Implementation of the NIS2 Directive in Germany: There are now draft laws on the implementation of the NIS2 Directive in Germany, and a clear line can be seen. In Germany, the NIS2 Directive is implemented by the “Act on the Implementation of the NIS-2 Directive and on the Regulation of Essential Principles of Information Security Management in the Federal Administration”. It is also known as the “NIS-2 Implementation and Cybersecurity Strengthening Act” or “NIS2UmsuCG” for short.
At the heart of it all is the German “BSI Act”: this law was originally created to regulate the competencies and measures of the Federal Office for Information Security (BSI). However, this law is increasingly being transformed into a set of cyber security regulations. This was already foreseeable with the German IT Security Act and has been enhanced with the IT Security Act 2.0. IT security in Germany – and Europe – is thus being raised to a completely new level and the economy in particular will have to dress warmly.
Note on the current status of the legislative process: The NIS2 Directive must actually be implemented by mid-October. However, draft bills have only been available since May 2024, which already raises doubts as to whether this will happen in time. With this in mind, a paragraph has been added on what delayed implementation means. The article has been updated to the status of the second draft bill (processing status: 24.06.2024).