Germany is implementing the European NIS2 Directive through a new implementation act, with expanded cyber-security compliance obligations for critical infrastructure operators taking effect in October 2026.
The national implementation law (NISG) 2026 anchors the EU NIS2 Directive in Austrian law and expands cybersecurity and reporting requirements for critical infrastructures and important entities.
Regulatory pressure from NIS2 and volume-dependent costs of commercial SIEM systems are driving mid-market companies to evaluate options between open source and proprietary solutions.
The NISG 2026 contains unclear provisions on CSIRT capabilities stemming from a rejected EU Parliament draft, and Recital 44 on monitoring internet assets lacks a corresponding article, creating interpretation uncertainty.