2025-07-02 by Robert Müller TISAX
The EU’s NIS2 Directive introduces significantly higher cybersecurity requirements across a wide range of sectors. Many organizations are now required to take action to ensure compliance. According to a recent analysis, companies that are already TISAX-assessed are in a strong position: they have established a solid foundation that covers all key aspects of the NIS2 requirements. These organizations have implemented appropriate measures, demonstrated compliance through independent assessment, and committed to maintaining their security posture over time.
TISAX was developed early on by automotive manufacturers in collaboration with their suppliers and partners. Since then, it has become a widely recognized standard for information security assessments. With more than 17,500 assessed sites in over 90 countries—including several thousand in Europe, the Americas, and Asia—TISAX is now one of the most widely used assessment frameworks globally.
Its applicability extends far beyond the automotive sector. TISAX is successfully used in nearly all industries that interact with the automotive industry, including:
The ISA catalog, which forms the basis of TISAX, is designed to be flexible and scalable—making it suitable for organizations of various sizes, business models, and protection needs.
An analysis conducted within ENX's expert working groups examined how well a TISAX assessment based on the ISA6 catalog aligns with the requirements of the NIS2 Directive. The key findings include:
Investments made in TISAX are not only necessary for robust information security but also contribute significantly to NIS2 compliance. Organizations that are already TISAX-assessed—or have aligned their practices accordingly—are well prepared to meet the expectations of the directive, regardless of industry or company size.