Skip to content

NIS2 Implementation: 30,000 Companies Must Conduct Annual Cybersecurity Training from 2026

Key point: Germany’s NIS2 implementation requires approximately 30,000 companies starting in 2026 to conduct mandatory annual cybersecurity training for their employees.

The national implementation of the EU NIS2 Directive requires around 30,000 German companies starting in 2026 to conduct mandatory annual cybersecurity training. The regulation addresses critical infrastructures and digitalization companies as essential entities.

The national implementation of the NIS2 Directive introduces new, binding requirements for training and awareness-raising in cybersecurity. Approximately 30,000 companies will be required starting in 2026 to train their employees at least once a year – regardless of size and industry in the affected sectors.

For CISOs and security officers, this means a significant expansion of existing compliance requirements. The training obligation aims to anchor cybersecurity fundamentals across the entire organization, in particular to reduce vulnerability to phishing, social engineering and other common attack patterns. Documentation and evidence of training completion become compliance components.

CISOs must prepare by 2026 to design training programmes, evaluate suitable providers and establish internal processes for annual implementation and performance measurement. The regulation thus directly impacts operational security budgets and personnel planning.


Source: news.google.com · Published 5 July 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.7.3.

Share on: