Article
The new NIS2 law is on its way

The new NIS2 law is on its way

August 14, 2024

Preparing businesses for Germany's new information security regulations

As cyber threats continue to evolve, companies are facing increased pressure to bolster their information security and cybersecurity measures. A new German law, implementing the EU's Network and Information Security Directive (NIS2), will soon bring thousands of companies into the scope of information security regulations. We explore the impact of NIS2 on businesses in Germany, outline the steps they must take to achieve compliance, and highlight the available options to prepare for the new regulatory regime.

Cybersecurity
"Information security is not just a duty - NIS2 can be a strategic competitive advantage for companies."
Portrait of Christoph Straub
Partner
Madrid Office, Southern Europe

Until 2023, only around 1,700 companies in Germany were affected by information security regulations. However, with the enactment of NIS2 in German law, an additional 25,000 to 30,000 companies will now be legally obliged to implement information security measures. NIS2 differs from existing norms and standards in several ways. Companies must now register with authorities, report incidents without waiving liability, and face potential sanctions based on global revenues. Additionally, NIS2 emphasizes business continuity in the event of information security incidents, putting pressure on companies' organizations, resources, and infrastructures.

To prepare for NIS2, companies must implement appropriate information security measures in a structured and strategic manner. Choosing the right foundational norm, such as ISO 27001 or BSI IT-Grundschutz, is crucial. ISO 27001 is a flexible international norm suitable for companies of any size, while BSI IT-Grundschutz is a German norm more suitable for mid-sized and large companies. Regardless of the norm chosen, implementing information security measures will increase resilience against cyber-threats .

The exact deadline for NIS2 compliance is uncertain, but companies should start preparing now to have a chance of being ready in time. It is essential to validate the maturity and effectiveness of existing information security measures from an NIS2 perspective.

Download the full article to gain a comprehensive understanding of NIS2 and learn how to build a robust, cyber-resilient, and NIS2-compliant architecture for your organization .

Request the full PDF here

Register now to access the full article and explore the impact of NIS2 on German businesses. Furthermore, you get regular news and updates directly in your inbox.

Further readings