Germany: President signed NIS 2 Implementation and Cybersecurity Strengthening Act including security requirements
Description
President signed NIS 2 Implementation and Cybersecurity Strengthening Act including security requirements
On 2 December 2025, the President signed the NIS 2 Implementation and Cybersecurity Strengthening Act, including security requirements. The Act will enter into force one day after its official publication. It introduces a minimum set of risk measures, including incident-handling procedures, business continuity requirements, vulnerability management, authentication, cryptographic protection, and supply chain controls. Companies are required to assess their own risks and implement proportionate safeguards. The Act also replaces the single-step reporting model with a three-tier regime requiring reports at 24 hours, 72 hours, and one month.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
central government
Complete timeline of this policy change
Hide details
2024-05-07
under deliberation
2024-07-24
under deliberation
2025-06-23
under deliberation
2025-07-04
under deliberation
2025-11-13
under deliberation
2025-12-02
adopted