NIS2 Compliance Dashboard

Network and Information Security Directive 2

Jurisdiction: European Union | Effective: October 18, 2024 | Domain: AI/Digital

Overview

NIS2 is the EU directive on measures for a high common level of cybersecurity. It expands the scope of the original NIS Directive, covering more sectors and imposing stricter security requirements and incident reporting obligations.

Controls

NIS2-C001: Risk Management Measures

• Requirement: Appropriate and proportionate technical and organizational measures
• Automated: Yes
• Evidence: Risk assessment, security measures documentation

NIS2-C002: Incident Handling

• Requirement: Incident detection, response, and recovery procedures
• Automated: Yes
• Evidence: Incident response plan, detection tools

NIS2-C003: Supply Chain Security

• Requirement: Security measures for supply chain and supplier relationships
• Automated: No
• Evidence: Supplier assessments, security requirements in contracts

NIS2-C004: Incident Reporting

• Requirement: Early warning within 24h, incident notification within 72h
• Automated: Yes
• Evidence: Notification records, CSIRT communications

Compliance Gates

Gate	Control Ref	Requirement	Status
NIS2-G001	NIS2-C001	Risk management measures implemented
NIS2-G002	NIS2-C002	Incident handling procedures tested
NIS2-G003	NIS2-C004	Reporting timeline requirements met

Metrics

Metric	Target	Source	Trend
Security measure coverage	100%	security_audit	Improving
Incident response time	< 24h early warning	incident_system	Stable
Supply chain assessment coverage	90%	vendor_management	Improving

Recommended Actions

1. Complete cybersecurity risk management assessment
2. Test incident notification procedures
3. Assess supply chain security posture

Cross-Regulation Overlaps

• DORA — ICT risk management for financial sector
• ISO 27001 — Information security management
• GDPR — Data protection aspects of security incidents