NIS2 Art.27.1: Entity Registration with National Authorities
What This Control Requires
Member States shall require the entities referred to in paragraph 2 to submit the following information to the competent authorities by the deadline specified: the name of the entity; the relevant sector, subsector and type of entity; the address of the entity's main establishment and its other legal establishments in the Union; up-to-date contact details; the IP address ranges and registration of the entity's domain names.
In Plain Language
Before anything else, NIS2 needs to know who you are. If your organisation falls within scope, you must register with your national competent authority by providing basic identifying information. This is the administrative foundation that allows regulators to maintain oversight of all regulated entities in their jurisdiction. The registration covers organisational basics (name, address, sector classification), contact details for cybersecurity communications, and technical information like your IP address ranges and domain names. Authorities use this technical data to map the digital footprint of regulated entities and to support security scanning and incident attribution. First you need to work out whether NIS2 applies to you at all, based on the sector definitions in Annexes I and II and the size thresholds. If it does, register before the national deadline and keep the information updated whenever anything changes.
How to Implement
Run a scoping assessment first. Review the sector definitions in Annexes I (essential entities) and II (important entities), apply the size thresholds (generally medium and large enterprises, with some exceptions), and check whether any national implementation provisions affect your classification. Pull together the required registration data: legal entity name and registration details, your sector, subsector, and entity type classification, addresses of your main establishment and any other EU establishments, contact details for cybersecurity communications (email, phone, designated contact persons), all IP address ranges used by the organisation, and your domain name registrations. Submit through whatever mechanism your national competent authority has set up - typically an online portal or structured form. Make sure you hit the national deadline. Put a process in place to keep the registration current. Define what triggers an update: changes to legal entity details, new contact information, acquisition of new IP ranges or domains, changes to your sector classification, or any expansion or reduction of EU establishments. Assign a specific person - your compliance officer or IT governance lead - to own the registration. Set calendar reminders for periodic review even if nothing has changed. Keep records of the initial registration and all subsequent updates. If an auditor asks to see your registration history, you want it readily available. For organisations operating across multiple Member States, determine your primary jurisdiction for NIS2 and understand any additional registration requirements elsewhere.
Evidence Your Auditor Will Request
- NIS2 scoping assessment documenting entity classification
- Registration submission confirmation from the competent authority
- Current registration information on file
- Process for maintaining and updating registration details
- Records of any registration updates submitted
Common Mistakes
- Organisation has not assessed whether it falls within NIS2 scope
- Registration submitted with inaccurate or incomplete information
- IP address ranges and domain names not comprehensively documented
- No process for updating registration when information changes
- Multi-jurisdictional registration obligations not identified or addressed
Related Controls Across Frameworks
Frequently Asked Questions
What happens if we do not register?
How do we determine if we are an essential or important entity?
Track NIS2 compliance in one place
AuditFront helps you manage every NIS2 control, collect evidence, and stay audit-ready.
Start Free Assessment