nis2
How to fix: Privacy policy (NIS2 information sharing)
GDPR Art. 13
NIS2 Art. 21(2)(f)
Why this matters
Published data-handling policies signal organisational maturity around personal data — a soft NIS2 signal that overlaps with GDPR compliance.
Background
NIS2 reporting + transparency overlaps with GDPR. A discoverable privacy policy at /privacy-policy is the minimum baseline — covers vendor data flows, contact for data requests, processing legal basis. Same fix as gdpr.privacy_policy.
References
NIS2 Art. 21(2)(f) — supply-chain security + vendor data flows · GDPR Art. 13
How to fix
Code snippet for each stack we cover. Pick the one matching your server / framework.
nginx
No server config — content page.
apache
Same.
cloudflare
Same.
wordpress
Privacy Policy generator (Iubenda, WebsitePolicies.com). Publish at /privacy-policy.
flask
Add /privacy-policy route + template.
express
Same.
rails
Same.
Verify it's working
curl -s https://your-site/privacy-policy | head — should return 200 with substantive policy content.
Want to know if your site has this issue?
Run a free 53-check audit — security, GDPR, NIS2, and technical SEO.
Audit my site →