Skip to content
Login to the app
  • There are no suggestions because the search field is empty.

Is CyberPilot NIS2 Compliant?

What customers under NIS2 actually need to know about using CyberPilot as a supplier.

CyberPilot doesn't directly fall under the scope of NIS2

CyberPilot is not itself subject to NIS2. The directive applies to organizations in specific critical sectors (such as energy, transport, healthcare, and financial infrastructure). As a software provider, CyberPilot does not fall under those categories and is therefore not directly regulated by NIS2.

That said, if you fall under NIS2, you have to take responsibility for supply chain security, too. 

 

NIS2 and supply chain security

NIS2 requires organizations to assess and manage the security of their suppliers and service providers. If you are under NIS2, your auditors or management may ask you to document that the software tools you use are handled responsibly and securely.

 

How CyberPilot supports your supply chain security requirements

Here is what we have in place that is relevant for your NIS2 supply chain documentation:

 

ISAE 3402 Type 2 Assurance Report We are audited every year by an independent auditor against the ISO27001 standard. This means our internal security controls are not just documented but tested and verified. You can download our latest report here:

Our ISAE 3402 Type 2 Assurance Report (2025)

 

Data Processing Agreement (DPA) We provide a Data Processing Agreement that clearly defines how we handle your data, what we process on your behalf, and your rights as a data controller.

Read more about our DPA

 

Transparent data handling We document exactly what data we collect, where it is stored, and how it is protected.

Read about data handling on the CyberPilot platform

 

Responsible use of AI If your compliance requirements extend to how AI is used in the tools you rely on, we document our approach and the safeguards we have in place.

Read about how CyberPilot uses AI

 

How to document CyberPilot as a supplier in your NIS2 work

If your organization needs to demonstrate supplier security as part of your NIS2 compliance, we recommend the following:

  1. Download our ISAE 3402 Type 2 report and include it in your supplier documentation

  2. Sign and store our Data Processing Agreement

  3. Reference our data handling page as evidence that the supplier's security practices have been reviewed

If your auditor or internal compliance team has specific questions we have not covered, you are welcome to reach out to us at support@cyberpilot.io.

 

Note: This article covers CyberPilot as a supplier in relation to NIS2.

If you are looking for how CyberPilot can help your organization meet its own NIS2 training requirements, see How CyberPilot Can Help You With NIS2.