Skip to content

NIS2 Implementation: 29,500 Companies Subject to New Cybersecurity Requirements

The essentials: Around 29,500 German companies must restructure their cybersecurity programs in accordance with NIS2 requirements.

The NIS2 Directive forces approximately 29,500 companies in Germany to realign their cybersecurity measures. This regulation particularly affects operators of critical infrastructure and services in the digital sector.

The European NIS2 Directive (Network and Information Security Directive 2) requires a significant number of companies to review and adapt their cybersecurity provisions. According to current estimates, approximately 29,500 organizations in Germany are affected.

The scope of required adjustments varies by company size and sector. Large enterprises and critical infrastructures must implement more comprehensive measures, while SMEs can fulfill reduced requirements under certain conditions. Specifically, this concerns the establishment of governance structures, risk management systems, incident reporting processes, and technical protective measures.

For CISOs, this means a reassessment of existing security architecture and often substantial investments in compliance infrastructure. The directive sets specific deadlines for implementation, which are linked to a national deadline for transposition into German law. Organizations should promptly begin a baseline assessment of their current security posture and identify gaps in compliance with NIS2 requirements.


Source: news.google.com · Published 30 May 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.2.

Share on: