HomeCompliance › NIS2

NIS2 compliance software for essential and important entities.

NIS2 control set with regulator-notification fields, incident classification matrix, supply-chain risk register and management-body approval tracking. EU-built, EU-hosted. From €29 a month.

Open the portal See pricing

What is NIS2?

EU NIS2 Directive (Directive (EU) 2022/2555). Essential and important entities under NIS2: energy, transport, banking, financial market infrastructure, health, drinking water, waste water, digital infrastructure, ICT service management, public administration, postal and courier, food, chemicals, manufacturing, research.

Who needs to comply

  • Energy and utilities (essential entity)
  • Banking, financial market infrastructure (essential entity)
  • Healthcare and drinking-water providers (essential entity)
  • Digital infrastructure and ICT service management (essential entity)
  • Manufacturing, food, chemicals, postal and research (important entity, depending on size)

Key NIS2 controls covered by Dazr

Article 21Cybersecurity risk-management measures: risk policy, incident handling, BCP, supply chain, vulnerability handling, cryptography, basic cyber hygiene, MFA.
Article 23Incident notification: early warning within 24 hours, intermediate report within 72 hours, final report within 1 month.
Article 27Registration with the competent national authority, with the registration date and authority name on the workspace profile.
Article 32-34Supervision and enforcement: evidence sampling and the activity log.

What auditors look for

NIS2 specifically requires evidence of management body approval, supply-chain risk assessments, and the 24-hour early warning / 72-hour intermediate / 1-month final report incident notification cycle. Dazr captures all three.

How Dazr helps with NIS2

  • Maintain the Article 21 cybersecurity risk-management measures as recurring tasks
  • Run the incident register with the 24h / 72h / 1-month notification timestamps and authority case references
  • Track supply-chain risk in the vendor register with security ratings and review dates
  • Hold the management body approval date on the compliance profile, refreshed annually
  • Hand the competent authority a single-PDF audit trail or a read-only view

Back to the full Dazr Compliance overview › | Sign up free ›

NIS2 questions, answered.

Are we essential or important?

It depends on sector and size. NIS2 lists essential and important sectors in Annexes I and II; member states transpose with thresholds. The Italian, Dutch and German transpositions are now in force; check your competent authority. Dazr does not classify you for you, but the workspace lets you record which classification applies.

Does Dazr file the 24-hour early warning for me?

No. The early warning, intermediate and final reports go through your competent authority's portal. We hold every field they will ask for and the timestamps for the activity log.

What if we are also doing ISO 27001?

Enable both frameworks; Dazr creates separate but related tasks. Article 21 measures share a lot with ISO 27001 Annex A, so the same evidence often serves both.

Where is data hosted?

European Union only. AES-256-GCM at rest. EU support team. Italian entity.

Ready to start your NIS2 program?

Free for one user. Pro €29/mo and Enterprise €299/mo are self-serve via Mollie. Custom (from €800/mo) is the only tier on a contract.

Open the portal All frameworks