Skip to content
Stop Ransomware
Emergency →

EU Directive 2022/2555 · In force

NIS2 is not optional. Panic is.

If your company is an essential or important entity under NIS2, you face binding security obligations, incident-reporting deadlines and personal accountability for management. We help you build an evidence-backed NIS2 readiness program — and operate the security controls behind it.

Book your free NIS2 Gap Assessment

Scope

Does NIS2 apply to you?

Your sector

NIS2 covers energy, transport, health, digital infrastructure, manufacturing, food, postal services, waste management, public administration — and more. If your sector keeps society or the economy running, assume you're on the list until proven otherwise.

Your size

The general thresholds: 50+ employees or €10M+ annual turnover — with sector-specific exceptions where smaller entities are covered regardless of size.

The supply-chain catch

Even if you're below the thresholds, your large customers may contractually require NIS2-level security from you.

These are the EU Directive's general criteria. Each member state transposes NIS2 into its own national law, so exact sector lists, thresholds and deadlines vary by country — the gap assessment confirms how the rules apply to you.

The obligations, translated from legalese

What NIS2 actually requires.

  • Risk management measures

    a documented, working approach to identifying and reducing security risk

  • Incident handling

    the ability to detect, respond to and learn from security incidents

  • Business continuity & backups

    tested backups and a plan that keeps you operating through an attack

  • Supply-chain security

    security requirements for your vendors — and answers for customers who require them of you

  • Security testing

    regular assessment that your measures actually work

  • Training & cyber hygiene

    staff who can recognize and report what technology alone misses

  • Encryption

    protection for data at rest and in transit

  • Access control & MFA

    who can reach what, enforced and reviewable

  • Incident reporting

    early-warning and incident-notification workflows for significant incidents — including the 24h / 72h reporting path and final-report preparation

And it's personal: management bodies are personally accountable for compliance, and fines reach into the millions or a percentage of global turnover — the exact ceilings are set by each member state under the Directive.

The funnel — yours to walk

How the free Gap Assessment works.

  1. 01

    We assess

    A structured review of your environment against every NIS2 control domain.

  2. 02

    You get an account

    Your results live in the NIS2 Readiness Hub: overall readiness score, domain scores, open critical gaps, missing evidence. Not a PDF that dies in a drawer — a dashboard that tells the truth every day.

  3. 03

    You decide

    Close the gaps with us (technology via the Check Point platform, processes via our governance team, monitoring via managed services) or take the roadmap and run. The report is yours either way.

The platform supports NIS2 readiness, control tracking and evidence management. It does not provide legal certification.

What's included

What the free Gap Assessment covers.

Practical, not theoretical. We look at the things a CEO, IT manager and compliance owner all need answered — and hand you a roadmap you can act on, whether you work with us next or not.

  • Entity scope

    Whether you are an essential or important entity, and which obligations actually apply to you.

  • Critical systems & assets

    An inventory of what you run and what matters most — the crown jewels attackers and auditors both care about.

  • Identity & access

    Microsoft 365 / Entra ID posture, MFA coverage and who can reach what.

  • Endpoint & email security

    Your first line against the attacks that actually land — phishing, malware, ransomware.

  • Backup & recovery readiness

    Whether you could truly restore — tested, immutable, off the attacker’s reach.

  • Incident response & reporting

    The workflows and readiness to meet the 24-hour and 72-hour reporting path for significant incidents.

  • Evidence gaps

    What proof you can show today versus what an auditor, insurer or customer will ask for.

  • Prioritized remediation roadmap

    A ranked plan — what to fix first, sequenced to make you measurably safer each month.

Book your free NIS2 Gap Assessment

The NIS2 Readiness Hub

Compliance that lives on a dashboard, not in a binder.

Every engagement runs in the NIS2 Readiness Hub by Stop Ransomware — structured around the NIS2 requirements.

Readiness score view

The dashboard

One number that tells the whole truth.

Your overall readiness score, control coverage across our readiness framework, open critical gaps and missing evidence — on one screen that stays current, not a report that ages in a drawer.

Control Gap Analysis

Control Gap Analysis — every control in our readiness framework, its status, and what closes it.

Management Accountability Report

Management Accountability Report — NIS2 makes leadership personally accountable. This is the one page your board will actually read.

Book your free NIS2 Gap Assessment

Why one partner for compliance and security

A consultant gives you documents. A reseller gives you boxes. We give you a defensible security posture: the program, the technology and the 24/7 operation behind it — so the paperwork and the protection never drift apart.

Technology we deploy & operate

NIS2 needs working controls, not just policies. We implement and run them — built on Check Point and the rest of your stack. See the platform →

Certifications

CISA · CISSP · OSCP

Industries served

Manufacturing, healthcare, logistics, finance

FAQ

Asked by everyone in scope.

We already have ISO 27001 — are we covered?

Partly. The overlap is real — risk management, access control, continuity all carry over — but NIS2 adds obligations ISO 27001 doesn't test: the 24h/72h incident-reporting deadlines, personal accountability for management, and explicit supply-chain requirements. Your certification becomes excellent evidence in the Hub; the gap assessment shows exactly what's left.

What happens if we ignore NIS2?

For entities in scope: supervisory orders, fines that reach into the millions or a percentage of global turnover, and personal accountability for management bodies — plus the quieter cost of failing security questionnaires from enterprise customers and insurers. The free gap assessment tells you whether and where you are exposed.

How long does compliance take?

It depends entirely on your starting point — which is the first thing the gap assessment measures. Typical SMB programs run months, not weeks, with the urgent gaps (backups, MFA, incident reporting readiness) closed early. The Hub's roadmap sequences it so you're measurably safer every month, not compliant-on-paper at the end.

We're a small supplier to a large entity — does this affect us?

Very likely yes, even if you're below the size thresholds. NIS2 makes large entities responsible for their supply chain, so they pass security requirements down contractually. Increasingly, proving NIS2-level security is what keeps you on the approved-vendor list.

Find out exactly where you stand.

The gap assessment is free, the report is yours.

Book your free NIS2 Gap Assessment

No obligation. No sales pressure. A readiness score and a roadmap, either way.