Skip to content

NIS2 Implementation: 30,000 Companies Required to Upgrade

In brief: Around 30,000 companies must adapt their cybersecurity structures to meet NIS2 requirements; board member training becomes mandatory.

The implementation of the NIS2 Directive affects approximately 30,000 companies in the DACH region that must upgrade their cybersecurity infrastructure. Executive boards and management are also obligated to undergo training in information security.

The European NIS2 Directive requires approximately 30,000 companies in the German-speaking region to improve their cybersecurity measures. Those affected include in particular operators of critical infrastructure, operators of essential services, and companies above a certain size that fall under the expanded regulations.

In addition to organizational and technical security measures, NIS2 requires that members of corporate management and supervisory bodies regularly pursue further training in information security. This means concrete training obligations for boards of directors, managing directors, and administrative councils.

The upgrade typically encompasses documentation of business processes, implementation of access controls, encryption, network segmentation, and incident response procedures. Companies should conduct a gap analysis and establish an implementation plan with priorities in order to achieve compliance within the regulatory timeframes.


Source: news.google.com · Published May 30, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.6.2.

Share on: