NIS2 Compliance MCP

NIS2 Directive (EU 2022/2555) Compliance — Entity Classification, Risk Management, Incident Reporting

Overview

Automated compliance with the NIS2 Directive (EU 2022/2555), the EU's updated cybersecurity framework. Classify entities, audit Article 21 risk-management measures, classify incidents under Article 23, and manage the Register of Information.

🆕 Quote verbatim NIS2 text in any audit

Install our sister MCP and pipe it through your agent for auditor-defensible quotes:

pip install eu-ai-act-compliance-mcp  # 1.5.1+

# In your Claude / OpenAI tool-use agent:
search_regulation(query="incident reporting", regulation="nis2", limit=3)
get_article_text(regulation="nis2", article_number=17)

Returns verbatim NIS2 text from publications.europa.eu Cellar (SPARQL-synced daily) with a canonical EUR-Lex deep link on every snippet — drop straight into audit evidence packs.

Tools

Installation

pip install mcp

Claude Desktop

{
  "mcpServers": {
    "nis2-compliance": {
      "command": "python",
      "args": ["path/to/server.py"]
    }
  }
}

Cursor / VS Code / Windsurf

{
  "mcpServers": {
    "nis2-compliance": {
      "command": "python",
      "args": ["path/to/server.py"]
    }
  }
}

Usage Examples

<<<<<<< Updated upstream MIT © MEOK AI Labs

Sister MCPs

Part of the MEOK Governance pack — designed to work together as a fleet. Install the whole pack with npx meok-setup --pack governance, or pick the ones you need:

• EU AI Act → uvx eu-ai-act-compliance-mcp · PyPI · GitHub

• DORA → uvx dora-compliance-mcp · PyPI · GitHub

• Cyber Resilience Act → uvx cra-compliance-mcp · PyPI · GitHub

• AI Bill of Materials → uvx ai-bom-mcp · PyPI · GitHub

• AI Incident Reporting → uvx ai-incident-reporting-mcp · PyPI · GitHub

• DORA × NIS2 Crosswalk → uvx dora-nis2-crosswalk-mcp · PyPI · GitHub

Full catalogue + Anthropic Registry verify links: meok.ai/anthropic-registry

Protocol coverage + Universal PAYG

This MCP is part of MEOK's 47-MCP fleet that bridges every active agent-interop protocol and 30+ regulatory frameworks. See the full coverage matrix at meok.ai/protocols.

Agent interop protocols supported (8 live):

• ✅ MCP (Anthropic) — native

• ✅ A2A (Google + Linux Foundation, absorbed IBM ACP Sept 2025)

• ✅ IBM ACP — covered via A2A merge

• ◐ Stripe ACP (Agentic Commerce Protocol) — Q3 bridge via agent-commerce-protocol-mcp

• ◐ AP2 (Google Agent Payments) — partial via agent-commerce-payments-mcp

• ◐ x402 (Coinbase HTTP 402) — partial via api.meok.ai gateway

• → OASF / AGNTCY (Cisco Outshift + Linux Foundation) — Q3 bridge

• 👁 ANP (Cisco Agent Network) — watch-list

Pricing options:

Each tier above the free self-host adds HMAC-signed attestations verifiable at verify.meok.ai. Linux Foundation governance on the A2A spine means EU regulated buyers can deploy without vendor-lock-in objections.

=======

Classify an entity

{
  "entity_description": "Cloud service provider offering SaaS to 500+ healthcare organizations across EU",
  "sector": "digital_infrastructure",
  "size": "large"
}

Audit risk management measures

{
  "measures": ["basic firewall", "quarterly backups", "no encryption"],
  "entity_type": "essential"
}

Pricing

• Free: 10 classifications/day

• Pro: $99/mo — unlimited audits + reports

• Enterprise: $499/mo — full audit trail + supply chain analysis

Built by MEOK AI Labs | meok.ai

Stashed changes

Wire it up — full stack

Pair this with the MEOK chain that turns one agent action into ONE signed compliance event:

1. bft-progress-council-mcp — anti-loop guardrail

2. agent-token-budget-mcp — hard spend cap

3. agent-prompt-injection-firewall-mcp — OWASP LLM01 scan

4. agent-audit-logger-mcp — hash-chained evidence

5. a2a-governance-bridge-mcp — fold N attestations → 1 signed event

6. agent-incident-relay-mcp — broadcast incidents to 5 regimes simultaneously

See meok.ai/mcp-stack for the full architecture and meok.ai/mcp-stack/demo for the live in-browser demo.