Disclaimer

This self assessment is intended to clarify the NIS2 Directive.

Despite the care taken in developing this tool, no rights can be derived from its outcomes.
An outcome indicating "NIS2 is not applicable" does not mean your organization will not be affected by the NIS2 Directive:
- Growth or mergers of organizations can change the products and services or size of your organization, such that NIS2 obligations apply.
- If you are a supplier of organizations subject to the NIS2 Directive, they may impose additional security requirements on your organization.
- National transposition of the EU legislation can result in your company being subtject to NIS2 after all.

If you would like to talk to a NIS2 expert, please consult us at Secura.com/contact.

2

1. Is your organization already identified as essential under NIS1 or under national law?* This field is required.

YESNO

3

2. Was your organization identified as a critical entity by law before 17 July 2026?* This field is required.

YESNO

4

3. Determine if your organization must comply to NIS2 regardless of size.* This field is required.Some organizations are of critical importance to society. They must comply with NIS2 regardless of size. Let's find out if your organization belongs to this group of entities. Otherwise choose "OTHER".

1. You are the sole provider in a member state of a service which is essential for the maintenance of critical societal or economic activities.

2. A disruption of your service could have a significant impact on public safety, public security or public health.

3. A disruption of your service could induce a significant systemic risk, (in particular) with a potential cross-border impact.

4. Your organization is of specific importance at national or regional level for your particular sector or type of service, or for other interdependent sectors in the member state.

5. You are a provider of domain name registration services.

6. You are a provider of public electronic communications networks or of publicly available electronic communications services.

7. You are a provider of Trust service(s) (e.g., certificate authorities).

8. You are a provider of top-level domain name registries and domain name system service(s).

9. OTHER, none of the above applies to my organization.

5

4. NIS2 applies to your organization, regardless of size. Let's find out if you are classified as ESSENTIAL or IMPORTANT. Is your organization a publicly available electronic communications network provider?* This field is required.

YESNO

6

5. Your organization is a publicly available electronic communications network provider. Does your organization have 50+ employees or 10+ million euro yearly turnover?* This field is required.

YESNO

7

6. Are you a governmental organization (national, regional, local) or an educational institution?

YESNO

8

7. Are you a public administration entity of central government?* This field is required.

YESNO

9

8. You are a public administration entity of central government. Are you active in the areas of national security, public security, defense, or law enforcement, including the prevention, investigation, detection, and prosecution of criminal offences?* This field is required.

YESNO

10

9. You are active in the areas of national security, public security, defense, or law enforcement, including the prevention, investigation, detection, and prosecution of criminal offences. Does your organization also act as a trust service provider?* This field is required.

YESNO

11

10. Does your organization have 50+ employees or 10+ million euro yearly turnover?* This field is required.

YESNO

13

11-1 Energy Sector - Check your subsector Check if your organization is in the subsectors described below. ENTER YOUR ANSWER ON THE NEXT PAGE. If your organization is active in one of those subsectors, your organization is definitely considered an essential entity under NIS2. Otherwise, your organization could still fall under NIS2, but you have to answer a few more questions. You can enter your answer on the next page.

14