NIS2 Supplier Readiness Check — BARE Consulting
CONSULTING
NIS2 · Supply Chain

NIS2 Supplier
Readiness Check

Your enterprise customers are subject to NIS2. Under Article 21(2)(d), they are required to assess and manage the security of their supply chain — which includes you.

This tool identifies your exposure level and shows you where your readiness gaps are before your customers come asking.

Exposure assessment
Which of your customers are NIS2-obligated and what that triggers contractually
Gap analysis
Where your current security posture falls short of what enterprise buyers will require
Certification check
Whether ISO 27001 or SOC 2 closes the gap — or whether more is needed
Concrete next steps
A prioritised action plan based on your specific situation, not a generic checklist

Takes about 3 minutes. No account required.

Your enterprise customers

Which sectors do your enterprise customers operate in? Select all that apply.

Essential entities — Annex I (highest NIS2 obligations)
Important entities — Annex II

Please select at least one sector to continue.

Where are they based?

Select the EU countries where your enterprise customers operate. This determines whether NIS2 is already enforceable for them.

Law NIS2 transposed and enforceable    Draft Transposition in progress

Please select at least one country to continue.

Your current certifications

Do you currently hold any security certifications?

Please select an option to continue.

Security posture

These are the areas your NIS2-obligated customers are most likely to assess in their suppliers. Answer honestly — this is for your benefit, not theirs.

1. Do you have a documented information security policy, reviewed in the last 12 months?
2. Do you have a documented incident response plan with defined notification timelines (e.g. 24h/72h)?
3. Do you conduct regular security assessments, vulnerability scans, or penetration tests?
4. Do you have a process for managing and assessing the security of your own third-party vendors?
5. Do all staff receive formal security awareness training at least annually?
6. Do you have documented business continuity and disaster recovery plans, tested in the last 12 months?

Please answer all questions before continuing.

Your NIS2 Supplier Readiness

Based on your answers — edit responses

Readiness score
Supplier exposure
Critical gaps

Your exposure

What your customers will require from you

    Readiness breakdown

    Priority gaps

    Want a detailed readiness review?

    BARE Consulting works with European tech scaleups to close supplier security gaps before enterprise customers come asking. Our vCISO and compliance services are built for companies at exactly this stage.

    Book a call → Send us a message
    BARE Consulting B.V.  ·  NIS2 Supplier Readiness Check  ·  Contact

    v1.0  ·  Last updated: April 2026  ·  Country transposition status is reviewed periodically as EU member states adopt NIS2 into national law.

    This page is better experienced on a desktop or laptop.