Germany: President signed NIS 2 Implementation and Cybersecurity Strengthening Act including provisions expanding Federal Office for Information Security powers

On 2 December 2025, the President signed the NIS 2 Implementation and Cybersecurity Strengthening Act including provisions expanding Federal Office for Information Security powers. The Act will enter into force one day after its official publication. The Act introduces expansions to the powers of the Federal Office for Information Security (BSI). Pursuant to Section 3 of the Act on the Federal Office for Information Security and on the Security of Information Technology of Entities (BSIG), the BSI is tasked with promoting information security through responsibilities such as identifying and addressing threats to federal information technology systems, analysing vulnerabilities, conducting security assessments, developing certification schemes, and acting as the national authority for cybersecurity certification under Regulation (EU) 2019/881. The BSI is authorised to issue binding measures against operators of critical installations, digital service providers, and manufacturers of information and communication technology products, monitor and analyse protocol and interface data from federal communications networks, and cooperate with law enforcement and intelligence services in cybersecurity matters.