Appearance
Scope and applicability
This page focuses on how NIS2 applicability is established and maintained in Modulos at organization level.
OFF-15 requirements for scope and applicability
| Requirement | Topic | Directive reference |
|---|---|---|
ORF-284 | NIS2 scope and entity classification | Art. 2, 3 |
ORF-285 | Sector-specific legal act equivalence assessment | Art. 4 |
ORF-294 | Registry submission and update obligations | Art. 27(1)-(4) |
ORF-295 | Jurisdiction and EU representative management | Art. 26 |
ORF-296 | Entity listing data submission and two-week update duty | Art. 3(4) |
ORF-302 | Implementing-act applicability and criteria governance | Art. 21(5), 23(11) |
What to evidence in practice
For defensible scope decisions, organizations typically maintain:
- sector and service qualification rationale
- size-threshold and classification record (essential vs important)
- legal analysis for Art. 4 equivalence scenarios
- registry/listing submission records and update log
- implementing-act applicability matrix (including affected entity classes)
AI-system implications
Scope is organization-driven, but scope decisions influence which AI-system controls are activated and reviewed in MFF-15 projects.
When scope or classification changes, propagate that change into system-level projects and revalidate mapped controls.
Related pages
NIS2 overview
Framework structure and OFF-15/MFF-15 split
Cybersecurity measures
Governance and implementation requirements derived from Art. 20 and 21
Operationalizing in Modulos
End-to-end rollout sequence for organization and AI-system projects
Disclaimer
This page is for general informational purposes and does not constitute legal advice.