NIS2 art. 21 lists ten risk-management measures β but what do they mean technically? We break them down into measurable controls and a review that shows where you stand.
Run a free domain scan All checks βWe map the ten measures in art. 21 (risk analysis, incident handling, continuity, supply chain, vulnerability handling, cryptography, access control, etc.) to concrete technical controls we can measure in your environment.
Since the Cybersecurity Act implemented NIS2 in Sweden (Jan 2026), the requirements are enforced. But the law is principle-based β the key is translating 'appropriate and proportionate measures' into specific, provable controls.
Does NIS2 apply to us?
NIS2 applies to essential and important entities in designated sectors β and their suppliers via the requirements. We help you address the technical side regardless.
How does it differ from ISO 27001?
ISO 27001 is a certifiable management system; NIS2 is law. They overlap technically β our review serves both.
Do you give legal advice?
No β we deliver the technical evidence. The legal interpretation rests with you or your advisor.
Run a free scan or order a full Security Assessment β prioritised, not noise.
Run a free domain scan