VERSION 1.0 • LAST UPDATED: JUNE 2026

Terms of Service

The legally binding agreement governing your access to and use of the NIS2Engine platform.

These Terms of Service ("Terms") govern your access to and use of the NIS2Engine platform ("Platform", "Service", "we", "us", "our"). By creating an account or using the Platform you agree to be bound by these Terms in full.

If you do not agree to these Terms you must not use the Platform. These Terms constitute a legally binding agreement between you ("Client", "you", "your") and NIS2Engine.

1. Eligibility and Authority

By using the Platform you represent and warrant that:

  • You are at least 18 years of age
  • You have the legal authority to enter into this agreement on behalf of your organization
  • Your organization is a legitimate business entity
  • You possess the legal right, contractual authority, or regulatory obligation to initiate passive security assessments of any domain you submit to the Platform
  • Your use of the Platform complies with all applicable laws in your jurisdiction

If you are using the Platform on behalf of an organization, you represent that you have authority to bind that organization to these Terms.

2. Description of Service

The Platform provides automated passive security assessments of third-party vendor domains for the purpose of NIS2 Article 21 compliance documentation. The Service includes:

  • Automated passive OSINT scanning of submitted vendor domains
  • Deterministic NIS2 Article 21 security scoring
  • Generated PDF vendor security scorecards
  • Remediation letter generation
  • Monthly automated re-scanning
  • Compliance audit trail documentation
The Platform is a software tool that generates informational security reports. It is not a security audit firm, a law firm, or a certification body.

3. Acceptable Use

3.1 Permitted Uses

The Platform is designed exclusively for:

  • Supply chain risk management under EU NIS2 Directive 2022/2555 Article 21
  • Third-party vendor security assessment as part of organizational due diligence
  • Generation of compliance documentation for regulatory purposes
  • Monitoring of your organization's approved vendor portfolio

3.2 Prohibited Uses

You must not use the Platform for any of the following:

Scanning domains for which you have no legal right or authority to assess
Reconnaissance, intelligence gathering, or preparation for any form of cyberattack
Competitive intelligence gathering against business competitors
Harassment, stalking, or surveillance of any individual or organization
Any activity that violates applicable computer crime laws including the EU Directive on Attacks Against Information Systems, the UK Computer Misuse Act, or the US Computer Fraud and Abuse Act
Reselling, sublicensing, or white-labeling the Platform without explicit written permission
Reverse engineering, decompiling, or attempting to extract the source code of the Platform
Attempting to circumvent or disable any security feature of the Platform
Submitting false or misleading information to the Platform
Using the Platform in any way that could damage, disable, or impair the Platform or its infrastructure
Automated scraping of Platform output beyond normal API usage
Creating multiple accounts to circumvent plan limits

3.3 Scan Authorization

Before adding any vendor domain you must confirm that you have the legal right or contractual authority to initiate a security assessment of that domain. This confirmation is logged with a timestamp and forms part of your account record.

We reserve the right to suspend scanning of any domain if we receive a credible complaint that you lacked authorization to submit it.

4. Accounts and Security

4.1 Account Creation

You must provide accurate and complete information when creating your account. You are responsible for maintaining the accuracy of your account information.

4.2 Account Security

You are responsible for:

  • Maintaining the confidentiality of your account credentials
  • All activity that occurs under your account
  • Notifying us immediately via the contact form at /contact if you suspect unauthorized access

We are not liable for any loss resulting from unauthorized use of your account due to your failure to maintain credential security.

4.3 Account Termination by You

You may delete your account at any time through the Settings page. Upon deletion we will remove your personal data in accordance with our Privacy Policy. Billing records are retained for 7 years as required by tax law.

5. Subscription and Billing

5.1 Plans & Pricing

The Platform is offered on monthly subscription plans. Current pricing is displayed on the Pricing page. We reserve the right to change pricing with 30 days notice to existing subscribers.

5.2 Payment

Payments are processed by Lemon Squeezy. By subscribing you agree to Lemon Squeezy's terms of service. We do not store your payment card details.

5.3 Billing Cycle

Subscriptions are billed monthly in advance. Your subscription renews automatically on the same date each month unless cancelled.

5.4 Cancellation

You may cancel your subscription at any time through the Settings page or via the Lemon Squeezy billing portal. Cancellation takes effect at the end of your current billing period. No refunds are provided for partial months.

5.5 Failed Payments

If a payment fails your account will be downgraded to the free tier after a 7-day grace period. Your data will be retained for 90 days to allow you to reactivate. After 90 days dormant paid account data may be deleted.

5.6 Refunds

We do not offer refunds except where required by applicable consumer protection law. If you believe you are entitled to a refund contact us via /contact within 14 days of the charge.

6. Intellectual Property

6.1 Our Property

The Platform, including its software, algorithms, scoring methodology, design, and all content we create, is our exclusive intellectual property. These Terms do not grant you any ownership rights in the Platform.

6.2 Your Property

You retain full ownership of: your account data, the vendor domain lists you submit, the PDF reports generated for your account, and the remediation letters generated for your account.

6.3 License to Use

We grant you a limited, non-exclusive, non-transferable, revocable license to access and use the Platform for your internal business purposes in accordance with these Terms and your current subscription plan.

6.4 Feedback

If you provide us with feedback, suggestions, or ideas about the Platform you grant us a perpetual, irrevocable, royalty-free license to use that feedback without obligation to you.

7. Disclaimers

7.1 No Legal Advice

The Platform does not provide legal advice. Reports and scores generated by the Platform are informational only. You should consult qualified legal counsel for advice on your specific NIS2 compliance obligations.

7.2 No Compliance Guarantee

A high score or passing grade from the Platform does not guarantee that a vendor is NIS2 compliant or that your organization's use of that vendor satisfies your regulatory obligations. Automated passive scanning has inherent limitations. See our Methodology page for a full description of what automated scanning can and cannot detect.

7.3 No Warranty

The Platform is provided "as is" and "as available" without warranty of any kind, express or implied. We do not warrant that:

  • The Platform will be uninterrupted or error-free
  • Scan results will be accurate, complete, or current
  • The Platform will meet your specific compliance requirements
  • Any vulnerability identified will be the only vulnerability present
  • Any vulnerability not identified does not exist

7.4 Third-Party Data

Threat intelligence data is sourced from third-party providers including Shodan, AbuseIPDB, AlienVault OTX, Google Safe Browsing, IPInfo, and URLScan. We do not control the accuracy or completeness of this data and are not responsible for errors in third-party data sources.

8. Limitation of Liability

8.1 Liability Cap

To the maximum extent permitted by applicable law, our total aggregate liability to you for any and all claims arising out of or relating to these Terms or your use of the Platform is limited to the total amount you paid us in the twelve months immediately preceding the claim.

8.2 Exclusion of Consequential Damages

To the maximum extent permitted by applicable law, we are not liable for:

  • Loss of profits or revenue
  • Loss of data or business information
  • Loss of business or contracts
  • Business interruption
  • Regulatory fines or penalties imposed on your organization
  • Reputational damage
  • Any indirect, incidental, special, consequential, or punitive damages

even if we have been advised of the possibility of such damages.

8.3 Exceptions

Nothing in these Terms limits our liability for: death or personal injury caused by our negligence, fraud or fraudulent misrepresentation, or any liability that cannot be excluded or limited under applicable law.

9. Indemnification

You agree to indemnify, defend, and hold harmless NIS2Engine and its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or relating to:

  • Your use of the Platform in violation of these Terms
  • Your scanning of domains for which you lacked authorization
  • Your violation of any applicable law or regulation
  • Your violation of any third party's rights
  • Any content or data you submit to the Platform

10. Suspension and Termination

10.1 Termination by Us

  • You breach any provision of these Terms
  • We receive a credible complaint that you have scanned domains without authorization
  • We have reason to believe your account is being used for malicious purposes
  • You fail to pay subscription fees after the grace period
  • We are required to do so by law or court order

10.2 Effect of Termination

  • Your access to the Platform ceases immediately
  • Your data will be retained for 30 days then deleted in accordance with our Privacy Policy
  • Billing records are retained for 7 years as required by law
  • Provisions of these Terms that by their nature should survive termination will survive

11. Modifications to Service

We reserve the right to modify, suspend, or discontinue any aspect of the Platform at any time. We will provide reasonable notice of material changes where possible. We are not liable to you or any third party for any modification, suspension, or discontinuation of the Service.

12. Modifications to Terms

We may update these Terms at any time. We will notify you of material changes by email at least 30 days before they take effect. Your continued use of the Platform after changes take effect constitutes acceptance of the updated Terms.

13. Third-Party Services

The Platform integrates with third-party services. Your use of third-party services is governed by their respective terms of service. We are not responsible for the practices, content, or availability of third-party services.

14. Privacy

Your use of the Platform is subject to our Privacy Policy, which is incorporated into these Terms by reference.

15. Entire Agreement

These Terms, together with the Privacy Policy, the Data Processing Agreement, and the Disclaimer, constitute the entire agreement between you and NIS2Engine.

16 & 17. Severability & Waiver

If any provision is found to be unenforceable, the remaining provisions continue in full force. Our failure to enforce any right will not be considered a waiver of those rights.

18. Governing Law & Disputes

These Terms are governed by the laws of the European Union and the jurisdiction in which NIS2Engine is registered. Any disputes arising from these Terms or your use of the Platform will be subject to the exclusive jurisdiction of the competent courts in that jurisdiction.

For informal dispute resolution, contact us first via /contact. We will attempt to resolve disputes informally within 30 days before either party initiates formal proceedings.

19. Contact

For all enquiries relating to these Terms use the contact form at /contact.

We aim to respond within 5 business days.