πŸ›‘οΈ EU Digital Resilience Toolkit

NIS2 Gold Standard Assessment 2026

Privacy-first | 100% NIS2/DORA/ISO 27001 Coverage | Audit-ready

πŸ›‘οΈ Comprehensive NIS2 & DORA Compliance Assessment

Valuta la tua postura di resilienza digitale e identifica i gap normativi in modo interattivo

βœ…
100% Privacy
Zero data collection
⚑
Real-Time
Feedback immediato
πŸ“Š
Report Completi
Export TXT/CSV/PDF
🎯
Best Practice
Consigli actionable

βœ… Privacy-First

All data stays in your browser. No data is collected or stored on any server.

βœ… Actionable

Get specific, prioritized recommendations based on your responses.

βœ… Audit-Ready

Generate professional reports for compliance documentation.

βœ… Comprehensive

Covers 6 critical areas with 130-point scoring system (NIS2, DORA, GDPR, AI Act, CRA, ISO 27001, NIST CSF, Physical Security).

πŸ†• PDF Reports

Professional PDF reports with executive summary, compliance graphs, and risk matrices ready for Board presentations.

πŸ†• Remediation Plans

Automated action plans with priorities, timelines, budget estimates, and responsibility assignments.

🎯 6 Assessment Areas - NIS2 Gold Standard 2026 (130pt)

✨ Assessment Introduttivo Automatico - Best practice per ogni risposta

1️⃣ Governance & Legal

  • Board approval & CdA
  • Model 231 updates
  • CISO/DPO/AI Officer
  • Executive training
  • πŸ†• ISO 27001 SGSI
  • πŸ†• NIST CSF 2.0 mapping
  • πŸ†• Security policies catalog
  • πŸ†• Employee training (all staff)

Max Score: 29 pts

2️⃣ Risk & Asset Management

  • Unified inventory
  • AI classification
  • DPIA & SBOM
  • Risk assessments
  • πŸ†• Key personnel inventory
  • πŸ†• Continuous improvement (PDCA)

Max Score: 19 pts

3️⃣ Supply Chain Security

  • ICT supplier register
  • Contract clauses 2026
  • Certifications
  • Concentration risk
  • πŸ†• Exit management (offboarding)
  • πŸ†• Shadow IT control (CASB)
  • πŸ†• BYOD & IoT policy (MDM)

Max Score: 22 pts

4️⃣ Incident Response

  • 24h CSIRT notification
  • 72h GDPR breach
  • Crisis communication
  • Simulation exercises
  • πŸ†• Digital Forensics capability

Max Score: 18 pts

5️⃣ Technical + Physical Security

  • MFA & Zero Trust
  • Encryption at rest/transit
  • Vulnerability mgmt
  • πŸ†• Patch management SLA
  • Immutable backups
  • πŸ†• Physical security (badge/biometria)
  • πŸ†• Environmental controls (UPS/fire)
  • πŸ”₯ Business Continuity RTO (KILLER)

Max Score: 27 pts

6️⃣ AI & Ethics

  • AI transparency
  • Bias testing
  • Human oversight
  • Conformity assessment

Max Score: 15 pts

πŸ“Š Risk Classification

🟒 LOW RISK

Score: β‰₯111/130 points (β‰₯85%)

Strong compliance posture with minimal gaps. Organization demonstrates mature security controls and governance processes.

🟑 MEDIUM RISK

Score: 85-110/130 points (65-84%)

Moderate compliance gaps that require attention. Some controls in place but improvements needed.

πŸ”΄ HIGH RISK

Score: <85/130 points (<65%)

Significant compliance gaps requiring immediate action. Critical controls missing or inadequate.

Takes approximately 10-15 minutes to complete

About This Tool

The EU Digital Resilience Toolkit is an open-source project designed to help organizations prepare for the comprehensive EU regulatory landscape of 2026.

Key Features

  • πŸ”’ 100% client-side processing - your data never leaves your browser
  • 🎯 Comprehensive 6-area Master Check-list (130 points) covering NIS2, DORA, GDPR, AI Act, CRA, ISO 27001, NIST CSF
  • ⚑ Real-time feedback con best practice per OGNI risposta - sostituisce consulenti umani
  • πŸ“Š Instant scoring and prioritized recommendations with specific regulatory article references
  • πŸ“„ Exportable reports in multiple formats (TXT, CSV, **PDF Professionale**)
  • 🎯 **Remediation Plan Generator** - piano d'azione automatico con prioritΓ , timeline, budget, responsabilitΓ 
  • βœ… Policy/Implementation/Evidence verification approach for audit rigor
  • πŸ”₯ Include "killer questions" su Business Continuity RTO effettivo
  • πŸ’Ό **Enterprise-grade PDF reports** con grafici, executive summary, matrice di rischio

Covered Regulations & Standards

  • πŸ” NIS2 Directive: Cybersecurity for essential & important entities
  • 🏦 DORA: Digital Operational Resilience for financial sector
  • πŸ›‘οΈ GDPR: Data protection and privacy compliance
  • πŸ€– AI Act: Artificial Intelligence governance and ethical AI
  • βš™οΈ Cyber Resilience Act: Security requirements for digital products
  • βš–οΈ D.Lgs. 231/2001: Organizational Model for corporate liability
  • πŸ†• ISO 27001:2022: Information Security Management System (SGSI)
  • πŸ†• NIST CSF 2.0: Cybersecurity Framework (6 functions)

6 Assessment Areas

  • 1️⃣ Governance & Legal: Board accountability, Model 231, role assignments (CISO/DPO/AI Officer)
  • 2️⃣ Risk & Asset Management: Unified inventory, AI classification, DPIA, SBOM
  • 3️⃣ Supply Chain: ICT supplier register, contract clauses 2026, certifications
  • 4️⃣ Incident Response: Multi-channel notifications (24h CSIRT, 2-4h ESA, 72h Garante)
  • 5️⃣ Technical Measures: MFA, Zero Trust, encryption, vulnerability mgmt, immutable backups
  • 6️⃣ AI & Ethics: Transparency, data quality, human oversight, conformity assessment

Use Cases

  • 🏦 Pre-audit preparation for financial institutions
  • 🀝 Vendor risk assessment
  • πŸ“Š Board-level compliance reporting
  • πŸ’Ό Compliance consulting and gap analysis
  • πŸ“ˆ Continuous improvement tracking towards 2026 deadlines

Disclaimer

This assessment is a readiness and risk evaluation tool. It does not constitute legal advice. Organizations should consult legal counsel for compliance strategy.

πŸ“š View on GitHub πŸ› Report Issues