Key Point: Approximately 30,000 companies must register by July 2024 under NIS2 as critical or important entities and fulfill significant security requirements.
The implementation deadline of the NIS2 Directive forces around 30,000 companies in Germany and the EU to register as critical or important entities by July 2024. CISOs must prepare their organizations for the new reporting obligations and compliance requirements.
With the full application of the NIS2 Directive (Network and Information Security Directive 2), several tens of thousands of companies face an immediate registration requirement. Those affected are primarily operators of critical infrastructure as well as companies classified as “important entities” – these include energy suppliers, telecommunications providers, financial institutions, healthcare sector, transport and digital service providers.
Registration by July 2024 is not optional but a legally binding registration with the competent national regulatory authorities. Registration creates concrete obligations: companies must implement an information security management system, report incidents to authorities and provide evidence of regular security audits. The requirements are significantly stricter than the predecessor directive NIS1.
For CISOs, this means that identifying the organization’s own unit as critical or important infrastructure is a priority. At the same time, resources must be allocated for documenting the current security status, closing compliance gaps and training employees. Violations of the registration requirement or inadequate security measures result in substantial fines in the double-digit millions range.
Source: news.google.com · Published June 21, 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.