Built for NIS2.
Built to prove your controls under NIS2, not just describe them. Continuous Article 21 readiness, ready-to-file Article 23 reports and an Article 20 accountability pack, on a hash-chained audit trail.
Risk-management measures
Continuous readiness scoring against all 10 cybersecurity measures, each with a per-control evidence trail.
Incident reporting
Pre-formatted 24-hour early-warning and 72-hour full reports, aligned to your national CSIRT's accepted format.
Management accountability
An audit-grade quarterly pack for boards, regulators and D&O insurers, due-diligence under personal-liability rules.
The stakes are real, and already live.
NIS2 turned cybersecurity from an IT concern into a board-level, legally-enforced obligation. The hard part isn't knowing the rules; it's proving you meet them. That's Alexus.
Live across the EU, with national transposition enforced now.
Essential entities: up to €10M or 2% of global turnover. Important: €7M or 1.4%.
Management bodies must approve and oversee measures, and can be personally accountable.
Far more organisations caught than under NIS1, most medium+ firms in the sectors.
The 10 risk-management measures
Every in-scope entity must implement, and demonstrate, these ten minimum measures.
Alexus covers this: a live readiness score against all 10 measures, each with a per-control evidence trail.
The incident-reporting clock
When a significant incident hits, the deadlines are short and unforgiving.
A material impact on your services starts the clock.
Notify your CSIRT, incl. whether it's suspected malicious / cross-border.
Initial assessment, severity, impact and indicators of compromise.
Root cause, mitigations applied and any cross-border impact.
Alexus covers this: pre-formatted 24h / 72h reports assembled from your live operational graph, in your CSIRT's format.
Essential vs important entities
Both face the same Article 20, 21 and 23 duties; what differs is supervision and the maximum fine.
Essential entities
Annex IEnergy · Transport · Banking · Financial market infra · Health · Water · Digital infrastructure · ICT management · Public administration · Space
Important entities
Annex IIPostal & courier · Waste · Chemicals · Food · Manufacturing · Digital providers · Research
General guidance, not legal advice. Confirm your status against your national NIS2 transposition.
Engineered to be provable.
Governance
Every change logged with actor, source and timestamp; the Write Authority Map resolves multi-source conflicts.
Data protection
Per-tenant encryption, Postgres RLS and tenant-scoped Redis / Neo4j, isolation set by a JWT at the edge.
Responsible AI
Confidence-gated: sure cases auto-execute, the rest go to a human. Only confirmed fixes enter the corpus.
Security infrastructure
Three independent planes so a stuck step can't back-pressure the bus, with production-grade health checks.
Regulatory alignment
NIS2 reporting as a query; GDPR erasure as a data flow across embeddings, audit entries and graph nodes.
Customer trust
The same isolation from tenant 1 to 1,000: onboarding is a JWT claim, with a demo tenant for evaluation.
Documentation
Architecture, subsystem deep-dives and the deployment matrix, plus Privacy, Terms and GDPR policy pages.