Answer 12 quick questions about your business and security setup. You'll get an instant verdict on whether the NIS2 Directive applies to you, a preparedness score and a prioritised list of gaps to fix.
This self-assessment is an indicative guide based on the NIS2 Directive (EU) 2022/2555 and is not legal advice. A formal scope determination and gap analysis require a professional review of your specific circumstances.
This free NIS2 test is a 12-question self-assessment quiz that takes about two minutes. It is split into two parts:
When you finish, the quiz instantly calculates your likely NIS2 scope, a preparedness score out of 100 and a prioritised list of gaps. Nothing is sent anywhere unless you choose to email yourself the report — scoring runs entirely in your browser.
NIS2 sorts organisations into tiers. The test estimates which one you most likely fall into:
Your sector, size and EU footprint place you in the highest NIS2 tier. Essential Entities face proactive supervision and fines up to €10M or 2% of global turnover. Registration with your national authority and full implementation of the Article 21 measures are mandatory.
Your sector, size and EU footprint bring you into NIS2 scope as an Important Entity. You face ex-post supervision and fines up to €7M or 1.4% of turnover. National registration and the Article 21 security measures apply to you.
You may not be directly designated, but you supply or serve in-scope EU organisations. NIS2 makes them responsible for their supply chain — so they will (or already do) require you to demonstrate equivalent security. In practice, you need to be compliant.
Based on your answers you don't appear to fall under NIS2 directly. Keep in mind that scope depends on details and can change if you start serving EU clients or enter a covered sector. Strong cybersecurity remains a smart investment regardless.