A tool by nisd2.eu

Supplier portal by nisd2.eu

Answer the security questionnaire once. Share with every customer.

One canonical supplier questionnaire, structured by ENISA NIS 2 Technical Implementation Guidance v1.0. Every question cites CIR 2024/2690, BSIG §30 or BSI IT-Grundschutz. Free. Open source. Your data stays portable.

Structured by ENISA NIS 2 TIG v1.0 §5
Create supplier profileWhat is in the questionnaire?

How it works.

Three steps, from first sign-in to first customer invite.

1. Create a profile
Sign in with Google. Enter company name and primary domain. Two minutes.
2. Answer the questionnaire
Identity, contract clauses, cybersecurity measures, technical details. At your own pace. Draft auto-saves.
3. Invite customers
Each invited customer gets a private magic link. No public profile, no search-engine indexing.

What is in the questionnaire.

Ten sections, each citing the underlying paragraph of ENISA TIG, CIR 2024/2690 or BSI IT-Grundschutz.

  • Identity (CIR §5.2 / ENISA TIG §5.2 supplier register)
  • Incident contact (customer-facing)
  • Service type
  • Mandatory contract clauses (CIR / ENISA TIG §5.1.4)
  • Cybersecurity measures (NIS 2 Art. 21(2) / ENISA TIG §5.1.2)
  • Additional contract clauses (ENISA TIG §5.1.4 TIPS)
  • SaaS technical
  • On-prem software technical
  • Professional services, details
  • Managed services, details

The full schema is public on GitHub and exportable as JSON.

Sample questions.

Three questions from the questionnaire, with the help text suppliers see while filling them in.

Legal name

Your company's registered name, as it appears in the commercial register. Example: Müller GmbH or Acme Software Ltd.

ENISA TIG §5.2

Documented Information Security Management System (ISMS)

Tick yes if you have a written information security policy with assigned roles, regular reviews, and documented incident handling. ISO 27001 or BSI Grundschutz certification implies yes.

CIR 2024/2690 §5.1.2(a)

We use, integrate or provide AI systems

Do your products or services process customer data through an AI or ML model? Includes external models you call through an API, for example OpenAI or Anthropic.

NIS2 Art. 21(2)(d)

Out of 59 questions total.

We welcome current industry initiatives to develop a unified questionnaire catalogue for suppliers."

BSI NIS-2 FAQ (supply chain and security).

This supplier portal IS that industry initiative. A privately built, unified questionnaire catalogue, structured by the canonical EU taxonomy (ENISA TIG §5) so every NIS 2 regulated entity can satisfy CIR §5.1.4 from a single source.

Bilateral and private.

Built in Germany, hosted in the EU, aligned with BSI Grundschutz. Your data is shared only with customers you explicitly invite. No public URL, no search-engine indexing.

Start in two minutes.

Sign in with Google. Enter company name and primary domain. Fill the questionnaire at your own pace. When you are ready, invite your customers.

Create supplier profile

Continue on nisd2.eu.

This tool is part of the nisd2.eu ecosystem. The rest lives here.

NIS 2 supplier portal

Same function, positioned from the NIS 2 perspective: for managing bodies implementing §30 BSIG.

Open questionnaire schema

The full JSON schema with source citations, free to reuse.

Guided NIS 2 implementation

If you want help on full implementation: 500 euro per month, no lock-in.

Open source

Full source on GitHub under AGPL-3.0.