NIS2 enters into force in 2026. We automate 76% of technical Art.21 requirements and collect the rest via attestations. Total cost: SEK 15,000 instead of SEK 80,000.
Register interest βArt.21.2 lists ten minimum requirements that essential and important entities must implement. Here is how we cover them:
| Art.21.2 | Requirement | Security Guru |
|---|---|---|
| a) | Risk analysis + security policy | β Attestation |
| b) | Incident handling | β Auditd rules, log forwarding, SIEM detection |
| c) | Backup + disaster recovery | β Backup validation (not just existence β functionality) |
| d) | Supply chain | β CVE in deps, GitHub Advisory, OSV mapping |
| e) | Network security + procurement | β Segmentation, OT protocols, port exposure |
| f) | Vulnerability management | β CVE matching, KEV, EPSS prioritisation |
| g) | Effectiveness measurement | β Attestation (KPI process) |
| h) | Cryptography + authentication | β TLS config, DKIM/SPF, MFA gates, PKI |
| i) | HR security + access rights | β AD RBAC, stale users, privileged accounts |
| j) | MFA + secure communications | β MFA detection per service, S/MIME, end-to-end |
NIS2 introduces personal liability for management members. The board must:
Our Compliance module collects attestations for Art.20 and can produce a board pack for the next board meeting with the same traceability the auditor will require.
In the event of an incident with significant impact you must:
We cannot report on your behalf, but our scan report provides rapid root cause mapping that otherwise takes consultant hours.
Fill in the form β we'll get back to you within 24 hours.