NIS2, GDPR & ISO 27001 compliance, made simple
NIS2YOU is the GRC tool built for tech SMEs and freelancers without a full-time CISO. Build your risk register in a weekend, prove your compliance with one PDF.
No credit card · Free for early users · Data hosted in Europe
NIS2 applies to you. But you don't have the time or budget for a consultant.
Since October 2024, NIS2 applies to essential and important entities across Europe. For most tech SMEs that means:
- Maintain an up-to-date, provable risk register that an auditor can read
- Document your technical and organisational controls
- Notify the competent authority within 24h when an incident hits
- Prove at least an annual review
All of this without any existing tool actually being built for you: too expensive, too complex, or yet another spreadsheet that goes stale in two months.
A living risk register that keeps itself up to date
Built for you
Plain language, real examples for tech SMEs, in-app help. No consultant jargon.
Trilingual from day one
EN, FR, NL. Pick the language for your team — your reports come out in the right one.
Auditable by default
Every change tracked: who, when, old value, new value. One-click PDF export for your auditors.
Smart notifications
Overdue plans, upcoming reviews, critical incidents — we tell you before you forget.
From zero to compliant in 4 weeks
Inventory your assets
List the 10-30 things your business cannot live without: business apps, servers, customer data, key suppliers.
Identify your risks
Cyber, operational, compliance, HR... Score probability × impact. Our heatmap helps you prioritise.
Document your controls
You already do MFA, backups, encryption? Document them and link them to the risks they cover.
Export your compliance
Audit-ready risk register PDF, complete audit log, scheduled reviews.
Everything you need, nothing you don't
Asset inventory
7 categories, 1-5 criticality, multi-criteria search.
Risk register
5×5 heatmap, inherent / residual scoring, lifecycle states.
Controls
4 types (preventive / detective / corrective / compensating), design + operating effectiveness.
Action plans
Assignment, due dates, segregation of duties (Completed / Verified), evidence.
Scheduled reviews
Automatic notifications, every decision tracked.
Incidents
NIS2 24h / 72h / 1 month deadlines surfaced. Auto-linking to relevant risks.
Full audit trail
Who changed what, when. Filterable, exportable.
Team and roles
5 levels (Owner / Admin / Risk Manager / Contributor / Auditor) with email invitations.
PDF export
Auditor-ready register, one click, in the language of your choice.
Built for tech SMEs and freelancers
Studios & consultancies (5-100 people)
You build for clients in scope of NIS2. Be ready before they ask.
Tech freelancers
Outsourced DPO, freelance dev/sec: structure your client engagements without starting from scratch.
Small security teams
1-3 people, no enterprise GRC budget. NIS2YOU gives you 80% of the value for 5% of the price.
Not a fit if:
- × You're looking for a pentest, vuln scanner or SIEM (other tools exist and are better)
- × You're a large enterprise with a mature GRC programme (ServiceNow / Archer territory)
- × You want automated evidence collection from your systems (V2 on the roadmap)
Free during early access
No card required. Unlimited, no time limit for early users — public pricing will be announced later.
Every feature, no limits, for early adopters.
- Unlimited users
- Full risk register
- PDF export
- All frameworks (NIS2, GDPR, ISO 27001)
For growing SMEs that formalise their security.
- Unlimited users
- Email notifications
- Extended history (7 years)
- Priority support
For organisations with specific needs.
- SSO / SAML
- Dedicated API
- Contractual SLA
- On-prem possible
Ready to see for yourself?
Create your account in 30 seconds. No credit card. Your data stays in Europe.