> ## Documentation Index
> Fetch the complete documentation index at: https://docs.abv.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# NIS2 Directive

> Understanding ABV's potential obligations and security alignment with the NIS2 Directive

ABV implements comprehensive cybersecurity measures that align with **EU NIS2 Directive** requirements, though our specific obligations under NIS2 depend on entity classification criteria.

# What is the NIS2 Directive?

The NIS2 Directive (Directive (EU) 2022/2555) is the EU's updated framework for network and information security, strengthening cybersecurity requirements for essential and important entities across the European Union.

<Info>
  NIS2 went into effect in January 2023, with EU member states required to transpose it into national law by October 2024. The directive significantly expands the scope of entities covered and increases penalties for non-compliance.
</Info>

NIS2 requires organizations to implement comprehensive cybersecurity measures including risk management, business continuity, supply chain security, and incident handling. It introduces strict incident reporting timelines (24-hour early warning, 72-hour notification, 1-month final report) and places cybersecurity responsibility at the management level.

# How ABV Aligns with NIS2 Requirements

<AccordionGroup>
  <Accordion title="ISO 27001 Certification" icon="certificate">
    Provides systematic information security management that satisfies many NIS2 requirements. [Learn more](/security/compliance/iso-27001-compliance)
  </Accordion>

  <Accordion title="Risk Management" icon="chart-line">
    Documented cybersecurity risk assessment and treatment processes, reviewed annually as part of ISO 27001 certification.
  </Accordion>

  <Accordion title="Business Continuity" icon="rotate">
    Multi-AZ deployment, encrypted backups, and disaster recovery procedures ensure resilient operations. [Learn more](/security/security/data-regions-availability)
  </Accordion>

  <Accordion title="Incident Handling" icon="bell">
    Customer notification within 24-48 hours for critical incidents with documented response procedures. [Learn more](/security/security/incident-breach)
  </Accordion>

  <Accordion title="Supply Chain Security" icon="link">
    AWS as infrastructure provider with documented security controls and subprocessor transparency.
  </Accordion>

  <Accordion title="Technical Security Measures" icon="shield-check">
    RBAC, MFA, TLS 1.2+ encryption in transit, AES-256 at rest. [Learn more about access controls](/security/security/authentication-authorization) and [encryption](/security/security/encryption)
  </Accordion>

  <Accordion title="Security Testing" icon="vial">
    Annual penetration tests and continuous vulnerability scanning validate security posture. [Learn more](/security/security/penetration-testing)
  </Accordion>
</AccordionGroup>

# How ABV Helps Your NIS2 Compliance

If your organization IS subject to NIS2, ABV provides tools to support your compliance:

## Supporting Your Requirements

* **Incident Detection**: Use ABV to monitor your GenAI systems for anomalies that may indicate security incidents requiring NIS2 reporting.

* **Audit Trail Generation**: Maintain comprehensive logs of your GenAI operations to support incident investigations and regulatory reporting.

* **Flexible Data Processing**: Choose from multiple deployment options:
  * **Standard EU Region** (Ireland) - Immediate availability
  * **Custom Regional Deployments** - Available in most AWS regions including Stockholm, Frankfurt, Paris
  * Keep data within specific member states as required by national authorities
  * [Learn more](/security/security/data-regions-availability)

* **Vendor Risk Management**: Include ABV in your supply chain security assessments using our security documentation.

## For Your Vendor Assessments

When assessing ABV as part of your NIS2 supply chain requirements:

* **Security Certifications**: ISO 27001 and SOC 2 Type II demonstrate our security maturity
* **Incident History**: Available upon request for your risk assessment
* **Data Processing Agreement**: DPA with security commitments and breach notification clauses
* **Subprocessor List**: Transparency about our infrastructure providers (primarily AWS)

# Regional Deployments for NIS2 Entities

<Info>
  **Custom Deployments Available**: For NIS2 essential and important entities requiring specific data residency:

  * **Sweden**: Stockholm (eu-north-1) for Swedish entities
  * **Germany**: Frankfurt (eu-central-1) for German critical infrastructure
  * **France**: Paris (eu-west-3) for French essential services
  * **Other EU Regions**: Most AWS EU regions available upon request

  Custom deployments help meet national CSIRT reporting requirements and supervisory authority preferences.

  Contact [security@abv.dev](mailto:security@abv.dev) for regional deployment options.
</Info>

# Requesting NIS2 Documentation

## Available Documentation

* **Security Controls Mapping**: Shows how our ISO 27001 controls align with NIS2 requirements (regardless of our NIS2 status).

* **Incident Response Procedures**: Our customer notification procedures (note: CSIRT reporting procedures not publicly documented).

* **Risk Management Documentation**: Evidence of systematic risk management (under NDA for Enterprise customers).

## How to Request

<Steps>
  <Step title="Provide Organization Details" icon="building">
    Include company name, ABV account details, whether you're an essential or important entity, and your NIS2 reporting obligations.
  </Step>

  <Step title="Specify Documentation Needs" icon="file-lines">
    Request security documentation for vendor assessment, clarification on ABV's NIS2 status, or specific controls mapping.
  </Step>

  <Step title="Explain Context" icon="message">
    Describe whether this is for vendor risk assessment, incident response planning, or regulatory compliance review.
  </Step>

  <Step title="Submit Request" icon="paper-plane">
    Email [security@abv.dev](mailto:security@abv.dev) from your company email. We typically respond within 1-2 business days.
  </Step>
</Steps>

<Warning>
  If you need confirmation of ABV's NIS2 registration status or CSIRT reporting procedures for your compliance, please explicitly request this information.
</Warning>

# Related Topics

<CardGroup cols={2}>
  <Card title="ISO 27001" icon="certificate" href="/security/compliance/iso-27001-compliance">
    See our security management certification
  </Card>

  <Card title="Incident Response" icon="bell" href="/security/security/incident-breach">
    Learn about our incident handling procedures
  </Card>

  <Card title="Data Regions" icon="globe" href="/security/security/data-regions-availability">
    Choose EU region for data residency
  </Card>

  <Card title="Security Overview" icon="shield" href="/security/overview">
    Explore our complete security program
  </Card>
</CardGroup>
