NIS2 Compliance Assessment

Are you ready for NIS2 compliance? Understand your gaps and build long-term digital and operational resilience

NIS2 replaces the original NIS Directive from 2016, which sought to set a high level of cybersecurity across critical infrastructure across the EU. NIS2 is an important update, with the original NIS directive considered to have limited scope and lack of consistency in its application by member states. NIS2 therefore includes an expanded scope of EU impacted entities and a wider supervisory and coordinated regime from member states which entities will need to register with.

Get a Quote

24X7 Hotline

How has NIS2 changed from NIS Directive ?

Requirements	NIS Directive	NIS2 Directive
Risk Management Requirements	Required entities to implement "appropriate and proportionate" security measures	Imposes stricter requirements, focusing on: Supply chain security and third-party risks Incident response planning Encryption Business continuity
Sectors in Scope	Banking Healthcare Energy Transport Digital Service Providers Water Supply Digital Infrastructure	Expanded scope adding the following new sectors: Space Public Administration Waste and Wastewater Management ICT Service Management Providers of Public Electronic Communications Networks or Services Chemicals Food Research Postal and Courier Services
Reporting Requirements	Reports cyber incidents to national authorities within a reasonable timeframe	Incidents reported within 24 hours Follow-up reports required after 72 hours Final detailed report within a month
Penalties	Allowed member states to set penalties for noncompliance	Essential Entities - up to €10 million euros or 2% of global annual turnover Important Entities - up to €7 million or 1.4% of their global annual turnover

How Kroll Can Help You Achieve NIS2 Compliance

Kroll has a long track record of working with organizations across critical infrastructure sectors, enabling them to achieve their security and regulatory goals across multiple jurisdictions. We leverage agile methodologies and accelerators and frontline intelligence from thousands of incident response cases a year, to provide support and prepare your organization to meet NIS2 requirements.

Understand Your Maturity in Relation to NIS2 Requirements

Gap assessment of your NIS2 compliance maturity against specific provisions highlighting key weaknesses and key recommendations.

Have a Clear Roadmap to NIS2 Compliance While Reducing Longer Term Risk

Clear roadmap toward NIS2 compliance with priority tasks and key milestones. An action tracker is also provided with recommended owners to help stakeholders in effective project management.

Implement Remedial Measures to Maintain Cyber Resiliency

With our portfolio of advisory, transformation and managed services, we can assist you with the implementation of NIS2-aligned policies and procedures, controls and services such as incident management, business continuity, third-party risk management.

How It Works

Our three-phased approach helps organizations of all sizes address any stage of NIS2 compliance:

Gap Assessment

As part of our gap assessment, we provide a clear risk rating against NIS2 requirements, whilst giving a quantitative measure of compliance status covering:

Governance

Allocation of responsibilities (board, committees and individuals)
Training of management and all employees

Cyber Risk Management

Designing, developing, availability and consideration of risk in systems
Supply chain security
Basic cyber hygiene, encryption, access and HR security
Existence of comprehensive policies and procedures for risk management

Reporting and Registering Articles

Reporting incidents
Reporting vulnerabilities
Collaboration
Registration
Breach notification

Roadmap

Off the back of the assessment, we provide you with a roadmap report along with an action tracker for effective project management including:

Target levels of compliance and maturity in each assessment area
Actionable tasks with effort ratings
Reasonable timeframes for completion of individual tasks
Recommend task owners

Implementation and Remediation

Having identified NIS2 compliance key gaps, Kroll can assist with senior advisory support with regards to compliance adherence of remediation initiatives such as:

Program design and assessments
Business continuity and disaster recovery
Third-party risk management (due diligence assessments, third-party monitoring, contractual risk review etc.)

Kroll can also support with the review and development of policies, procedures, reports, mappings and risk assessments, leveraging specially-tailored templates.

NIS2 Compliance Assessment in Your Cyber Risk Retainer

Our NIS2 Compliance Assessment, along with many other cybersecurity and compliance services, can be delivered as part of Kroll’s ultra-flexible Cyber Risk Retainer. In addition to prioritized access to Kroll’s elite digital forensics and incident response team ahead of and in the event of an incident, the Retainer can also be used for services like penetration testing, risk assessments and tabletop exercises, to name just a few.

Why Kroll?

Experience in Building Multi-jurisdictional Governance Programs

Our team consists of experts who have designed and led numerous compliance audits at large multi-jurisdictional organizations, assessing and evaluating domains across cyber strategy, governance and procedural controls in the context of regulatory requirements and industry standards including ISO27001, COBIT and NIST, DORA, NIS2, SAMA CSF and more.

Experienced, Accredited Cybersecurity Professionals

700+ skilled and certified cybersecurity experts across the globe, experienced in not only helping clients comply with multiple regulations but staying resilient ahead of the changing landscape.

Solutions across the NIS2 Maturity Lifecycle

Our solutions can address all aspects of NIS2 compliance and maturity; from assessing all possible gaps/weaknesses and advising on remediation with our consultancy expertise to implementing the right controls and services.

Unrivalled Frontline Intelligence

With unrivalled exposure to thousands of incident response cases each year, we know what’s needed to stay resilient to cyber threats.

Fast Implementation, Built on Previous Engagements

We leverage our NIS2-tailored policies and procedures templates to provide immediate value as we roll out your tailored program.

Connect With Us

Tiernan Connolly

Managing DirectorCyber and Data ResilienceDublin

Colin Sheppard

Regional Managing Director, EMEACyber and Data ResilienceLondon

Craig Parkin

Associate Managing DirectorCyber and Data ResilienceLondon

Stay Ahead With Kroll

Cyber and Data Resilience

Kroll merges elite security and data risk expertise with frontline intelligence from thousands of incident response, regulatory compliance, financial crime and due diligence engagements to make our clients more cyber resilient.

Learn More

Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate security, legal, compliance and regulatory risk.

Learn More

Financial Services Compliance and Regulation

In the ever-evolving financial services landscape, Kroll's award-winning team offers comprehensive regulatory and compliance services, guiding clients through registration, licensing, and compliance support to minimize risks and enhance efficiency globally.

Learn More

Threat Exposure Management

Kroll’s field-proven cyber security assessment and testing solutions help identify, evaluate and prioritize risks to people, data, operations and technologies worldwide.

Learn More

Cyber Risk Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

Learn More

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

Learn More

Explore Insights

May 2, 2025

Cyber