Compliance evidence
NIS2 — domain & certificate controls
EU 'essential' and 'important' entities across energy, transport, banking, health, digital infrastructure, public administration, and more — including cloud providers and managed service providers.
Authority: European Union
What NIS2 actually requires
NIS2 (effective October 2024 in member-state transpositions) expands cybersecurity risk-management obligations. Article 21 requires technical measures including 'policies and procedures regarding the use of cryptography and, where appropriate, encryption.' Non-compliance carries up to €10M or 2% of global turnover in fines.
Full name: NIS2 Directive (EU 2022/2555).
Controls that touch certificates and domains
These are the 3 controls most directly affected by TLS certificate and domain lifecycle. CertRadar produces evidence bundles mapped to each.
| Control | Title | How CertRadar helps |
|---|---|---|
Art. 21(2)(g) | Policies and procedures regarding the use of cryptography and, where appropriate, encryption | Certificate lifecycle policy must be documented and enforced. |
Art. 21(2)(e) | Security in network and information systems acquisition, development, and maintenance | Ongoing TLS hygiene is part of maintenance security. |
Art. 23 | Reporting obligations | Certificate-related incidents that cause operational disruption may be reportable. |
What the evidence pack contains
CertRadar’s one-click export for NIS2 includes:
- Cryptography policy + enforcement log
- Cert incident register with reportability assessment
- Continuous-monitoring evidence
Example domains in NIS2 scope
Representative domains often monitored for NIS2 evidence. Check any of them live:
Ship the NIS2 evidence your auditor asks for.
CertRadar gives security, IT, and compliance teams a complete inventory of every domain and cert your company owns — plus a one-click evidence pack mapped to NIS2 controls. Beta in weeks. Early members get a lifetime Pro discount.
Join the waitlist