1. September 2025
#Information security #NIS2Richtlinie NIS2

NIS2 is coming

NIS2 is coming – Is your company ready for the new EU Cybersecurity Directive?

The digital threat situation in Europe has worsened significantly in recent years. Cyberattacks, espionage, sabotage and disinformation no longer only affect critical infrastructures, but increasingly also small and medium-sized enterprises. The European Union is responding to this with the new NIS2 Directive, which will become binding in Germany from January 2026. The aim is to strengthen cyber resilience throughout the EU and create a uniform level of security.

The NIS2 Directive replaces the previous NIS Directive and significantly expands its scope. Whereas previously only operators of critical infrastructures were affected, around 29,000 companies in Germany will have to adapt to new obligations in future – including many SMEs that were not previously regulated

What does NIS2 actually mean for companies?

The transposition of the NIS2 Directive into German law creates comprehensive requirements for information security. Companies that are classified as “particularly important” or “important” must register, establish a risk management system, report security incidents and document their security measures

The most important obligations at a glance:

  • Obligation to register: Companies must register with the joint registration office of the BSI and BBK within three months of the law coming into force.
  • Risk management: Appropriate, proportionate and effective technical and organizational measures must be taken. These include risk analyses, backup management, supplier management, access controls and training.
  • Reporting obligations: Security incidents must be reported within 24 hours of becoming known. A detailed report must be submitted within 72 hours, a final report after 30 days at the latest
  • Documentation obligation: All security processes, measures and audits must be documented in a comprehensible manner and presented on request.
  • Management liability: The responsibility for compliance lies with the company management. Violations can result in high fines and personal liability.

Timetable for Germany

On July 30, 2025, the German government passed the draft law to implement the NIS2 Directive. Parliamentary deliberations in the Bundestag and Bundesrat will continue until October 2025. The law is due to come into force in December 2025 at the latest. From January 2026, companies will have to comply with the requirements – including registration, risk management and reporting processes. Audits by the Federal Office for Information Security (BSI) will also begin in 2026.

Why companies should act now

The time between the law coming into force and the start of audits is short. Companies that do not address the requirements until 2026 risk not only fines, but also reputational damage and operational risks. An early start to implementation is therefore crucial.

The NIS2 directive requires not only technical measures, but also organizational and strategic adjustments. These include clear responsibilities, training, emergency communication and the integration of security requirements into existing processes.

SYNGENITY® GmbH – Your partner for NIS2 compliance

SYNGENITY® GmbH supports companies in preparing for the NIS2 directive with a holistic approach. As an experienced consultancy for information security, data protection and quality management, SYNGENITY® offers practical solutions for implementing the new requirements.

Typical services provided by SYNGENITY® in the context of NIS2 preparation:

  • GAP analysis: Assessment of the current security level and identification of gaps compared to the NIS2 specifications.
  • Risk management: Establishment of systematic risk management including risk analysis, action planning and documentation.
  • Incident management: development of reporting processes, incident management and communication with the BSI.
  • Supplier management: checking and safeguarding IT security in the supply chain.
  • Training and awareness-raising: Employee training to increase safety competence and establish a safety culture.
  • Documentation and audit preparation: Preparation of the necessary evidence and preparation for external audits by authorities.

SYNGENITY® provides companies with individual and industry-specific support – from the first consultation to successful implementation. The focus is not just on formal compliance, but on actually improving the security situation and resilience to cyber threats

Conclusion: NIS2 as an opportunity for more security and trust

The NIS2 directive presents companies with new challenges, but also offers the opportunity to strengthen their own security architecture and gain the trust of customers and partners. Those who act early can minimize risks, optimize processes and successfully prepare for the new requirements.

With an experienced partner like SYNGENITY® GmbH, the path to NIS2 compliance is not only easier, but also makes strategic sense. Contact SYNGENITY® today and start your preparation for the new era of cybersecurity.

more news

EU Data Act

EU Data Act

Welcome to SYNGENITY® GmbH

Welcome to SYNGENITY® GmbH

IFTA GmbH receives ISO 27001 certification

IFTA GmbH receives ISO 27001 certification

New ISO 9001:2026

New ISO 9001:2026

What is an ISMS?

What is an ISMS?

Incident Management

Incident Management

Consent Management Platform by Real Cookie Banner