Skip to content

NIS2 Directive: Registration Deadline 31 July – Fines Up to €10 Million

In brief: Organizations in critical infrastructures must register their cybersecurity reporting point with the BSI by 31 July or face fines up to €10 million.

The registration deadline for the NIS2 Directive ends on 31 July. Organizations in Germany must register their reporting points with the BSI by then, or face fines up to €10 million.

The NIS2 Directive (Directive 2022/2555/EU) requires operators of critical infrastructures and essential services to register their cybersecurity reporting points (Single Points of Contact) with the Federal Office for Information Security (BSI) by 31 July. Registration is free of charge and takes place via a standardized online form.

For CISOs, this means concretely: companies in the affected sectors (energy, transport, water, health, finance, public administration, and digital infrastructure) must clearly identify those responsible for their cyber incident reporting and register them with the BSI. Failure to comply with this obligation risks fines up to €10 million.

The NIS2 Directive thereby specifies requirements for reporting security incidents and creates uniform contact structures for authorities at EU level. Germany has implemented the directive through the IT Security Act 2.0. Organizations should prioritize their registration immediately to avoid liability and at the same time formalize their incident response processes.


Source: news.google.com · Published 6 July 2026
Lumi AI News — AI-assisted curation according to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.

Share on: