In the DIHK Newsroom, you’ll find the latest press releases, statements, studies, and background information on the German economy—presented in a concise, well-organized, and always up-to-date...
The Federal Office for Information Security provides assistance for companies regulated under NIS-2 – from risk analyses to reporting obligations to industry-specific information packages.
Overview with FAQ, webinars, and more
Under the heading "NIS-2-regulated companies," the Federal Office for Information Security (BSI) has compiled an overview of its assistance pages on implementing the NIS-2 Directive. Companies can find a "NIS-2 impact assessment," a FAQ collection, or a page "What to do?" with practical guidance and legal background.
#nis2know: Information packages on key topics
On a subpage, the BSI summarizes with the hashtag #nis2know important information on NIS-2 obligations. These apply to approximately 29,000 institutions classified as "important" or "particularly important" under the NIS-2 Directive. The collection on the BSI website is continuously expanded.
Die aktuellen Pakete:
NIS-2-affected organisations must ensure the security of their supply chains. This means they need to consider potential vulnerabilities in cybersecurity as well as in the development processes of their suppliers and service providers as part of their risk management. An initial orientation on how the requirements for supply chain security can be implemented is provided in the corresponding Info package secure supply chain.
Welche Sicherheitsvorfälle sind meldepflichtig? Wie sehen Fristen und Inhalte aus? Was macht das BSI mit den Informationen? Hier gibt es das Infopaket NIS-2-Meldepflicht mit Wissenswertem zu diesem Thema.
Das Infopaket NIS-2-Risikoanalyse enthält unter anderem Informationen zu den gesetzlichen Grundlagen, zu den Bestandteilen oder zum Ablauf einer Risikoanalyse, wie sie NIS-2-betroffene Unternehmen umsetzen müssen.
Ein weiteres Infopaket DORA richtet sich speziell an Einrichtungen aus dem Finanzsektor, die dem "Digital Operational Resilience Act" (DORA) unterliegen, also beispielsweise Kreditinstitute, Handelsplätze oder Versicherungen. Für sie gelten besondere Verpflichtungen beim Management von Cybersicherheits-Risiken, insbesondere müssen diese Risiken regelmäßig evaluiert werden.
Key areas:
Cybersicherheit
Wirtschaftssicherheit
Contact
Dr. Katrin Sobania
Director Department for Information and Communication Technology | E-Government | Postal Services | IT Security
