Scattered controls and evidence
Security measures live in one document, risks in another spreadsheet and proof buried in email. Pulling it all together for a review or an audit turns into a race against the clock.
An Odoo 17, 18 and 19 module — EUR 49, one-time payment, no recurring fees and no separate SaaS — that brings risk management, incidents, suppliers and the governance NIS2 demands into your ERP, with the evidence at every step. The EU NIS2 Directive requires essential and important entities to manage cybersecurity risk, report significant incidents on tight deadlines, oversee their suppliers and hold senior management accountable. Running all of that across loose spreadsheets and email threads does not survive a review.

Try the NIS2 module inside a real Odoo 19, no sign-up. User demo / flexigodemo.
NIS2 is not about pretty paperwork: it asks you to prove that you manage risk, that you react to an incident, that you control your suppliers and that management is in the loop. Without a system, that evidence lives scattered and nobody can find it when it is needed.
Security measures live in one document, risks in another spreadsheet and proof buried in email. Pulling it all together for a review or an audit turns into a race against the clock.
NIS2 requires you to report significant incidents on tight deadlines. Without a defined flow, an incident easily gets handled over chat and ends up with no record, no owner and none of the evidence you are meant to keep.
The directive holds management accountable and requires supply-chain oversight. If that oversight is not documented anywhere, you simply cannot prove it is happening.
It does not certify you or declare you compliant. It gives you the structure an auditor recognises: applicability profiles per entity, Article 21(2) controls, risks, incidents aligned to Article 23, suppliers and an evidence vault — all inside your Odoo.
Document each entity's NIS2 scope with a guided wizard: sector, size band, essential-or-important candidacy and overlap flags for DORA and CER.
Map your measures to the categories NIS2 lists — risk analysis, business continuity, supply-chain security — each with an owner, evidence, a review cadence and a maturity level.
Track risks with likelihood, impact and residual-risk acceptance, moving from draft to closed and linked to the controls that treat them.
A detection, triage and significant-incident decision flow, aligned to the Article 23 early warning, incident notification and final report — with no auto-filing to any authority.
Run supplier cybersecurity reviews and rate dependency criticality, from not reviewed to expired, for the Article 21(2)(d) supply-chain security requirement.
Capture management approval and oversight under Article 20, an evidence vault of policies and test reports, training records, and one-click board packs, audit packs and incident timelines.
See it running: there is a product walkthrough video in Spanish, English and German on the App Store listing. Watch the video
FlexigoTech is Flexibles y Accesorios Gobe, S.L., based in Barcelona. Development is handled by a single developer, so when you ask about NIS2 or the incident flow you talk directly to the person who wrote the code — not a salesperson and not a first-line support desk forwarding tickets.
It is a native Odoo 17, 18 and 19 module: EUR 49 once, source code included, with no external platform to maintain and no extra SaaS fee. We do not invent reviews or certifications: the toolkit organises governance, risks, incidents and supplier oversight with their evidence. It does not issue official approvals and it is not a substitute for legal advice or an audit — and we tell you that before you install it, not after.
NIS2 rarely comes alone. It usually shows up right next to the need to sort out data protection, the whistleblowing channel and compliance inside a single Odoo.
NIS2 is the EU cybersecurity directive that extends risk-management, incident-reporting and management-accountability obligations to far more sectors: energy, transport, health, manufacturing, digital infrastructure, managed service providers, food and public administration, among others. It applies to essential and important entities, not just large critical operators, and each member state transposes it into national law.
No. The toolkit organises inside Odoo the governance, risk register, incident readiness, supplier oversight and management accountability that NIS2 requires. It does not issue certifications or official approvals, and it is not a substitute for legal advice or an audit. The compliance decision and its evidence stay with your organisation.
For CISOs, security leads and compliance teams already running Odoo who need to centralise controls, risks, incidents and suppliers in a single system, instead of keeping loose spreadsheets and scattered emails that fall apart under a review or audit.
Yes. The module is a standard Odoo addon that installs on both Odoo Community and Enterprise for versions 17, 18 and 19. You get the full source code, so you can install it on your own server or hosting, review it and adapt it to your setup. It is not tied to any external platform.
Yes. There is a live demo — a real Odoo 19 with the NIS2 module installed and no sign-up (user demo, password flexigodemo) — where you can walk through governance, the risk register, the incident flow and supplier oversight. When you are ready, you install it from the Odoo App Store; and if you need it, we help you configure it and get the first risk register running.
Keep governance, risks, incidents and suppliers inside Odoo, with the evidence where it belongs. Tell us your sector and we will tell you straight whether the toolkit fits you.