NIS2 Article 21 · OT environments · All 27 EU member states

The NIS2 compliance platform built for operational technology

OTensity automates NIS2 compliance for critical infrastructure operators — from the 50-question OT assessment to AI-generated compensating control justifications that regulators actually accept. Access is by invitation only.

Request access → See how it works
EU data residency · Frankfurt
NDA before access
GDPR compliant
IEC 62443 aligned
Invite-only access
app.otensity.com/dashboard
OTensity
▦ Dashboard
✓ OT assessment
⛨ Compensating controls
⚠ Incident reporting
📁 Audit evidence
▤ Benchmark
🏢 Suppliers
🌐 Regulatory config
Dashboard
Engie SA · Energy · NIS2 Article 21 compliance posture
Ask AI ↗
Export audit pack
Overall score
54%
Sector avg 61%
Critical gaps
4
Need controls
Evidence ready
6/10
Art. 21 domains
Days to audit
38
ANSSI · 30 Jun
Governance & risk management
80%
Network security & IT/OT segmentation
30%
Vulnerability & patch management
25%
Incident detection & response
50%
Security awareness & training
85%
Why OTensity

Every other NIS2 tool assumes you have logs. Most OT operators don't.

IT compliance tools expect SIEMs, patchable systems, and structured logs. OT environments have 20-year-old PLCs, unencrypted field protocols, and operators who notice problems by looking at an HMI screen. OTensity was built for that reality.

Compensating control generator
When standard NIS2 controls cannot be implemented due to legacy OT constraints, OTensity auto-generates ENISA-aligned justification documents — the exact evidence ANSSI, BSI, and NCSC-NL auditors ask for.
The feature no other tool has
OT incident reporting wizard
Starts from "operator noticed something wrong on the HMI" — not from SIEM alerts. Guides through the 24h/72h/30-day NIS2 clock and generates pre-filled notifications for your national authority.
Works without logs or SIEM
European OT benchmark
See how your compliance score compares to peer operators in your sector and country — the only benchmark of its kind for European OT operators, built from real assessment data.
Proprietary dataset · Updated monthly
50-question OT assessment
All 10 NIS2 Article 21 domains. Questions calibrated for OT realities — legacy PLCs, unencrypted protocols, air-gapped networks. Not an IT questionnaire with OT written on the cover.
Sector-aware across all 8 OT sectors
📁
One-click audit evidence pack
Everything a regulator asks for — assembled and formatted for your specific national authority. ANSSI, BSI, NCSC-NL, ACN. One button, one package, ready to submit.
Formatted per national authority
🌐
All 27 EU member states
Regulatory config adapts automatically to each jurisdiction — reporting thresholds, CSIRT contacts, registration portals, national authority requirements. Add a country, everything updates.
Accurate transposition tracking · 2026
The differentiator

Regulators accept compensating controls. No other tool generates them.

NIS2 Article 21(3) explicitly allows proportionate compensating measures when standard controls cannot be implemented. For legacy OT — EOL PLCs, unencrypted protocols, systems that cannot be patched — this is the only compliant path.

What OTensity generates — in seconds
NIS2 Compensating Control Justification
ENISA aligned
Gap identified
Legacy Siemens S7-300 PLCs — vendor EOL 2022. Patching requires site shutdown and safety system requalification (18 months, €2.4M).
Compensating controls in place
Network isolation — PLCs on dedicated VLAN, default-deny ruleset, quarterly review
Passive traffic monitoring — baseline established, anomaly alerts configured
Physical access controls — keyed enclosure, access log, CCTV documented
Board-approved migration plan — replacement Q4 2027, signed by DG
ENISA: Compensating Controls for Legacy ICS (2025) · IEC 62443-2-3 · Art. 21(2)(e)
What OTensity replaces
Consultant engagement
€2,000–€5,000 per document · 2-4 week turnaround · Different consultant each time
❌ Expensive · Slow · No audit trail
Manual Word documents
Days of writing · No ENISA references · Not version controlled
❌ Inconsistent · Regulators reject them
IT compliance tools (Vanta, Drata)
Built for IT · No OT questions · No compensating controls · No legacy system awareness
❌ Wrong tool for OT · Fails NIS2 OT requirements
OTensity
Seconds · ENISA aligned · Signed · Version controlled · Regulator accepted
✓ Built for OT · Accepted by ANSSI, BSI, NCSC-NL, ACN
Sectors covered

Built for every OT sector in NIS2 scope.

Assessment questions, compensating controls, and incident templates calibrated for each sector's specific OT environment and legacy system realities.

Energy
DSOs, TSOs, generators, district heating. SCADA, EMS, DMS, substations, RTUs.
💧
Water & wastewater
Municipal utilities, regional water authorities. Legacy PLCs, Modbus RTU, pump SCADA.
🛢
Oil, gas & hydrogen
Pipeline operators, refineries, LNG terminals. DCS, safety systems, Foundation Fieldbus.
🚉
Transport
Rail infrastructure, ports, airports. Legacy signalling SCADA, Siemens rail systems.
🏭
Critical manufacturing
Automotive, pharmaceutical, chemical. PROFIBUS, Siemens S7, Rockwell ControlLogix.
🔌
Digital infrastructure
Data centres, CDN operators, DNS. BMS/HVAC OT, BACnet, facility management.
🏥
Healthcare
Hospital networks, labs, pharma manufacturing. Medical device OT, DICOM, HL7.
🌾
Food production
Large food and beverage manufacturers. Processing line PLCs, Omron, Rockwell.
Regulatory coverage

All 27 EU member states. Accurate as of May 2026.

Regulatory content maintained against official government sources and the European Commission infringement database. Updated when legislation changes.

🇩🇪GermanyActive
🇧🇪BelgiumActive
🇳🇱NetherlandsActive
🇮🇹ItalyActive
🇸🇪SwedenActive
🇵🇱PolandActive
🇦🇹AustriaActive
🇩🇰DenmarkActive
🇫🇮FinlandActive
🇵🇹PortugalActive
🇷🇴RomaniaActive
🇨🇿CzechiaActive
🇭🇷CroatiaActive
🇱🇹LithuaniaActive
🇱🇻LatviaActive
🇪🇪EstoniaActive
🇸🇰SlovakiaActive
🇬🇷GreeceActive
🇭🇺HungaryActive
🇨🇾CyprusActive
🇲🇹MaltaActive
🇫🇷FrancePending
🇪🇸SpainPending
🇮🇪IrelandPending
🇧🇬BulgariaPending
🇸🇮SloveniaPending
🇱🇺LuxembourgPending
Active Enforcement active — audit risk is real now
Pending Transposition in progress — prepare now
Pricing

Simple pricing. 30-day trial. No credit card required.

All plans include every module. Access is by invitation only.

Starter
€299
per month · billed monthly
Small important entities · 1-3 sites · Single country
All 11 compliance modules
AI NIS2 compliance assistant
Compensating control PDF generator
Incident reporting wizard
1 active country · 3 team members
Request access
Professional Most popular
€799
per month · billed monthly
Mid-market essential entities · 4-20 sites · Multi-country
Everything in Starter
Multi-country (unlimited)
Unlimited team members
Regulatory change alerts by email
Benchmark intelligence · Priority support
Request access
Enterprise
€1,500+
per month · custom contract
Large operators · Multi-site · MSSP white-label
Everything in Professional
Dedicated customer success manager
Custom CSIRT notification templates
MSSP white-label option · SLA guarantee
Custom DPA · Onboarding included
Contact us →
MSSP pricing available — €200/month per client organisation. Contact us for MSSP programme →

Ready to pass your NIS2 audit?

OTensity is invite-only. Request access and we will be in touch within 24 hours.

All data stored in EU Frankfurt · GDPR compliant · NDA before assessment access · 30-day trial included