November 13, 2025. According to the digital association Bitkom, today’s adoption of the law implementing the EU NIS-2 Directive by the Bundestag will strengthen cybersecurity in Germany and create more legal certainty for companies. At the same time, the new regulations for the use of so-called critical components could have a significant impact on companies’ investment decisions and therefore on digitalization in Germany.
Categories
Tags
Contact info
Silicon Saxony
Marketing, Kommunikation und Ă–ffentlichkeitsarbeit
Manfred-von-Ardenne-Ring 20 F
Fax: +49 351 8925 889
Contact person:
“The implementation of the European NIS 2 Directive was overdue. Cyber attacks threaten the economy, administration and society. German companies recently suffered an annual loss of 202 billion euros as a result,” says Bitkom President Dr. Ralf Wintergerst. The aim of the NIS 2 Directive is to strengthen resilience and cyber security in the member states. Among other things, the definition of critical infrastructure has been expanded to this end, obliging a large number of companies to take special security precautions.
Bitkom considers it extremely positive that downstream federal authorities are included in the scope of NIS-2 in the law that has now been passed. Especially in sensitive areas of the federal administration, security breaches can cause considerable financial damage and damage trust in democratic institutions. “An effective and credible cyber security architecture requires that the state itself adheres to the highest security standards. It is only logical and right that federal authorities should in future be subject to the same risk management requirements as regulated companies,” says Wintergerst.
In contrast, Bitkom believes that the new regulations on so-called critical components recently introduced into the legislative process are rather harmful. It is now planned that the Federal Ministry of the Interior will define critical components in coordination with other ministries and will also be able to independently prohibit their use in future. “Companies need reliable framework conditions; bans can have a significant impact on business activities. It is essential that those affected are consulted in advance before such important decisions are made,” says Wintergerst. In Bitkom’s opinion, critical components should continue to be defined on the basis of technical criteria by the Federal Network Agency and the Federal Office for Information Security (BSI).
In order to protect Germany from cyber attacks and create a holistic approach to digital security, companies should be supported by the BSI in the practical implementation of the NIS 2 requirements. In addition, the KRITIS Umbrella Act must now also be adapted to the NIS-2 Implementation Act and implemented promptly.
– – – – – –
👉 www.bitkom.org
Photo: pixabay
