Germany implements NIS2: New draft bill to strengthen IT security

With the new draft bill to strengthen IT security, known as the “NIS-2 Implementation and Cyber Security Strengthening Act”, Germany is taking a significant step towards improving IT security standards.
The law builds on the existing NIS Directive, but significantly expands the scope of application and introduces far-reaching changes.
Particularly noteworthy is the holistic approach, which includes not only critical infrastructures but also numerous other facilities.

Extended area of application

One of the key innovations of the NIS2 Act is the expansion of the scope of application to a total of 29,500 posts.
This figure includes a large number of facilities that now fall under the new security requirements.
The main difference to the previous regulations for critical infrastructures (KRITIS) lies in the comprehensive approach to regulation.
While previous regulations focused primarily on critical infrastructures such as energy supply, water management and transportation, the NIS2 Act now also takes into account IT systems in other areas that are classified as critical.
This includes, for example, administrative and accounting systems, which were previously not subject to the strict requirements.
This extended scope means that companies of all sizes and from different sectors are now also affected by the new regulations.
This poses a significant challenge, especially for smaller companies and organizations that may not have the necessary resources to implement the new requirements.

Extended reporting obligations

Another key aspect of the NIS2 Act is the expansion of reporting obligations in the event of a security incident.
The requirements for reporting incidents have been significantly tightened.
Companies are obliged to make initial reports within 24 hours of becoming aware of the incident.
This prompt initial reporting is intended to ensure that security incidents can be identified quickly and the necessary measures can be initiated to prevent further damage.
In addition, companies must submit a more comprehensive report within 72 hours of the initial report.
This detailed report must contain a complete analysis of the incident, including the causes, the measures taken and the impact on the affected systems and data.
These extended reporting obligations are intended to create transparency and enable supervisory authorities to respond better to security incidents and develop preventative measures.

Challenges for companies

Implementing the new requirements of the NIS2 Act presents companies with considerable challenges.
The need to consider all IT systems as potentially critical and to comply with the extended reporting obligations requires extensive adjustments to existing security processes and systems.
Companies may need to review their IT infrastructure, strengthen security measures and implement new procedures for reporting and managing security incidents.
For many organizations, this means investing in additional resources to meet the new requirements.
This may include new technologies, training for employees and the implementation or adaptation of security policies and procedures.
Smaller companies in particular may struggle to provide the necessary resources and expertise to meet the new requirements.

Consulting services from Syngenity® GmbH

Syngenity® GmbH offers comprehensive consulting services to support companies in implementing the NIS2 requirements.
Our experts will help you to understand the new requirements and put them into practice.
We offer support in analyzing your current IT security measures, developing and implementing new security concepts and preparing for the extended reporting obligations.
Our aim is to provide you with a customized solution that is tailored to the specific needs and requirements of your company.
We help you to strengthen your IT security, comply with the new regulations and ensure that you can react quickly and effectively in the event of a security incident.

Get in touch with us

To find out more about our consultancy services and to prepare for the new requirements of the NIS2 law, please contact us via our website.
Our team of experts are on hand to guide you through the process of NIS2 compliance and ensure your business is fully prepared.
Implementing the NIS2 requirements may seem challenging, but with the right support you can ensure that your security measures meet the latest standards and that your company is protected in the best possible way.
Let’s work together to strengthen your IT security and meet the new requirements.