{"id":193191,"date":"2026-03-05T13:43:00","date_gmt":"2026-03-05T18:43:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/05\/germany-implements-nis2-expanding-cybersecurity-obligations\/"},"modified":"2026-03-05T16:55:23","modified_gmt":"2026-03-05T21:55:23","slug":"germany-implements-nis2-expanding-cybersecurity-obligations","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/05\/germany-implements-nis2-expanding-cybersecurity-obligations\/","title":{"rendered":"Germany Implements NIS2, Expanding Cybersecurity Obligations"},"content":{"rendered":"<p><a href=\"https:\/\/natlawreview.com\/article\/new-cybersecurity-regulations-germany-registration-requirement-expires-6-march-2026\">Germany Implements NIS2, Expanding Cybersecurity Obligations<\/a><\/p>\n<p><a href=\"https:\/\/natlawreview.com\/article\/new-cybersecurity-regulations-germany-registration-requirement-expires-6-march-2026\">https:\/\/natlawreview.com\/article\/new-cybersecurity-regulations-germany-registration-requirement-expires-6-march-2026<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-05 13:43:00<\/a><\/p>\n<p>Source Domain: <a href=\"natlawreview.com\">natlawreview.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. After a delay of more than a year, the German implementation law for the\u00a0NIS2 Directive\u00a0(Directive (EU) 2022\/2555) came into force in December 2025 (Law on the Implementation of the NIS 2 Directive and on the Regulation of Essential Features of Information Security Management in the Federal Administration). The law provides for significant changes and revisions to various cybersecurity laws, in particular the BSI Act.<br \/>\nMany more companies than before now fall within the scope of the BSI Act. Previously, the BSI Act only regulated traditional critical infrastructure such as transport and traffic, energy, finance, health, research, and the telecommunications industry. Now, the digital sector is also covered, in particular cloud computing services, data center operators, managed (security) service providers, and providers of online marketplaces, online search engines, and social networks. The production and trade of chemical substances, the production, processing, and distribution of food, and various areas of the manufacturing industry (production of goods) are also affected. Lists of the sectors and activities covered are available\u00a0here\u00a0and\u00a0here. The BSI offers an\u00a0impact assessment\u00a0on its website.<br \/>\nAlthough not provided for in the directive, the German implementation law provides for a\u00a0de minimis\u00a0exemption if an activity that is generally covered is negligible in relation to the overall activity of a company. In these cases, the requirements of the BSI law do not apply.<br \/>\nCovered entities must register on the\u00a0platform\u00a0provided by the BSI by 6 March 2026. This requires an ELSTER organization certificate.<br \/>\nViolations are punishable by a fine of up to EUR\u20ac500,000. Regardless of this, however, companies should thoroughly check whether they fall within the scope of the law and what obligations this entails for them.<br \/>\nOther obligations of covered companies include, in particular:<\/p>\n<p>Taking appropriate measures to prevent and remedy disruptions to the availability, integrity, and confidentiality of their information technology systems;<br \/>\nImmediately reporting significant security incidents to a single reporting center;<br \/>\nTraining obligations<\/p>\n<p>Management is liable to their company for damages in the event of violations of these obligations.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Germany Implements NIS2, Expanding Cybersecurity Obligations https:\/\/natlawreview.com\/article\/new-cybersecurity-regulations-germany-registration-requirement-expires-6-march-2026 Publish Date: 2026-03-05 13:43:00 Source Domain: natlawreview.com Author:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":193192,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/natlawreview.com\/sites\/default\/files\/styles\/article_image\/public\/2026-03\/Germany%20German%20Flag-433716980.jpg.webp?itok=2_AtA9R3","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-193191","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/193191"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=193191"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/193191\/revisions"}],"predecessor-version":[{"id":193193,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/193191\/revisions\/193193"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/193192"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=193191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=193191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=193191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}