TrustedOrb logo
Book a Consult

NIS2 READINESS

NIS2 Readiness Assessment

Understand whether your organisation may be in scope, where your cybersecurity gaps are, and what to prioritise next.

Start the assessment Book a readiness call

WHAT THIS ASSESSMENT ANSWERS

Practical questions, before the legal ones.

Practical context

NIS2 is Directive (EU) 2022/2555, the EU framework for a higher common level of cybersecurity across Member States. EU countries were required to transpose it into national law and apply national measures from October 2024.

For organisations, practical obligations depend on the relevant country, sector, size, entity classification, and role in the supply chain. This screening gives an indicative EU-level view and helps identify where a country-specific applicability review may be needed.

  • Could NIS2 apply to us in one or more EU Member States?
  • Are we likely an essential or important entity, or a supplier to one?
  • Which cybersecurity controls are missing or inconsistently applied?
  • What should we do in the next 30, 60, and 90 days?

For Romanian operations, the national framework is based on OUG/GEO 155/2024, approved and amended by Law 124/2025.

WHO THIS IS FOR

Sectors where NIS2 readiness usually matters.

The directive covers a wide set of sectors and many of their suppliers. Examples (not exhaustive, and not a substitute for a formal applicability assessment):

  • Energy
  • Transport
  • Banking & financial markets
  • Health
  • Drinking & waste water
  • Digital infrastructure
  • Cloud, data centre, DNS, telecom
  • Managed IT & security services
  • Public administration
  • Food, chemical, manufacturing
  • Postal & courier services
  • Research

QUESTIONNAIRE

NIS2 Preliminary Assessment + FREE Guide

Answer the seven questions below. At the end, we’ll ask for your name, email address, and organization so we can send the results, along with a free checklist of recommendations, to you and the TrustedOrb team.

WHAT WE DELIVER

A practical NIS2 readiness package.

The engagement is structured to give you usable outputs at each step, not a single oversized document at the end.

  • 01

    NIS2 applicability workshop

    Confirm whether you are in scope and as which entity type, with reasoning you can defend internally.

  • 02

    Cybersecurity gap assessment

    Controls measured against NIS2-aligned expectations, with evidence of what is in place today.

  • 03

    Incident response readiness

    Review of playbooks, escalation paths, and notification flow under realistic conditions.

  • 04

    Policy and procedure review

    What to keep, what to update, and what is missing for NIS2 alignment.

  • 05

    Supplier and evidence review

    Contractual obligations and the security evidence pack you can hand to customers.

  • 06

    30/60/90-day roadmap

    Prioritised remediation plan with owners, milestones, and realistic timelines.

Optional add-on

Tabletop exercise

Pressure-test the plan with the people who would actually run it during a real incident.