Gap analysis. Policy alignment. Documented readiness. In that order.

A structured assessment of your organisation's position against NIS2 requirements — followed by the documentation, policy alignment, and implementation roadmap needed to respond with confidence.

Request a NIS2 scope review

STATUS: ENFORCEMENT ACTIVE

NIS2 has been in force across EU member states since October 2024. Supervisory frameworks are operational. Organisations that have not assessed their obligations are already operating with measurable regulatory exposure.

SCOPE

Essential and important entities under NIS2 Annex I and II. Sector-specific applicability reviewed at assessment start.

METHODOLOGY

Article-by-article gap assessment. Mapped to your current controls and governance structure.

OUTPUT

Documented gap list, prioritised roadmap, and management-ready executive summary.

SCOPE: INCLUDED

What the engagement covers

Gap assessment against NIS2 obligations (article-by-article review)

Entity classification review (essential vs. important, Annex I / II)

Existing documentation inventory — what exists, what is missing

Policy and procedure gap analysis

Evidence mapping — current controls to NIS2 requirements

Prioritised remediation roadmap

Executive summary (management-ready, non-technical language)

SCOPE: NOT INCLUDED

What is out of scope

Ongoing compliance monitoring (available as a separate retainer engagement).

Technical penetration testing or vulnerability scanning.

Legal representation or regulatory authority filing.

Implementation of technical controls (this engagement is advisory).

DORA or AI Act compliance (separate service scope).

OUTCOMES

What you have when the engagement closes

A documented gap list mapped to NIS2 article requirements — precise enough to inform board-level decisions.

An evidence inventory that reveals exactly what your organisation already has and what must be produced.

A prioritised roadmap that sequences remediation by risk level, not by effort.

An executive summary your leadership can present to auditors, insurers, or regulators without translation.

METHODOLOGY

How the engagement is delivered

Scope

Determine entity classification under NIS2 Annex I / II. Define applicable obligations and supervisory context.

Assess

Article-by-article gap analysis against current controls, documentation, and governance arrangements.

Map

Evidence inventory and documentation gap list. Existing controls mapped to NIS2 requirements.

Roadmap

Prioritised remediation roadmap. Sequenced by risk exposure, not effort.

Deliver

Full documentation pack and executive summary. Handover structured for internal use and external presentation.

RELATED INTELLIGENCE

Related insights

Insights

NIS2 Compliance: What Preparation Really Means in Practice

Open article →

Service

Begin with a gap assessment.

A short scoping conversation establishes whether your organisation falls within NIS2 scope and what an assessment would involve.

Request a NIS2 scope review