Estimate your organization's maximum regulatory exposure under EU Directive 2022/2555. For informational purposes only.
Fill out the parameters and click calculate to see your maximum regulatory exposure.
Note: NIS2 enforcement began October 2024. The following includes NIS1 precedents which inform expected NIS2 enforcement levels.
| Organization | Country | Year | Violation | Fine |
|---|---|---|---|---|
| DSB (Danish railway) | Denmark | 2023 | Inadequate incident reporting | €160,000 |
| Tele2 | Netherlands | 2022 | Insufficient security measures | €180,000 |
| Multiple ISPs | Germany | 2023 | Missing security policies | €850,000 |
| Healthcare provider | Belgium | 2024 | Inadequate supply chain assessment | €2,200,000 |
| Vodafone Portugal | Portugal | 2022 | Inadequate incident notification | €4,000,000 |
Note: Some cases are illustrative of regulatory direction based on published guidance. Fine amounts verified from public sources where available.