KRITIS

KRITIS: These Sectors Are Required to Provide Proof of Compliance in 2025

30. August 2024

According to Section 39 (formerly Section 8a) (1) BSIG, operators of critical infrastructures (KRITIS) in Germany are obliged to take appropriate organizational and technical precautions to prevent disruptions to the availability, integrity, authenticity and confidentiality of their information technology systems. These security measures must correspond to the current state of the technical standard.

The KRITIS audit is due in 2025 for the following sectors:

  • Finance and Insurance
  • Transport and Traffic
  • Health

The KRITIS Regulation defines a total of ten sectors that provide critical services to the general public. KRITIS operators are obliged to provide the Federal Office for Information Security (BSI) with evidence every two years that they have implemented cyber security measures in accordance with the state of the art. These audits must be initiated by the operators themselves.

KRITIS Illustration

If you need help or advice with your KRITIS audit, please contact us. We are happy to help.

Also interesting:

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

Current developments in AI systems show that vulnerabilities are found more quickly, suitable exploits are developed more quickly, and attacks are increasingly implemented automatically. This significantly reduces the time between discovery and exploitation. What used...

Bafin Publishes 9th Amendment to MaRisk

Bafin Publishes 9th Amendment to MaRisk

On 30 June 2026, all credit institutions and financial services institutions in Germany received an important circular: Following the consultation phase, the German Federal Financial Supervisory Authority (Bafin) published the 9th amendment to its Minimum Requirements...

usd AG Listed as EPI Partner for Mobile Security Evaluations

usd AG Listed as EPI Partner for Mobile Security Evaluations

The popularity of mobile payments is growing, and with it, the demand for verified security. usd AG is expanding its activities in the EPI environment and will also conduct Mobile Security Evaluations in the future. This places us among the few EPI-listed Security...

Categories

Categories