For a long time, it seemed as if the implementation of the EU NIS-2 Directive in Germany was at a standstill – but now things are finally moving forward. The federal government has reached an agreement, and the coalition committee has cleared the way.
The second and third readings in the Bundestag have already taken place, including the vote – a decisive step in the legislative process. This means: Germany is implementing NIS-2. As early as the turn of the year, the NIS-2 Implementation Act could come into force, bringing with it significant new obligations and security requirements for thousands of companies, public authorities, and operators of critical infrastructure.
The directive aims to significantly raise the level of cybersecurity in the EU and strengthen the protection of critical services, supply chains, and digital processes. The new law greatly expands the circle of affected organizations – many medium-sized companies will also fall within its scope in the future.
The Bundesrat is expected to give its final consideration to the draft on November 21. Since the NIS-2 Implementation Act does not require Bundesrat approval, it is expected that the legislative process will be completed this month, marking the official start of national implementation.
➡️ Companies should urgently prepare now.
Those who have not yet taken action should check whether and to what extent NIS-2 applies to their business – and establish appropriate processes, responsibilities, and security standards.
Not sure where to start?
We know. 😉 Contact us now!