🇪🇺 Live Food Safety & Manufacturing

NIS2 Directive

Establishes cybersecurity risk management and incident reporting obligations for essential and important entities across critical sectors in the EU. Applies to organizations in energy, transport, health, digital infrastructure, and other designated sectors.

View official source document

190

Rules extracted

602

Obligations decomposed

3.2x

Avg obligations per rule

🇪🇺 European Union

Jurisdiction

About this regulation

The NIS2 Directive establishes a high common level of cybersecurity across the Union. It applies to essential and important entities in specified sectors, imposing cybersecurity risk-management measures, incident reporting obligations, and governance requirements. Member States were required to transpose the Directive by 17 October 2024.

What AuditDSS covers

Source

Regulation

Extracted

190

Rules

Decomposed

602

Obligations

3.2x

Decomposition ratio

Each rule is decomposed into an average of 3.2 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 602 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in NIS2 is scored across independent risk dimensions:

Obligation Weight

How critical within the regulatory framework

Violation Likelihood

How often breached in practice

Enforcement Evidence

Regulator enforcement history and penalties

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title: NIS2 Directive
Regulatory body: European Union Agency for Cybersecurity
Jurisdiction: 🇪🇺 European Union
Document type: directive
Effective date: October 18, 2024
Issuing authority: European Parliament and Council of the European Union
Industry: Food Safety & Manufacturing
Official source: View source document ↗

Who this applies to

essential entitiesimportant entitiesdigital infrastructure providerspublic administrationcritical sector operators

Key requirements

risk management measures
incident reporting within 24 hours
supply chain security
business continuity management
encryption and access control
vulnerability disclosure
management body accountability

Frequently asked questions about NIS2

What is NIS2?

Who does NIS2 apply to?

NIS2 applies to essential entities, important entities, digital infrastructure providers, public administration, critical sector operators.

How many obligations does NIS2 contain?

AuditDSS has decomposed NIS2 into 602 atomic obligations from 190 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of NIS2?

The key requirements include: risk management measures, incident reporting within 24 hours, supply chain security, business continuity management, encryption and access control, vulnerability disclosure, management body accountability.

How can I assess my NIS2 compliance?

Upload your compliance policy to AuditDSS. The platform maps your document against all 602 NIS2 obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces NIS2?

NIS2 is enforced in European Union by European Union Agency for Cybersecurity.

When did NIS2 come into effect?

NIS2 became effective on October 18, 2024.

What industry does NIS2 apply to?

NIS2 is primarily relevant to the Food Safety & Manufacturing industry. AuditDSS covers 61 regulations in this industry sector.

Build a NIS2 compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for NIS2 — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering NIS2 requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine NIS2 with other regulations into a single unified compliance pack for your business.

Build NIS2 compliance pack

Already have a policy? Assess it against NIS2

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

AI maps against 602 obligations

Your document is scored against every obligation in NIS2. Each claim is mapped to the obligation tree and evaluated for coverage.

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.