N2
NIS2YOU
Get started free
Made in Belgium · Trilingual FR · NL · EN

Your NIS2, GDPR & ISO 27001 compliance journey, made simple

NIS2YOU is the GRC tool built for tech SMEs and freelancers without a full-time CISO. Build your risk register in a weekend, document your compliance journey in an audit-ready PDF.

Get started free How it works

Download a sample register — no signup required

No credit card · Free for early users · Data hosted in Europe

See the deliverable

See exactly what you'll show your auditor

Three sample risk registers generated with NIS2YOU. Download them to see the exact format, level of detail and layout you'll get.

🇧🇪 French

Grazulex SCA

Belgian dev studio · 11-50 people · NIS2 + ISO 27001 + GDPR

39 risks · 30 controls · 50 plans · 25 incidents

Download PDF
🇧🇪 Dutch

Acme NV

Flemish MSP (Antwerp) · 11-50 people · NIS2 + ISO 27001 + GDPR

28 risks · 19 controls · 25 plans · 13 incidents

Download PDF
🇮🇪 English

Demo Studio Ltd

Dublin SaaS startup · 11-50 people · NIS2 + ISO 27001 + GDPR

29 risks · 20 controls · 25 plans · 14 incidents

Download PDF

Direct download, no signup or email required.

The problem

NIS2 applies to you. But you don't have the time or budget for a consultant.

NIS2 entered into force in Europe on 18 October 2024 (Belgium transposed via the law of 26 April 2024 ; other Member States are at varying stages). For most tech SMEs that means:

  • Maintain an up-to-date, provable risk register that an auditor can read
  • Document your technical and organisational controls
  • Notify the CSIRT within 24h (NIS2) and/or the DPA within 72h (GDPR) when an incident hits
  • Prove at least an annual review

All of this without any existing tool actually being built for you: too expensive, too complex, or yet another spreadsheet that goes stale in two months.

The solution

A living risk register that keeps itself up to date

1

Built for you

Plain language, real examples for tech SMEs, in-app help. No consultant jargon.

2

Trilingual from day one

EN, FR, NL. Pick the language for your team — your reports come out in the right one.

3

Auditable by default

Every change tracked: who, when, old value, new value. One-click PDF export for your auditors.

4

Smart notifications

Overdue plans, upcoming reviews, critical incidents — we tell you before you forget.

How it works

From zero to an operational register in 4 weeks

1

Inventory your assets

List the 10-30 things your business cannot live without: business apps, servers, customer data, key suppliers.

2

Identify your risks

Cyber, operational, compliance, HR... Score probability × impact. Our heatmap helps you prioritise.

3

Document your controls

You already do MFA, backups, encryption? Document them and link them to the risks they cover.

4

Export your compliance

Audit-ready risk register PDF, complete audit log, scheduled reviews.

Features

Everything you need, nothing you don't

Asset inventory

7 categories, 1-5 criticality, multi-criteria search.

Risk register

5×5 heatmap, inherent / residual scoring, lifecycle states.

Controls

4 types (preventive / detective / corrective / compensating), design + operating effectiveness.

Action plans

Assignment, due dates, segregation of duties (Completed / Verified), evidence.

Scheduled reviews

Automatic notifications, every decision tracked.

Incidents

NIS2 24h / 72h / 1 month deadlines surfaced. Auto-linking to relevant risks.

Full audit trail

Who changed what, when. Filterable, exportable.

Team and roles

5 levels (Owner / Admin / Risk Manager / Contributor / Auditor) with email invitations.

PDF export

Auditor-ready register, one click, in the language of your choice.

For whom

Built for tech SMEs and freelancers

Studios & consultancies (5-100 people)

You build for clients in scope of NIS2. Be ready before they ask.

Tech freelancers

Outsourced DPO, freelance dev/sec: structure your client engagements without starting from scratch.

Small security teams

1-3 people, no enterprise GRC budget. NIS2YOU gives you 80% of the value for 5% of the price.

Not a fit if:

  • × You're looking for a pentest, vuln scanner or SIEM (other tools exist and are better)
  • × You're a large enterprise with a mature GRC programme (ServiceNow / Archer territory)
  • × You want automated evidence collection from your systems (V2 on the roadmap)
Pricing

Free during early access

No card required. Unlimited, no time limit for early users — public pricing will be announced later.

Early access
Free

Every feature, no limits, for early adopters.

  • Unlimited users
  • Full risk register
  • PDF export
  • All frameworks (NIS2, GDPR, ISO 27001)
Get started
Team
— soon

For growing SMEs that formalise their security.

  • Unlimited users
  • Email notifications
  • Extended history (7 years)
  • Priority support
Notify me
Enterprise
Custom

For organisations with specific needs.

  • SSO / SAML
  • Dedicated API
  • Contractual SLA
  • On-prem possible
Contact us

Ready to see for yourself?

Create your account in 30 seconds. No credit card. Your data stays in Europe.

Get started free Browse the help center