Framework

NIS2 (Directive 2022/2555)

Network and Information Security Directive — applies to essential and important entities across 18 sectors.

Owner: Compliance TeamLast reviewed: 2026-04-14

Scope in OneComply

  • /dashboard/nis2 — entity classification and programme home.
  • /dashboard/nis2/governance — management body accountability tracking.
  • Incident module — 24h early warning, 72h notification, 1-month final report.

Typical Workflow

  1. Classify entity as Essential or Important; determine sector.
  2. Implement the 10 risk-management measures of Art. 21.
  3. Enrol supply-chain vendors in the Questionnaire module.
  4. Wire Incident reporting to the national CSIRT / competent authority.
  5. Document management-body training to meet Art. 20 liability provisions.

Continue reading

GDPR
Incident Reporting