Skip to main content
Glama
deenesjakoruzh
CSOAI-ORG

NIS2 Compliance MCP

by CSOAI-ORG
OverviewSchemaRelated ServersScoreDiscussions
Python
Remote

nis2-compliance-mcp MCP server MCP Registry PyPI

nis2-compliance-mcp MCP server

PyPI Downloads GitHub stars License: MIT

NIS2 Compliance MCP

Automate NIS2 (Directive 2022/2555) compliance for essential and important entities across 18 sectors.

Transposition deadline: 17 October 2024. Penalties: up to EUR 10M or 2% of global turnover.

MEOK AI Labs

Install · Tools · Pricing · Attestation API

Why This Exists

NIS2 expanded the scope from ~10,000 entities under NIS1 to an estimated 160,000+ across the EU. If your organisation operates in energy, transport, banking, health, water, digital infrastructure, ICT service management, public administration, space, postal services, waste management, chemicals, food, manufacturing, digital providers, or research — you are in scope.

Member states are transposing NIS2 at different speeds. Germany's BSI NIS2 register (Section 30/32) requires self-registration and incident reporting. This MCP checks your sector classification, maps your obligations under Articles 21 and 23, generates incident notification timelines, and produces supply chain risk assessments — from a single prompt.

Install

pip install nis2-compliance-mcp

Tools

Tool

NIS2 Article

What it does

classify_entity

Art 3

Essential vs important entity classification

assess_cybersecurity_measures

Art 21

10-point cybersecurity risk management assessment

plan_incident_reporting

Art 23

Incident notification timeline (24h/72h/1mo)

assess_supply_chain

Art 21(2)(d)

Supply chain security assessment

check_governance

Art 20

Management body accountability check

run_full_audit

All

Complete NIS2 readiness assessment

sign_attestation

HMAC-SHA256 signed compliance certificate

Example

Prompt: "We're a German SaaS company providing cloud ERP to hospitals.
Classify us under NIS2, check our Article 21 cybersecurity measures,
and generate the BSI registration requirements."

Result: Classified as "important entity" (ICT service management +
healthcare supply chain). Article 21 gap analysis with 3 critical
findings (incident response < 24h not met, supply chain risk
assessment missing, MFA not enforced). BSI Section 30 registration
checklist generated. Each finding signed with attestation cert.

Pricing

Tier

Price

What you get

Free

£0

10 calls/day — entity classification + audit

Pro

£199/mo

Unlimited + HMAC-signed attestations + verify URLs

Enterprise

£1,499/mo

Multi-tenant + co-branded reports + webhooks

Subscribe to Pro · Enterprise

Attestation API

POST https://meok-attestation-api.vercel.app/sign
GET  https://meok-attestation-api.vercel.app/verify/{cert_id}

Zero-dep verifier: pip install meok-attestation-verify

Links

License

MIT

Install Server
A
license - permissive license
A
quality
B
maintenance

How are these scores calculated?

Maintenance

Maintainers
Response time
Release cycle
1Releases (12mo)

Resources

Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/CSOAI-ORG/nis2-compliance-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server