How many measures does §30 BSIG require?
Ten minimum risk-management measures that every affected entity must implement.
§30 obligations matrix
What does NIS2 require of me?
This matrix turns legal text into evidence. For each of the ten §30 measures you see what it means, which record satisfies it, and where that record can come from in a Microsoft 365 environment.
Matrix columns
| Column | Content |
|---|---|
| Measure | The §30 measure in plain language |
| Legal text | Reference to the statutory wording |
| Evidence | The artifact that proves the measure |
| M365 source | Where the record comes from in Microsoft 365 |
| ISO 27001 mapping | The related ISO control |
| Status | Local self-assessment |
| Last reviewed | Date of the last assessment |
DirectiveØ
All duties for your entity class under Germany's NIS2 implementation act, translated into concrete measures. Assess your implementation status — the score stays local in your browser.
Basis: NIS2UmsuCG / §§30-39 BSIG · Art. 20-21 NIS2 · no registration, no email required
Step 1 — Entity class
Which class applies to your company? Unsure? Run the Check your scope.
0%implemented
0 open 0 partial 0 done
What next?
This self-assessment is the first step. Customers, insurers, and auditors want structured, current evidence. Use the report as your working state and close the open items.
This tool does not replace legal advice. The measure mapping follows §§30-39 BSIG (NIS2UmsuCG) and Art. 20-21 NIS2; sector-specific rules may take precedence. Your inputs are stored only locally in your browser.
From checklist to living evidence
A checklist is stale the moment it is saved. What counts is living evidence: current, linked, audit-ready.
FAQ
Is an ISO 27001 certification enough for NIS2?
ISO 27001 covers many §30 measures but is not an automatic NIS2 proof. NIS2-specific duties such as incident reporting and registration come on top.
What makes good evidence?
A structured, dated record linked to its source and carrying a last-reviewed date — not a one-off filled-in document.