Cabinet decision on NIS 2
Government draft on NIS 2 implementation significantly strengthens the role of the BSI
With the new draft law to implement the EU NIS 2 Directive, the German government is comprehensively modernizing IT security law. In future, the Federal Office for Information Security (BSI) will be responsible for the supervision of around 29,500 institutions.
The German government today presented the draft for the national implementation of the European NIS 2 Directive. The aim of the law is to adapt German IT security law to the increased threat situation in cyberspace. Key changes concern the expansion of the scope of application and a strengthening of the role of the Federal Office for Information Security (BSI).
The draft bill to amend the BSI Act provides for so-called "important facilities" and "particularly important facilities" to be regulated in addition to critical infrastructure operators. This will increase the number of organizations covered by the law from around 4,500 to around 29,500.
In future, these facilities will have to report IT security incidents, register with the BSI and implement risk management, among other things. Technical and organizational measures such as risk analyses, security concepts, training, multi-factor authentication and measures to secure the supply chain are required.
Particular attention is paid to the responsibility of company management: Managers of affected organizations are obliged to undergo training in cyber risk management and to monitor compliance with security measures.
The draft also contains new requirements for the federal administration. In future, federal institutions should at least meet the requirements of the IT baseline protection compendium and existing BSI minimum standards. This is intended to create a uniform IT governance structure across all departments and authorities.
BSI President Claudia Plattner emphasized the importance of the project: "With today's government draft, Germany is taking an important step towards becoming a resilient cyber nation. In order to continue to secure prosperity and stability, the economy and state must be better armed against cyber threats. The economy needs planning security: companies must be able to determine quickly and with legal certainty whether they are affected by the NIS 2 Directive."
To support potentially affected organizations, the BSI offers advice and an interactive online test, available at: www.bsi.bund.de/dok/nis-2.
You might also be interested in
New Vice President of Global Partner Ecosystem appointed
Effective immediately, John Ryan is the new Vice President of Global Partner Ecosystem at Claroty, a specialist in the security of cyber-physical systems (CPS).
read more...Increasing cyberattacks on the manufacturing sector
A report from Check Point Exposure Management on the threat landscape in the manufacturing industry shows a dramatic increase in ransomware, supply chain attacks and OT-related cyber incidents. As smart factories and connected supply chains become...
read more...Cybersecurity is a top priority for car manufacturers
The latest "Automotive Manufacturing Outlook Survey" from ABB Robotics shows that cyber security has become the most important focus for automotive manufacturers around the world. This indicates a clear change in the perception of digital risks.
read more...Cloud security often inadequate
According to Red Hat's "State of Cloud-native Security" Report 2026, 97% of the companies surveyed with hybrid cloud environments reported security incidents within a year. This is based on data from around 600 IT specialists.
read more...CRA guide for Powerlink checked
TÜV Rheinland has audited the "CRA Guide for Powerlink" from B&R. The guide is one of the first independently audited technical documentations for the implementation of the EU Cyber Resilience Act in automation.
read more...Dragos expands collaboration with Microsoft
Dragos, a global provider of cyber security for OT environments, is expanding its collaboration with Microsoft. The aim is to support companies in modernizing and securing their cyber-physical operating processes.
read more...All for One acquires stake in BrightFlare
All for One acquires a minority stake of 25.1% in the Austrian company BrightFlare. BrightFlare is a cybersecurity services provider for the protection of industrial plants and critical infrastructures.
read more...Check Point Cyber Security Report 2026
More attacks on German companies
The new "Cyber Security Report 2026" from Check Point shows a significant increase in cyberattacks on German organizations by 2025. The education sector is particularly affected and is well above the national average.
read more...Claroty appoints new Chief Revenue Officer
James Love is the new Chief Revenue Officer (CRO) of Claroty, a specialist in the security of cyber-physical systems (CPS).
read more...