EU Directive 2022/2555 (NIS2)

Support NIS2-related IAM remediation.
Build evidence, not blanket promises.

Art. 21(2)(j) requires strong authentication. After the registration deadline, many organizations now need remediation, registration follow-up, and auditable IAM evidence. Tuurio ID provides passkeys, audit logs, and evidence-ready tracing.

Am I affected? Resources & downloads Secure now

Registration & remediation

Post-deadline focus

29.500

affected companies (DE)

66%

still unprepared based on benchmark content

12 Min

to setup

Art. 21(2)(j): MFA is mandatory

Management is obliged to monitor cybersecurity controls. Negligence can lead to fines and personal liability.

Tuurio ID helps teams move from policy to enforceable controls and exportable evidence faster. It does not replace legal review.

NIS2 technical checklist
  • MFA: Passkeys and TOTP
  • Forensics: Correlation-ID tracing
  • Evidence: Exportable audit logs
  • Hosting: EU / ISO-27001 datacenter

From 50 employees or 10 million EUR revenue

Typical sectors frequently affected by NIS2.

Food
Production and trade
Waste management
Recycling and disposal
Chemicals
Manufacturing and trade
Mechanical engineering
Manufacturing and suppliers
IT service providers
MSP and SaaS
Healthcare
Clinics and practices
Logistics
Transport and warehousing
Energy
Utilities and grids

NIS2 requirements covered by Tuurio ID

Identity and access management aligned with Art. 21.

MFA: passkeys + TOTP

WebAuthn/FIDO2 passkeys and TOTP fulfill the MFA requirement under Art. 21(2)(j).

Art. 21(2)(j)

Complete audit logs

End-to-end logging for compliance evidence and forensic analysis.

Art. 21(2)(g)

X-Correlation-ID tracing

Every request is causally traceable. Critical for incident response and audits.

Art. 21(2)(b)

EU hosting (ISO 27001)

Operation in Germany with clear evidence regarding security and data sovereignty.

Art. 21(2)(d)

NIS2-related IAM remediation in 3 steps

From MFA rollout to exportable evidence with standards-based integration.

1

Create account

Create tenant and configure MFA policies for passkeys or TOTP.

2

Integrate apps

OIDC integration into existing applications: fast, standardized, without vendor lock-in.

3

Prove compliance

Export audit logs, document MFA enforcement and answer audit requests with confidence.

NIS2 and Tuurio ID - FAQ

Answers for management and IT leaders.

Art. 21(2)(j) explicitly requires multi-factor authentication or continuous authentication, e.g. passkeys and TOTP.
Because affected organizations still need reliable authentication controls, documented processes, and evidence for audits, registration follow-up, and incident response.
Initial tenant setup can start quickly. Full rollout depends on application complexity, approvals, and evidence processes.
Depending on the case, fines up to 10 million EUR or 2% of global annual revenue may apply, plus personal liability risks.
NIS2 typically affects companies with 50+ employees or 10 million EUR revenue in relevant sectors.
Passkeys/TOTP for MFA, exportable audit logs, request tracing and EU hosting cover the central NIS2 IAM requirements.

Close NIS2-related IAM gaps with verifiable controls.

Deploy MFA, audit-ready tracing, and EU-hosted identity workflows without turning legal obligations into blanket promises.

Start NIS2 check now Start for free