💡 Fill in your company profile in 2 minutes — it's how NexCyber decides which EU regulations apply to you.

Set up your company profile

Your company profile is the foundation of every assessment. NexCyber uses it to determine which EU regulations apply to your company, what penalties you face, and which obligations to highlight first. Spend 2 minutes here and the rest of the platform becomes dramatically more useful.

Why it matters

EU regulations don't apply uniformly to every company. For example:

• NIS2 kicks in based on your sector and your headcount + turnover thresholds.
• CRA depends on whether you place a product with digital elements on the EU market.
• AI Act depends on whether you provide or deploy an AI system, and at what risk level.
• DORA is specific to the financial sector and its ICT providers.

If your profile is wrong, your applicability analysis is wrong. Take the extra minute.

Where to find it

Go to /profile (top-right menu → "Profile") or /organization for company-level fields. The profile is split into two sections:

1. Personal — your name, role, and contact preferences.
2. Organization — your company information (the part that drives regulation applicability).

Required fields

Legal company name

Use the exact name as it appears on your incorporation certificate or company register entry. If you operate under a trading name, put both: Acme Operations Ltd (trading as Acme).

Country of registration

The EU member state where your company is registered. This affects:

• Which national competent authority oversees you for NIS2
• Which currency your fines are denominated in
• Which CSIRT you report incidents to

Sector

Pick the closest match from the dropdown. The list follows NACE / NIS2 sector codes:

• Energy, Transport, Banking, Financial market infrastructures, Health, Drinking water, Digital infrastructure, ICT service management, Public administration, Space, Postal services, Waste management, Manufacture of medical devices, Manufacture of computer/electronic/optical products, Manufacture of motor vehicles, etc.

If your activity spans multiple sectors, pick the dominant one by revenue. You can mark secondary sectors later.

Company size

• Micro — fewer than 10 employees and ≤ €2M turnover
• Small — fewer than 50 employees and ≤ €10M turnover
• Medium — fewer than 250 employees and ≤ €50M turnover
• Large — 250+ employees or > €50M turnover

This is the EU definition (Recommendation 2003/361/EC). Use whichever ceiling you hit first (headcount or turnover).

Product or service description

One or two sentences. Examples:

• "Cloud-based payroll software for European SMEs."
• "Connected industrial sensors for water utilities."
• "Generative AI chatbot for customer support, sold to mid-market companies."

This helps the platform refine which obligations are likely to matter to you.

Optional fields (recommended)

• VAT number — used for the PDF report header and any audit-ready document.
• Operating member states — beyond your country of registration, where else you place products or have customers.
• Estimated annual turnover — helps refine maximum penalty exposure.

Editing later

Everything in your profile is editable at any time. Changes immediately update:

• Your applicability analysis (re-run assessments to see the new picture).
• The penalty exposure shown on each obligation.
• The Trust Passport metadata.

Privacy

Your company profile is stored on EU-hosted infrastructure (Germany), encrypted at rest, and never shared with third parties for marketing. See our Privacy Policy and DPA for the full detail.

→ Next: invite your team or run your first assessment.

💬 Need help?

• Reach out via our live chat (bottom-right) — Captain AI replies instantly, human experts within business hours.
• Email support@nexcyber.eu with [P1] for Command/Strategic priority issues.

ℹ️ Disclaimer — RICE provides a readiness analysis, not legal advice. Final compliance may require legal review or notified body certification.

Last reviewed: 2026-06-02 · NexCyber Help Center