Is my company in scope of NIS2?

Question

Accepted Answer

NIS2 targets essential and important entities across 18 sectors above size thresholds. If unsure, assume you are in scope — the penalties are significant.

NIS2 Self-Assessment

1. Is the management body trained and accountable for cybersecurity?

2. Do you have a risk analysis and an information-security policy?

3. Can you notify an incident within 24h/72h?

4. Backups, recovery and crisis management in place?

5. Do you assess your suppliers' security?

6. MFA, encryption and vulnerability management?

7. Do you measure the effectiveness of your measures?