Skip to content

NIS2: 30,000 Enterprises with 50+ Employees Subject to Compliance Obligations

In brief: NIS2 implementation requires approximately 30,000 German enterprises with 50 or more employees to comply with new cybersecurity requirements.

In Germany, approximately 30,000 companies with a workforce of at least 50 employees must implement the NIS2 Directive. This regulation thus affects significantly more enterprises than the previous NIS1 threshold.

The revised EU Network and Information Security Directive (NIS2) significantly lowers the threshold for affected enterprises. While the original NIS1 regulation primarily focused on critical infrastructure operators and larger digital service providers, NIS2 now encompasses all enterprises with at least 50 employees in Germany. This affects an estimated 30,000 additional companies.

For CISOs, this represents a significant expansion of compliance responsibility. The extended target group now includes medium-sized enterprises that previously had no explicit NIS regulation. These must, within specified timeframes, build or adapt their cybersecurity programs to meet increased requirements – including governance structures, risk management, security testing, and incident reporting obligations.

Implementation deadlines and specific requirements vary depending on the enterprise sector and size. CISOs should promptly inventory their organizations and develop a compliance roadmap to avoid regulatory penalties and reputational risks.


Source: news.google.com · Published July 4, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrasing and classification via Lumi News Pipeline v1.7.3.

Share on: