Kardu

Am I subject to NIS2?

Check your regulatory obligation and evaluate your cybersecurity posture in 5 minutes. No CISO required.

The NIS2 Directive applies to all medium and large companies in critical sectors (energy, healthcare, transport, finance, digital infrastructure) across the EU. Non-compliance can result in fines up to €10 million or 2% of global turnover.

This assessment helps you verify if your company falls under NIS2 scope, evaluate your current readiness on a 0–100 scale, and identify the 3 highest-impact controls you need to implement.

Question 1 of 9

Which sector does your company operate in?

FAQ

Frequently asked questions

The NIS2 Directive (2022/2555) is the EU's new cybersecurity obligation affecting all medium and large enterprises in critical sectors: energy, healthcare, transport, banking, digital infrastructure. It requires a minimum level of information security and incident reporting.

You are subject if: (1) you operate in a critical sector (energy, healthcare, transport, banking, digital infrastructure), (2) you are a medium (50+ employees or €10M turnover) or large (250+ employees or €50M turnover) enterprise, or (3) national authorities designate you as "important" even if you are smaller. This assessment helps you verify in less than 5 minutes.

Fines for non-compliance reach up to €10 million or 2% of global turnover (whichever is greater). A security incident mismanaged under NIS2 carries additional penalties. Compliance now avoids these consequences.

Between 4 and 6 minutes. Nine multiple-choice questions. You receive a Compliance Score (0–100), a risk verdict in 4 bands, and the 3 priority controls you need to implement.

Yes, free. We ask for a work email to send your full report. We don't sell data or add you to newsletters — just your report and, if you allow, early access to Kardu's beta.