Skip to content

29,500 Enterprises Not Recorded in BSI Register for NIS2 Implementation

Bottom line: Approximately 29,500 enterprises are not recorded in the BSI register for NIS2 implementation, indicating compliance gaps.

In the implementation of the NIS2 Directive, around 29,500 enterprises are missing from the registry at the Federal Office for Information Security (BSI). This indicates incomplete recording of critical infrastructure.

The NIS2 Directive (Network and Information Security) obligates operators of critical infrastructure to document their cybersecurity measures and report them to the responsible federal office. The BSI register serves as a central overview of these registered enterprises.

With approximately 29,500 enterprises not yet listed in the BSI register, a compliance gap is emerging. This missing registration can have two causes: either enterprises are not fulfilling their registration obligation, or they have not perceived themselves as subject to regulation. Incomplete recording weakens visibility and thus the monitoring of the security situation in the critical sector.

For compliance managers, this means reviewing their enterprises for registration obligations and, if necessary, carrying out the registration. The BSI is expected to initiate corrective measures to increase the registration rate and encourage unregistered operators to report.


Source: news.google.com · Published 11 July 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.

Share on: