CONCORDANCE·NIS2 EVIDENCE MAPPING

NIS2 demands evidence.
Your codebase already has it.

Concordance scans 50 engineering protocols across 6 SDLC phases and maps them to all 10 measures of NIS2 Article 21(2). Paste any public GitHub repo — see your evidence in seconds.

📡 GitHub-only scan — tracker protocols greyed out.Details

This is automated engineering evidence mapping only — not a compliance determination, audit opinion, or attestation. It does not replace a full NIS2 compliance programme, legal counsel, or assessment by your national competent authority.

NIS2 compliance is determined by national competent authorities (BSI, CCB, ANSSI, etc.) — not by any tool. Concordance provides evidence signals as-is, with no warranty of completeness or accuracy. See Methodology for full scope details.

📊See the full Pro reportGet your NIS2 evidence — free for 90 days
50 Protocols → 10 MeasuresCONCORDANCE ENGINE
Core36 protocols
Strong5–13 protocols
Partial2–4 protocols
Templatepolicy only
(e)SDLC Security & Vulnerability Handling
36 protocols
(b)Incident Handling
5 protocols
(f)Effectiveness Assessment
5 protocols
(d)Supply Chain Security
3 protocols
(a)Risk Analysis & Policies
3 protocols
(g)Cyber Hygiene & Training
4 protocols
(h)Cryptography & Encryption
1 protocols
(i)Access Control & Code Permissions
3 protocols
(c)Business Continuity
2 protocols
(j)MFA & Secure Communications
policy ref
6 SDLC phases:RequirementsDesignDevelopmentTestingReleaseOperations

How Concordance maps to NIS2

The Concordance Framework observes 50 engineering protocols across 6 SDLC phases — branch protection, CI pipelines, review quality, dependency management, secrets handling, and more. Each protocol is scored 1–5 and mapped to NIS2 Article 21(2) measures, giving you continuous, automated evidence of the engineering practices that support compliance.

(e)SDLC Security & Vulnerability HandlingCore
(b)Incident HandlingStrong
(f)Effectiveness AssessmentStrong
(d)Supply Chain SecurityStrong
(a)Risk Analysis & PoliciesPartial
(g)Cyber Hygiene & TrainingPartial
(h)Cryptography & EncryptionPartial
(i)Access Control & Code PermissionsPartial
(c)Business ContinuityPartial
(j)MFA & Secure CommunicationsTemplate
Core — deep engineering signal coverageStrong — good protocol coveragePartial — some signals; also requires non-engineering evidenceTemplate — outside engineering signal scope

What is NIS2 Article 21?

The NIS2 Directive (EU 2022/2555) requires essential and important entities to implement cybersecurity risk-management measures. Article 21(2) defines 10 minimum measures — from risk analysis and incident handling to SDLC security and supply chain management. NIS2 is supervision-based: there is no annual audit or certificate. Entities must implement the measures and be prepared for inspection by their national competent authority.

The Concordance Framework maps real engineering data to these measures — providing the kind of structured, continuous evidence that supports supervisory readiness. Pro adds policy document references per measure and CyFun-aligned evidence export.

CONCORDANCE PRO

The full NIS2 evidence report

10 measures scored, policy documents referenced, CyFun-aligned PDF exported — continuously, across every repo.

SOC 2 Type IIISO 27001:2022NIS2 Art. 21
Start Free — 90 days Pro