Skip to content

NIS2 Law: 29,500 Companies Must Meet Cybersecurity Standards

In a nutshell: 29,500 German companies must now demonstrate that they have implemented NIS2 cybersecurity standards, or face penalties.

The NIS2 Law brings roughly 30,000 additional companies in Germany under the obligation to report IT security incidents. For CISOs, this means significant new compliance requirements and documentation obligations.

Following the implementation of the European Directive on Network and Information Security (NIS2), approximately 29,500 companies in Germany have been newly classified as “essential entities” and “important entities”. These businesses must now demonstrate that they have implemented minimum cybersecurity standards.

The requirements include, among other things, documentation of security measures, reporting of security incidents to authorities, implementation of technical and organizational controls, and regular audits and inspections. Affected are companies from critical sectors such as energy, transport, water, telecommunications, digital infrastructure, finance and healthcare.

For CISOs and security teams, this creates a significant implementation and reporting burden. Organizations must review their existing security structures for compliance, close gaps and establish proof mechanisms. In parallel, senior management must be informed of the new reporting obligations in order to react quickly in the event of an incident.

The implementation deadline is already underway; companies should immediately review their compliance readiness to avoid sanctions.


Source: news.google.com · Published June 16, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.1.

Share on: