The complete path from registration
to full compliance
Six structured stages, each with a clear deadline, defined action, and explicit ZeroLix role.
Identification and Registration
Determine whether the organization qualifies as an Essential or Important Entity. Generate the notification form and submit it to DNSC within 30 days.
Deadline: 30 daysRisk Assessment (ENIRE@RO)
Risk analysis according to the ENIRE methodology. Determine the impact of a potential incident. The document is submitted to DNSC and supports technical investment decisions.
Immediate actionMaturity Self-Assessment
A current view of cybersecurity maturity under Art. 30 of OUG 155/2024. Complete gap analysis to identify exactly which measures are missing against legal requirements.
Report submitted to DNSCImplementation Period
One year to remediate deficiencies. Implement technical measures such as MFA, encryption, and backups, train C-level staff, and secure IT supplier relationships.
Max. 1 yearCybersecurity Audit
External audit by a DNSC-certified auditor. The audit report is submitted to DNSC within 30 days after completion, officially confirming compliance with applicable legislation.
DNSC-certified auditorMaintenance and Recurrence
NIS2 compliance is a continuous process. Essential Entities repeat audits every 2 years. Incidents require 24h early warning and 72h full notification.
2-year cycleReal expertise,
automated process
DNSC-certified auditors.
Proprietary platform.
We combine certified cybersecurity expertise with our own digital tool that automates data collection, entity classification, and report generation. The result: faster audits, more accessible pricing, and complete traceability.
of global annual turnover: the maximum fine for NIS2 non-compliance. Responsibility belongs to management.
Faster than the traditional method
Your team completes questionnaires digitally before the audit. The auditor receives structured data, without email chains or Excel files. We reduce turnaround time by up to 40%.
Your data stays with you
The platform runs on-premise, in infrastructure we control. Sensitive information does not flow into third-party clouds. Security by design.
Complete traceability
Every answer, finding, and verdict is recorded with timestamp and digital signature. The audit report is generated automatically, ready for DNSC submission.
Designed for recurrence
The entity profile stays in the system. At re-audit, you continue from the last state. Essential companies with 2-year audit cycles save significantly compared with starting from zero.
The whole audit process
in one place
From initial NIS2 classification to cybersecurity maturity assessment and final report.
NIS2 classification
Structured questionnaire across 3 sections: size, services provided, and legal data. Automatic classification under OUG 155/2024 and the DNSC V2.2 algorithm.
Maturity assessment
31 controls across 3 domains: Governance (G1-G10), Technical (T1-T14), Incidents & Continuity (I1-I7). Maturity score by domain and overall.
Auditor verdict
The auditor records findings per control, identifies discrepancies against the self-assessment, and issues the final verified classification verdict.
Dedicated client portal
Each entity accesses its own secure portal. It completes questionnaires, tracks progress, and views the results published by the auditor.
Audit effort estimate
Based on entity size and maturity score, the platform automatically estimates the person-days required for the complete audit.
Complete history
All ANAF lookups, questionnaires, and verdicts are stored with timestamps. The foundation for re-audits and long-term proof of compliance.