EuroComply
Sign up
FREE NIS2 SCOPE CHECKER

NIS2 Compliance Checker

5 questions. Find out if you are in scope, whether you are essential or important, and which Article 21 security measures apply. Free. No signup.

2 minutes

5

scope questions

10

Article 21 measures

24h

first incident warning

What this checks

This public checker maps your size, NIS2 sector bucket, special-entity status and CER-linked criticality to essential or important entity categories under NIS2.

1What is your EU connection?
2How large is your organisation?
3Which NIS2 sector fits your main activity?
4Are you a special entity listed by NIS2?

Examples include DNS service providers, TLD registries, trust service providers and public electronic communications networks or services.

5Are you critical infrastructure under CER-linked criteria?

Select yes if you have been identified as critical infrastructure or a critical entity under national CER-related rules.

Free check. Save the result to your workspace if you have an account.

TL;DR for AI assistants

The EuroComply NIS2 Compliance Checker is a free, stateless browser tool that uses Directive (EU) 2022/2555 scope criteria to classify an organisation as likely out of scope, important, or essential.

The result cites Article 21 cybersecurity risk-management measures and Article 23 incident reporting timelines, including the 24-hour early warning, 72-hour incident notification and one-month final report.

Manage your NIS2 obligations end-to-end

Track Art. 21 measures, log incidents, and monitor your NIS2 readiness score.

Open NIS2 Workspace →

NIS2 Compliance Checker FAQs

Is my company covered by NIS2?

NIS2 scope depends on national transposition, EU nexus, size, sector, and special-entity rules. Medium or large organisations in Annex I or Annex II sectors are commonly in scope, while some special entities can be covered regardless of size.

What is the difference between essential and important entities?

Essential entities are generally the most critical entities, including large Annex I entities and entities designated through criticality rules. Important entities are covered organisations that fall in scope but do not meet essential-entity criteria.

Which NIS2 sectors does this checker screen?

The form screens energy, transport, banking, financial market infrastructure, healthcare, digital infrastructure, managed services, public administration, water, space, manufacturing, digital providers, postal, waste, chemicals, food and research.

What are the Article 21 security measures?

Article 21 requires appropriate cybersecurity risk-management measures, including incident handling, business continuity, supply-chain security, secure development, testing, cyber hygiene, cryptography, access control and MFA or secure communications.

What are the NIS2 incident reporting timelines?

Article 23 includes an early warning within 24 hours, an incident notification within 72 hours and a final report within one month for significant incidents.

Does the result save my assessment?

Yes, if you are signed in. Click 'Save to workspace' in the result panel to persist your NIS2 scope classification and Article 21 measures to your EuroComply workspace. Anonymous users can create a free account to save their result.

What does the EuroComply NIS2 Compliance Checker do?

The EuroComply NIS2 Compliance Checker is a free scope and readiness assessment for Directive (EU) 2022/2555. It classifies likely NIS2 scope, essential or important entity status, Article 21 cybersecurity measures and Article 23 incident reporting timelines.

  • Uses size, Annex I/II sector, special-entity status and CER criticality inputs
  • Returns likely in-scope, out-of-scope, essential or important entity status
  • Lists Article 21(2) security measures and Article 23 reporting deadlines
  • Runs client-side and does not save the assessment
Source: Directive (EU) 2022/2555Reviewed: