The NIS2 Directive mandates minimum cybersecurity standards for European organizations in critical sectors and imposes significant penalties for non-compliance.
30,000 German enterprises must align their IT security governance with EU-wide NIS2 requirements, which standardizes incident reporting, risk management, and supply chain security.
Approximately 30,000 German companies under NIS2 must establish whistleblower reporting channels and must meet standards for confidentiality, protection against retaliation, and documentation.
The BSI extends the NIS2 registration deadline to the end of July as significantly fewer companies than expected have fulfilled their reporting obligations.