In a nutshell: 29,500 German companies in critical infrastructures and essential services are obligated to implement the EU cybersecurity standards of the NIS2 Directive.
The EU’s NIS2 Directive requires approximately 29,500 German enterprises to implement tightened cybersecurity requirements. The compliance deadline is approaching for organizations in critical infrastructures and essential services.
Under the EU NIS2 Directive, approximately 29,500 companies in Germany must implement comprehensive compliance measures in the field of cybersecurity. The regulation particularly affects operators of critical infrastructure (KRITIS) and providers of essential services in sectors such as energy, transport, water, health, digital infrastructure and finance.
The NIS2 Directive prescribes binding minimum standards for information security, including measures for risk management, incident response procedures, security training and regular security assessments. For affected companies, this entails significant operational and financial requirements in adapting their IT systems and governance structures.
For compliance officers, this concretely means: inventory all affected assets, review governance structures against NIS2 standards, implement technical and organizational security measures, and document and regularly verify compliance. National authorities in Germany will monitor compliance and may impose sanctions.
Source: news.google.com · Published 28 May 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.