Skip to content

KRITIS Security Measures: Second Reporting Deadline Expiring

In brief: The second KRITIS reporting deadline requires affected organizations to implement specific security standards and demands timely action.

The second deadline for security measures in critical infrastructures is approaching its end. CISOs must now verify whether their organizations meet the required standards.

Organizations subject to the KRITIS Protection Regulation must demonstrate by the second deadline that they have implemented and documented the required security measures. The deadline affects critical infrastructure operators in the energy, water, food, waste, transport, health, and digital infrastructure sectors.

CISOs should prioritize the following measures: First, conduct an audit of the current implementation status and compare it against KRITIS requirements. Second, identify gaps and translate them into an implementation plan with clear milestones. Third, ensure documentation that can be presented to auditors and authorities as proof of compliance.

The NIS2 Directive further tightens these requirements. Organizations already operating in KRITIS compliance simultaneously establish a solid foundation for the more extensive NIS2 implementation obligations. Prioritizing technical measures (segmentation, patch management, monitoring) over administrative processes can save time while delivering the greatest security benefit.


Source: news.google.com · Published 5 June 2026
Lumi AI News — AI-assisted curation according to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.2.

Share on: