Cinthia Trevisoli

Cinthia Trevisoli

Dec 18, 2023   •  2 min read

NIS2 Guideline - What german companies need to know now

NIS2 guideline: What German companies need to know now

The EU cybersecurity landscape is undergoing a significant change as a result of the NIS2 Directive and its German implementation, the NIS-2 Implementation and Cybersecurity Strengthening Act (NIS-2UmsuCG). This article provides an overview of the specific compliance requirements for German companies and what this means for future management. Additionally, it offers a guideline for navigating these new regulations effectively, ensuring that companies can know their obligations and need to enhance their cybersecurity measures in alignment with the Directive's goals.

What is the NIS-2UmsuCG?

The draft bill from the Federal Ministry of the Interior forms the basis for the German compliance requirements of the NIS2 directive. This is intended to create a coherent level of cybersecurity in the EU and includes expanded requirements and sanctions.

Compliance requirements for German companies

German companies must evaluate themselves based on defined criteria. This criteria concern, among other things, the size of the company and the industry. Executives now have direct responsibility for identifying and addressing cyber risks.

Key measures include:

  • Cyber risk management: Companies must implement and continually develop effective risk management.
  • Security in the supply chain: Security must also be guaranteed with third-party providers.
  • Business Continuity Management: Companies must be prepared to maintain their operational capability even in crisis situations.
  • Encryption and access restrictions: Data must be managed and protected securely.
  • Reporting to the authorities: Incidents and security gaps must be reported in a timely manner.

Tiered fine concept

Failure to comply could result in fines of up to 20 million euros. The amount depends on the degree of fault and type of facility.

Affected sectors

The NIS2 directive covers a wide range of sectors, from energy to space. Each company must check for itself whether it falls under the directive.

Conclusion

The NIS2 Directive is a complex and far-reaching law that redefines cybersecurity practices in Germany and the EU. Companies are well advised to quickly understand and implement the requirements to ensure both security and compliance.

It is crucial that companies take the requirements of the NIS2 Directive seriously and implement appropriate compliance measures. This requires careful review of your own processes and possibly extensive adjustments.

NIS2-Compliant RACI Model: Clear Assignment of Cybersecurity Tasks for More Efficiency and Security

NIS2-Compliant RACI Model: Clear Assignment of Cybersecurity Tasks for More Efficiency and Security

The NIS2 Directive has significantly increased the requirements for cybersecurity measures in companies. To meet these requirements, it is essential to define clear responsibilities within the organization. One method that has proven effective in this regard is the RACI Model. It helps assign cybersecurity tasks precisely and ensures that all ...

CCNet

CCNet

Dec 20, 2024   •  2 min read

NIS2-Compliant Security Measures: How an External IT Security Officer Strengthens Your Cybersecurity

NIS2-Compliant Security Measures: How an External IT Security Officer Strengthens Your Cybersecurity

Companies subject to the NIS2 Directive face the challenge of strengthening their IT security measures to meet the growing threats of the digital world. The role of an external IT Security Officer offers a flexible and cost-efficient solution for companies that cannot or do not want to create an internal ...

CCNet

CCNet

Dec 18, 2024   •  3 min read

NIS2-Compliant Risk Management Strategy: How an External Risk Manager Secures Your Company from Cyber Threats

NIS2-Compliant Risk Management Strategy: How an External Risk Manager Secures Your Company from Cyber Threats

The role of an external IT Security Officer offers a flexible and cost-efficient solution for companies that cannot or do not want to create an internal IT security position. But how exactly does an external IT Security Officer contribute to strengthening cybersecurity and help you meet legal requirements? What You ...

CCNet

CCNet

Dec 16, 2024   •  3 min read