Are you in scope for NIS2?
Three clicks. No form. Result on the page.
Based on the official definition from the European Commission. NIS2 Directive (EU) 2022/2555 →
Pick your sector.
Choose the one that best matches what your organisation does. The 18 sectors below are the ones NIS2 covers, split across Annex I (high criticality) and Annex II (other critical sectors).
How big is your organisation?
NIS2 uses the EU enterprise-size definitions (Recommendation 2003/361/EC). Both headcount and turnover matter — the higher of the two decides your size. Pick one band in each.
Pick one in each to see your result.
Note. Some entities are in scope regardless of size or sector under Article 2(2) — including qualified trust service providers, DNS service providers, TLD registries, providers of public electronic communications networks or services, and sole providers in a Member State of an essential service. If any of those describes you, you are in scope. Member States can also designate you in scope where disruption would significantly impact public safety, public security, public health, or cause cross-border systemic risk.