Back
01
DIRECTIVE: 2022/2555/EU — NIS2 READINESS

Gap analysis. Policy alignment. Documented readiness. In that order.

A structured assessment of your organisation's position against NIS2 requirements — followed by the documentation, policy alignment, and implementation roadmap needed to respond with confidence.

Request a NIS2 scope review
DIRECTIVE // PREPARATIONACTIVE STATUS
REG. REF: 2022/2555VERIFIED // GRC
02
STATUS: ENFORCEMENT ACTIVE

NIS2 has been in force across EU member states since October 2024. Supervisory frameworks are operational. Organisations that have not assessed their obligations are already operating with measurable regulatory exposure.

03SERVICE FOCUS

Service scope

We guide your organisation through the full NIS2 compliance process — from gap analysis to documented evidence package — ready for audit and authority inspection.

01

Regulatory applicability mapping for your entity and core operations.

02

Security governance and control baseline review against NIS2 obligations.

03

Evidence architecture and accountability model for authority-facing readiness.

04

Leadership-level decision framing for timeline, risk and ownership alignment.

04SCOPE: INCLUDED

What you receive

  • Gap analysis against NIS2 obligations (article-by-article review)
  • Entity classification review (essential vs. important, Annex I / II)
  • Existing documentation inventory — what exists, what is missing
  • Policy and procedure templates, ready for internal adaptation
  • Evidence mapping — current controls to NIS2 requirements
  • Prioritised action roadmap
  • Executive / IT summary (management-ready, non-technical language)
05SCOPE: NOT INCLUDED

What is out of scope

  • Ongoing compliance monitoring (available as a separate retainer engagement).
  • Technical penetration testing or vulnerability scanning.
  • Legal representation or regulatory authority filing.
  • Implementation of technical controls (this engagement is advisory).
  • DORA or AI Act compliance (separate service scope).
06OUTCOMES // OUTPUT

What you have when the engagement closes

  • 01

    A documented gap list mapped to NIS2 article requirements — precise enough to inform board-level decisions.

  • 02

    An evidence inventory that reveals exactly what your organisation already has and what must be produced.

  • 03

    A prioritised roadmap that sequences remediation by risk level, not by effort.

  • 04

    An executive summary your leadership can present to auditors, insurers, or regulators without translation.

07METHODOLOGY

How the engagement is delivered

1

Scope

Determine entity classification under NIS2 Annex I / II. Define applicable obligations and supervisory context.

2

Assess

Article-by-article gap analysis against current controls, documentation, and governance arrangements.

3

Map

Evidence inventory and documentation gap list. Existing controls mapped to NIS2 requirements.

4

Roadmap

Prioritised remediation roadmap. Sequenced by risk exposure, not effort.

5

Deliver

Full documentation pack and executive summary. Handover structured for internal use and external presentation.

Scope boundaries

Regcytech provides advisory and documentation readiness support. Clear boundaries are part of a trustworthy engagement:

  • We do not provide legal advice, legal representation or binding legal opinions.
  • We do not certify, and we are not an accredited audit body — our work supports your preparation.
  • We do not guarantee legal compliance: compliance also depends on how your organisation operates and on regulatory interpretation.
  • Our current services are not self-service software products — they include no client portal or automated compliance platform.

For questions of legal interpretation, we always recommend involving a qualified lawyer.

CONTACT

Begin with a gap assessment.

A short scoping conversation establishes whether your organisation falls within NIS2 scope and what an assessment would involve.