ZeroHookZeroHook
EU Regulatory Compliance

NIS2 Compliance
Made Simple & Automated.

The EU NIS2 Directive has been mandatory since October 2024. Automate your continuous DNS monitoring evidence and avoid penalties up to €10M — with ZeroHook.

Active Monitors

LIVE

Continuous surveillance of your domains for DNS changes, typosquatting, and certificate transparency.

yourcompany.eu
Last: 12 min agoNext: in 3 min
acme-corp.com
Last: 28 min agoNext: in 12 min

Understanding NIS2

What is the NIS2 Directive?

The Network and Information Systems Directive 2 (NIS2) is an EU-wide cybersecurity regulation that mandates specific security measures for organizations in essential and important sectors. It requires continuous monitoring, incident detection, and evidence-based compliance reporting.

Key Requirement:Organizations must demonstrate “continuous monitoring” of their DNS infrastructure. One-time audits are not sufficient — you need 24/7 surveillance with historical evidence.

  • Applies to all EU entities and critical sectors
  • Mandatory since October 17, 2024
  • Requires continuous DNS security monitoring
  • Evidence collection for regulatory audits
  • Penalties up to €10M or 2% global revenue

Maximum Fine for Non-Compliance

€10M

or 2% of global annual revenue — whichever is higher

  • Temporary ban from operating in the EU
  • Public disclosure of violations
  • Personal liability for executives
  • Mandatory third-party security audit

ZeroHook Compliance Evidence Pack costs €1,910/year — vs. a potential €10M fine.

How It Works

Simple. Automated. Audit-Ready.

Three steps from setup to compliance evidence — without touching a spreadsheet.

Always-on surveillance — every 15 minutes.

ZeroHook watches your DNS infrastructure around the clock. Automated scans detect configuration drift, blacklist additions, and certificate expiries before regulators — or attackers — do.

15-min DNS scansBlacklist surveillanceSSL expiry tracking24/7 uptime
Monitoring Log · Last 24 hours
14:30
SPF check passed
14:15
DMARC policy verified
14:00
DKIM key rotation alert
13:45
Blacklist scan — clean
13:30
MX record unchanged
96 scans today99.6% availability
Scope

Who Does NIS2 Apply To?

NIS2 covers a significantly broader range of sectors than the original Directive — if you're unsure, you're probably in scope.

Essential Entities

  • Energy (electricity, oil, gas)
  • Transport (air, rail, road)
  • Banking & financial markets
  • Healthcare & pharmaceuticals
  • Drinking water & wastewater
  • Digital infrastructure

Important Entities

  • Postal & courier services
  • Waste management
  • Chemicals manufacturing
  • Food production
  • Medical devices
  • Digital providers (cloud, SaaS)

Size Thresholds

  • Medium: 50–249 employees
  • Large: 250+ employees
  • Annual turnover > €10M
  • Balance sheet > €43M
  • Smaller entities if critical
  • Subsidiaries of EU entities
NIS2 DNS Requirements

Everything NIS2 demands. Automated.

Article 21 mandates specific DNS security controls. ZeroHook checks all of them — continuously.

Email Authentication

SPF, DKIM, and DMARC must be correctly configured and continuously monitored. Misconfiguration opens the door to domain spoofing and phishing.

Article 21(2)(i): Anti-spoofing measures

DNSSEC Validation

DNS Security Extensions protect against cache poisoning and DNS hijacking. NIS2 explicitly requires cryptographic validation of DNS records.

Article 21(2)(h): DNS security

DNS Infrastructure Integrity

Zone transfer controls, subdomain takeover prevention, and nameserver health must be continuously audited to prevent infrastructure compromise.

Article 21(2)(f): Network integrity

Continuous Monitoring

24/7 automated surveillance of your DNS posture. NIS2 explicitly prohibits point-in-time audits — continuous evidence is mandatory.

Article 21(2)(b): Continuous monitoring

Incident Detection & Response

Real-time alerts for DNS hijacking, blacklist additions, and configuration drift. Detect threats in 15 minutes, not 15 days.

Article 23: Incident detection

Evidence & Audit Trail

Regulators require tamper-proof logs of your security posture over time. Every ZeroHook scan produces a signed, immutable evidence record.

Article 21(2)(d): Evidence collection
ZeroHook vs. Manual Compliance

From Weeks to Minutes.

Traditional NIS2 compliance prep takes 3–5 weeks of manual work. ZeroHook collapses it to one click.

80%
Reduction in audit prep time
< 1 min
To generate a compliance report
90 days
Tamper-proof evidence log

35-Point Audit

Every NIS2-relevant DNS check in one scan — SPF, DKIM, DMARC, DNSSEC, MTA-STS and more.

Always-On Monitoring

Automated scans every 15 minutes. Alerts reach you before clients or regulators notice.

One-Click Reports

Download a full PDF compliance report with tamper-proof evidence chain in seconds.

Compliance Score

Track your NIS2 readiness score over time and demonstrate continuous improvement to auditors.

Get Started

Ready to Automate NIS2 Compliance?

Join 200+ EU organizations using ZeroHook to avoid €10M fines — with automated evidence collection and one-click compliance reports.