NIS-2
The NIS-2 Directive brings far-reaching requirements for many companies and should be implemented into national law by October 17, 2024. From October 18, 2024 it should be applied across Europe.
The German legislation has already been active and now there is a 4th official draft bill for an NIS-2 Implementation and Cyber Security Strengthening Act (NIS2UmsuCG). The results of a consultation with associations have already been incorporated into this draft bill, revealing that the business-related regulations in particular are increasingly stabilizing and fewer and fewer changes are being made.
The German NIS2UmsuCG is an article law that amends the BSIG in particular. However, many other laws are also affected, such as the EnWG or the TKG. Many of the requirements are closely based on the NIS 2 Directive, and the German Federal Ministry of the Interior is aiming for an almost 1:1 transposition into German law. Accordingly, there will be particularly important facilities and important facilities that are considered in different sectors. These must implement extensive risk management measures. Accordingly, these institutions must take suitable, proportionate and effective technical and organizational measures to prevent disruptions to the availability, integrity and confidentiality of information technology systems, components and processes. The state of the art must be maintained.
The NIS2UmsuCG also defines far-reaching registration obligations, obligations to report security incidents and obligations to inform one’s own customers. The regulations on the obligations for managers are significant. Accordingly, management boards must implement and monitor risk management measures. If they fail to fulfil their obligations, they may face compensation claims, which may also include fines. In addition, they must regularly take part in cyber security trainings.
According to internal calculations, the BMI assumes that there will be around 8,250 particularly important facilities and a further 21,600 important facilities in Germany that fall under the NIS2UmsuCG. If we then consider the required supply chain security, a further large number of companies will be indirectly affected by the NIS2UmsuCG. This creates enormous pressure to act, requiring early precautions. It should be noted that neither the NIS-2 Directive nor the NIS2UmsuCG provide for implementation deadlines. As soon as the NIS2UmsuCG comes into force, it applies immediately. This has also been confirmed by the BMI on several occasions.
This means that action must be taken promptly! As not each company has sufficient expertise to meet these complex requirements, we offer a special service package to prepare for NIS-2.
Find out more in our data sheet and contact us!