DMARCPulse
Get started — free
All posts NIS2 Compliance Report at the Click of a Button

NIS2 Compliance Report at the Click of a Button

DMARCPulse Team

NIS2 is live — and so is the pressure to prove it

Since NIS2 was transposed into national law, IT teams across Europe have been wrestling with a practical question: how do you actually demonstrate to management, an auditor, or a supervisory authority that your email infrastructure meets the requirements? Technical knowledge alone is not enough. You need a dated, reproducible record — ideally generated on demand.

That is exactly why we built the NIS2 Report into DMARCPulse.

What the report covers

The NIS2 Report is a dated PDF or HTML document that pulls together two areas:

Current configuration status for every monitored domain:

  • SPF record present and valid?
  • DKIM signatures active?
  • DMARC policy (p=, sp=, np=) — and is it enforcing (quarantine or reject)?
  • MTA-STS mode (enforce, testing, or missing)?
  • TLS-RPT record configured?
  • DNSSEC enabled?
  • BIMI record present?

DMARC and TLS-RPT metrics for the last 30 or 90 days: how many messages were authenticated, how many failed, and which sources are sending on behalf of the domain?

The output is not a screenshot. It is a structured document with a timestamp — suitable for internal audits, external reviewers, and your own documentation obligations.

Why this matters for NIS2

NIS2 requires affected entities to demonstrate technical measures for securing communications. Email is not a side issue here: phishing and business email compromise are among the most common attack vectors the directive addresses.

The relevant technical controls are well established:

  • SPF limits which servers are allowed to send mail on behalf of a domain.
  • DKIM ensures messages have not been tampered with in transit.
  • DMARC ties both together and gives receivers a clear instruction — but only if the policy is set to quarantine or reject.
  • MTA-STS enforces encrypted transport between mail servers.
  • TLS-RPT delivers reports on failed TLS connections.

A p=none policy is monitoring, not protection. If you want to be NIS2-compliant, you need to go further.

The problem with manual evidence

Until now, the process was awkward: check DNS records manually, dig DMARC aggregate reports out of a mailbox, copy results into a spreadsheet, add a date, export as PDF. That takes time, introduces errors, and is hard to repeat consistently.

For MSPs managing multiple clients, the problem multiplies. For internal IT teams that report quarterly, the same applies.

Generate a report, not a scavenger hunt

With the NIS2 Report in DMARCPulse, that manual effort disappears. The report is generated directly from the platform’s live data — no copy-paste, no manual consolidation. The timestamp is set automatically.

In practice, that means:

  • Before an audit: generate the report, done.
  • After a configuration change: create a before-and-after comparison using two reports with different dates.
  • For client reporting: one report per domain, bundled and delivered.

The report is not a substitute for a full NIS2 compliance review — email security is one piece of a larger puzzle. But it makes that piece transparent, traceable, and documentable.

Who benefits

IT decision-makers at affected organisations can show management and supervisory authorities that email security controls are not just in place but actively monitored.

MSPs can deliver regular compliance snapshots to clients — as part of monthly reporting or on request.

Security leads get a structured basis for internal risk reports and can document improvements over time.

Try it now

The NIS2 Report is available in DMARCPulse today. If you are not sure how your domains are currently configured, start with the free domain check — it shows you in seconds whether SPF, DKIM, DMARC, MTA-STS, and the rest are set up correctly.

Run your free domain check at dmarcpulse.io