Digital Policy Alert logo

Germany: Security requirements in NIS 2 Implementation and Cybersecurity Strengthening Act

Progress

Current status
under deliberation
13 Nov 2025 under deliberation
04 Jul 2025 under deliberation
23 Jun 2025 under deliberation
24 Jul 2024 under deliberation
07 May 2024 under deliberation

Scope

Implementers
Germany
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Government Branch
legislature
executive
Government Body
parliament
data protection authority
central government
Implementation Level
national

Timeline of events

13 Nov 2025
under deliberation

NIS 2 Implementation and Cybersecurity Strengthening Act including security requirements was passed by Parliament

On 13 November 2025, the NIS 2 Implementation and Cybersecurity Strengthening Act, including security requirements, was passed by the Parliament. It introduces a minimum set of risk measures, including incident-handling procedures, business continui…

Source
Event type law
Action type passage
Government branch legislature
Government body parliament
04 Jul 2025
under deliberation

Berlin Commissioner for Data Protection submitted comments on Draft Act on implementation of NIS-2 Directive and on Regulation of essential principles of information security management in federal administration, including security requirements

On 4 July 2025, the Berlin Commissioner for Data Protection and Freedom of Information (BlnBDI) submitted comments on the Draft Act for the Implementation of the NIS-2 Directive and the Regulation of Essential Principles of Information Security Mana…

Source
Event type law
Action type opinion
Government branch executive
Government body data protection authority
23 Jun 2025
under deliberation

Updated draft NIS 2 Implementation and Cybersecurity Strengthening Act including security requirements was released

On 23 June 2025, the updated draft Act on the Implementation of the NIS-2 Directive and on the Regulation of Essential Principles of Information Security Management in the Federal Administration was released. The Act, proposed by the Federal Ministr…

Source
Event type law
Action type drafting
Government branch executive
Government body central government
24 Jul 2024
under deliberation

Issued draft NIS 2 Implementation and Cybersecurity Strengthening Act including security requirements

On 24 July 2024, the draft NIS 2 Implementation and Cybersecurity Strengthening Act, including security requirements, was adopted by the German Government. The Act transposes the Directive on measures for a high common level of cybersecurity across …

Source
Event type law
Action type drafting
Government branch legislature
Government body parliament
07 May 2024
under deliberation

Announced NIS 2 Implementation and Cybersecurity Strengthening Act including Security requirements

On 7 May 2024, the Federal Interior Minister presented the draft NIS 2 Implementation and Cybersecurity Strengthening Act, including security requirements. The Act transposes the Directive on measures for a high common level of cybersecurity across …

Source
Event type law
Action type announcement
Government branch executive
Government body central government