In brief: 14.3 percent of enterprises have fulfilled NIS2 requirements, indicating significant compliance gaps and supply chain risks.
A current survey shows that only 14.3 percent of German enterprises meet the requirements of the NIS2 Directive. This illustrates the substantial implementation gap in cybersecurity regulation shortly before or after the compliance deadline.
The data situation is alarming: Of the surveyed enterprises, only 14.3 percent have fully implemented their cybersecurity obligations under NIS2. The national implementation deadline for the Directive ended on 17 October 2024; however, many companies – particularly small and medium-sized enterprises – are significantly lagging behind in compliance.
For CISOs and security officers, this rate represents an increased risk of failure in their own environment: if over 85 percent of enterprises are not yet compliant, the statistical probability of security gaps and attack scenarios in supply chains and critical infrastructures increases accordingly. At the same time, the low compliance rate on the regulatory side may indicate an enforcement phase without immediate mass fines.
Organizations that have not yet completed their NIS2 implementation should prioritize validating their governance structure, technical measures, and incident response processes. Authorities will conduct intensified audits in the coming months.
Source: news.google.com · Published 17 June 2026
Lumi AI News — AI-assisted curation according to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.