Skip to main content
ToolsEaaSAcademyTDDPartnersPricing
Get Early Access
NIS2 Article 21 · EPBD Contractor Requirements

Contractor & Supply Chain Vetting Tool

Assess contractor and supply chain risk across NIS2 cybersecurity, EPBD energy requirements, financial health, and technical capability. Generates a risk-scored vetting report with red flags and recommended actions.

Vetting Context
Financial & Legal
Company is registered, trading, and solvent (check Companies House or local register)
Professional Indemnity and Public Liability insurance is current and adequate for scope
No recent prosecutions, sanctions, or regulatory enforcement actions
Technical Capability
Relevant certifications held (ISO 9001, ISO 14001, CHAS, Constructionline, or sector-specific)
Reference projects are verifiable and comparable in scope and value
CVs of key personnel have been provided and qualifications verified
NIS2 / Cybersecurity
A documented cybersecurity policy exists and covers supply chain risk
Incident reporting capability demonstrated (can report within 24h as NIS2 requires)
Access control and credential management procedures for your systems are defined
EPBD / Energy Qualification
BER/EPC assessor certification or equivalent energy qualification held
Relevant energy-related qualification (MCS, BPEC, City & Guilds, or equivalent)
Demonstrated experience with the target renovation type (heat pump, PV, fabric, etc.)
Overall Vetting Score
out of 100
Category Breakdown
Recommended Additional Checks

    NIS2 Article 21 Note: Under Directive (EU) 2022/2555 (NIS2), organisations classified as essential or important entities must assess and manage risks in their supply chain, including the security practices of direct suppliers and service providers. Failure to vet contractors can result in penalties of up to €10M or 2% of global turnover.

    Need to vet multiple contractors? NOVTRIQ provides supply chain due diligence services including NIS2 and EPBD compliance assessment.

    Supply Chain Due Diligence →
    Results are indicative only. Must be validated by a qualified NOVTRIQ engineer before any technical or investment decision. This tool does not constitute a formal due diligence report.