Skill

legalcode-nis2-compliance-assessment

NIS2 Directive (EU 2022/2555) compliance assessment for essential and important entities covering entity classification (essential vs. important), all ten Article 21 risk management measures, Article 23 incident reporting obligations (24-hour early warning, 72-hour notification, one-month final report), Article 32 board accountability and training mandates, supply chain security requirements, cross-border cooperation, and intersection with GDPR, DORA, and sector-specific regulations. Use when an organization needs to determine NIS2 applicability, assess compliance posture against the ten risk management measures, design incident reporting procedures, prepare for supervisory examination, or understand member state transposition variations. Covers entity classification gates, all ten Article 21 measures with implementation checklists and evidence requirements, incident significance thresholds and reporting timelines, supply chain risk methodology, board-level governance, and cross-directive alignment. Produces compliance assessments with COMPLIANT/PARTIAL/ NON-COMPLIANT/CRITICAL classifications, prioritized remediation roadmaps with timelines, incident reporting readiness checklists, and board-level governance recommendations. Jurisdiction-agnostic core (NIS2 Directive 2022/2555) with [JURISDICTION-SPECIFIC] markers for national implementations across EU member states and sector-specific variations.