With NIS2, microsegmentation becomes a mandatory measure for enterprises to prevent lateral movement after network intrusion and technically implement Zero Trust.
NIS2-compliant incident reporting deadlines are now mandatory and require CISOs to implement accelerated incident response processes and strict regulatory communication.
The BSI extends the NIS2 registration deadline to the end of July as significantly fewer companies than expected have fulfilled their reporting obligations.
The BSI has granted non-compliant companies until 31 July 2026 as a final deadline for NIS2 registration, signaling an end to previous non-enforcement.
Germany’s NIS2 law becomes mandatory in December and obligates approximately 29,500 companies to implement standardized information security management, risk governance, and incident reporting.