{"id":52164,"date":"2024-08-30T11:18:49","date_gmt":"2024-08-30T09:18:49","guid":{"rendered":"https:\/\/www.usd.de\/?p=52164"},"modified":"2026-03-09T14:34:57","modified_gmt":"2026-03-09T13:34:57","slug":"kritis-proof-of-compliance-in-2025","status":"publish","type":"post","link":"https:\/\/www.usd.de\/en\/kritis-proof-of-compliance-in-2025\/","title":{"rendered":"KRITIS: These Sectors Are Required to Provide Proof of Compliance in 2025"},"content":{"rendered":"\n<p>According to Section 39 (formerly Section 8a) (1) BSIG, operators of <a href=\"https:\/\/www.bsi.bund.de\/EN\/Themen\/KRITIS-und-regulierte-Unternehmen\/kritis-und-regulierte-unternehmen_node.html\" data-type=\"link\" data-id=\"https:\/\/www.bbk.bund.de\/DE\/Themen\/Kritische-Infrastrukturen\/kritische-infrastrukturen_node.html\" target=\"_blank\" rel=\"noopener\">critical infrastructures<\/a> (KRITIS) in Germany are obliged to take appropriate organizational and technical precautions to prevent disruptions to the availability, integrity, authenticity and confidentiality of their information technology systems. These security measures must correspond to the current state of the technical standard.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The KRITIS audit is due in 2025 for the following sectors:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Finance and Insurance<\/li>\n\n\n\n<li>Transport and Traffic<\/li>\n\n\n\n<li>Health<\/li>\n<\/ul>\n\n\n\n<p>The KRITIS Regulation defines a total of ten sectors that provide critical services to the general public. KRITIS operators are obliged to provide the Federal Office for Information Security (BSI) with evidence every two years that they have implemented cyber security measures in accordance with the state of the art. These audits must be initiated by the operators themselves.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"595\" height=\"270\" src=\"https:\/\/www.usd.de\/wp-content\/uploads\/usd-AG-KRITIS-Illustration.png\" alt=\"KRITIS Illustration\" class=\"wp-image-21252\" style=\"width:400px\" \/><\/figure>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<p><\/p>\n\n\n\n<p>If you need help or advice with your <a href=\"https:\/\/www.usd.de\/en\/security-audits\/kritis\/\" data-type=\"link\" data-id=\"https:\/\/www.usd.de\/en\/security-audits\/kritis\/\">KRITIS audit<\/a>, please <a href=\"https:\/\/www.usd.de\/en\/contact-form-security-audits\/\" data-type=\"link\" data-id=\"https:\/\/www.usd.de\/en\/contact-form-pci\/\">contact us<\/a>. We are happy to help.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>According to Section 39 (formerly Section 8a) (1) BSIG, operators of critical infrastructures (KRITIS) in Germany are obliged to take appropriate organizational and technical precautions to prevent disruptions to the availability, integrity, authenticity and confidentiality of their information technology systems. These security measures must correspond to the current state of the technical standard. The KRITIS [&hellip;]<\/p>\n","protected":false},"author":117,"featured_media":22161,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"off","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"categories":[3597,373,389],"tags":[449,5435,9907,3599,3600,3601,3602],"class_list":["post-52164","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kritis-en","category-news-en","category-security-audits-en","tag-bsi-en","tag-bsig-en","tag-finance-sector","tag-finanzwesen-en","tag-kritis-en","tag-kritis-audit-en","tag-kritische-infrastrukturen-en"],"_links":{"self":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/52164","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/users\/117"}],"replies":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/comments?post=52164"}],"version-history":[{"count":5,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/52164\/revisions"}],"predecessor-version":[{"id":64619,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/52164\/revisions\/64619"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media\/22161"}],"wp:attachment":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media?parent=52164"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/categories?post=52164"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/tags?post=52164"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}