In brief: NIS2 obligates 30,000 businesses to implement stricter IT security standards with differentiated deadlines for various critical sectors.
The NIS2 Directive requires approximately 30,000 German businesses to adopt new IT security standards. CISOs must align their governance, risk management systems and incident response processes with expanded regulatory requirements.
The Network and Information Security Directive 2 (NIS2) significantly expands the scope of regulated organizations. In addition to critical infrastructures (energy, water, transport, health), operators of essential and important digital services as well as certain other sectors such as space, chemical manufacturing and food safety are now also required to comply.
For CISOs, this means in concrete terms: requirements for governance structures, risk management systems, incident reporting and cybersecurity-by-design become significantly more detailed. Organizations must reassess their security operations centers, disaster recovery processes and cooperation with authorities. Supply chain security also comes into focus.
Implementation deadlines are staggered. Critical infrastructures must already be compliant as of now or in the coming months, with other sectors following. This requires security officers to conduct a precise analysis of their own classification and structured implementation planning to avoid compliance gaps.
Source: news.google.com · Published 5 July 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.