Skip to main content
NIS2 Manager LogoNIS2 Manager
Back to blog
How-ToFeatured

Complete guide: DNSC registration step by step

Everything you need to know about DNSC registration: required documents, Registration Form, Annex 1, Annex 2, completion process, and common mistakes to avoid.

Diana Petrescu
Product at NIS2 Manager, BetterQA
8 min read

Introduction

DNSC (National Cybersecurity Directorate) registration is the first concrete step toward NIS2 compliance. This guide will walk you through the registration process step by step, including required documents and how to prepare.

What is NIS2 Manager?

NIS2 Manager is the platform that helps you prepare for DNSC registration:

  • Automatic NIS2 eligibility verification
  • Self-assessment on all 140 NIST CSF controls
  • Automatic generation of required documents (Form, Annex 1, Annex 2)
  • AI assistant for questions and policy generation

Documents Required for Registration

1. Registration Form

Mandatory information:

  • Identification data (Tax ID, name, address)
  • Business sectors according to Annexes I and II
  • Services provided and member states where you operate
  • Number of employees and financial data
  • Contact person for cybersecurity
  • Data about the group you belong to (if applicable)

2. Annex 1 - Service Impact Analysis

This annex assesses the potential impact of incidents:

Section A - Service identification:

  • List of services provided
  • Number of users/customers
  • Geographic coverage area

Section B - Impact assessment:

  • Impact on public safety
  • Economic impact (estimated losses)
  • Operational impact (acceptable disruption duration)
  • Reputational impact

Section C - Dependencies:

  • Critical suppliers
  • Essential IT infrastructure
  • External services you depend on

3. Annex 2 - Risk Level Assessment

This annex calculates the organization's risk level:

Section A - Threat identification:

  • Cyber threats relevant to the sector
  • Incident history
  • Industry trends

Section B - Vulnerability assessment:

  • Current state of security controls
  • Identified gaps
  • Remediation plans

Section C - Risk calculation:

  • Probability x impact matrix
  • Overall risk level (low/medium/high/critical)
  • Planned mitigation measures

Step-by-Step Process

Step 1: Eligibility Verification

Before registration, confirm that the organization:

  • Operates in regulated sectors (Annex I or II)
  • Exceeds size thresholds
  • Is not exempt by other regulations (e.g., DORA-only for banks)

Step 2: Information Preparation

Collect in advance:

  • Company legal data
  • Organization chart and number of employees
  • Recent financial statements
  • List of services and customers
  • IT infrastructure inventory

Step 3: Self-Assessment

For Annex 2, you need an assessment of existing controls:

  • Evaluate the 140 NIST CSF controls
  • Document maturity level for each
  • Identify gaps

Step 4: Document Completion

Using the collected information:

  • Complete the registration form
  • Prepare Annex 1 (impact)
  • Prepare Annex 2 (risk)

Step 5: Submission

  • Access the DNSC portal with your generated documents
  • Upload documents in electronic format
  • Wait for receipt confirmation
  • Respond to any clarification requests

How NIS2 Manager Helps

Our platform simplifies the entire process:

1. Eligibility Checker

  • Automatic classification determination (essential/important)
  • Detailed report with explanations

2. Self-Assessment Module

  • All 140 controls structured
  • Dual scoring (policy + implementation)
  • Automatic save and resume

3. DNSC Document Generator

  • Registration form - automatically filled from entered data
  • Annex 1 - generated based on service information
  • Annex 2 - calculated from self-assessment results
  • PDF export ready for submission

4. Evidence Library

  • Centralized document storage
  • Association with controls
  • Alerts for expiring documents

Common Mistakes to Avoid

1. Incorrect sector selected

  • Carefully study the definitions in the Annexes
  • Consider all activities, not just the primary one
  • When in doubt, consult a specialist

2. Incorrectly calculated size

  • Check if group-level calculation applies
  • Include all employees (including part-time, pro-rata)
  • Use the most recent financial statements

3. Underestimated impact

  • Be realistic in impact assessment
  • Don't minimize to appear less critical
  • DNSC will verify and can reclassify

4. Incomplete or unevaluated controls

  • Don't leave controls "N/A" without justification
  • Assess honestly, not optimistically
  • Document remediation plans for gaps

After Registration

Registration is just the beginning. After confirmation:

  1. 60 days - Submit detailed risk assessment
  2. 60 days after - Complete maturity self-assessment
  3. Ongoing - Maintain compliance and report incidents

Registration Timeline

PhaseEstimated duration
Information collection2-4 weeks
Control self-assessment4-8 weeks
Document completion1-2 weeks
Internal review1 week
Total8-15 weeks

Given the September 2026 deadline, start the process as soon as possible.

Conclusion

DNSC registration may seem complicated, but with proper preparation and the right tools, the process becomes manageable. NIS2 Manager guides you through every step, from eligibility verification to final document generation.

Start eligibility check or create an account to begin your self-assessment.

NIS2 Manager is a product by BetterQA, one of Europe's top software testing companies.

Tags:
DNSCregistrationformsAnnex 1Annex 2
Share this article:
LinkedIn
Diana Petrescu
Product at NIS2 Manager, BetterQA

Product leader focused on transforming complex compliance requirements into user-friendly solutions.

Want to know if your company falls under NIS2?

Use our free calculator to check eligibility in just 3 minutes.

Check eligibility for free

Related Articles

What must be submitted to DNSC and how often? Complete NIS2 reporting guide
Compliance

What must be submitted to DNSC and how often? Complete NIS2 reporting guide

All mandatory documents for DNSC: entity registration, annual reports, incident reporting, change notifications. Frequency and deadlines explained.

Ana Tudor
8 min
What is CyFunRO and how to calculate ENIRE@RO risk level
Compliance

What is CyFunRO and how to calculate ENIRE@RO risk level

Complete guide to the official DNSC risk evaluation methodology. Learn how to calculate your CyFunRO score and how many controls you need to implement (38, 90, or 140).

Stefan Balan
10 min
NIS2 deadlines for Romania: complete calendar 2025-2027
Compliance

NIS2 deadlines for Romania: complete calendar 2025-2027

All critical deadlines for NIS2 compliance in Romania: DNSC registration, incident reporting, annual reports. Includes recommended action plan.

Ana Tudor
6 min
160K+
organizations affected by NIS2 across the EU (ENISA, 2024)
EUR 10M
maximum penalty for NIS2 non-compliance or 2% of global turnover
24h
incident reporting deadline under NIS2 directive
18
critical sectors covered by NIS2 compliance requirements

The NIS2 Directive (EU 2022/2555) entered into force on January 16, 2023, with member states required to transpose it by October 17, 2024. According to ENISA's 2024 Threat Landscape report, ransomware attacks increased 73% year-over-year, while supply chain attacks grew by 85%. The European Commission estimates NIS2 compliance costs average EUR 120,000 per organization, but non-compliance penalties can reach EUR 10 million or 2% of global annual turnover. Only 34% of affected organizations reported full NIS2 readiness by the October 2024 deadline (EY Global Cybersecurity Survey, 2024). Romania's DNSC reported a 156% increase in cybersecurity incidents in 2024, making compliance tools essential for the 8,000+ Romanian organizations affected by the directive.

BetterQA
ISO 27001 & NATO certified security company
50+ Engineers
Cybersecurity & compliance specialists across 24 countries
Since 2018
Independent security testing & compliance expertise
NIS2 Ready
Full compliance lifecycle from assessment to certification