The transposition of the NIS 2 Directive



The transposition of NIS 2 in Germany

According to Article 41, by 17 October 2024, Member States shall adopt and publish the measures necessary to comply with the NIS 2 Directive. They shall immediately inform the Commission thereof. They shall apply those measures from 18 October 2024.

The content will be updated progressively as information will be made available.


Status of transposition of the NIS 2 Directive.

Not transposed yet. By 17 October 2024, Member States shall adopt and publish the measures necessary to comply with the NIS 2 Directive.



NIS 2 will be transposed into national law by the NIS2UmsuCG (below).

Bearbeitungsstand: 07.05.2024 - Referentenentwurf des Bundesministeriums des Innern und für Heimat Entwurf eines Gesetzes zur Umsetzung der NIS-2-Richtlinie und zur Regelung wesentlicher Grundzüge des Informationssicherheitsmanagements in der Bundesverwaltung (NIS-2-Umsetzungs- und Cybersicherheitsstärkungsgesetz) (NIS2UmsuCG)

https://www.bmi.bund.de/SharedDocs/gesetzgebungsverfahren/DE/Downloads/referentenentwuerfe/CI1/NIS-2-RefE.pdf?__blob=publicationFile&v=3



KRITIS-Dachgesetz (KRITIS Umbrella Act) that implements the EU Critical Entities Resilience Directive (CER) (CER-Richtlinie (EU 2022/2557) is also important. It establishes a broad set of obligations and measures for operators of critical infrastructures across several sectors. The Act places significant emphasis on the resilience and security of critical infrastructures against both digital and physical threats.


27.09.2023 - Diskussionspapier des Bundesministeriums des Innern und für Heimat

https://www.bmi.bund.de/SharedDocs/gesetzgebungsverfahren/DE/Downloads/referentenentwuerfe/CI1/NIS-2-UmsetzungWirtschaft_DisP.pdf;jsessionid=95884897E904ADAFE7981439CC2F9713.1_cid505?__blob=publicationFile&v=2




03.07.2023 - Referentenentwurf des Bundesministeriums des Innern und für Heimat

Entwurf eines Gesetzes zur Umsetzung der NIS-2-Richtlinie und zur Regelung wesentlicher Grundzüge des Informationssicherheitsmanagements in der Bundesverwaltung (NIS-2-Umsetzungs- und Cybersicherheitsstärkungsgesetz – NIS2UmsuCG)

https://ag.kritis.info/wp-content/uploads/2023/07/NIS2UmsuCG-Referentenentwurf-BMI-CI1-Bearbeitungsstand-03072023.pdf



Status of transposition of the NIS Directive (2016/1148).

Transposed.


National strategy on the security of network and information systems.

The strategy is available online.

https://www.bmi.bund.de/DE/themen/it-und-digitalpolitik/it-und-cybersicherheit/it-und-cybersicherheit-node.html


NIS Transposition in Germany

Single point of contact

https://www.bsi.bund.de/DE/Home/home_node.html



National competent authority for DSPs (Digital Service Providers (DSP)

Note: Cloud computing services, online marketplacesand online search engines are in the scope of NIS).

Same as Single point of contact.


National competent authority for OES (Operators of Essential Services)

Same as Single point of contact.