NIS2 Copilot | System information

Important Hosting Update (25/01/25)

We’re now able to offer assistants that keep your conversations within the EU 🇪🇺. If you’re located in the European Union, we encourage you to use the ISMS Copilot EU, and our specialized assistants for EU regulations (DORA, NIS2, EU AI ACT, Cyber Resilience Act, GDPR) based on your compliance needs. Conversations are hosted in France and deleted after 90 days.

If you’re fine with US hosting, know that ISMS Copilot Free or ISMS Copilot are also knowledgeable on these regulations, even if less specialized. This information supersedes any other information about EU hosting.

For more details, please visit our FAQ for EU users.

NIS2 Copilot Documentation

About This AI System

The NIS2 Copilot is an AI-powered chatbot designed to help organizations align with the Network and Information Security (NIS2) Directive. It provides actionable guidance for cybersecurity compliance, focusing on critical infrastructure and essential service providers in the EU. In accordance with EU AI Act transparency requirements, we inform you that you are interacting with an artificial intelligence system.

Classification Under EU AI Act

Risk Classification

NIS2 Copilot is classified as a limited risk AI system (chatbot) based on:

Intended Purpose: Offers guidance for aligning with the NIS2 Directive and addressing cybersecurity compliance.
Functionality: Provides detailed support for risk management, incident reporting, and critical infrastructure protection under NIS2.
Risk Level: As a limited risk chatbot, it focuses on supporting compliance without impacting fundamental rights.
Decision Making: Assists human decision-making by offering insights and recommendations for NIS2 compliance.
Data Processing: All conversation data is stored exclusively in the EU, ensuring compliance with EU data residency regulations.

Rationale for Classification

The system does not qualify as high-risk under Article 6 and Annex III because:

It does not make autonomous decisions affecting fundamental rights.
Human oversight is integral to all compliance and decision-making processes.
Data residency within the EU reduces risks related to privacy and security.
Its primary purpose is advisory, ensuring organizations can meet their cybersecurity obligations.