Bottom line: Approximately 11,000 companies must register under the NIS2 Directive by July 31 to avoid fines and supervisory consequences.
Around 11,000 companies in the DACH region must register under the NIS2 Directive by July 31. This particularly affects operators of critical infrastructures and service providers in the digital sector.
The registration deadline for the national implementation of the NIS2 Directive (Network and Information Security Directive 2) ends on July 31. Approximately 11,000 organisations are affected that are classified as operators of essential or critical services or exceed corresponding thresholds.
The registration requirement applies to companies from sectors such as energy, transport, water, waste, health, digital infrastructure and other services regarded as essential. Providers of cybersecurity services and ICT services that reach a certain size also fall under the regulation. Registration is generally carried out through the competent national authorities or reporting centres.
For CISOs, this concretely means: companies must verify their classification in the NIS2 categories, adjust internal reporting chains and governance structures, and implement the technical and organisational requirements of the directive. Failure to register can result in fines and supervisory consequences, which is why timely clarification of status is essential.
Source: news.google.com · Published July 8, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.