Key takeaway: The revised KRITIS Regulation specifies protective obligations for critical infrastructure and aligns German regulation with European law.
Germany has revised the KRITIS Regulation to more precisely define critical infrastructure and implement European legal standards. The changes expand the scope of application and strengthen security requirements.
The revised KRITIS Regulation clarifies the definition of critical infrastructure in Germany and broadens the scope of existing regulations. The new version addresses sectors that have failure dependencies affecting society, the economy or security and thus require protection.
The regulation pursues the goal of European legal coherence: it links national requirements to the provisions of the EU NIS2 Directive and its implementation, thereby reducing fragmented requirements for operators of critical infrastructure operating across borders. This creates clarity regarding notification and security obligations as well as testing and audit requirements.
CISOs and compliance officers must review the specific changes in their sector and compare existing security measures against the new requirements. In particular, for organizations classified as critical infrastructure operators, additional documentation, audit and notification requirements may arise that must be integrated into existing governance.
Source: news.google.com · Published June 10, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.1.