Is Your Company
Subject to NIS2?
A structured self-assessment questionnaire for CIOs, CISOs, and IT managers. In 3 steps and across 17 operational areas, verify your entity status and cybersecurity risk level instantly.
10M €
Maximum fine for essential entities or up to 2% of global annual turnover
7M €
Maximum fine for important entities or up to 1.4% of global annual turnover
300%
Of annual salary – potential personal liability penalty for the manager of an essential entity
24h
Deadline for the initial notification of a significant incident to the relevant CSIRT
This questionnaire is for you if...
…you are responsible for IT, information security, or business continuity – and you are unsure whether the National Cybersecurity System Act (UKSC) applies to your organization, to what extent, and what actions you should take.
Your role
CIO, CISO, IT Manager, Operations Director, Security Officer, Compliance Officer
Your company
Your sector
Energy, transport, healthcare, finance, digital infrastructure, manufacturing, postal services, waste management, food industry, and more
Even small organizations may fall under NIS2
DNS providers, TLD operators, trust service providers, and critical entities may fall under NIS2 regardless of company size. The questionnaire verifies these exceptions automatically.
What will you receive after completing the assessment?
The result provides a concrete, actionable starting point for discussions with management, preparation for S46 registration, or planning cybersecurity risk management measures.
-
Legal qualification
Find out whether your organization qualifies as an essential entity, important entity, or falls outside the scope of the UKSC Act – including the legal basis (Article 5 UKSC and Annexes 1 & 2). -
Risk map
Identify the areas with the highest non-compliance risk across 17 operational requirements, including ISMS, risk management, business continuity, supply chain security, and more. -
Risk level
Your answers are translated into a quantified operational risk level: High / Medium / Low – with contextual interpretation. -
Results by email
If you wish, we can send a complete summary of your responses and risk assessment to your email address for internal use and management reporting.
ImportantThis questionnaire is a self-assessment tool based on Article 5(1) and 5(2) of the amended National Cybersecurity System Act (UKSC) of January 23, 2026, including Annexes 1 and 2. It does not replace formal legal advice or a compliance audit. If you require a formal assessment or support with S46 registration preparation, we can help.
Three Steps to Assessment
1
Company Size Qualification
Verification of company size and exceptions
We verify employee count and annual turnover while automatically checking exceptions for smaller organizations. Even companies with fewer than 50 employees may fall under NIS2 as DNS providers, TLD operators, trust service providers, or critical entities under the CER Directive. The assessment logic handles these scenarios automatically.
2
Sector Verification
Sector analysis and entity classification
Based on your business profile, we determine whether your organization operates in an essential sector (UKSC Annex 1: energy, healthcare, banking, transport, digital infrastructure, etc.) or an important sector (UKSC Annex 2: manufacturing, food industry, postal services, waste management, etc.). Result: essential entity, important entity, or out of scope – together with legal and financial implications.
3
Operational Assessment · 17 Areas
17 operational requirements and readiness analysis
A concise verification of organizational readiness across key areas required under the UKSC Act, including: entity registration obligations, ISMS implementation, management board cybersecurity training, supplier risk assessment, 24-hour incident reporting capability, operational documentation, risk estimation, business continuity planning, system monitoring, and more. The result is available instantly – without registration. You can also request a free consultation with a Knoxtera expert.
NIS2 / UKSC Self-Assessment Questionnaire
Completion time: approx. 5 minutes · Instant results · No registration required · Self-identification based on Article 5 UKSC and Annexes 1 & 2
Answers to Frequently Asked Questions
Does this tool provide legal certainty?
It does not replace legal advice. The assessment is based on the logic of the UKSC Act and should be treated as a starting point for discussions with legal advisors or compliance auditors. The result is indicative only.
Who should complete this questionnaire?
A decision-maker within the organization – CEO, Managing Director, Security Officer, Compliance Officer, or in-house legal counsel. You will need information regarding company size, turnover, and sector.
How long does completion take?
Steps 1 and 2 take approximately 2 minutes. If your organization falls under NIS2, the operational readiness assessment (17 questions) takes an additional 5-8 minutes. Total time: up to 10 minutes.
What happens to my data?
Providing your email address is optional and used solely for sending assessment results. We do not send spam or share your data with third parties. You may skip the email field entirely.
What is the classification logic based on?
The questions and criteria are based directly on the amended National Cybersecurity System Act implementing the NIS2 Directive, including Annexes 1 and 2.
What does “out of scope” mean?
It means that, based on the information provided, your organization is currently not subject to NIS2 obligations. However, regulatory scope may change with future amendments, so monitoring legal developments is recommended.