Is your organization ready for NIS2?
Download our free checklist and find out where you stand. Covers the identity and access management requirements that most companies overlook.
What's inside the checklist
- NIS2 requirements mapped to identity governance controls
- Step-by-step checklist for access management compliance
- Gap analysis template to assess your current setup
- Timeline and deadline reference for NIS2 enforcement
- Specific controls that can be automated with Adcyma
What is NIS2 and why does it matter?
NIS2 is the EU directive on network and information security. It replaces the original NIS directive and significantly expands the scope — more sectors, stricter requirements, and real penalties for non-compliance. If your company operates in the EU or provides services to EU-based organizations, this likely affects you.
Who it affects
Companies in 18 sectors including IT services, healthcare, energy, finance, and digital infrastructure. The threshold is typically 50+ employees or EUR 10M+ revenue.
Key deadlines
EU member states were required to transpose NIS2 into national law by October 2024. Enforcement timelines vary by country, but organizations should be preparing now.
Penalties
Fines of up to EUR 10 million or 2% of global annual turnover for essential entities. Management can be held personally liable for non-compliance.
Who should download this checklist?
IT Managers
You manage user accounts and access in Entra ID or Active Directory and need to understand what NIS2 means for your daily work.
CISOs and Security Leads
You are preparing for NIS2 audits and need a clear picture of identity governance gaps in your organization.
CTOs at Growing Companies
Your company falls within the NIS2 scope and you need a practical starting point — not a 200-page consulting report.
How Adcyma makes NIS2 compliance easier
Automated access certifications
NIS2 requires regular access reviews. Adcyma runs them automatically and creates an audit trail — no spreadsheets needed.
User lifecycle management
Automate provisioning and deprovisioning in Entra ID. When someone leaves, their access goes with them — immediately.
Compliance reporting
Generate NIS2-ready reports showing who has access to what, when access was reviewed, and what changed. Auditors like clear evidence.
Least privilege enforcement
Define policies that limit access to what people actually need. Adcyma flags excessive permissions and helps you clean them up.
Common Questions
NIS2 applies to organizations in 18 sectors with 50 or more employees or EUR 10 million or more in annual revenue. Sectors include IT services, healthcare, energy, transport, finance, water management, and digital infrastructure. If you provide services to organizations in these sectors, you may also be in scope as a supplier.
Penalties vary by entity classification. Essential entities face fines of up to EUR 10 million or 2% of global turnover. Important entities face up to EUR 7 million or 1.4% of global turnover. Beyond fines, management can be held personally liable, and non-compliant organizations may face operational restrictions.
NIS2 requires organizations to implement access control policies, manage user identities properly, and maintain audit trails. Identity governance covers all of these: who has access to what, how access is granted and revoked, and whether access is regularly reviewed. It is one of the foundational controls for NIS2 compliance.
The checklist covers NIS2 requirements generally, so it is useful regardless of your identity provider. However, it does include specific guidance for organizations using Microsoft Entra ID, since that is where Adcyma specializes. If you use Entra ID, you will find the checklist especially relevant.
No. The checklist is a standalone resource you can use on your own. It will help you identify gaps and understand what needs to be done. If you decide you want to automate some of that work, Adcyma can help — but the checklist is valuable on its own.
Take the first step toward NIS2 compliance
Start with the checklist. Then try Adcyma free and see how much of the work you can automate.