top of page
NIS2-Compliance.jpg

NIS-2 Compliance.
What is important for companies now:

The NIS-2 Directive comes into force on October 1, 2024. With the transposition of the new EU NIS-2 Directive into national law, around 29,000 companies will become the direct focus of Germany's cybersecurity agenda in addition to critical infrastructures.

 

With the implementation of the NIS2 Directive and the KRITIS Framework, there will be two main groups of sectors from 2024:

1. critical sectors for operators of critical facilities (KRITIS)

2. essential and important entities from the NIS-2 Directive.
 

Operators of critical facilities automatically become a essential entitie with NIS-2.

The regulation of the organisations and the amount of fines that may be incurred depend on the classification of the organisation as

  • essential entisies with or without critical facilities or

  • important entities.

▶︎ 1. Operators of critical facilities 

Critical facilities are those whose failure or impairment could have a significant impact on the security of supply or public safety.

The sectors for operators of critical facilities are defined in the KRITIS Framework. They overlap with the sector definition from the NIS-2 Directive. Some of the critical services and facilities still have to be defined in an ordinance. The KRITIS Framework is still being drafted.

Threshold values for critical facilities are defined in the “Ordinance on the Determination of Critical Infrastructures” in accordance with the BSI Act BSI-KritisV (de).

▶︎ 2. Entities

The sectors for facilities are defined in Annexes 1 and 2 of the NIS-2 Directive (de) (government draft of 22.7.2024). Membership of a particularly important or important facility depends on the size of the company, the sector and, in some cases, the specific industry.

Particularly important institutions and important institutions are obliged to take appropriate technical and organizational measures to ensure the security of their information technology systems.

❗️Companies themselves are responsible for identifying KRITIS facilities and determining whether they are affected as NIS2 facilities.

Was Sie jetzt tun sollten:

1

Betroffenheitsanalyse

Sie können mit dem  NIS-2 Assistant überprüfen, ob Sie von der NIS-2 Richtlinie betroffen sind, welche Pflichten, Bußgelder und ggfs. Ausnahmeregelungen für Ihr Unternehmen gelten und welche Durchsetzungsmaßnahmen das BSI ergreifen kann gemäß NIS-2 Regierungsentwurf (22.7.2024). 

 

Aktion:  7 Tagen kostenfrei.

2

Anforderungsanalyse

Wir unterstützen Sie bei der Erhebung der Anforderungen. In der Regel führen wir eine Bestandsaufnahme durch. Durch eine GAP-Analyse gegen die NIS-2 Richtlinie und ISO 27001 arbeiten wir die Handlungsfelder, Heatmap und Priorisierung heraus und leiten daraus angemessene Maßnahmen zur Verbesserung ihrer Informationssicherheit und Compliance zur NIS-2 Richtlinie ab.

Vereinbaren Sie jetzt mit uns einen Termin für ein Erstberatungsgespräch. 

3

Roadmap und Umsetzung

Wir erstellen zunächst eine Roadmap:

  • Short-Term, Mid-Term, LongTerm

  • Meilensteine

  • Kostenplanung

 

Daran anschließend Ressourcenplanung

bottom of page