Check whether your organisation falls under the EU NIS2 Directive (EU) 2022/2555, classify it as an essential or important entity, score the ten Article 21 cybersecurity risk-management measures, map the Article 23 incident-reporting timeline (24 hours / 72 hours / 1 month), and export a NIS2 readiness report. Word + CSV.
Score each measure: Implemented = in place and effective (100%), Partial = started or informal (50%), Not implemented = absent (0%), N/A = not applicable with justification (omitted from the score). Readiness % is the mean of scored items.
⚠️ Educational estimate only — this is a self-assessment aid based on Directive (EU) 2022/2555 (NIS2), not legal advice and not a determination of scope or compliance. National transposition laws and competent-authority guidance vary and prevail. The checklist items are representative summaries of Articles 21 and 23 — not the full legal text. Consult a qualified legal/compliance professional and your national cybersecurity authority (CSIRT) before relying on any result.