NIS2 Compliance with NetSenX
What is NIS2?
The NIS2 Directive (EU 2022/2555) is the EU's updated cybersecurity regulation. It requires essential and important entities to implement cybersecurity risk management measures and report significant incidents to national authorities.
Effective date: October 17, 2024 (transposition deadline for EU member states).
Who must comply: Organizations in 18 sectors including energy, transport, healthcare, digital infrastructure, manufacturing, and ICT services.
How NetSenX Helps
| NIS2 Requirement | Article | NetSenX Feature |
|---|---|---|
| Risk management measures | Art. 21 | Compliance Hub with readiness checklist |
| Incident detection | Art. 21(2)(b) | NDR engine with 16+ behavioral rules |
| Incident reporting (24h initial, 72h detailed) | Art. 23 | One-click PDF report generation |
| Explainable detection | Art. 23(4)(a) | SHAP waterfall per alert + Decision Traces |
| Security monitoring | Art. 21(2)(d) | Real-time network flow analysis |
| Supply chain security | Art. 21(2)(d) | Sub-processor documentation in DPA |
| Incident response | Art. 21(2)(e) | Alert escalation workflow |
| Audit trail | Art. 21(2)(g) | Audit Log + Proof Trail JSON |
Generating a NIS2 Art.23 Report
- Go to Alerts and click on a CRITICAL or HIGH alert
- Click Generate NIS2 PDF
- The report includes:
- Incident summary and timeline
- SHAP explanation of detection factors
- Affected systems (source/destination IPs, ports)
- Recommended remediation steps
- CSIRT contact information (if configured)
- Download the PDF and submit to your national CSIRT within 72 hours
NIS2 Readiness Checklist
Go to Compliance Hub to see your readiness score across 8 checks:
Automated Checks (NetSenX verifies automatically)
- Incident detection system active — At least one agent online and monitoring
- Proof Trail enabled — Decision traces recording for all detections
- Network monitoring coverage — Percentage of devices with agents installed
Manual Checks (you configure in Compliance Hub)
- 72h reporting capability — PDF generation tested
- CSIRT contact saved — National CSIRT details configured
- Incident response plan — IRP document referenced
- Log retention compliant — Retention period meets requirements (12 months recommended)
- Supply chain assessment — Third-party risk assessment documented
GDPR Compliance
NetSenX also supports GDPR Art.33 breach notification reports:
- Go to Alerts -> click on an alert involving personal data
- Click Generate GDPR PDF
- The report covers: nature of breach, categories of data, likely consequences, measures taken
Decision Traces (EU AI Act)
NetSenX Decision Traces provide full algorithmic transparency as required by the EU AI Act for high-risk AI systems. Each detection includes:
- Input features used for scoring
- Factor weights and rule matches
- Output decisions with confidence scores
- Links to related alerts and evidence
These traces can be exported for regulatory review.