ADEQUACY NIS 2

Control, centralise and automate your NIS 2 compliance to avoid penalties and strengthen your resilience to cyber threats.

They trust us

The benefits of ADEQUACY NIS 2

Provide a simple, structuring tool for organizing your NIS 2 compliance.
Turn the NIS 2 directive into concrete action.

Structured approach

Assess your situation to build a clear plan of action

Global view

Get access to all the required modules in a single tool

Legal security

Centralise all your documentary obligations

Available as a standalone tool

Can be used on itsown or alongside the RGPD module

Objectives of the NIS 2 directive

Strengthen the resilience of critical entities

The Directive imposes stricter cybersecurity requirements on entities operating in critical sectors (energy, healthcare, transport...) and important sectors (digital services, manufacturing...). The aim is to ensure they are able to prevent, detect and respond to incidents.

Harmonizing cybersecurity obligations across the EU

The NIS 2 Directive aims to create a consistent framework across all Member States by harmonising rules and sanctions. This reduces regulatory disparities and strengthens cybersecurity across Europe.

Improving cooperation between members of the European Union

The directive strengthens cooperation between national authorities via the NIS Cooperation Group. It promotes information sharing and coordination in the event of cross-border incidents, encouraging a collective response.

Increasing the transparency and accountability of entities

Covered entities must report major incidents, assess risks and involve management in cybersecurity. This makes management more accountable and practices more transparent.

How can you professionalise your NIS2 compliance?

Assess your level of compliance with the NIS2 Directive

› A simple 32-question questionnaire to determine your level of compliance.

› Identify areas for improvement by visualising your current situation, and compare your level over time.

› Evaluate your situation to understand all the actions you need to take, and prioritise them.

› Use the identified and selected points for improvement to improuve your action plan.

Identify and qualify your incidents

›  Take advantage of a structured, supported approach to qualifying incidents and save time.

› Involve the relevant business teams in the incident qualification process using task management.

› Centralise your incident management and record your declarations to your CSIRT* or competent authority.

Plan your compliance projects

› Track your sites with trends, desired arbitrations and risksto escalate.

› Pilot the workloads allocated to the relevant business teamsand the human resources required.

› Visually represent project progress by attaching start andend dates.

Identify your policies and procedures

› Map, for each entity, the policies adopted within your organization.

› Record and harmonize all organizational, logical and physical security measures.

› Audit your applications for NIS2 compliance.

Keep track of your cyber hygiene awareness training

› Keep track of your cyber hygiene awareness training. You can also print out attendance certificates and sheets.

› Use the dashboard to pilot your activity and dedicated reporting to optimise accountability.

What are the differences between
NIS 1 and NIS 2?

Bouclier directive NIS 2
NIS 1
Came into force in July 2016.
(Transposition in 2018)
Essential
Came into force in January 2023.
(National transposition required by October 17, 2024)
Sector coverage

Limited to critical sectors such as energy, transport and healthcare

Extended: new sectors added, such as drinking water and digital production.

Entity resilience

Fewer specific technical requirements; enhanced risk management and security requirements


Enhanced risk management and security requirements

Harmonisation of rules

National approach with disparities between members of the European Union


EU-wide harmonised rules with common sanctions

Cooperation between members

Limited and unstructured cooperation


Enhanced cooperation via the NIS Group and joint response mechanisms

Obligation to notify incidents

Obligation to notify major incidents


Shorter notification period (24 hours), stricter criteria and greater transparency

Governance and accountability
Less pressure on management
Explicit management accountability and strengthened governance obligations

Discover Adequacy

One of our experts introduces Adequacy to you in a real situation.