nis2-compliance-mcp 1.2.10

NIS2 Directive (EU 2022/2555) compliance for AI agents. 10 Article 21 risk-management measures audit, Article 23 incident classification, Article 20 management-body accountability. For the 18 essential/important entity sectors. By MEOK AI Labs.

NIS2 Compliance MCP

NIS2 Directive (EU 2022/2555) Compliance — Entity Classification, Risk Management, Incident Reporting

Overview

Automated compliance with the NIS2 Directive (EU 2022/2555), the EU's updated cybersecurity framework. Classify entities, audit Article 21 risk-management measures, classify incidents under Article 23, and manage the Register of Information.

🆕 Quote verbatim NIS2 text in any audit

Install our sister MCP and pipe it through your agent for auditor-defensible quotes:

pip install eu-ai-act-compliance-mcp  # 1.5.1+

# In your Claude / OpenAI tool-use agent:
search_regulation(query="incident reporting", regulation="nis2", limit=3)
get_article_text(regulation="nis2", article_number=17)

Returns verbatim NIS2 text from publications.europa.eu Cellar (SPARQL-synced daily) with a canonical EUR-Lex deep link on every snippet — drop straight into audit evidence packs.

---

Tools

Tool	Description	Parameters
classify_entity	Classify entity type (essential/important) and sector	entity_description, sector, size
audit_risk_management	Audit Article 21 risk-management measures	measures, entity_type
classify_incident	Classify an incident per Article 23 criteria	incident_type, impact, entities_affected
generate_register_entry	Generate Register of Information entry	entity_name, sector, measures
check_supply_chain	Assess supply chain security requirements	suppliers, critical_services
reporting_timeline	Get incident reporting deadlines by severity	severity, entity_type
gap_analysis	Full NIS2 compliance gap analysis	current_state, sector, entity_type

Installation

pip install mcp

Claude Desktop

{
  "mcpServers": {
    "nis2-compliance": {
      "command": "python",
      "args": ["path/to/server.py"]
    }
  }
}

Cursor / VS Code / Windsurf

{
  "mcpServers": {
    "nis2-compliance": {
      "command": "python",
      "args": ["path/to/server.py"]
    }
  }
}

Usage Examples

<<<<<<< Updated upstream MIT © MEOK AI Labs

Sister MCPs

Part of the MEOK Governance pack — designed to work together as a fleet. Install the whole pack with npx meok-setup --pack governance, or pick the ones you need:

• EU AI Act → uvx eu-ai-act-compliance-mcp · PyPI · GitHub
• DORA → uvx dora-compliance-mcp · PyPI · GitHub
• Cyber Resilience Act → uvx cra-compliance-mcp · PyPI · GitHub
• AI Bill of Materials → uvx ai-bom-mcp · PyPI · GitHub
• AI Incident Reporting → uvx ai-incident-reporting-mcp · PyPI · GitHub
• DORA × NIS2 Crosswalk → uvx dora-nis2-crosswalk-mcp · PyPI · GitHub

Full catalogue + Anthropic Registry verify links: meok.ai/anthropic-registry

Protocol coverage + Universal PAYG

This MCP is part of MEOK's 47-MCP fleet that bridges every active agent-interop protocol and 30+ regulatory frameworks. See the full coverage matrix at meok.ai/protocols.

Agent interop protocols supported (8 live):

• ✅ MCP (Anthropic) — native
• ✅ A2A (Google + Linux Foundation, absorbed IBM ACP Sept 2025)
• ✅ IBM ACP — covered via A2A merge
• ◐ Stripe ACP (Agentic Commerce Protocol) — Q3 bridge via agent-commerce-protocol-mcp
• ◐ AP2 (Google Agent Payments) — partial via agent-commerce-payments-mcp
• ◐ x402 (Coinbase HTTP 402) — partial via api.meok.ai gateway
• → OASF / AGNTCY (Cisco Outshift + Linux Foundation) — Q3 bridge
• 👁 ANP (Cisco Agent Network) — watch-list

Pricing options:

Option	Price	Best for
Self-host (this MCP)	£0 — MIT	Devs
This MCP Starter	£29/mo	One-MCP teams
This MCP Pro	£79/mo	Production + 24h SLA
Universal PAYG	£29/mo + £0.0002/call	Spiky usage across many MCPs
Substrate bundle (this category)	£99-£499/mo	A whole pack
MEOK Universe	£1,499/mo	All 47 MCPs, 500K calls

Each tier above the free self-host adds HMAC-signed attestations verifiable at verify.meok.ai. Linux Foundation governance on the A2A spine means EU regulated buyers can deploy without vendor-lock-in objections.

=======

Classify an entity

{
  "entity_description": "Cloud service provider offering SaaS to 500+ healthcare organizations across EU",
  "sector": "digital_infrastructure",
  "size": "large"
}

Audit risk management measures

{
  "measures": ["basic firewall", "quarterly backups", "no encryption"],
  "entity_type": "essential"
}

Pricing

• Free: 10 classifications/day
• Pro: $99/mo — unlimited audits + reports
• Enterprise: $499/mo — full audit trail + supply chain analysis

---

Built by MEOK AI Labs | meok.ai

Stashed changes

Wire it up — full stack

Pair this with the MEOK chain that turns one agent action into ONE signed compliance event:

1. bft-progress-council-mcp — anti-loop guardrail
2. agent-token-budget-mcp — hard spend cap
3. agent-prompt-injection-firewall-mcp — OWASP LLM01 scan
4. agent-audit-logger-mcp — hash-chained evidence
5. a2a-governance-bridge-mcp — fold N attestations → 1 signed event
6. agent-incident-relay-mcp — broadcast incidents to 5 regimes simultaneously

See meok.ai/mcp-stack for the full architecture and meok.ai/mcp-stack/demo for the live in-browser demo.