News

Implementation of NIS2 Directive on the horizon

10.09.2024

In response to the growing threat posed by cyber attacks, the EU has enacted the NIS2 Directive, which Member States have to transpose into national law. The implementation of the NIS2 Directive is now getting closer in Germany (information in German on the government draft can be found here). The upper house of the German parliament (Bundesrat) will now be looking at the government draft for the first time, meaning that in a best-case scenario the lower house (Bundestag (German document)) will be able to take up its work before the end of September 2024.

The scope of application of the current German Act on the Federal Office for Information Security (BSI Act (BSI-Gesetz)) will be greatly expanded by the NIS2 Directive, leading to a multitude of additional companies being covered. Companies affected by these changes are advised to begin to make themselves familiar with the new rules, which will come into force in the near future, and to take appropriate measures.

Companies, and especially their legal departments, should start considering the following tasks right now (for more detailed information also see our past article):

  • Define responsibilities: Who will coordinate things? Is it ensured that the management will take on the responsibility? What (new) roles are to fill?
  • Review the scope of application: Will my company fall under the scope of application of the relevant implementing statutes?
  • Review your information security (detailed information in German can be found on the website of the Federal Office for Information Security): How secure is my business?
  • Conduct reviews of contracts concerning the supply chain: Have all service providers been carefully selected? Are they monitored on a regular basis? Are the contracts with the service providers appropriate and balanced?
  • Set up emergency plans: Do all the relevant people in the company know what measures to take in an emergency?
  • Prepare training for the management and employees: Does the upper management possess the necessary knowledge?

European and German legislators have been extremely active in the field of digital regulation. This means that it is in the interests of companies to closely evaluate which existing or new laws apply to them.

If you would like to keep track of these laws, we recommend consulting our map of European digital law here. Information on cyber risks can be found here.

Contact

Julian Monschke
Julian Monschke+49 69 971477179
Andreas Scheibenpflug+49 69 971477247

Data Privacy
Data Tech and Telecoms
Digital Business
Cyber Risks

Share

Show all

Insights

railsway track with pulse
News

Implementation of NIS2 Directive on the horizon

10.09.2024
Illuminated tunnel with pulse
News

European Court of Justice curtails merger control jurisdiction of the European Commission

06.09.2024
working space with pulse
News

The Scope of Copyright in the AI Economy

19.08.2024
businesswoman using digital tablet with pulse
News

Order and cancellation buttons: Important decisions for legal practice

31.07.2024
Illuminated tunnel with pulse
News

TikTok remains accountable under the Digital Markets Act (DMA)

18.07.2024
Semiconductor with pulse
News

Artificial intelligence under control: AI Act published in the Official Journal of the European Union

12.07.2024
modern glass building with pulse
News

NIS2 Directive: New draft implementing regulations published

28.06.2024
Processor Data Competence Center
News

Digital Markets Act: European Commission designates further gatekeeper and core platform services

31.05.2024
data center in server room
News

Data centres are the basis of all (further) developments of our time

28.05.2024