The NIS2 Directive is an EU directive to raise cybersecurity. It requires entities in important and essential sectors to implement risk management, reporting obligations and technical security measures.
The NIS2 Directive is an EU directive (2022/2555) to strengthen cybersecurity and the successor to the first NIS Directive. Its goal is a uniformly higher security level across the EU. The range of affected sectors is significantly expanded compared with its predecessor.
NIS2 covers essential and important entities in sectors such as energy, transport, health, finance, digital infrastructure, public administration and waste management, often above certain company sizes. In Germany, transposition takes place through the NIS2 Implementation Act (NIS2-Umsetzungsgesetz).
NIS2 requires appropriate technical and organisational risk-management measures, reporting obligations for significant security incidents including an early warning, and explicit accountability of management.
For essential entities, fines of up to 10 million euros or 2 percent of worldwide annual turnover are foreseen, whichever is higher. Management can be held personally accountable.
SecureCloud supports affected organisations with a platform hosted in Germany that is GDPR-compliant, ISO 27001- and Trusted-Cloud-certified, BSI C5-attested and CIS-compliant. Encryption, granular access control and a complete audit log help implement the technical and organisational measures.
Industry-specific implementation: public sector and financial sector.
The NIS2 Directive has been in force across the EU since 2023. Member states had to transpose it into national law by October 2024; in Germany this happens through the NIS2 Implementation Act.
Essential and important entities in the regulated sectors are affected, often above certain size thresholds. These include energy, transport, health, digital infrastructure and public administration.
NIS2 is an EU-wide framework with a broad range of sectors. KRITIS is the German framework for critical infrastructure. NIS2 expands the affected group and tightens requirements for many KRITIS operators.
Unsere Experten beantworten Ihnen gerne alle Fragen.