30 July 2025. The government draft bill presented today to implement the NIS 2 Directive comprehensively modernizes German IT security law and takes into account the tense threat situation in cyberspace. The Federal Office for Information Security (BSI) has a key role to play here.
Categories
Tags
Contact info
Silicon Saxony
Marketing, Kommunikation und Ă–ffentlichkeitsarbeit
Manfred-von-Ardenne-Ring 20 F
Fax: +49 351 8925 889
Contact person:
The draft bill provides, among other things, for the BSI Act (BSIG) to be amended and the group of regulated organizations to be expanded to include the categories of “important institutions” and “particularly important institutions”. To date, around 4,500 organizations have been covered by the BSIG: Critical infrastructure operators, digital service providers and companies in the special public interest. With the expansion, the BSI will in future supervise around 29,500 facilities for which new legal obligations in IT security apply.
For example, particularly important and important facilities must register, report significant security incidents and implement technical and organizational risk management measures. These include risk analyses, concepts for dealing with security incidents, supply chain security, training and awareness-raising measures, multi-factor authentication and secure communication. In addition, the NIS 2 directive makes cyber security a management issue: the management of affected institutions are obliged to implement the risk management measures, monitor their implementation and receive training on issues relating to the assessment and management of cyber risks.
The draft law requires federal administration institutions to meet minimum information security requirements, which are derived from the BSI’s IT baseline protection compendium and minimum standards for security in federal information technology, among other things.
BSI President Claudia Plattner: “With today’s government draft, Germany is taking an important step towards becoming a resilient cyber nation. In order to continue to secure prosperity and stability, the economy and the state must be better equipped against cyber threats. The economy needs planning security: companies must be able to determine quickly and with legal certainty whether they are affected by the NIS 2 Directive. The BSI is already supporting them with advisory services and will make the implementation of the legal requirements as smooth as possible. The government draft is also an important milestone for the state’s cyber protection: the implementation of BSI standards such as IT baseline protection by federal administration institutions is an essential prerequisite for this. The constantly growing threat situation in cyberspace must also be countered with an effective response in the form of a robust IT governance structure, particularly in the federal administration. This structure should extend across all departments, authorities and institutions of the federal administration and serve the goal of jointly organizing and continuously improving IT security.”
In order to inform institutions that are potentially affected by new legal obligations, the BSI continuously provides support services and extensive information – including a website available on the BSI website at www.bsi.bund.de/dok/nis-2.
– – – – – –
👉 www.bsi.bund.de
Photo: pixabay
