BNetzA initiates consultation on new IT security catalogs under § 11 (1a) and (1b) EnWG
As part of the planned implementation of the NIS-2 Directive into German law (NIS2UmsuCG), the revision of the IT security catalogs under § 11 (1a) and (1b) of the Energy Industry Act (EnWG) is also on the agenda. The Federal Network Agency (BNetzA) is taking the lead and has published a key issues paper for consultation. This brings momentum to a process that had been stalled due to delays in the legislative procedure.
The aim is to harmonize the existing catalogs and align them more closely with the process-oriented approach of ISO/IEC 27001. The key issues paper outlines the planned structure, the interaction of annexes, and specific ideas for further development tailored to the target groups.
The procedure includes two main consultation phases:
- On May 26, 2025, a digital Q&A session was held to discuss the key points.
- Until June 11, 2025, feedback on the key issues paper could be submitted directly to BNetzA.
All information on the key issues paper and the consultation process is available on the Federal Network Agency’s website. [Bundesnetz…tskataloge]
The new IT security catalogs are expected to be published in autumn 2025, based on the current legal framework. Once the NIS2UmsuCG comes into force, the catalogs will be adapted accordingly.
Want to participate?
We are happy to consolidate your feedback into a joint statement on the key issues paper. Please send your input by June 6, 2025 to Axel Amelung, Head of Sales:
📩 axel.amelung@tuv-austria.com
Of course, we will also present and discuss further developments regarding the IT security catalogs at the upcoming AK ISMS on September 24–25, 2025 in Dresden – BNetzA has already indicated its participation.