NIS2 Impact Check

The NIS2 impact check of the BSIs is easy to use and requires no previous knowledge or expertise in cybersecurity. It thus offers you a straightforward way to get to grips with the draft law and understand its implications for your organization.

Why is the NIS2 Impact Check Important for Your Company?

With the NIS2UmsuCG, the German government plans to strengthen the security of critical infrastructures and digital services in Germany. Under certain criteria, companies are therefore obliged to take measures to increase cybersecurity and to report security incidents. These measures include, for example, appointing a responsible person for information security and setting up a reporting and information exchange system.
To ensure that your company meets the requirements of the NIS2UmsvCG and that any obligations are not overlooked, it is advisable to take a close look at your own status at an early stage. The NIS2 impact check offers you a quick and easy way to determine whether your company is affected by the bill and, if so, what measures may be required.
If you have any questions or are unsure about anything, you can contact our experts at any time. We are happy to help you achieve greater security and compliance in the area of cyber security.

How the non-binding NIS2 Online Check is Conducted

The BSI's digital NIS2 impact check is divided into three sections:

1. General information

This section asks for general information about your company, including your address, the industry in which you operate, and the number of employees.

2. NIS2 Impact Check

In this section, you will be asked a series of yes/no questions about specific areas and activities in your company that could potentially be affected by NIS2. Among other things, this includes compliance with security measures, maintaining the integrity and availability of your IT systems, and reporting security incidents.

3. Results overview

After answering the questions, you will receive a clear summary of how you are affected by NIS2. A distinction is made between areas in which you could be affected by NIS2 and areas in which you are not expected to be affected.

Conclusion

The NIS2 impact check by the BSI is anonymous and does not provide any personal data or identification options. It serves as a guide and is based on the current draft of the NIS2UmsVGC. Participation is voluntary and non-binding, but it can help you assess your IT security status. Please observe the applicable data protection regulations and store the results in accordance with the specifications. The BSI does not offer legal advice and participation in the impact check does not constitute a legal basis for future actions by your company. Thank you for your interest.