NIS2 Applicability Check
Assess in a few questions whether your business falls under NIS2UmsuCG as an 'important' or 'essential' entity.
Check nowThis assessment is based on the rules researched as of 2026-07-16 (NIS2UmsuCG, BSIG). Actual classification may depend on further details — not legal advice, consult BSI or a lawyer if unsure.
How it works
Choose your sector
From the 16 NIS2 sectors (BSIG Annex 1/2).
Enter your size
Employees, revenue, balance sheet.
Read your classification
Essential, important, or not affected.
Benefits
Good to know about this tool
Determines, from sector, employee count, revenue and balance sheet, whether a business falls under NIS2UmsuCG as an 'important' or 'essential' entity.
NIS2UmsuCG has been in force since December 2025 and covers significantly more businesses than the old IT security law — many don't know if they're affected.
- Clarify your own classification before BSI registration
- Check whether requirements apply indirectly as a supplier
- Estimate budget for risk-management measures
- For borderline cases, run BSI's official applicability check
- Plan risk-management measures early, not just before the deadline
Frequently Asked Questions
Is the NIS2 law already in force in Germany?
NIS2UmsuCG has been in force since 6 December 2025. The BSI registration deadline (§33 BSIG) was 6 March 2026; BSI grants enforcement leniency until 31 July 2026 — this doesn't change the statutory deadline itself.
What if I operate in multiple sectors?
Choose the sector that best describes your core business — for complex cases, use BSI's official applicability check.
Is this legally binding advice?
This assessment is based on the rules researched as of 2026-07-16 (NIS2UmsuCG, BSIG). Actual classification may depend on further details — not legal advice, consult BSI or a lawyer if unsure.
The information, templates, scripts, calculations and recommendations provided are intended for educational and assistance purposes only. Always review and test any generated result before production use. IT Smart Service accepts no liability for misuse, data loss, outages, security incidents, or legal, financial or technical damages arising from incorrect or improper use. Responsibility for validation, testing and deployment decisions rests with the user.
IT security check for your business — we implement MFA, backups and updates for you.
Need professional IT support?
Our team can help if the free tool is not enough for your project.
