In a nutshell: With only a 34 percent compliance rate, the BSI has set a binding deadline of July 31 for implementation of the NIS2 Directive.
According to a survey by the Federal Office for Information Security (BSI), only 34 percent of affected organizations have currently implemented the NIS2 Directive. The BSI has set a deadline of July 31 to fulfill the requirements.
The national implementation of the NIS2 Directive is progressing more slowly than planned. According to BSI data, only 34 percent of obligated organizations have currently implemented the necessary measures to comply with the directive. This affects operators of critical infrastructure as well as digital service providers, who must fully meet the requirements from mid-October 2024 onwards.
The BSI has set a binding deadline of July 31 to remedy the implementation shortfalls. This deadline gives organizations a concrete timeframe to complete the required technical and organizational measures such as risk management systems, incident response processes, and the implementation of security measures.
For CISOs, this situation creates significant pressure to act. With two-thirds of affected organizations not yet compliant, the coming months will be critical for identifying implementation gaps, prioritizing resources, and working closely with business units to establish the required control mechanisms. The BSI will monitor compliance implementation and can initiate sanctions if requirements are not met.
Source: news.google.com · Published July 9, 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.