In brief: Nearly 30,000 German companies must revise their cybersecurity programs to comply with NIS2 requirements.
The NIS2 Directive obliges approximately 29,500 companies in Germany to realign their cybersecurity measures. The EU directive sets significantly stricter requirements than the previous NIS1 Directive.
The European Union’s NIS2 Directive obliges approximately 29,500 companies in Germany to fundamentally review and restructure their cybersecurity measures. This figure captures organizations that fall under the scope of the directive and whose business activities affect essential services in the sectors of energy, transport, water, health, digital infrastructure, space, and other critical sectors.
The NIS2 Directive significantly increases information security requirements compared to its predecessor NIS1. Companies must implement more comprehensive security measures, conduct more frequent risk analyses, and intensify their incident response procedures. Additionally, business management members are held to greater accountability, as supervisory authorities can hold not only the company itself but also members of the governing body accountable in cases of violations.
For CISOs and cybersecurity officers, this means a substantial expansion of the scope of their governance requirements. Implementation deadlines for most affected companies end in 2024/2025, which is why a rapid audit of the current security status and detailed analysis of compliance gaps are required.
Source: news.google.com · Published 25 June 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.