Cyber & Resilience

Cybersecurity compliance
is now legally mandatory.

NIS2 and DORA have reshaped the legal landscape for European businesses. Organisations that fail to act now risk significant fines and operational disruption. Find out where you stand — free, in minutes.

NIS2 Readiness Check — Free → DORA ICT Assessment →
NIS2 — Network & Information Security
DORA — Digital Operational Resilience
Free · AI-powered · No commitment
Cyber regulations covered
NIS2 Directive DORA ENISA Guidelines ISO 27001
The Regulations

Two laws. One urgent deadline.

NIS2 and DORA came into force in 2023 and 2025. Both impose binding cybersecurity obligations — with no grace period for companies already in scope.

NIS2 Directive
🛡️

Network & Information Security Directive 2

NIS2 expanded the original NIS Directive to cover a much wider range of sectors. It introduces mandatory security measures, incident reporting obligations, and board-level accountability for cybersecurity. Member States began national enforcement in October 2024.

In force across EU from October 2024 National supervisory authorities are conducting compliance checks. Fines up to €10M or 2% of global turnover.

Sectors Covered

  • Energy, transport, banking, financial market infrastructure
  • Health, drinking water, wastewater, digital infrastructure
  • Public administration, space, postal and courier services
  • Manufacturing, food production, chemicals, digital providers
Check your NIS2 readiness →
DORA

Digital Operational Resilience Act

DORA applies exclusively to financial sector entities. It establishes binding standards for ICT risk management, operational resilience testing, third-party ICT dependency management, and incident reporting. Full application began in January 2025.

Fully applicable from January 2025 The European Supervisory Authorities (ESAs) are actively supervising compliance. Fines up to €5M for individuals, €1M daily for persistent non-compliance.

Entities Covered

  • Credit institutions, payment institutions, e-money institutions
  • Investment firms, insurance and reinsurance undertakings
  • Crypto-asset service providers, crowdfunding platforms
  • ICT third-party service providers to financial entities
Check your DORA readiness →
The Stakes

Cybersecurity compliance
is no longer optional.

160k+
EU entities subject
to NIS2 obligations
€10M
maximum NIS2 fine
or 2% global turnover
22k+
financial entities under
DORA supervision
Awareness tool, not legal advice. These assessments are designed to raise awareness of your potential obligations under NIS2 and DORA. They do not constitute legal advice and do not create a certified compliance status. AI-generated output. For formal compliance work, engage a qualified cybersecurity consultant or legal advisor.
Free Assessments

Know where you stand.
Start free.

Structured questionnaires built on the regulation text. AI analysis delivered to your inbox in minutes. Free account required.

✦ Free

NIS2 Readiness Assessment

Answer 20 questions across 5 NIS2 compliance areas. Get a gap analysis with your risk profile, missing measures, and priority actions — delivered to your inbox.

  • Risk management & governance controls
  • Incident handling & reporting procedures
  • Supply chain & third-party security
  • Access control & network security
  • ~5 minutes · AI report by email
Start NIS2 Assessment →
✦ Free

DORA ICT Risk Assessment

Answer 20 questions across 5 DORA pillars. Get a readiness score, key ICT risk gaps, and a prioritised action plan — delivered to your inbox.

  • ICT risk management framework
  • ICT incident classification & reporting
  • Operational resilience testing
  • Third-party ICT dependency management
  • ~5 minutes · AI report by email
Start DORA Assessment →
Paid

Supplier Due Diligence Questionnaire

A tailored supplier due diligence questionnaire covering up to 6 EU regulations: GDPR, NIS2, DORA, EU AI Act, CS3D, and CRA — based on your supplier's profile, data access, and criticality. Includes risk level, DPA requirement flag, and recommended review frequency.

  • Questionnaire covering only the regulations applicable to that supplier
  • Risk level (High / Medium / Low), DPA requirement, and review frequency
  • Saved to your account and delivered by email. Ready to send
Start Supplier Check →
Am I In Scope?

Most mid-size companies
are already covered.

NIS2 alone covers 160,000+ entities across the EU — far more than many businesses realise. Use the checklist below to understand your likely exposure.

🏭

Essential Entities

Energy, transport, banking, health, drinking water, digital infrastructure, public administration, and space sectors. NIS2 applies to medium and large companies (50+ employees or €10M+ revenue).

💻

Important Entities

Postal services, waste management, chemicals, food production, manufacturing, digital providers, and research organisations. Same employee and revenue thresholds apply.

🏦

DORA Financial Sector

Banks, investment firms, insurance companies, crypto-asset providers, and payment institutions. DORA applies regardless of company size if you hold an EU financial services licence.

🔗

Supply Chain Exposure

Even if you are not directly in scope, if you supply services to NIS2-covered or DORA-covered entities, you will face contractual cybersecurity requirements from your clients.

🌍

Non-EU Companies

NIS2 applies to non-EU companies providing services to EU customers in covered sectors. DORA applies to ICT providers serving EU financial entities, regardless of where the provider is based.

🎯

Not Sure? Take the Check.

Our free assessments start by profiling your organisation — sector, size, and activity type — before any compliance questions. If you're not in scope, we'll tell you that too.

Find out where you stand.
It's free.

Run the NIS2 or DORA assessment today. Free account, no payment required. Get your AI-generated gap analysis in minutes.

NIS2 Readiness Check → DORA ICT Assessment →