NIS2 Article 21 requires technical security measures — including control over TLS certificates and PKI. CertControl gives your organisation the register, monitoring, and reporting that supervisory authorities expect.
14-day free trial · Dedicated instance · EU hosted
The NIS2 Directive obliges essential and important entities to implement appropriate and proportionate technical security measures. TLS certificates are central to three of the eight requirement areas.
Organisations must document risks associated with their information systems — including the risk of certificate expiry, weak TLS configuration, and compromised keys. A certificate asset register is the foundation for this analysis.
Systems must be configured and maintained securely throughout their lifecycle. For TLS this means: current certificates, strong cipher suites, correct certificate chains, and timely renewal — all documented and traceable.
The security of suppliers' and service providers' systems is part of the organisation's overall security posture. Monitoring key supplier TLS certificates provides early warning of third-party risks before they become incidents.
NIS2 introduces strict deadlines for reporting significant incidents to national authorities. A certificate expiry causing service unavailability can qualify as a significant incident — and starts the clock.
Without a complete certificate register, it can take hours just to establish whether a certificate expiry is the root cause of an outage — time you do not have under NIS2's reporting requirements. CertControl maintains a continuous audit log of all certificate events, changes, and alerts.
Automatically updated register of all certificates across monitored endpoints — internal and external. Expiry dates, ownership, environment, and associated systems documented and searchable.
Automatic scanning of TLS configuration for weak cipher suites, protocol versions, and certificate issues. Risk score per endpoint with prioritised remediation recommendations.
Configurable alerts up to 90 days before expiry. Email, webhook, and Slack notifications ensure the right people are notified in time — not when the incident has already started.
Executive and operational reports with certificate status, expiry forecasts, and compliance score — ready to download and present to supervisory authorities and management.
Monitoring of key supplier TLS certificates extends your security register to the supply chain — without manual processes that cannot scale with the number of suppliers.
Certificate Transparency monitoring and external scanning discover certificates issued for your domains that IT has not registered — shadow IT certificates that create compliance gaps.
NIS2 compliance report — certificate status, expiry forecast, and audit documentation in one view.
Yes. NIS2 Article 21(2)(h) requires securing the acquisition, development, and maintenance of information systems — including TLS/PKI. Expired or misconfigured certificates count as a technical security weakness under the directive. Supervisory authorities are expected to request documentation of certificate management processes during inspections.
A certificate expiry causing service unavailability, inaccessibility of critical systems, or a data breach can qualify as a significant incident under NIS2. The assessment depends on the criticality of the system and the scope of impact. The definition of "significant incident" is broadly worded — and uncertainty should always lead to reporting.
NIS2 covers essential and important entities across 18 sectors including energy, transport, banking, healthcare, digital infrastructure, and public administration. Generally, organisations with 50 or more employees or annual revenue exceeding €10 million operating in a covered sector are in scope. Member states may apply the directive more broadly to certain categories.
Important entities can be fined up to €7 million or 1.4% of global annual turnover. Essential entities can be fined up to €10 million or 2% of global annual turnover. In addition, senior management can be held personally liable for failures to implement adequate security measures.
Yes. CertControl generates executive and operational reports with complete certificate status, expiry forecasts, compliance scores, and historical incident records. The reports are designed to be presented directly to supervisory authorities or management — downloadable in one click without manual assembly.
Book a walkthrough with our team — we'll show you exactly which NIS2 requirements CertControl covers and what else you need to have in place.
14-day free trial · EU hosted · GDPR aligned
A complete walkthrough of NIS2 requirements for TLS and PKI — from asset inventory to incident reporting.
How third-party certificate failures cascade into your own NIS2 obligations — and how to get visibility before incidents occur.
Keep certificate documentation organised and stay ready for supervisory inspections at any time — not just when the request arrives.