Bottom line: Approximately 29,500 German companies must adapt their cybersecurity to NIS2 requirements and conduct systematic compliance planning within a compressed timeline.
The NIS2 Directive obligates approximately 29,500 companies in Germany to change their cybersecurity measures. The implementation deadline and required adjustments are central to CISOs’ compliance planning.
The European Union’s Network and Information Security Directive 2 (NIS2) creates significant new requirements for large parts of the business landscape. Estimates suggest that around 29,500 companies in Germany are affected by the regulations – significantly more than under the previous NIS1 Directive.
For CISOs, this has concrete implications: existing security strategies must be reviewed and in some cases fundamentally revised. NIS2 requirements include, among other things, higher standards for incident response, cryptography, network segmentation, and stricter supplier management rules. Companies must also adapt their governance structures and be able to demonstrate that they meet the requirements.
The regulatory timeline for implementation is tight. Organizations should now systematically conduct gap analyses, identify affected departments, and create compliance roadmaps. Particular attention should be paid to the risk management framework and documentation of control measures – both central focal points during subsequent regulatory oversight.
Source: news.google.com · Published 30 May 2026
Lumi AI News — AI-assisted curation according to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.2.