2026 Compliance Guide
NIS2 Compliance Checklist:
15 Requirements You Must Meet
The complete checklist for NIS2 Directive compliance — risk management, incident reporting timelines, governance requirements, supply chain security, and business continuity. Every article reference included.
15
Checklist Items
18
Sectors Covered
24h
First Report
NIS2 Compliance Timeline
Key deadlines you need to know. The directive is already in force — preparation is critical.
October 17, 2024
Completed
NIS2 Entered Into Force
EU Member States must transpose into national law
April 17, 2025
Transposition Deadline
Final deadline for Member States to adopt NIS2
October 17, 2025
Full Enforcement Begins
All compliance requirements take effect
5 Compliance Areas, 15 Requirements
Every checklist item is tied to specific NIS2 Directive articles, with clear guidance on what "compliant" looks like.
Risk Management
3 requirements
Security policies, incident handling, risk assessments
Reference: Article 21(2)(a)(b)
Incident Reporting
3 requirements
24h early warning, 72h notification, 1 month final report
Reference: Article 23(2)
Security Governance
3 requirements
Board accountability, training, access control
Reference: Article 20 & 21(2)(d)
Supply Chain Security
3 requirements
Third-party assessments, vendor contracts, vulnerability monitoring
Reference: Article 21(2)(d)
Business Continuity
3 requirements
Backup & DR, crisis management, system resilience
Reference: Article 21(2)(b)(c)
Non-Compliance Penalties
NIS2 introduces significant fines and personal liability for management bodies. Understanding your entity classification is critical.
Essential Entities
Maximum administrative fines
Up to €10M
or
2% of global annual turnover
Sectors: Energy, transport, banking, healthcare, digital infrastructure
Important Entities
Maximum administrative fines
Up to €7M
or
1.4% of global annual turnover
Sectors: Postal services, chemicals, food, manufacturing, digital providers
Personal Liability for Management
Article 20(1) holds management bodies personally liable for non-compliance. This includes potential temporary bans from management positions and personal fines in certain Member States.
What's in the Checklist
15 Actionable Requirements
Every NIS2 requirement in plain language with clear compliance criteria
Article References
Exact NIS2 Directive article citations for each requirement
Incident Reporting Timelines
24h/72h/1 month reporting requirements with templates
Entity Classification Guide
Determine if you're Essential or Important entity
Compliance Priorities
Which requirements to tackle first based on risk
QR Code Links
Access Resiliently's interactive NIS2 compliance tools
📋 Printable PDF — designed for easy reference during compliance assessments
Ready to Assess Your NIS2 Compliance?
Download the checklist now. Use it to evaluate your current posture and identify gaps before enforcement begins.
Get the Free Checklist