In a nutshell: 29,500 SMEs are as of now required to implement the cybersecurity requirements of the NIS2 law.
With the NIS2 law, as of now 29,500 small and medium-sized enterprises must fulfill cybersecurity measures. The implementation of the EU directive into German law obligates these businesses to comply with security standards.
The NIS2 law (Network and Information Security 2) has come into force and directly affects approximately 29,500 small and medium-sized enterprises in Germany. These fall under the expanded definition of critical infrastructures and services, and must now fulfill cybersecurity obligations.
For compliance officers, this means in concrete terms: enterprises must implement measures to ensure network and information security. This includes risk analyses, incident response procedures, security testing and staff training. The requirements are scaled according to industry and company size, but are generally based on an appropriate level of security.
Compliance must be demonstrated immediately. Supervisory authorities and the national competent authority (in Germany the BSI) monitor compliance. Violations can result in substantial fines.
Source: news.google.com · Published June 6, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.