Report
Human-readable NIS2 compliance report for management, board presentations, and regulatory inspections.
JSON
JSON Data
Structured compliance data for integration with GRC platforms, SIEM systems, and automated compliance tools.
XML
XML Export
XML format for regulatory submission to national cybersecurity authorities (NCSAs) as required by some member states.
ZIP
Audit Pack (ZIP)
Complete evidence bundle: assessment responses, all linked policies and audits, incident procedures, full audit trail.
NIS2 Reporting Pricing
Simple pricing. NIS2 module included in all plans. Contact sales for access.
Most popular
Pro
€199/mo
5 users, all modules
- All compliance modules
- Evidence vault (unlimited)
- AI assistance
- Priority support
Business
€599/mo
20 users, white-label
- White-label reports
- Custom integrations (API)
- Onboarding session
- Invoice billing
Consultant Plan — €349/mo
Managing multiple clients? Unlimited client accounts, bulk operations, and cross-client analytics. See consultant pricing →
Frequently Asked Questions
Everything you need to know about NIS2 reporting with Regtrue.
NIS2 is the EU cybersecurity directive requiring essential and important entities in 18 sectors to implement security measures. It applies to organizations with 50+ employees or €10M+ revenue in sectors like energy, transport, health, banking, digital infrastructure, and ICT services. Essential entities face stricter requirements.
Start Your NIS2 Report Today
Evidence linking, audit trail, and export packs included. AI suggests, you decide.
Enterprise access
GDPR compliant
EU-hosted