The European NIS2 Directive is currently being transposed into German law. With the NIS2 Compass from HiSolutions, companies can already check whether they fall within the scope of application and what needs to be done.
Around 29,000 German companies will fall under NIS2
With the second European Network and Information Systems Directive (EU NIS 2, also known as the NIS 2 0 Directive), the EU has taken a further step towards standardised regulation of IT security. The transposition of NIS2 into German law is currently being finalised.
The number of companies and organisations affected by NIS2, which will have to implement stringent information security requirements in the future, will therefore be significantly increased. It is estimated that an additional 29,000 companies in Germany will be affected by the new legislation.
The NIS2 Compass provides additional information on what needs to be done
With the NIS2 Compass, HiSolutions has developed a freely accessible online tool that quickly and easily shows companies and organisations whether they fall within the scope of NIS2, what requirements and obligations they will face – and what penalties they will have to expect if they fail to implement it.
In addition to other tools, by answering a few questions within two minutes, it is also possible to determine which specific steps need to be taken to implement the regulations.
Prof Timo Kob, CEO and co-founder of HiSolutions: “We are already supporting the transposition of the European NIS2 Directive into German legislation in various committees such as Bitkom, the BDI and the Economic Council of the CDU in order to support the legislator with our expertise to enable a feasible approach to practical implementation. With our experience from our consulting practice with companies of all sizes, critical infrastructures and areas of activity, we can point out relevant perspectives and implementation paths.
Our new NIS2 Compass offers companies and organisations a low-threshold and quick way to determine whether they fall within the scope of NIS2 and what requirements they will face in detail. We are happy to support those affected with our technical expertise in implementing the necessary measures, some of which are very complex and intervene deeply in the company’s IT, individually and precisely.”
Link to the NIS2 compass from HiSolutions: https://www.hisolutions.com/security-consulting/cybersecurity/nis2
Comprehensive set of rules for measures and restrictions
The scope of NIS2 depends on the sector and company size. There are numerous exceptions and different thresholds for categorisation as a company within the scope of application, which in turn influence obligations and the level of sanctions. In principle, those affected are categorised as “important entities” and “particularly important entities”, such as operators of critical facilities.
Compared to the previous regulation, the NIS2 Directive significantly exceeds its predecessor in terms of scope, risk management measures, requirements, deadlines and penalties.
The current NIS2 Implementation Act (NIS2UmsuCG) as a discussion paper of the BMI (as of 22 December 2023), on whose regulations the NIS2 Compass is based, can be found here:
