Bottom line: Approximately 30,000 companies must audit and adapt their cybersecurity to NIS2 standards, with a deadline in autumn 2024.
The NIS2 Directive obligates around 30,000 companies in Germany to comprehensive reassessments of their cybersecurity. For CISOs, this means concrete obligations to implement the new European minimum standards.
The Network and Information Security Directive NIS2 significantly expands the circle of regulated organisations. In addition to critical infrastructures, companies from expanded sectors such as energy, transport, banking, utilities, digital services and space now fall within the scope of application. With approximately 30,000 affected companies in the German-speaking region, this is a comprehensive regulatory requirement.
The new requirements address technical, organisational and governance elements: enhanced risk management, security audits, reporting obligations, incident response, multi-factor authentication and board-level accountability are central compliance objectives. CISOs must critically review their existing security programmes and often fundamentally recalibrate them to meet the expected control and evidence standards.
The implementation deadline in most EU countries runs until October 2024. Companies that have so far been outside the NIS1 perimeter must act quickly. At the same time, the Directive requires documentation and regular compliance evidence – an administrative burden for which realistic resource planning is necessary.
Source: news.google.com · Published 2 July 2026
Lumi AI News — AI-assisted curation according to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.