Skip to content

BSI Sets Deadline for NIS2 Implementation: 29,500 Companies Must Act by July 31

In brief: The BSI has set the deadline for NIS2 implementation as July 31, 2025 for 29,500 German companies.

The Federal Office for Information Security (BSI) has established a binding deadline of July 31 for implementing the NIS2 Directive. This deadline affects approximately 29,500 companies in Germany.

The BSI thereby specifies the implementation requirements of the NIS2 Directive, which was transposed into national law on October 18, 2024. The deadline of July 31, 2025 applies to operators of critical infrastructure and digital service providers that fall under the new regulation.

For CISOs, this deadline means that required measures to comply with NIS2 requirements in affected organizations must be implemented by then. This includes documentation of information security management systems, reporting of security incidents according to the new requirements, as well as implementation of enhanced requirements for management control and risk mitigation.

Companies that fail to meet this deadline must expect fines. The BSI provides guidance documents and orientation aids to help operators implement requirements on time. Affected organizations should critically review their existing security measures and adapt or newly establish them as necessary.


Source: news.google.com · Published July 8, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.

Share on: