October 17, 2024
Directive implemented by Germany

Implementation of the NIS-2 Directive: Are You Prepared?

In 2023, the EU passed the NIS-2 Directive, which must be implemented by Germany by October 17, 2024, at the latest. This directive significantly expands the number of companies that must fulfill IT security obligations.

The German law implementing the EU’s NIS-2 Directive is about to come into force and will affect many more companies than before. Directly affected will be companies and organisations classified as particularly important or critical infrastructure. However, their suppliers and service providers are also indirectly affected – often without realising it. Both direct and indirect players in the supply chain must now act to avoid hefty fines and the risk of losing contracts.

Who is directly affected?

Businesses will be directly affected if they fall into one of the following categories:

Industry affiliation

Companies in sectors such as energy, transport, finance, healthcare, public administration, digital infrastructure, and others.

Company size

Factors such as number of employees, annual turnover, and total annual balance sheet determine the classification.

Critical IT service providers

These includes, for example, DNS service providers, top-level domain name registries, or providers of qualified trust services.

In addition, these companies must have

  • at least 50 employees or
  • an annual turnover of at least EUR 10 million.

However, it is also possible that companies may be affected regardless of these requirements.

These companies must meet strict cybersecurity requirements and are subject to obligations in areas such as risk management, business continuity management, reporting requirements, and IT security certification.

Is your company affected?

Request offer

What are the consequences of
non-implementation?

Failure to comply with the NIS-2 Directive has serious consequences for the companies directly affected:

Hefty fines

Violations can result in significant fines, potentially running into millions of euros. Depending on the seriousness of the violation, fines can range from EUR 100,000 to EUR 10 million.

Management liability

The management is personally liable if the required safety measures are not implemented. As a last resort, the competent supervisory authority may temporarily prohibit the management concerned from carrying out the activities for which it has been appointed.

Loss of confidence of contractual partners and loss of contracts

Large companies that are directly affected must ensure that their supply chain also meets cybersecurity standards. Indirectly affected companies that fail to do so risk being excluded from future contracts.

Avoid any consequences

Request offer

What does this mean for companies that are suppliers and service providers to directly affected companies?

Even if your company is not directly affected by the NIS-2 Directive, you are still indirectly affected. Large companies covered by the NIS-2 Directive must ensure that all companies in their supply chain meet the required cybersecurity standards. If your security measures are inadequate, your contractor will be forced to terminate their collaboration with you to avoid violating the directive themselves and facing sanctions.

Our solution for you:
ISO 27001 Certification –
Security for Your Future

With the internationally recognised ISO 27001 certification, you can not only meet the requirements of the NIS-2 Directive but also strengthen the confidence of your partners and customers. Certification ensures that your organisation has a robust information security management system in place that minimises threats and effectively manages risks.

Request offer
The benefits of ISO 27001 certification

Guarantee of security

Implementation of a comprehensive security management system.

Trustworthiness

Position yourself as a reliable partner in the supply chain.

Competitive advantage

Stay competitive by meeting the security standards essential for large companies.

Request offer
Why should you act?

Avoid lost revenue

Large companies will increasingly scrutinise the security standards of their suppliers—protect yourself!

Protect your business

With ISO 27001 certification, you will be better protected against cyber-attacks while complying with legal requirements.

Legal protection

Comply with the NIS-2 Directive and reduce the risk of fines and liability claims.

Request offerRequest offer

We have the solution – fast, efficient, and tailored to your needs!

Our certified data protection and cybersecurity experts are here to help. Together with our auditors, we will prepare your business for certification and ensure that you meet all the requirements of the NIS-2 Directive and successfully achieve your ISO 27001 certification.

Contact us for a first and free consultation.

Let’s work together to ensure that your business is well prepared in terms of cybersecurity and ready to meet the challenges of the NIS-2 Directive.

There’s no time to lose! Implementation of the NIS-2 Directive is in progress – now is the perfect time to act. Protect your business, prepare ahead of time, and build confidence with your partners and customers.

Contact preferences
Privacy policy