Germany: NIS 2 Implementation and Cybersecurity Strengthening Act entered into force

NIS 2 Implementation and Cybersecurity Strengthening Act entered into force

On 6 December 2025, the NIS 2 Implementation and Cybersecurity Strengthening Act, including security requirements, entered into one day after its official publication. It introduces a minimum set of risk measures, including incident-handling procedu…

Scope

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

cross-cutting

Implementation Level

national

Government Branch

executive

Government Body

central government

Complete timeline of this policy change

Hide details

2024-05-07

under deliberation

On 7 May 2024, the Federal Interior Minister presented the draft NIS 2 Implementation and Cybersecu…

2024-07-24

under deliberation

On 24 July 2024, the draft NIS 2 Implementation and Cybersecurity Strengthening Act, including secu…

2025-06-23

under deliberation

On 23 June 2025, the updated draft Act on the Implementation of the NIS-2 Directive and on the Regu…

2025-07-04

under deliberation

On 4 July 2025, the Berlin Commissioner for Data Protection and Freedom of Information (BlnBDI) sub…

2025-11-13

under deliberation

On 13 November 2025, the NIS 2 Implementation and Cybersecurity Strengthening Act, including securi…

2025-12-02

adopted

On 2 December 2025, the President signed the NIS 2 Implementation and Cybersecurity Strengthening A…

2025-12-06

in force

On 6 December 2025, the NIS 2 Implementation and Cybersecurity Strengthening Act, including securit…

Description

NIS 2 Implementation and Cybersecurity Strengthening Act entered into force

Scope

Complete timeline of this policy change