Countdown for NIS2: Penalties threaten from October 18th
EU Cybersecurity Directive
from editorial team,
For NIS2, the directive for a high common level of cybersecurity in the EU, the deadline for implementation into German law expires on October 17th. According to this, companies affected by NIS2 face high penalties if they do not comply with the stricter requirements. However, not all affected companies are yet sufficiently prepared. For companies that, due to the expanded KRITIS-NIS2 definition, are not yet clear as to whether their economic sector and therefore their organization is actually affected by the NIS2 obligations, the federal government has a compact and anonymous digital one Impact assessment created to carry out an initial assessment.
(Image: BSI)
The NIS 2 impact assessment asks interested companies specific questions based on the draft law in order to classify their company. The questions are kept short and precise and are explained in more detail in lower case if necessary. Anyone who has completed the questionnaire will receive an initial automated assessment of whether their company is affected by the “NIS2UmsuCG” law – the German implementation law. It also explains what this status means and what obligations arise from it.
For circa 29,000 facilities that are “particularly important” or “important” according to the law are subject to registration, proof and reporting obligations for the first time through NIS2. From October 18, 2024, affected establishments are immediately required to register with the relevant national authority, report incidents and ensure compliance with security requirements.
One important restriction should be noted: The assessment of the impact check is only a guide. The automatically generated result is not legally binding and will not be checked by the BSI or other independent bodies. There is therefore no claim to completeness or accuracy of the content.
And one more thing: The check is currently still based on the NIS2UmsuCG draft law. The legislative process is still ongoing. As soon as the implementation law has been finally decided and passed, the BSI wants to update the NIS 2 impact assessment immediately.
