Skip to main content
NIS2

NIS2 Compliance
for Essential and Important Entities

NIS2 raises cybersecurity expectations across 17 sectors in the EU, with explicit management accountability, stricter incident reporting and strong supply chain requirements.

Basenorm centralises the full NIS2 programme: governance, risk management, incident handling, business continuity, supplier oversight and management training, with controls mapped to the Unified Control Library.

Get startedPrepare for NIS2

Scope, Governance and Management Accountability

Determine if your organisation is an essential or important entity, implement board-level accountability and document governance aligned with NIS2 Article 20.

  • Essential and important entity classification
  • Board-level cybersecurity accountability
  • NIS2 governance documented in one place
  • Roles, responsibilities and sign-off workflows
  • Management training and awareness tracking
Explore the Unified Control Library →

Article 21 Security Measures

NIS2
Risk management
Access control
Incident handling
Business continuity
Supply chain security
Vulnerability disclosure
Implementation Progress67%

Entity Classification

Essential Entities
Energy
Banking
Healthcare
Digital Infra

Up to €10M or 2% fine

Important Entities
Manufacturing
Postal
Cloud/MSP
ICT Services

Up to €7M or 1.4% fine

Your ClassificationEssential Entity

Risk Management Measures and Incident Reporting

Implement the 10 minimum cybersecurity risk management measures in Article 21 and operate a 24-hour / 72-hour / one-month incident reporting workflow.

  • Article 21 risk management measures fully mapped
  • Policies on risk analysis and information security
  • Incident handling and business continuity
  • Cryptography, access control and human resources security
  • Significant incident reporting within 24h / 72h / 1 month

Supply Chain Security and Continuous Assurance

Manage direct suppliers and service providers, run supplier risk assessments and demonstrate continuous assurance to competent authorities.

  • Supplier inventory and criticality classification
  • NIS2 supply chain security requirements
  • Contractual security requirements and monitoring
  • Continuous evidence collection and readiness scoring
  • Governance Graph linkage across services, assets and suppliers
Explore AskNorman AI →

Incident Reporting Timeline

24hrEarly Warning

Initial alert to CSIRT

72hrNotification

Detailed incident report

1 MonthFinal Report

Root cause & lessons

Active Incident: INC-2024-04248hr remaining

Ready to operationalise NIS2?

Join essential and important entities using Basenorm to manage NIS2 across governance, risk management, incident reporting and supply chain security.

Get startedBrowse features

Frequently Asked Questions

Key questions about NIS2 scope, requirements and Basenorm support.

Related FAQ Topics

Explore frequently asked questions about NIS2 and related compliance topics.

Multi-Framework ComplianceFramework ComparisonAudit ReadinessEvidence Management
View all FAQ topics