OS
Oliver Schmidt-Prietz
/

NIS2 Self-Assessment with AI

0 views

๐—” ๐—ฏ๐—ถ๐—ธ๐—ฒ ๐—บ๐—ฎ๐—ป๐˜‚๐—ณ๐—ฎ๐—ฐ๐˜๐˜‚๐—ฟ๐—ฒ๐—ฟ ๐˜„๐—ถ๐˜๐—ต ๐Ÿฎ๐Ÿฌ๐Ÿฌ ๐—ฒ๐—บ๐—ฝ๐—น๐—ผ๐˜†๐—ฒ๐—ฒ๐˜€ ๐—ท๐˜‚๐˜€๐˜ ๐—ณ๐—ผ๐˜‚๐—ป๐—ฑ ๐—ผ๐˜‚๐˜ ๐˜๐—ต๐—ฒ๐˜† ๐—ณ๐—ฎ๐—น๐—น ๐˜‚๐—ป๐—ฑ๐—ฒ๐—ฟ ๐—ก๐—œ๐—ฆ๐Ÿฎ.

Other transport equipment, NACE C.30, Annex II. Nobody told them โ€” because under NIS2, nobody will. You have to figure it out yourself.

#NIS2 is what #GDPR did for personal data, but for cybersecurity. If you provide services that matter to the economy and you're above a certain size you secure your IT systems, report incidents, prove you're doing both. Across the EU, manufacturing, food, chemicals, waste management are hitting cybersecurity regulation for the first time.

That bike company now faces 10 mandatory risk management measures under Art. 21. A 24-hour incident reporting obligation โ€” running parallel to GDPR's 72-hour track to a different authority. And management body liability: Art. 20 requires personal board engagement. Germany went further with ยง 38(2) BSIG: the Managing Director/CEO is personally liable. Not the company, the person.

Transposition varies wildly in the #EU. Germany in force since December 2025, no transition. Italy live since October 2024. France, Netherlands, Spain still pending.

The German Federal Office for Information Security (BSI) offers a free scope check tool. It tells you whether you're affected. But it stops there.

So I built a NIS2 Navigator - a Claude Skill that runs scope classification, gap analysis across all 10 measures, and a prioritized roadmap in ~20 minutes. Deep German integration, plus profiles for Italy, France, Netherlands, Austria, Spain. Built on the Directive, ENISA guidance, and BSI #nis2know packages.