{"id":47767,"date":"2024-02-23T09:49:31","date_gmt":"2024-02-23T08:49:31","guid":{"rendered":"https:\/\/www.usd.de\/?page_id=47767"},"modified":"2026-04-02T11:30:59","modified_gmt":"2026-04-02T09:30:59","slug":"nis-2","status":"publish","type":"page","link":"https:\/\/www.usd.de\/en\/security-consulting\/nis-2\/","title":{"rendered":"NIS-2"},"content":{"rendered":"<p>[et_pb_section fb_built=\"1\" _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"0px||0px||true|false\" locked=\"off\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" width=\"100%\" custom_padding=\"0px||||false|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.27.4\" _module_preset=\"default\" text_text_color=\"#FFFFFF\" text_font_size=\"30px\" text_line_height=\"1.2em\" header_font=\"Roboto||||||||\" header_text_color=\"#F07F1D\" header_font_size=\"50px\" background_color=\"rgba(99,99,99,0.47)\" background_image=\"https:\/\/www.usd.de\/wp-content\/uploads\/usd-security-audits-header-nis-2.jpg\" background_blend=\"multiply\" custom_margin=\"-25px||0px||false|false\" custom_padding=\"95px||60px||false|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h1 style=\"text-align: center;line-height: 120%;font-weight: 400\">NIS-2<\/h1>\n<p style=\"text-align: center;line-height: 130%\">Implementation Act Now In Force - Are You Prepared?<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.24.1\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.24.1\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.24.1\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h2>The NIS-2 Directive<\/h2>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.27.5\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<p>The <a href=\"https:\/\/eur-lex.europa.eu\/eli\/dir\/2022\/2555\/oj\" target=\"_blank\" rel=\"noopener\">NIS-2 Directive<\/a> (Network and Information Security 2, NIS-2) obliges all EU member states to ensure a uniformly high level of cybersecurity for critical and important facilities. With the new directive, the EU is focusing its cyber security offensive on other \"essential and important facilities\" in addition to critical infrastructures.<\/p>\n<p>Now that the NIS-2 Implementation Act (<em><a href=\"https:\/\/www.recht.bund.de\/bgbl\/1\/2025\/301\/VO\" target=\"_blank\" rel=\"noopener\">NIS2UmsuCG<\/a> for short<\/em>) and the amended BSIG are in force in Germany, preparation has given way to obligation. Companies covered by the NIS\u20112 Directive must now fully comply with all requirements. Organizations that are not yet ready face immediate pressure, as reporting processes, risk management, and technical security measures have become mandatory.<\/p>\n<p><strong>We are at your side throughout this process.<\/strong> We support you in completing the implementation of NIS\u20112 requirements and in critically reviewing measures that are already in place, so you can move forward with confidence and clarity.<\/p>\n<p>&nbsp;<\/p>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.24.1\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h2>When Did the NIS-2 Implementation Act Come Into Force?<\/h2>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.27.6\" _module_preset=\"default\" custom_margin=\"-13px||-3px|||\" hover_enabled=\"0\" global_colors_info=\"{}\" theme_builder_area=\"post_content\" sticky_enabled=\"0\"]<\/p>\n<p>The German implementation act for the NIS-2 Directive came into force on December 6, 2025. The first step for affected companies was to register as an NIS-2 entity with the BSI via the new <a href=\"https:\/\/portal.bsi.bund.de\/\" target=\"_blank\" rel=\"noopener\">BSI portal<\/a> by March 6, 2026. Since then, the expanded requirements for risk management and the reporting obligations for significant security incidents subject to BSI oversight have been in effect.<\/p>\n<p>&nbsp;<\/p>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.27.5\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h2>What Requirements Must Companies Fulfill?<\/h2>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.27.0\" _module_preset=\"default\" custom_margin=\"-13px||-3px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<p>Companies affected by NIS-2 are obliged to operate a verifiable information security management system (ISMS). Based on this, they must take appropriate technical, operational and organizational measures to control cyber security risks, prevent security incidents and minimize potential impacts. The requirements of NIS-2 apply to the entire company, not just to individual systems or services classified as critical.<\/p>\n<p>&nbsp;<\/p>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.27.5\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h2>Which Companies Are Affected?<\/h2>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.27.5\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<p>The NIS-2 Directive covers 13 sectors that are of crucial importance to the economy and society. It applies to companies with 50 or more employees or an annual turnover and an <span data-teams=\"true\"><span class=\"ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak\" dir=\"ltr\">annual balance sheet total<\/span><\/span> of 10 million euros.<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.24.1\" _module_preset=\"default\" custom_padding=\"0px||15px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.27.5\" _module_preset=\"default\" custom_padding=\"30px||||false|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h2>What Do Companies Need to Know When Reporting Security Incidents?<\/h2>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.27.5\" _module_preset=\"default\" custom_margin=\"||-32px|||\" custom_padding=\"||29px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<p>Companies that are subject to NIS-2 report significant security incidents to the BSI via the central BSI portal. The previous KRITIS reporting channels (MIP\/MIP2) no longer apply to NIS-2 companies. These reporting channels are only used by KRITIS operators and federal authorities on a transitional basis or, in exceptional cases, if a report is necessary before registering on the portal. The legal reporting system has three stages: the initial report within 24 hours, the follow-up report within 72 hours, and the final report no later than one month after the initial report.<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row disabled_on=\"on|on|on\" _builder_version=\"4.27.4\" _module_preset=\"default\" disabled=\"on\" locked=\"off\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.27.0\" _module_preset=\"default\" border_color_all=\"#F07F1D\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_testimonial author=\"Vinzent Ratermann\" job_title=\"Expert for the IT Security of Critical Infrastructures\" portrait_url=\"https:\/\/www.usd.de\/wp-content\/uploads\/Vinzent-Ratermann-1_PPT-Kontakt.jpg\" quote_icon_color=\"#F07F1D\" quote_icon_background_color=\"#FFFFFF\" font_icon=\"&#xe06a;||divi||400\" portrait_width=\"200px\" portrait_height=\"200px\" use_icon_font_size=\"on\" icon_font_size=\"35px\" _builder_version=\"4.27.0\" _module_preset=\"default\" background_color=\"RGBA(255,255,255,0)\" custom_padding=\"3%||2%||false|false\" animation_style=\"fade\" border_width_all=\"2px\" border_color_all=\"#F07F1D\" border_radii_portrait=\"on|100%|100%|100%|100%\" border_color_all_portrait=\"RGBA(255,255,255,0)\" box_shadow_style_image=\"preset4\" box_shadow_horizontal_image=\"0px\" box_shadow_vertical_image=\"0px\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<p><span style=\"font-size: 18px;font-weight: 300\">A NIS-2 implementation project usually involves extensive human and financial resources. We therefore advise you to make the most of the time remaining. Together with our experienced consultants and security auditors, take an early look at the requirements of NIS-2 and identify any deviations in your company.<\/span><\/p>\n<p>[\/et_pb_testimonial][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"-8px||||false|false\" custom_padding=\"||2px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_divider color=\"#d8d8d8\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_divider][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"|auto|18px|auto||\" custom_padding=\"0px||1px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.24.3\" _module_preset=\"default\" custom_padding=\"9px|||||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h2>More Insights on NIS-2<\/h2>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_2,1_2\" use_custom_gutter=\"on\" gutter_width=\"2\" make_equal=\"on\" _builder_version=\"4.27.4\" _module_preset=\"default\" background_color=\"RGBA(0,0,0,0)\" custom_margin=\"4px|auto||auto||\" custom_padding=\"0px|7px|45px|7px|false|true\" border_radii=\"on|5px|5px|5px|5px\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"1_2\" _builder_version=\"4.27.4\" _module_preset=\"default\" background_color=\"rgba(46,53,61,0.86)\" background_image=\"https:\/\/www.usd.de\/wp-content\/uploads\/news-usd-ag-nis-2-final.jpg\" background_blend=\"multiply\" background_enable_video_mp4=\"off\" custom_padding=\"0px|0px|0px|0px|true|true\" link_option_url_new_window=\"on\" background_last_edited=\"off|desktop\" border_radii=\"on|5px|5px|5px|5px\" border_width_all=\"1px\" border_color_all=\"#F6F6F6\" global_colors_info=\"{}\" background__hover_enabled=\"off|hover\" background_enable_color__hover=\"off\" background_image__hover=\"https:\/\/www.usd.de\/wp-content\/uploads\/news-success-story-cashpoint.jpeg\" background_enable_image__hover=\"on\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.27.4\" _module_preset=\"51ae1141-d3aa-4d8e-88be-0448f8284f54\" background_color=\"RGBA(0,0,0,0)\" custom_margin=\"27px||-1px||false|false\" custom_padding=\"20px|30px|0px|30px|false|true\" link_option_url=\"https:\/\/www.usd.de\/en\/nis2umsucg-officially-in-force\/\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h3 style=\"text-align: center\"><span style=\"color: #ffffff\">NIS-2 Implementation Act Comes Into Force<\/span><\/h3>\n<p>&nbsp;<\/p>\n<p>[\/et_pb_text][\/et_pb_column][et_pb_column type=\"1_2\" _builder_version=\"4.27.4\" _module_preset=\"default\" background_color=\"rgba(46,53,61,0.86)\" background_image=\"https:\/\/www.usd.de\/wp-content\/uploads\/usd-ag-news-nis-2.jpg\" background_blend=\"multiply\" background_enable_video_mp4=\"off\" custom_padding=\"0px|0px|0px|0px|true|true\" link_option_url_new_window=\"on\" background_last_edited=\"off|desktop\" border_radii=\"on|5px|5px|5px|5px\" border_width_all=\"1px\" border_color_all=\"#F6F6F6\" global_colors_info=\"{}\" background__hover_enabled=\"off|hover\" background_enable_color__hover=\"off\" background_image__hover=\"https:\/\/www.usd.de\/wp-content\/uploads\/news-success-story-cashpoint.jpeg\" background_enable_image__hover=\"on\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.27.4\" _module_preset=\"51ae1141-d3aa-4d8e-88be-0448f8284f54\" background_color=\"RGBA(0,0,0,0)\" custom_margin=\"27px||-1px||false|false\" custom_padding=\"20px|30px|0px|30px|false|true\" link_option_url=\"https:\/\/www.usd.de\/en\/new-nis-2-draft-bill-under-examination\/\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h3 style=\"text-align: center\"><span style=\"color: #ffffff\">NIS-2 Draft Bill under Examination<\/span><\/h3>\n<p>&nbsp;<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_2,1_2\" use_custom_gutter=\"on\" gutter_width=\"2\" make_equal=\"on\" _builder_version=\"4.27.4\" _module_preset=\"default\" background_color=\"RGBA(0,0,0,0)\" custom_margin=\"4px|auto||auto||\" custom_padding=\"0px|7px|45px|7px|false|true\" border_radii=\"on|5px|5px|5px|5px\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"1_2\" _builder_version=\"4.27.4\" _module_preset=\"default\" background_color=\"rgba(46,53,61,0.86)\" background_image=\"https:\/\/www.usd.de\/wp-content\/uploads\/usd-AG-EU-NIS-2-vs-DORA.jpg\" background_blend=\"multiply\" background_enable_video_mp4=\"off\" custom_padding=\"0px|0px|0px|0px|true|true\" link_option_url_new_window=\"on\" background_last_edited=\"off|desktop\" border_radii=\"on|5px|5px|5px|5px\" border_width_all=\"1px\" border_color_all=\"#F6F6F6\" global_colors_info=\"{}\" background__hover_enabled=\"off|hover\" background_enable_color__hover=\"off\" background_image__hover=\"https:\/\/www.usd.de\/wp-content\/uploads\/news-success-story-cashpoint.jpeg\" background_enable_image__hover=\"on\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.24.1\" _module_preset=\"51ae1141-d3aa-4d8e-88be-0448f8284f54\" background_color=\"RGBA(0,0,0,0)\" min_height=\"141.8px\" custom_margin=\"27px||-1px||false|false\" custom_padding=\"6px|30px|0px|30px|false|true\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h3><span style=\"color: #ffffff\">NIS-2 and DORA: Why Two Pieces of EU Cybersecurity Legislation?<\/span><span style=\"color: #ffffff\"><\/span><\/h3>\n<p><span style=\"color: #ffffff\"><\/span><\/p>\n<p><span style=\"color: #ffffff\"><\/span>[\/et_pb_text][\/et_pb_column][et_pb_column type=\"1_2\" _builder_version=\"4.27.0\" _module_preset=\"default\" background_color=\"rgba(46,53,61,0.86)\" background_image=\"https:\/\/www.usd.de\/wp-content\/uploads\/usd-ag-slider-nis-2-scaled.jpg\" background_blend=\"multiply\" background_enable_video_mp4=\"off\" custom_padding=\"0px|0px|0px|0px|true|true\" link_option_url=\"https:\/\/www.usd.de\/en\/nis-2-how-to-prepare-your-company\/\" link_option_url_new_window=\"on\" background_last_edited=\"off|desktop\" border_radii=\"on|5px|5px|5px|5px\" border_width_all=\"1px\" border_color_all=\"#F6F6F6\" global_colors_info=\"{}\" background__hover_enabled=\"off|hover\" background_enable_color__hover=\"off\" background_image__hover=\"https:\/\/www.usd.de\/wp-content\/uploads\/news-success-story-cashpoint.jpeg\" background_enable_image__hover=\"on\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.27.4\" _module_preset=\"51ae1141-d3aa-4d8e-88be-0448f8284f54\" background_color=\"RGBA(0,0,0,0)\" custom_margin=\"27px||-1px||false|false\" custom_padding=\"20px|30px|27px|30px|false|true\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h3 style=\"text-align: center\"><span style=\"color: #ffffff\">Ready for NIS-2? How to Prepare Your Company <\/span><\/h3>\n<p>&nbsp;<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>NIS-2 Implementation Act Now In Force - Are You Prepared?The NIS-2 DirectiveThe NIS-2 Directive (Network and Information Security 2, NIS-2) obliges all EU member states to ensure a uniformly high level of cybersecurity for critical and important facilities. With the new directive, the EU is focusing its cyber security offensive on other \"essential and important [&hellip;]<\/p>\n","protected":false},"author":90,"featured_media":44848,"parent":11659,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-47767","page","type-page","status-publish","has-post-thumbnail","hentry"],"_links":{"self":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages\/47767","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/users\/90"}],"replies":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/comments?post=47767"}],"version-history":[{"count":4,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages\/47767\/revisions"}],"predecessor-version":[{"id":65094,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages\/47767\/revisions\/65094"}],"up":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages\/11659"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media\/44848"}],"wp:attachment":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media?parent=47767"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}