NIS2 live in Germany.

Who is NIS2 aimed at?

The NIS2 Directive is aimed at a broad group of companies and public organisations in Germany and the EU. The aim is to massively increase the level of cyber security in important areas of public life and the economy.

Companies with at least 50 employees or an annual turnover of more than 10 million euros or a corresponding balance sheet total. Particularly large companies (over 250 employees and more than 50 million euros in turnover) are considered “essential organisations” and are subject to particularly strict requirements. Almost all sectors are affected. Suppliers and service partners must also implement NIS2 standards. It is estimated that over 30,000 companies and organisations in Germany are now directly or indirectly affected.

Affected companies must register with the BSI, report significant security incidents and implement technical and organisational risk management measures. Are you affected? We can help you find out.

When do the new rules apply?

With immediate effect.
The new obligations apply without longer transitional periods – i.e. from the date of entry into force (yesterday), affected companies must fulfil the requirements immediately. The Federal Government has categorised the NIS2 Act as particularly urgent.

What exactly does NIS2 change?

• Mandatory risk management and verification obligations for all affected companies
• Obligation to report IT and security incidents to the BSI within 24 hours
• Regular inspections and enforcement powers of the supervisory authorities
• Management responsibility for implementation and compliance
• Mandatory awareness training for employees
• Extension to medium-sized companies in many sectors – check now whether your company is included!

Your risk in the event of non-compliance

• Fines of up to 2% of global annual turnover
• Personal liability of management and the Executive Board
• Reputational damage and loss of customers in the event of security incidents