ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
2
3
CyberJuice
4
5
6
NIS 2 Readiness Scorecard
7
Directive (EU) 2022/2555 — Articles 20, 21(2)(a–j) and 23 · 12 Obligation Areas · 60 Questions
8
9
10
11
Organisation:
12
Completed by:
13
Date:03/04/2026
14
Version:1.0
15
Classification:CONFIDENTIAL
16
17
18
19
About This Scorecard
20
This scorecard maps your organisation's cybersecurity posture directly against NIS 2 (Directive (EU) 2022/2555),
21
which applies to essential and important entities operating in the EU.
22
23
Every question is mapped to a specific article of the Directive:
24
 • Article 20 — Governance & Management Accountability (personal liability of management body)
25
 • Article 21(2)(a–j) — 10 mandatory cybersecurity risk-management measures
26
 • Article 23 — Incident reporting obligations (24h early warning → 72h notification → 1-month final report)
27
28
For each question, select a score 0–4. A maturity statement describing what that score means for
29
that specific control automatically appears in the "What this looks like" column.
30
The Results sheet calculates your overall maturity and highlights priority gaps.
31
32
33
Scoring Guide
34
35
0Not startedNo policy, process, or control exists for this area.
36
1PlannedGap identified; formal plan or design work is underway but nothing is operational.
37
2In progressPartially implemented; not yet fully consistent or operational.
38
3ImplementedFully in place and operating as intended.
39
4OptimisedRegularly tested, reviewed, and continuously improved; proactively managed.
40
41
42
43
💡 Get NIS 2 compliant within 6 weeks — cyberjuice.io
44
Guided NIS 2 readiness programs for essential and important entities. Assessment · Gap analysis · Remediation roadmap.
45
46
47
© 2026 CyberJuice — cyberjuice.io · NIS 2 Directive (EU) 2022/2555 · For internal assessment use only
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100