The bottom line: From 2026 onwards, thousands of businesses in Germany must comply with the stricter cybersecurity requirements of the NIS2 Directive.
The EU Directive NIS2 requires over 29,000 German companies from 2026 onwards to meet elevated cybersecurity standards. Compliance requirements are significantly stricter than under the predecessor regulation NIS1.
The NIS2 Directive (Network and Information Security Directive 2) significantly expands the scope of regulated organisations. According to available sources, over 29,000 companies in Germany are affected and must adapt their cybersecurity measures by 2026.
In contrast to NIS1, NIS2 covers a significantly broader range of sectors and organisation types. This includes not only traditional critical infrastructures such as energy and telecommunications, but also providers of digital services, public administrations and other sectors. Compliance officers must prepare for stricter requirements regarding incident reporting, cryptography, supply chain management and employee training.
The implementation deadline of 2026 remains tight for the majority of affected companies. Small and medium-sized enterprises in particular, without specialised IT security teams, face considerable challenges. An early stock-take of the current security situation and a structured implementation programme are necessary to achieve the compliance target.
Source: news.google.com · Published 13 June 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.