In a nutshell: 29,000 companies in Germany must fully implement NIS2 requirements by July 31, 2024, or face fines.
In Germany, 29,000 companies must implement the requirements of the NIS2 Directive by July 31. This affects operators of critical infrastructure and their supply chains.
The Network and Information Security Directive NIS2 obligates a significantly expanded circle of companies to implement binding cybersecurity measures. The implementation deadline ends on July 31. This deadline affects in particular operators of critical infrastructure as well as companies that provide essential services for the operation of these systems.
For CISOs, this means that significant measures must be completed in the coming weeks. These include documentation of information security management systems, implementation of minimum protection measures, establishment of incident response processes, and reporting of significant security incidents to the responsible authorities. NIS2 significantly expands requirements compared to the predecessor directive and also includes supply chain security.
Supervisory authorities such as the German Federal Office for Information Security (BSI) have already published guidance and compliance requirements. Organizations that have not yet fully implemented all measures should prioritize identifying existing gaps and establish an action plan with realistic timelines.
Source: news.google.com · Published July 7, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.7.3.