AWS & Azure Cloud Scanning
Connect your AWS or Azure account via read-only credentials. Konforme automatically scans your cloud configuration against NIS2-mapped controls covering identity, encryption, network security, logging, and more.
Konforme scans your AWS and Azure infrastructure, assesses your people, and evaluates your governance — then gives you a single, audit-ready NIS2 compliance score. No consultants. No spreadsheets. Just clarity.
No credit card required · EU-hosted · GDPR compliant
Built for companies navigating EU cybersecurity regulation
Fines reach €10M or 2% of global turnover. Board members face personal liability. Manual audits take weeks and cost tens of thousands. There's a better way.
Every medium and large company in energy, health, transport, digital services, and 14 other critical sectors must comply. The directive is transposed into national law in all 27 EU member states, each with their own competent authority, deadlines, and enforcement rules.
Traditional gap assessments cost €15,000-50,000 per engagement, take 4-8 weeks of consultant time, and give you a snapshot that's outdated within months. NIS2 requires continuous compliance, not one-off audits.
NIS2 Article 21 doesn't just require infrastructure security. It mandates employee training, incident handling, supply chain management, and board-level governance. Konforme covers all three pillars in one platform.
Built from the ground up for EU companies. Not a US compliance tool rebranded. Every feature maps directly to NIS2 Article 21 requirements.
Connect your AWS or Azure account via read-only credentials. Konforme automatically scans your cloud configuration against NIS2-mapped controls covering identity, encryption, network security, logging, and more.
Evaluate your people-side security across all NIS2 Article 21 areas — from security awareness and incident reporting to access control, data handling, and vendor risk management.
Track security controls covering risk policies, incident handling, business continuity, supply chain security, and board-level governance. Assign owners, set deadlines, and attach evidence for each control.
Assign policy acknowledgments and security quizzes to employees. Track completion rates, send email reminders, measure quiz scores, and build an audit trail — all linked to your NIS2 controls.
Generate PDF compliance reports with your overall score, article-by-article breakdown, critical findings with remediation steps, and a prioritised remediation roadmap. Ready for your regulator or board.
All data processed and stored in EU data centres. No transfer to third countries. Cloud credentials are encrypted at rest before storage. Privacy by design from day one.
Get your first NIS2 compliance score in under 15 minutes
Get Started FreeNIS2 requires more than infrastructure checks. Konforme covers all three pillars so nothing is left out of scope.
Connect your AWS or Azure account with read-only credentials using a guided setup wizard. Konforme automatically scans your cloud configuration against NIS2-mapped controls.
Complete the maturity assessment covering all NIS2 Article 21 areas — from incident handling and training to cryptography and access control.
Monitor your security controls mapped to NIS2. Assign owners, set due dates, upload evidence, and track implementation progress over time.
See one unified NIS2 compliance score combining all three pillars. Drill into gaps by article, download your audit report, and start remediating.
Every security measure mandated by NIS2 is covered. Each control maps directly to the directive's requirements — nothing left to interpretation.
Risk analysis & information security policies
Art. 21(2)(a)
Incident handling procedures & notification
Art. 21(2)(b)
Business continuity & disaster recovery
Art. 21(2)(c)
Supply chain security & third-party controls
Art. 21(2)(d)
Network & information system security
Art. 21(2)(e)
Effectiveness assessment & vulnerability testing
Art. 21(2)(f)
Cybersecurity hygiene practices & training
Art. 21(2)(g)
Cryptography & encryption policies
Art. 21(2)(h)
Access control, identity & HR security
Art. 21(2)(i)
Multi-factor authentication & secure communications
Art. 21(2)(j)
Every EU country has transposed NIS2 into national law differently. Konforme tracks each country's specific rules so you don't have to.
Each country's specific NIS2 law, publication date, and entry into force — from Germany's NIS2UmsuCG to Portugal's Decreto-Lei n.º 125/2025.
Contact details for your national competent authority and CSIRT — the regulators you'll report to and work with during incidents.
Essential, Important, or Public entity classification with country-specific size thresholds, sector definitions, and corresponding obligations.
Country-specific compliance deadlines, penalty levels per entity type, and management liability rules. Know exactly what you owe and when.
Supported countries
Ready to see where your company stands on NIS2?
Start Your AssessmentCommon questions about NIS2 compliance and how Konforme helps EU companies meet their obligations.
NIS2 (Directive 2022/2555) is the EU's updated cybersecurity legislation that came into force in October 2024. It applies to medium and large organisations across 18 sectors including energy, healthcare, transport, digital infrastructure, financial services, public administration, and more. Companies with 50+ employees or €10M+ turnover in these sectors must comply or face penalties up to €10 million or 2% of global annual turnover.
Essential entities face fines up to €10 million or 2% of global annual turnover, whichever is higher. Important entities face fines up to €7 million or 1.4% of global annual turnover. NIS2 also introduces personal liability for management bodies — board members and senior executives can be held personally responsible for compliance failures.
Article 21 requires organisations to implement cybersecurity risk-management measures across 10 areas: risk analysis and information security policies, incident handling, business continuity, supply chain security, network security, effectiveness assessment, cybersecurity hygiene and training, cryptography, access control and HR security, and multi-factor authentication. Konforme maps every assessment and control to these 10 requirements.
Konforme uses a 3-pillar approach. First, it automatically scans your AWS or Azure cloud infrastructure against NIS2-mapped controls covering identity, encryption, network security, logging, and more. Second, it evaluates your organisational maturity across all NIS2 Article 21 areas. Third, it tracks implementation of your security controls with evidence management. These three pillars combine into a single compliance score with audit-ready PDF reports and a prioritised remediation roadmap.
Yes. Konforme supports both Amazon Web Services (AWS) and Microsoft Azure. Both providers are scanned against NIS2-mapped controls covering areas like identity and access management, encryption, network security, logging, and business continuity. Both connect via read-only credentials for safe, non-invasive scanning.
Konforme supports all 27 EU member states with country-specific NIS2 compliance data. This includes each country's national transposition law, competent authority, CSIRT contact details, entity classification rules, sector-specific requirements, compliance deadlines, and penalty levels. Countries include Germany, France, Italy, Spain, Netherlands, Belgium, Portugal, Austria, Ireland, Poland, and all other EU member states.
With Konforme, you can get your first NIS2 compliance score in under 15 minutes. Cloud infrastructure scanning runs automatically and takes 2-5 minutes. The human factor assessment typically takes 15-30 minutes. Controls can be tracked continuously as you implement them. Unlike traditional gap assessments that take 4-8 weeks of consultant time, Konforme provides instant, continuous compliance visibility.
Create a free account, connect your AWS or Azure environment, and get your first compliance score in under 15 minutes.
No credit card required · EU-hosted · Free to get started