Auditors, lawyers, tax consultants and management consultants: Four perspectives. One solution. Worldwide. Find out …
Our clients entrust us with their most important legal matters. Learn more about our legal services!
Tax laws are complex and dynamic. We face the challenge of tax law together with you - find out more.
Deemed Supply Chain: VAT Risks with Third-Country Connections
Baker Tilly advises CFL on container vessel acquisition
US tariffs: Short term optimization – medium-term preparation
BAG overturns forfeiture clause for share options after termination
Art. 273a ZPO: More protection for trade secrets in civil proceedings
Social insurance obligation for freelance teachers only from 2027
Industry-specific knowledge is essential in order to create the best conditions for customised solutions. Find out …
Baker Tilly advises biotech startup Real Collagen GmbH investment by US investor
Energy study: Uncertainty slows down investments by industry and utilities in Germany
After ECJ ruling: Financial investors still have no direct access to medical care centers
Benefit from bundled interdisciplinary competencies, expert teams and individual solutions. Learn more!
Baker Tilly offers a wide range of individual and innovative consulting services. Find out more!
Everything about the NIS 2 Directive & Quick Check
Learn why the new European cyber security directive is relevant for companies and authorities, which organizations and sectors NIS 2 affects, when NIS 2 applies in the EU member states and how Baker Tilly can help you meet the regulatory requirements. You can also use our quick check to see whether your company might also be subject to the NIS 2 Directive.
Do a quick check (available only in German)
The coronavirus pandemic and the significant military threat situation in Europe have underlined the importance of critical infrastructures and the urgency of uniform cybersecurity measures. With the NIS 2 Directive, the European Union aims to further harmonize the level of security in the Member States and to permanently strengthen digital resilience for companies in the Union.
The new directive will significantly increase the number of companies affected. In Germany, around 30,000 companies are estimated to be affected by the new regulations. In addition, the companies affected will be subject to stricter requirements and the pressure to impose sanctions will also increase. Stricter liability rules will apply to the management level, even with private assets.
Baker Tilly supports you with an experienced and multidisciplinary team of experts to successfully meet the challenges of NIS 2. We will work with you to assess whether your organization is affected by the NIS 2 Directive and identify the measures required to meet the regulatory requirements of the NIS 2 Directive. Use our short quick check to find out whether your company might be subject to the NIS 2 Directive.
Dr. Christian Engelhardt, LL.M.
Partner
Attorney-at-Law (Rechtsanwalt)
Boris Ortolf
Director
Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP)
Get in touch with our experts
Contact now
NIS 2 is the abbreviation for “Network and Information Security Directive (EU) 2022/2555”. It repeals and updates the European Directive (EU) 2016/1148 on Network and Information Security (NIS) as of October 18, 2024. The European Directive NIS 2 is therefore a revised version of the NIS 1 Directive from 2016. In contrast to the first NIS Directive, NIS 2 significantly expands the scope of application and covers eighteen defined sectors. The Directive sets out strict security requirements and incident reporting obligations and calls on member states to establish national strategies and authorities to increase cybersecurity and digital resilience.
The EU NIS Directive was introduced in 2016 in response to the increased threat to critical infrastructures in order to prevent digital attacks with a high potential for damage to companies and authorities in the European Union. The coronavirus pandemic and the massive military threat situation in Europe have highlighted the importance of critical infrastructure and the need for standardized cybersecurity measures. The NIS 2 Directive aims to harmonize the level of security in the member states and to strengthen digital resilience in the EU as a whole in the long term.
The NIS 2 Directive places specific requirements on medium-sized and large companies and organizations in critical and highly critical sectors. For example, online marketplaces or supply chains – from IT service providers to wind turbine manufacturers – could also be covered by the requirements under NIS 2. This will greatly expand the scope of application in Germany. Around 30,000 companies are estimated to be affected in Germany alone.
The NIS 2 Directive distinguishes between “particularly important institutions” and “important institutions”. The main difference is that “important facilities” are subject to lower fines and are monitored reactively by the authorities, while “particularly important facilities” are subject to proactive supervision.
For particularly important facilities, fines of up to the higher of ten million euros or two percent of annual turnover can be imposed. For important institutions, the sanctions amount to up to the higher of seven million euros or 1.4 percent of annual turnover.
According to the current draft of the Federal Ministry of the Interior, the management level of companies will be liable for compliance with risk management measures with their private assets. The upper limit for this liability corresponds to 2 percent of the company's global annual turnover.
The NIS 2 Directive was published in the Official Journal of the EU on December 27, 2022 and came into force on January 16, 2023. In Germany, a draft (NIS-2-UmsG) was published in July 2023 by the Federal Ministry of the Interior for implementation. Companies falling within the scope of the NIS 2 Directive are obliged to comply with the new regulations from October 18, 2024. A transition period is not planned.