{"id":10982,"date":"2025-02-06T10:33:20","date_gmt":"2025-02-06T10:33:20","guid":{"rendered":"https:\/\/www.graulaw.eu\/?p=10982"},"modified":"2025-02-06T11:39:14","modified_gmt":"2025-02-06T11:39:14","slug":"nis2-directive-implementation-act-new-cybersecurity-regulation","status":"publish","type":"post","link":"https:\/\/www.graulaw.eu\/en\/nis2-directive-implementation-act-new-cybersecurity-regulation\/","title":{"rendered":"NIS2 Directive Implementation Act – new cybersecurity regulation"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t

\n\t\t\t\tThe Act to Implement the EU NIS2 Directive and to Strengthen Cyber Security is currently at an advanced stage of the legislative process and is expected to come into force as early as March 2025. It introduces the EU-wide cyber security requirements of the EU NIS2 Directive into the German legal system.\t\t\t<\/p>\n\t\t\t\t\t<\/blockquote>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t<\/i>\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t<\/i>\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Who is affected by the regulation?<\/strong><\/h2>

Companies affected by NIS2 in Germany fall into three groups: existing operators of critical installations, essential entities and important entities.<\/p>

Essential entities are companies<\/strong> operating in the energy, transport, financial and digital infrastructure sectors, among others, if they have 250 or more employees or a turnover of more than \u20ac50 million and a balance sheet total of more than \u20ac43 million. Important entities, on the other hand, are companies in the food, chemicals, waste management and digital services sectors if they have 50 or more employees or a turnover of more than \u20ac10 million and a balance sheet total of more than \u20ac10 million.<\/p>

Obligations for essential entities and important entities<\/strong><\/h2>

According to \u00a7 30, sec. 1 of the draft law, essential entities and important entities<\/strong> must take appropriate, proportionate and effective technical and organisational measures to avoid disrupting the availability, integrity and confidentiality of the information systems, components and processes they use to provide their services, and to minimise the impact of security incidents.<\/p>

The assessment of the proportionality of the measures should take into account the level of risk, the size of the organisation, the cost of implementation and the probability and severity of security incidents, as well as their social and economic impact.<\/p>

The measures shall be state-of-the-art, take into account relevant European and international standards and be based on a multi-risk approach.<\/p>

The measures shall include at least the following:<\/strong><\/p>

  1. risk analysis and information technology security concepts,<\/li>
  2. Security incident management,<\/li>
  3. Business continuity, such as backup management, disaster recovery and crisis management,<\/li>
  4. Supply chain security, including security-related aspects of the relationships between each organisation and its direct suppliers or service providers,<\/li>
  5. Security measures for the acquisition, development and maintenance of information technology systems, components and processes, including vulnerability management and disclosure,<\/li>
  6. Policies and procedures for evaluating the effectiveness of information technology security risk management measures,<\/li>
  7. basic cyber hygiene procedures and information technology security training,<\/li>
  8. Policies and procedures for the use of cryptography and encryption,<\/li>
  9. Personnel security, access control policies and facilities management,<\/li>
  10. The use of multi-factor authentication or continuous authentication solutions, secure voice, video and text communications and, where appropriate, secure emergency communication systems within the organisation.<\/li><\/ol>

    Notification obligations<\/strong><\/h2>

    On the basis of section 32 Sec. 1 of the draft, essential and important entities are obliged to report the following information to the joint reporting office of the Federal Office and the Federal Office for Civil Protection and Disaster Assistance:<\/p>

    1. without undue delay and, in any case, no later than 24 hours after becoming aware of a significant security incident, an early initial notification indicating whether the significant security incident is suspected to be the result of unlawful or malicious action or to have cross-border implications.<\/li>
    2. without undue delay and, in any event, no later than 72 hours after becoming aware of a significant security incident, a notification on that security incident confirming or updating the information referred to in point 1 and providing a preliminary assessment of the significant security incident, including its severity and impact and, where applicable, the indicators of compromise.<\/li><\/ol>

      Furthermore, according to \u00a7 33 sec. 1 of the draft law, essential and important entities are required to report information such as the name of the entity, address, contact information and the relevant industry. This information must be submitted to the Federal Office for Civil Protection and Disaster Assistance via the registration facility set up jointly by the Federal Office for Civil Protection and Disaster Assistance and the Federal Office for Civil Protection and Disaster Assistance no later than three months after the initial or renewed classification as an essential or important entity.<\/p>

      Responsibility<\/strong><\/h2>

      We recommend <\/strong>that you take a close look at the new cybersecurity regulations, as violations of the new law can result in fines of up to \u20ac10 million.<\/p>

      It should also be noted that it is not only the entrepreneurs who are liable, but also the management of the essential or important entities, which, according to Article 38 of the draft law, is obliged to take risk management measures and monitor their implementation. The management that violates the aforementioned obligations will be liable to the company for any culpably caused damage in accordance with the provisions of company law applicable to the legal form of the significant company.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

      \n\t\t\t\t\t\t
      \n\t\t\t\t\t
      \n\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t

      Grau Rechtsanw\u00e4lte PartGmbB<\/a> advises and supports companies in the area of distribution law<\/a>, labor law<\/a> and data protection<\/a>, as an external data protection officer<\/a>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

      \n\t\t\t\t\t\t
      \n\t\t\t\t\t
      \n\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t

      If you have any further questions, please contact our law firm on +49 (0) 40 180 364 020 or office@graulaw.eu<\/a>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

      The Act to Implement the EU NIS2 Directive and to Strengthen Cyber Security is currently at an advanced stage of the legislative process and is expected to come into force as early as March 2025. It introduces the EU-wide cyber security requirements of the EU NIS2 Directive into the German legal system. Who is affected […]<\/p>\n","protected":false},"author":5,"featured_media":10958,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[66,79,51,64,59,47],"tags":[261,263,730,858,859,860,861,862,863,864,865,866,867,868],"class_list":["post-10982","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-transport","category-publications","category-theme","category-e-commerce-en","category-business-law","category-data-protection","tag-graulaw-blog-en","tag-adwokat-w-niemczech-en","tag-ecommerce-en","tag-cyber-security","tag-nis-2-directive","tag-nis-directive","tag-cybersecurity-measures","tag-nis-in-germany","tag-who-is-subject-to-nis-2","tag-essential-companies","tag-important-companies","tag-nis-directive-provisions","tag-sectors-covered-by-nis-2","tag-nis-2-information-obligations"],"yoast_head":"\nNIS2 Directive Implementation Act - new cybersecurity regulation | Grau Rechtsanw\u00e4lte PartGmbB<\/title>\n<meta name=\"description\" content=\"NIS2 in Germany - who is affected, relevant assumptions. Find out if your company is subject to NIS2 and how to implement the new regulations!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.graulaw.eu\/en\/nis2-directive-implementation-act-new-cybersecurity-regulation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NIS2 Directive Implementation Act - new cybersecurity regulation | Grau Rechtsanw\u00e4lte PartGmbB\" \/>\n<meta property=\"og:description\" content=\"NIS2 in Germany - who is affected, relevant assumptions. Find out if your company is subject to NIS2 and how to implement the new regulations!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.graulaw.eu\/en\/nis2-directive-implementation-act-new-cybersecurity-regulation\/\" \/>\n<meta property=\"og:site_name\" content=\"Grau Rechtsanw\u00e4lte PartGmbB\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ecommercegermany\" \/>\n<meta property=\"article:published_time\" content=\"2025-02-06T10:33:20+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-02-06T11:39:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.graulaw.eu\/wp-content\/uploads\/2025\/02\/iStock-1484313578.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2262\" \/>\n\t<meta property=\"og:image:height\" content=\"1325\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Marzena Helmecka\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Marzena Helmecka\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/nis2-directive-implementation-act-new-cybersecurity-regulation\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/nis2-directive-implementation-act-new-cybersecurity-regulation\\\/\"},\"author\":{\"name\":\"Marzena Helmecka\",\"@id\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/#\\\/schema\\\/person\\\/dacc9eca6bc602109e4c03fc6783ea69\"},\"headline\":\"NIS2 Directive Implementation Act – new cybersecurity regulation\",\"datePublished\":\"2025-02-06T10:33:20+00:00\",\"dateModified\":\"2025-02-06T11:39:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/nis2-directive-implementation-act-new-cybersecurity-regulation\\\/\"},\"wordCount\":796,\"publisher\":{\"@id\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/nis2-directive-implementation-act-new-cybersecurity-regulation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.graulaw.eu\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/iStock-1484313578.jpg\",\"keywords\":[\"graulaw blog\",\"adwokat w niemczech\",\"ecommerce\",\"Cyber Security\",\"NIS 2 Directive\",\"NIS Directive\",\"cybersecurity measures\",\"NIS in Germany\",\"who is subject to NIS 2\",\"essential companies\",\"important companies\",\"NIS Directive provisions\",\"sectors covered by NIS 2\",\"NIS 2 information obligations\"],\"articleSection\":[\"Transport\",\"Publications\",\"Theme\",\"E-Commerce\",\"Business Law\",\"Data Protection\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/nis2-directive-implementation-act-new-cybersecurity-regulation\\\/\",\"url\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/nis2-directive-implementation-act-new-cybersecurity-regulation\\\/\",\"name\":\"NIS2 Directive Implementation Act - new cybersecurity regulation | Grau Rechtsanw\u00e4lte PartGmbB\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/nis2-directive-implementation-act-new-cybersecurity-regulation\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/nis2-directive-implementation-act-new-cybersecurity-regulation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.graulaw.eu\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/iStock-1484313578.jpg\",\"datePublished\":\"2025-02-06T10:33:20+00:00\",\"dateModified\":\"2025-02-06T11:39:14+00:00\",\"description\":\"NIS2 in Germany - who is affected, relevant assumptions. Find out if your company is subject to NIS2 and how to implement the new regulations!\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/nis2-directive-implementation-act-new-cybersecurity-regulation\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/nis2-directive-implementation-act-new-cybersecurity-regulation\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/nis2-directive-implementation-act-new-cybersecurity-regulation\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.graulaw.eu\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/iStock-1484313578.jpg\",\"contentUrl\":\"https:\\\/\\\/www.graulaw.eu\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/iStock-1484313578.jpg\",\"width\":2262,\"height\":1325,\"caption\":\"Cyber security network. Data protection privacy concept.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/nis2-directive-implementation-act-new-cybersecurity-regulation\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"NIS2 Directive Implementation Act – new cybersecurity regulation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/\",\"name\":\"Grau Rechtsanw\u00e4lte PartGmbB\",\"description\":\"GRAU Rechtsanw\u00e4lte PartGmbB ist eine international ausgerichtete Rechtsanwaltskanzlei mit wirtschaftsrechtlicher Ausrichtung und Sitz in Hamburg.\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/#organization\",\"name\":\"Grau Rechtsanw\u00e4lte PartGmbB\",\"url\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.graulaw.eu\\\/wp-content\\\/uploads\\\/2022\\\/04\\\/logo.svg\",\"contentUrl\":\"https:\\\/\\\/www.graulaw.eu\\\/wp-content\\\/uploads\\\/2022\\\/04\\\/logo.svg\",\"width\":150,\"height\":48,\"caption\":\"Grau Rechtsanw\u00e4lte PartGmbB\"},\"image\":{\"@id\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/ecommercegermany\",\"https:\\\/\\\/www.facebook.com\\\/graulawtransport\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/graulaw\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/#\\\/schema\\\/person\\\/dacc9eca6bc602109e4c03fc6783ea69\",\"name\":\"Marzena Helmecka\",\"url\":\"https:\\\/\\\/www.graulaw.eu\\\/en\\\/author\\\/marzena-helmecka\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"NIS2 Directive Implementation Act - new cybersecurity regulation | Grau Rechtsanw\u00e4lte PartGmbB","description":"NIS2 in Germany - who is affected, relevant assumptions. Find out if your company is subject to NIS2 and how to implement the new regulations!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.graulaw.eu\/en\/nis2-directive-implementation-act-new-cybersecurity-regulation\/","og_locale":"en_US","og_type":"article","og_title":"NIS2 Directive Implementation Act - new cybersecurity regulation | Grau Rechtsanw\u00e4lte PartGmbB","og_description":"NIS2 in Germany - who is affected, relevant assumptions. Find out if your company is subject to NIS2 and how to implement the new regulations!","og_url":"https:\/\/www.graulaw.eu\/en\/nis2-directive-implementation-act-new-cybersecurity-regulation\/","og_site_name":"Grau Rechtsanw\u00e4lte PartGmbB","article_publisher":"https:\/\/www.facebook.com\/ecommercegermany","article_published_time":"2025-02-06T10:33:20+00:00","article_modified_time":"2025-02-06T11:39:14+00:00","og_image":[{"width":2262,"height":1325,"url":"https:\/\/www.graulaw.eu\/wp-content\/uploads\/2025\/02\/iStock-1484313578.jpg","type":"image\/jpeg"}],"author":"Marzena Helmecka","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Marzena Helmecka","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.graulaw.eu\/en\/nis2-directive-implementation-act-new-cybersecurity-regulation\/#article","isPartOf":{"@id":"https:\/\/www.graulaw.eu\/en\/nis2-directive-implementation-act-new-cybersecurity-regulation\/"},"author":{"name":"Marzena Helmecka","@id":"https:\/\/www.graulaw.eu\/en\/#\/schema\/person\/dacc9eca6bc602109e4c03fc6783ea69"},"headline":"NIS2 Directive Implementation Act – new cybersecurity regulation","datePublished":"2025-02-06T10:33:20+00:00","dateModified":"2025-02-06T11:39:14+00:00","mainEntityOfPage":{"@id":"https:\/\/www.graulaw.eu\/en\/nis2-directive-implementation-act-new-cybersecurity-regulation\/"},"wordCount":796,"publisher":{"@id":"https:\/\/www.graulaw.eu\/en\/#organization"},"image":{"@id":"https:\/\/www.graulaw.eu\/en\/nis2-directive-implementation-act-new-cybersecurity-regulation\/#primaryimage"},"thumbnailUrl":"https:\/\/www.graulaw.eu\/wp-content\/uploads\/2025\/02\/iStock-1484313578.jpg","keywords":["graulaw blog","adwokat w niemczech","ecommerce","Cyber Security","NIS 2 Directive","NIS Directive","cybersecurity measures","NIS in Germany","who is subject to NIS 2","essential companies","important companies","NIS Directive provisions","sectors covered by NIS 2","NIS 2 information obligations"],"articleSection":["Transport","Publications","Theme","E-Commerce","Business Law","Data Protection"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.graulaw.eu\/en\/nis2-directive-implementation-act-new-cybersecurity-regulation\/","url":"https:\/\/www.graulaw.eu\/en\/nis2-directive-implementation-act-new-cybersecurity-regulation\/","name":"NIS2 Directive Implementation Act - new cybersecurity regulation | Grau Rechtsanw\u00e4lte PartGmbB","isPartOf":{"@id":"https:\/\/www.graulaw.eu\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.graulaw.eu\/en\/nis2-directive-implementation-act-new-cybersecurity-regulation\/#primaryimage"},"image":{"@id":"https:\/\/www.graulaw.eu\/en\/nis2-directive-implementation-act-new-cybersecurity-regulation\/#primaryimage"},"thumbnailUrl":"https:\/\/www.graulaw.eu\/wp-content\/uploads\/2025\/02\/iStock-1484313578.jpg","datePublished":"2025-02-06T10:33:20+00:00","dateModified":"2025-02-06T11:39:14+00:00","description":"NIS2 in Germany - who is affected, relevant assumptions. Find out if your company is subject to NIS2 and how to implement the new regulations!","breadcrumb":{"@id":"https:\/\/www.graulaw.eu\/en\/nis2-directive-implementation-act-new-cybersecurity-regulation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.graulaw.eu\/en\/nis2-directive-implementation-act-new-cybersecurity-regulation\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.graulaw.eu\/en\/nis2-directive-implementation-act-new-cybersecurity-regulation\/#primaryimage","url":"https:\/\/www.graulaw.eu\/wp-content\/uploads\/2025\/02\/iStock-1484313578.jpg","contentUrl":"https:\/\/www.graulaw.eu\/wp-content\/uploads\/2025\/02\/iStock-1484313578.jpg","width":2262,"height":1325,"caption":"Cyber security network. Data protection privacy concept."},{"@type":"BreadcrumbList","@id":"https:\/\/www.graulaw.eu\/en\/nis2-directive-implementation-act-new-cybersecurity-regulation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.graulaw.eu\/en\/"},{"@type":"ListItem","position":2,"name":"NIS2 Directive Implementation Act – new cybersecurity regulation"}]},{"@type":"WebSite","@id":"https:\/\/www.graulaw.eu\/en\/#website","url":"https:\/\/www.graulaw.eu\/en\/","name":"Grau Rechtsanw\u00e4lte PartGmbB","description":"GRAU Rechtsanw\u00e4lte PartGmbB ist eine international ausgerichtete Rechtsanwaltskanzlei mit wirtschaftsrechtlicher Ausrichtung und Sitz in Hamburg.","publisher":{"@id":"https:\/\/www.graulaw.eu\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.graulaw.eu\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.graulaw.eu\/en\/#organization","name":"Grau Rechtsanw\u00e4lte PartGmbB","url":"https:\/\/www.graulaw.eu\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.graulaw.eu\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.graulaw.eu\/wp-content\/uploads\/2022\/04\/logo.svg","contentUrl":"https:\/\/www.graulaw.eu\/wp-content\/uploads\/2022\/04\/logo.svg","width":150,"height":48,"caption":"Grau Rechtsanw\u00e4lte PartGmbB"},"image":{"@id":"https:\/\/www.graulaw.eu\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ecommercegermany","https:\/\/www.facebook.com\/graulawtransport","https:\/\/www.linkedin.com\/company\/graulaw\/"]},{"@type":"Person","@id":"https:\/\/www.graulaw.eu\/en\/#\/schema\/person\/dacc9eca6bc602109e4c03fc6783ea69","name":"Marzena Helmecka","url":"https:\/\/www.graulaw.eu\/en\/author\/marzena-helmecka\/"}]}},"_links":{"self":[{"href":"https:\/\/www.graulaw.eu\/en\/wp-json\/wp\/v2\/posts\/10982","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.graulaw.eu\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.graulaw.eu\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.graulaw.eu\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.graulaw.eu\/en\/wp-json\/wp\/v2\/comments?post=10982"}],"version-history":[{"count":7,"href":"https:\/\/www.graulaw.eu\/en\/wp-json\/wp\/v2\/posts\/10982\/revisions"}],"predecessor-version":[{"id":10989,"href":"https:\/\/www.graulaw.eu\/en\/wp-json\/wp\/v2\/posts\/10982\/revisions\/10989"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.graulaw.eu\/en\/wp-json\/wp\/v2\/media\/10958"}],"wp:attachment":[{"href":"https:\/\/www.graulaw.eu\/en\/wp-json\/wp\/v2\/media?parent=10982"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.graulaw.eu\/en\/wp-json\/wp\/v2\/categories?post=10982"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.graulaw.eu\/en\/wp-json\/wp\/v2\/tags?post=10982"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}