Cybersecurity Act comes into force January 15, 2026

NIS2 GAP Analysis – Measure your cybersecurity maturity

Take our free GAP analysis and get an immediate assessment of how well your organization meets the NIS2 directive requirements. Identify gaps and prioritize actions ahead of the Cybersecurity Act.

Start GAP Analysis Book Consultation

NIS2 Classification Tool

Determine if your business is covered by the NIS2 directive and what entity type you are classified as.

NIS2 & ISO 27001 Mapping

See how ISO 27001 can be used as a foundation for NIS2 compliance, including gap analysis and recommendations.

What is the NIS2 Directive and Cybersecurity Act?

The NIS2 Directive (Network and Information Security Directive 2) is the EU's updated cybersecurity framework coming into Swedish law. It sets stricter requirements for risk management, incident reporting, and supply chain security.

Is your business covered?

The law applies to companies with more than 50 employees or turnover over 10 million euros, as well as municipalities, regions, and most government agencies. Particularly affected sectors include:

Energy
Transport
Healthcare
Water supply
Digital infrastructure
Public administration
Manufacturing
Food
Chemicals

Free NIS2 GAP Analysis – Assess Your Maturity

A GAP analysis identifies the difference between your current cybersecurity level and NIS2 directive requirements. Answer 7 questions and get an immediate maturity assessment.

Takes 2 minutes Completely free Download PDF report
Question 1 of 7 0%

Do you have a documented risk management process for cybersecurity?

NIS2 Requirements: 6 Areas for Compliance

The Cybersecurity Act sets requirements in these six main areas. A GAP analysis helps you identify which areas need strengthening.

Risk Management

Implement systematic cybersecurity risk management with documented processes.

Incident Handling

24-hour reporting requirement for serious incidents to the supervisory authority.

Business Continuity

Backups, disaster recovery, and documented continuity planning.

Supply Chain

Manage cybersecurity risks from suppliers and subcontractors.

Encryption & Access Control

Appropriate encryption measures and secure access management.

Management Responsibility

Personal liability for board and management – documented management system required.

How to Achieve NIS2 Compliance

A structured process to go from GAP analysis to full Cybersecurity Act compliance.

1

GAP Analysis

Map the current state and identify gaps against NIS2 requirements with our free analysis.

2

Prioritization

Rank identified gaps based on risk and resource requirements for effective action planning.

3

Implementation

Implement security measures, document processes, and train staff.

4

Follow-up

Continuous monitoring, regular audits, and updating of security work.

Frequently Asked Questions about NIS2

What is the difference between NIS2 and the Cybersecurity Act?

NIS2 is the EU directive that establishes common cybersecurity requirements. The Cybersecurity Act is the Swedish law that implements the NIS2 directive into Swedish law and comes into force on January 15, 2026.

What is a NIS2 GAP analysis?

A GAP analysis is a systematic review that compares your current cybersecurity level with the requirements of the NIS2 directive. The analysis identifies the "gaps" – the areas where you do not meet the requirements – and helps you prioritize what measures are needed.

Which organizations are covered by NIS2?

NIS2 covers companies with at least 50 employees or 10 million euros in turnover in critical sectors such as energy, transport, healthcare, water supply, and digital infrastructure. Municipalities, regions, and government agencies are also covered. Use our classification tool to check if you are covered.

What happens if we do not meet the NIS2 requirements?

Non-compliance can lead to significant fines – up to 10 million euros or 2% of global annual turnover for essential entities. There is also personal liability for management and risk of operational bans for serious violations.

How long does it take to become NIS2-compliant?

The time required varies depending on your current maturity level and the size of the organization. An initial GAP analysis can be completed in a few days, while full implementation of all security measures can take several months. Start with our free GAP analysis to get an initial assessment.

Can ISO 27001 be used for NIS2 compliance?

Yes, ISO 27001 certification provides an excellent foundation for NIS2 compliance and covers many of the requirements. However, NIS2 requires certain specific measures such as reporting within 24 hours and supply chain security. See our NIS2 & ISO 27001 mapping for details.

Start Your NIS2 Compliance Journey Today

Our platform helps you systematically manage risk assessments, document security measures, and stay ready for regulatory requirements.

Book Free Consultation See GAP Analysis Module

Wir verwenden anonyme Statistiken ohne Cookies, um die Website zu verbessern. Mehr erfahren