Bottom line: Fewer than 40 percent of German critical infrastructure operators required to register under NIS2 have submitted the mandatory notification so far.
In Germany, 11,500 of 29,500 affected companies have completed the mandatory registration under the NIS2 Directive. This corresponds to a compliance rate of approximately 39 percent.
Under the provisions of the NIS2 Directive, operators of critical sector infrastructure are required to register with the regulatory authorities. This serves to capture essential and critical KRITIS operators. The current balance sheet reveals a significant implementation gap: of an estimated 29,500 eligible companies, only 11,500 have registered.
Registration is not merely an administrative formality, but rather the foundation for the application of extensive security requirements from NIS2. Operators who fail to register violate notification obligations and expose their organization to fines. For CISOs, registration also means that their security measures will be subject to audit review in the future.
The low rate suggests that many companies have either incorrectly classified their membership in the affected sectors or have underestimated the deadline. Regulatory authorities will likely increasingly draw attention to missing registrations in the coming months and enforce compliance in a targeted manner.
Source: news.google.com · Published May 29, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.2.