KRITIS

KRITIS: These Sectors Are Required to Provide Proof of Compliance in 2025

30. August 2024

According to Section 8a (1) BSIG, operators of critical infrastructures (KRITIS) in Germany are obliged to take appropriate organizational and technical precautions to prevent disruptions to the availability, integrity, authenticity and confidentiality of their information technology systems. These security measures must correspond to the current state of the technical standard.

The KRITIS audit is due in 2025 for the following sectors:

  • Finance and Insurance
  • Transport and Traffic
  • Health

The KRITIS Regulation defines a total of ten sectors that provide critical services to the general public. KRITIS operators are obliged to provide the Federal Office for Information Security (BSI) with evidence every two years that they have implemented cyber security measures in accordance with the state of the art. These audits must be initiated by the operators themselves.

KRITIS Illustration

If you need help or advice with your KRITIS audit, please contact us. We are happy to help.

Also interesting:

7 Questions about the Cyber Resilience Act (CRA) 

7 Questions about the Cyber Resilience Act (CRA) 

1. What is the Cyber Resilience Act?   With the Cyber Resilience Act (CRA for short), the EU is introducing a regulation for the first time that aims to improve the cybersecurity and resilience of products with digital elements. Unlike an EU directive, the...

Categories

Categories