Official NIS2 compliance audits begin on June 30, 2024, and will verify the actual implementation of cybersecurity measures at critical infrastructures and important digital services.
Incoming Federal Data Protection Officer Hennemann is regarded professionally as continuous with his predecessor but publicly criticizes the GDPR as an innovation barrier and advocates for stronger geopolitical weighting in data transfers.
The European Data Protection Board’s new DPIA template establishes a unified foundation for documenting data protection risks and is set to become the de facto European standard for compliance procedures.
NIS2 violations are penalized with fines up to 10 million euros, which poses significant financial and operational consequences, particularly for mid-sized enterprises.
NIS2 affects approximately 30,000 German companies and requires CISOs to implement new governance, risk management systems, and incident reporting obligations.
Starting in 2025, 30,000 companies must implement NIS2 and DORA requirements, forcing CISOs to review their governance, incident management, and third-party dependency management.
29,500 German companies in critical infrastructures and essential services are obligated to implement the EU cybersecurity standards of the NIS2 Directive.