Incoming Federal Data Protection Officer Hennemann is regarded professionally as continuous with his predecessor but publicly criticizes the GDPR as an innovation barrier and advocates for stronger geopolitical weighting in data transfers.
The European Data Protection Board’s new DPIA template establishes a unified foundation for documenting data protection risks and is set to become the de facto European standard for compliance procedures.
AI risks in enterprises concentrate on five percent power users and private consumer AI accounts, while enterprise solutions provide significantly better governance.
NIS2 violations are penalized with fines up to 10 million euros, which poses significant financial and operational consequences, particularly for mid-sized enterprises.
From August 2, 2025, companies must demonstrate operationally documented governance structures for high-risk AI systems or face fines up to €30 million.
NIS2 affects approximately 30,000 German companies and requires CISOs to implement new governance, risk management systems, and incident reporting obligations.
Starting in 2025, 30,000 companies must implement NIS2 and DORA requirements, forcing CISOs to review their governance, incident management, and third-party dependency management.
NIS2 makes cybersecurity a leadership responsibility at board level, not just an IT matter — CISOs must operate more strategically and work closer to senior management in the future.
29,500 German companies in critical infrastructures and essential services are obligated to implement the EU cybersecurity standards of the NIS2 Directive.