Scope check
Enter your sector, size and supply-chain exposure, and find out in minutes whether you count as an essential, important, or indirectly affected entity.
Check your scopeNIS2 in plain terms
Understand NIS2 — without the stress.
NIS2 strengthens Europe's cyber resilience — and it looks more complicated than it is. Here are the requirements in plain language, plus two free tools for the two questions that actually matter: are you in scope? And can you prove you meet your duties?
Free. No sign-up. Your inputs stay in your browser.
Two tools that help immediately.
No blog. No lead form before the first answer. Two open tools that answer a concrete question, right in your browser.
§30 obligations matrix
The ten risk-management measures under §30 BSIG — translated into concrete evidence and the matching Microsoft 365 source.
See the obligations matrixWhat counts as NIS2 evidence — and what doesn't.
NIS2 does not ask for a promise of protection. It asks for proof: policies exist, measures work, and the management body is informed.
Proof, not claims
A filled-in Word document is not evidence; evidence is structured, dated, linked to its source.
Current, not one-off
A checklist is stale the moment it is saved; evidence has to stay fresh.
For the management body
Art. 20 / §38 BSIG requires a traceable record at leadership level, not just inside IT.
Who's already asking for evidence.
| Who asks | What they want |
|---|---|
| OEM / customer | A NIS2 supply-chain questionnaire, often with a contract clause |
| Cyber insurer | Structured evidence for underwriting and renewal |
| Management body | A record under Art. 20 / §38 BSIG to limit personal liability |
| BSI / regulator | Registration and the ability to report incidents |
The key questions, answered briefly.
Who is in scope?
Sector, thresholds and supply-chain context in one overview.
To scopeWhich duties apply?
The §30 measures as an evidence matrix.
To obligations matrixWhat should suppliers prepare?
Evidence for OEMs, insurers and customers.
To supply-chain evidenceWhich deadlines matter?
DACH calendar for Germany and Austria.
To deadlinesDo I need a consultant?
What you can prepare yourself.
Scope adviceNIS2 hits the sectors already under scrutiny.
Energy, healthcare, water, manufacturing and logistics are among the most regulated areas. We know the reality — down to the § level.
Anti-theater, not anti-cyber.
We are not a SOC, not a fear-seller, and not a box-ticker. Today the focus is information and the tool, not a product sale.
FAQ
Is Directive Zero a certificate?
No. We attest evidence; we do not certify and we are not a conformity-assessment body.
Does the scope check cost anything?
No. The scope check and the obligations matrix are free and require no sign-up.
Do my inputs leave the browser?
No. The evaluation runs locally in your browser; we do not store your answers.