← All frameworks
EU EU · 8 Policy & Process · EU

NIS2

NIS2 Directive (EU) 2022/2555

2022/2555

10 controls · 1 domain
Mandatory for: Mandatory for in-scope essential/important entities
Start assessment in platform →

About this framework

NIS2 is the EU directive that raises cybersecurity requirements across essential and important sectors. It expands earlier rules to more industries and adds stricter risk management, incident reporting, and management accountability.

Who needs this

Applies to medium and large organisations in essential EU sectors like energy, transport, health, and digital infrastructure.

Cross-framework coverage

Controls in NIS2 also cover:

ADHICS 14 shared
NCA ECC-2 14 shared
NCA OTCC 14 shared
Qatar NIA 14 shared
CJIS 13 shared

See how NIS2 connects to the rest → the Security Universe

Control domains

art21 · Article 21(2) Risk-Management Measures 10
21.2.a
Risk analysis & information system security policies
Policies on risk analysis and on the security of network and information systems.
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRNCA CCC
21.2.b
Incident handling
Incident handling, including prevention, detection, and response to incidents.
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRNCA CCC
21.2.c
Business continuity
Business continuity — backup management, disaster recovery, and crisis management.
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIST CSFPDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIAUAE IAUK GDPR
21.2.d
Supply chain security
Supply-chain security, including security-related aspects of relationships with direct suppliers and service providers.
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
21.2.e
Security in acquisition, development & maintenance
Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure.
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusDORAISO 27001NCA CCCNCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1Qatar NIASAMA CSFUAE IA
21.2.f
Effectiveness assessment
Policies and procedures to assess the effectiveness of cybersecurity risk-management measures.
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIST CSFPDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1
21.2.g
Cyber hygiene & training
Basic cyber-hygiene practices and cybersecurity training.
CJISADHICSCIS ControlsGDPR (EU)HIPAA Security RuleISO 27001NCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1Qatar NIASAMA CSFUAE IAUK GDPR
21.2.h
Cryptography & encryption
Policies and procedures regarding the use of cryptography and, where appropriate, encryption.
CJISADHICSCIS ControlsGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
21.2.i
HR security, access control & asset management
Human-resources security, access-control policies, and asset management.
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusGDPR (EU)HIPAA Security RuleISO 27001NCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRDORANCA CCC
21.2.j
Multi-factor authentication & secured communications
Use of multi-factor or continuous authentication, secured voice/video/text communications, and secured emergency communication systems.
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusGDPR (EU)HIPAA Security RuleISO 27001NCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR

Ready to assess against NIS2?

Start free trial →