Cabinet Decision on NIS 2
Federal Cabinet approves NIS 2 Implementation: Dispute over Exemptions remains
The German government has passed a cabinet resolution on the national implementation of the EU NIS 2 Directive. Experts welcome the move, but criticize the lack of clarity regarding exemptions and responsibilities.
Today (July 30, 2025), the German government decided on the national implementation of the EU NIS 2 Directive. Its aim is to strengthen and harmonize the cybersecurity of critical infrastructures (KRITIS) across Europe. The decision is considered overdue, but leaves key questions unanswered, such as the specific form of exemptions and transition periods.
Ulrich Plate, head of the KRITIS competence group at eco, the Association of the Internet Industry, sees the cabinet's decision as an important signal: "This means that the topic of cyber security is finally returning to the political stage - long overdue given the security policy situation. The EU directive demands nothing less than a structural modernization of the security architecture of critical infrastructures."
At the same time, Plate points to ambiguities that need to be clarified in further legislation. In particular, the planned exemptions for companies with "negligible" critical activities are problematic under European law. Failure before the European Court of Justice (ECJ) could lead to infringement proceedings and new uncertainties.
The European perspective is also coming into focus: while Germany is still negotiating, other member states are already going their own way. In countries such as Italy, national regulations are emerging that could contradict the goal of EU-wide harmonization. Plate warns: "Germany would do well not to go it alone here too."
Meanwhile, the Federal Office for Information Security (BSI) is preparing for its expanded role. Among other things, a reporting and registration portal is planned, which companies should use in future to report their vulnerability and security incidents. Companies are now required to review existing security measures and sharpen internal risk analyses - a central component of the new directive.
You might also be interested in
Authorities, industry and IT targeted by cyber criminals
Authorities, industry and IT were most frequently targeted by cyber criminals in 2025. Authorities remained the main target of cyber attacks, as the latest report and situation report "Anatomy of a Cyber World: Global Report by Kaspersky Security...
read more...Post-quantum cryptography: time window is running out
Companies are facing a strategic dilemma: quantum computers will soon be able to crack today's encryption, while many organizations will need years to switch to new security standards. A recent survey shows: The window of opportunity is narrowing,...
read more...Shutdown after only 20 Hours
German companies believe they are inadequately prepared for hybrid threats. According to a Bitkom survey, they would only be able to continue working for an average of 20 hours in the event of an internet outage. 83% of respondents expect a serious...
read more...Global Incident Response Report 2026
AI accelerates Cyber Attacks
The "Global Incident Response Report 2026" by the Unit 42 team at Palo Alto Networks analyzes over 750 serious security incidents in more than 50 countries. The evaluation shows faster, more complex attacks, increasing use of AI and growing risks in...
read more...Three new OT Attacker Groups identified
The new OT/ICS report from Dragos documents a growing number of specialized attacker groups and a significant increase in ransomware activity in industrial environments. Three new OT groups have been identified.
read more...16 % more Cyber Attacks in Germany in January
As Check Point's Monthly Cyber Threat Report shows, there were 16 percent more cyber attacks in Germany in January. In Europe, the volume of attacks rose by 18 percent to 1755 weekly attacks per company. In Austria, they rose by 14 percent to 1676,...
read more...Edge Security for Industrial Plants
Advantech uses AI EdgeLabs for Runtime Security
Advantech integrates the AI EdgeLabs platform to implement security and governance functions directly into edge and industrial platforms. The aim is to comply with European cybersecurity regulations such as CRA and NIS2.
read more...Criminals use AI Systematically
Trend Micro warns in a new study of the increasing professionalization of AI-supported cybercrime. Deepfakes, fraud and malware are gaining in importance.
read more...Trend Micro warns of Darknet AI 'Xanthorox'
AI writes Malware at the Touch of a Button
The AI tool 'Xanthorox' is supposed to generate malicious code automatically and is advertised in criminal forums. According to Trend Micro, it is less powerful than claimed, but shows how easily attackers can use generative AI for cyberattacks.
read more...