Bottom line: 11,000 German companies must register with the BSI for NIS2 by 31 July to avoid fines and gain access to cybersecurity information sharing.
Approximately 11,000 critical infrastructures and important entities in Germany have not yet registered with the Federal Office for Information Security (BSI) by mid-July, even though the deadline for entry into the mandatory NIS2 register expires on 31 July.
The National Risk Analysis and the implementation of the EU NIS2 Directive require operators of critical infrastructures and providers of digital services to register in the BSI register. Compliance also includes adherence to cybersecurity standards and reporting of significant incidents.
The missing registrations among approximately 11,000 companies pose a significant risk: unregistered operators do not fulfil their legal obligations and may face fines. At the same time, these entities cannot benefit from government support and BSI information on how to handle cybersecurity threats.
Compliance officers should immediately check whether their organization falls within the NIS2 definition and submit any missing registrations by 31 July 2024. The BSI provides registration assistance on its website and a list of technical and organizational measures to be implemented.
Source: news.google.com · Published 21 June 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.