Your IT system, automatically mapped
Uncia plugs into your CMDB, IaC and monitoring to rebuild the application and flow map in days. Kept up to date continuously.
NIS2 directive · In force
NIS2 compliant without consultancy.
Get the checklist of the 10 ANSSI ReCyF objectives covered by Uncia. No spreadsheets, no 6-month project.
Prefer to see Uncia in action? Schedule a 30-min demo →
ISO 27001 compliant · Hosted in France · No commitment
10 NIS2 obligations covered
The ANSSI ReCyF framework is built in. Gaps are detected in real time and the audit report is exportable in one click.
Incident report pre-filled in 24h
When an incident hits, you identify affected applications in a few clicks and generate a regulator-ready notification within the 24h / 72h window.
The regulatory stake
NIS2 is in force. Regulator audits have started.
160k+
EU entities concerned
18 critical sectors, from 50 employees or €10M revenue.
24h / 72h
to notify an incident
Early warning 24h, full notification 72h.
€10M
maximum fine
Or 2% of global revenue. Personal liability for executives.
Technical proof
The 10 ReCyF objectives Uncia covers
Synthesis of the ANSSI Cybersecurity Reference Framework objectives directly addressed by the platform.
N° 01
IT system inventory
List activities, services and supporting IT systems.
Uncia: Auto inventory from your tools.
N° 02
Governance and ISP
Run a compliance gap analysis, track an action plan.
Uncia: Compliance dashboard, exportable plan.
N° 03
Ecosystem control
Trace third parties and their access.
Uncia: Map of third parties and their flows.
N° 05
IT system mastery
Components, owners, dependencies.
Uncia: Application map by criticality.
N° 07
Architecture security
Segmentation, zoning, defence in depth.
Uncia: Auto-documented zoning, gaps detected.
N° 12
Incident response
Notify the regulator within 24h / 72h.
Uncia: Impact view, regulator template pre-filled.
N° 13
Business continuity
Critical IT systems, dependencies, tested recovery.
Uncia: Dependency tree, impact scenarios.
N° 16
Risk-based approach
Risk analysis per critical IT system.
Uncia: Per-asset criticality, feeds EBIOS RM.
N° 17
Security audit
Regular audits, recommendations tracked.
Uncia: Continuous audit, one-click reports.
N° 20
Security monitoring
Centralise security events.
Uncia: Unified view, SOC and SIEM integration.
Source: France's Cybersecurity Reference Framework (ReCyF v2.5, ANSSI).
Rather than running a six-month audit project with a consulting firm, we built our practices around Uncia. The platform taps into our existing sources, the NIS2 file is produced continuously. The audit has become a formality.
CISO, 1,200-person industrial mid-market
Frequently asked questions
Everything a CISO wants to know about NIS2
What is the NIS2 directive and who is concerned?
NIS2 is the EU directive 2022/2555 on cybersecurity, transposed into French law in 2024. It covers around 160,000 entities across the EU in 18 critical sectors (energy, transport, health, digital, etc.), from 50 employees or €10M revenue. Obligations span governance, risk management, IT system security and incident reporting.
What are the NIS2 incident reporting deadlines?
Three milestones: early warning within 24h of detection, incident notification within 72h with an initial impact assessment, final report within 1 month. Without an up-to-date IT system map these deadlines are nearly impossible to meet manually.
What is the financial risk of NIS2 non-compliance?
Essential entities face fines up to €10M or 2% of global revenue, whichever is higher. Important entities: €7M or 1.4% of revenue. The directive also introduces personal liability for executives.
How does Uncia cover the 10 ANSSI ReCyF objectives?
Uncia natively integrates France's Cybersecurity Reference Framework. The platform leverages your existing sources (CMDB, IaC, monitoring) to produce and keep up to date your application map, flows, architecture documentation and compliance score per objective. Gaps are detected in real time.
How long to be NIS2 compliant with Uncia?
Initial deployment takes 1 to 2 weeks (source connection, ingestion, first audit). You get a compliance state per objective from week one. The identified gaps then feed a prioritised action plan that you follow continuously, without a dedicated audit project.
Do I need a consulting firm to roll out Uncia?
No. Uncia is designed to be operational without a consulting firm. Onboarding is guided, frameworks (ReCyF, ISO 27001) are pre-loaded. Our team supports the deployment and the CISO / CIO onboarding. You skip the traditional audit project.
Ready to face a NIS2 audit with confidence?
30 min to see Uncia cover your 10 critical obligations.