NIS2 Impact Assessment: Is Your Company Affected by the NIS2 Directive?
Find out in just a few minutes whether your organization falls under the NIS2 Directive and what obligations arise — free and without obligation.
What is the NIS2 Impact Assessment?
The NIS2 Impact Assessment determines whether your organization falls under the NIS2 Directive (EU 2022/2555). Based on sector and size criteria under Section 28 BSIG, you receive a clear classification and your obligations catalog.
Based on Section 28 BSIG and NIS2 Directive 2022/2555
18 sectors assessed
Clear classification: particularly important, important, or not affected
Legal Basis
Section 28 BSIG — Particularly Important and Important Entities
Defines the criteria for classification as particularly important or important entities — based on sector affiliation and company size.
NIS2 Directive 2022/2555 — EU-Wide Cybersecurity
The EU directive on network and information security requires member states to implement enhanced cybersecurity requirements for critical and important entities.
Section 30 BSIG — Risk Management Measures
Affected entities must implement technical and organizational risk management measures — including incident reporting, business continuity, and supply chain security.
How the Assessment Works
Answer the Questions
Answer questions about your sector, company size, and activities.
Determine Sector and Size
The assessment determines your sector affiliation and relevant size criteria under Section 28 BSIG.
Get Your Results
Receive a clear classification with obligations catalog: risk management, incident reporting, and registration deadlines.
Your Benefits
Free & No Obligation
No hidden costs — your NIS2 impact assessment is completely free.
Legally Founded
Assessment based on Section 28 BSIG and the NIS2 Directive with specific legal references.
18 Sectors Covered
All sectors specified in the NIS2 Directive are considered in the assessment.
Clear Recommendations
If affected, you receive a specific obligations catalog with deadlines and required measures.
Frequently Asked Questions
What is the NIS2 Directive?
The NIS2 Directive (EU 2022/2555) is the EU directive on network and information security. It was transposed into German law through the NIS2 Implementation and Cybersecurity Strengthening Act (NIS2UmsuCG).
Is the assessment free?
Yes, the NIS2 Impact Assessment is completely free and without obligation. You receive your classification at no cost.
Which organizations are affected by NIS2?
Organizations in 18 defined sectors that meet the size criteria for medium or large enterprises are affected. These include energy, transport, healthcare, digital infrastructure, and more.
What happens if my organization is affected?
Affected organizations must implement risk management measures, report security incidents, register with BSI, and ensure management accountability.
When does NIS2 apply in Germany?
The NIS2UmsuCG has been in force since 06 December 2025. Affected entities must implement the requirements on time and register with BSI.