Loading…
Loading…
NIS2 (Directive 2022/2555) applies to a wide range of EU sectors — energy, transport, health, digital infrastructure, and more. Archiet maps your architecture to NIS2 requirements for supply chain security, incident management, and risk governance.
NIS2 expands the scope of EU cybersecurity regulation significantly. It covers essential entities (energy, transport, banking, health, water, digital infrastructure, public administration) and important entities (postal services, waste management, manufacturing, food, digital providers). If you provide technology to any of these sectors in the EU, NIS2 likely applies to you.
NIS2 Article 21 requires organisations to address supply chain security. Your ArchiMate model's ExternalService elements identify every third-party dependency. Archiet generates a supply chain risk register: which vendors, what data they access, what security certifications they hold, and what contractual protections are in place.
NIS2 requires significant incident reporting within 24 hours (early warning), 72 hours (incident notification), and 1 month (final report). The generated architecture includes monitoring and alerting components that support incident detection and classification aligned with NIS2 severity definitions.
NIS2 Article 21 lists 10 minimum cybersecurity risk management measures. Archiet maps your architecture to each: risk analysis policies, incident handling, business continuity, supply chain security, security in procurement, vulnerability handling, cybersecurity assessment, cryptography, access control, and multi-factor authentication.
Financial technology companies need SOC 2 Type II before their first enterprise deal. Archiet maps your architecture to all 10 Trust Services Criteria automatically — evidence narratives included.
B2B SaaS buyers expect SOC 2 Type II. Archiet generates compliant architecture with multi-tenant isolation, audit logging, and encryption — mapped to Trust Services Criteria automatically.
Microservices make GDPR harder — personal data flows across service boundaries. Archiet maps data classifications to each service and generates GDPR controls: consent tracking, data export, right to erasure, and breach notification.