At a glance: The BSI requires approximately 29,000 companies to demonstrate NIS2 compliance by July 31st or face regulatory sanctions.
The Federal Office for Information Security (BSI) has set a final deadline of July 31st for approximately 29,000 companies to implement the NIS2 Directive. This deadline applies primarily to operators of critical infrastructure and important service providers under Germany’s NIS2 implementation.
The EU’s NIS2 Directive requires operators of critical infrastructure and providers of important services to implement comprehensive cybersecurity measures. The BSI had set a transition period within which affected organisations must demonstrate their compliance. July 31st, 2024 now represents the binding deadline, after which companies failing to meet the requirements must expect regulatory consequences.
For CISOs, this deadline entails significant operational requirements: risk assessments according to NIS2 standards, documentation of security measures, incident reporting processes and evidence of compliance with technical and organisational requirements must be fully in place. The BSI particularly expects evidence of network segmentation, access controls, encryption and a functioning security management system.
Companies approaching this deadline should immediately document their compliance gaps in a detailed gap analysis and develop prioritised action plans. The BSI provides comprehensive guidance and audit checklists on its website. After the deadline expires, fines of up to several million euros can be imposed.
Source: news.google.com · Published June 17, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 of the EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.