The bottom line: Companies with 50 or more employees in critical sectors must register with the BSI to become NIS2-compliant.
The implementation of the NIS2 Directive obligates companies with a workforce of 50 employees or more to register with the Federal Office for Information Security (BSI). This is one of the new compliance requirements aimed at strengthening the cybersecurity of critical infrastructure and services.
The NIS2 Directive significantly expands the circle of regulated companies. All enterprises with at least 50 employees fall under the new reporting obligations and must register with the BSI. This applies to organizations in the areas of critical infrastructure (energy, transport, water, healthcare, digital infrastructure) as well as to providers of essential services (e.g. finance, healthcare, space and satellite-based navigation).
Registration with the BSI is the first step towards fulfilling NIS2 requirements. Companies must document their systems accordingly, establish security measures and review them on an ongoing basis. The BSI serves as the central point of contact for recording and monitoring affected organizations in Germany.
For CISOs, this means an expansion of their compliance responsibility. They must not only implement technical security measures but also establish organizational processes to ensure compliance with regulatory requirements. Registration requires a thorough analysis of their own responsibility and appropriate preparation of security documentation.
Source: news.google.com · Published 5 June 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.