Since 6 December 2025, the NIS2 Directive has now been officially in effect in Germany. With NIS2, the direct successor to the previous NIS Directive comes into force. What used to affect 4,500 organizations is now expanding to about 29,500. This marks the beginning of a new age of cybersecurity in Germany: More stringent, legally binding requirements are now in place for thousands of companies.
Who is affected by NIS2?
Companies that are considered important or essential entities due to their industry, number of employees, total assets and turnover are affected. NIS2-relevant industries include: energy, transportation, finance, health, manufacturing, IT and many more. Companies must determine for themselves whether they are affected by NIS2, hence need to take action.
Obligations for NIS2-relevant companies
Importantand essential entities must now fulfill three key obligations in Germany: As a NIS2-relevant company, they must register with BSI, report relevant security incidents in a timely manner, and continually improve their information security. Focus lies particularly on the implementation of systematic risk management, which includes the following important measures:
- Companies must regularly assess risks and derive measures from them.
- Business continuity management (BCM) must be established and maintained.
- Backup plans and emergency and crisis plans are mandatory.
- Supply chain security must be monitored and evaluated.
- Employeesmust be trained.
- Responsibilitiesfor all measures must be clearly defined.
Urgent need for action
The regulatory pressure on companies and their compliance management increases significantly with NIS2. Without an appropriate compliance solution, implementing NIS2 measures takes time and resources and adds to the workload for employees. It is therefore advisable to use a modern, centralized and specialized compliance solution that meets the complex requirements of the affected organizations.
Athereon GRC as a solution
With Athereon GRC, NIS2 compliance can be implemented quickly and efficiently. The software helps companies document information security processes, carry out risk assessments, clarify responsibilities and prepare audits. All in one single system.
Athereon GRC bietet einen zeitgemäßen Ansatz, um die Compliance-Herausforderungen von Organisationen zu bewältigen. So sparen Unternehmen Zeit, reduzieren Kosten, entlasten Mitarbeitende und sichern sich einen echten Wettbewerbsvorteil.
Athereon GRC provides a cutting-edge approach to meeting organizational compliance challenges. This saves companies time, reduces costs, relieves employees and secures a real competitive advantage.
Check your NIS2 maturity level now and find out how Athereon GRC can help you solve the new, complex challenges. In our NIS2 Guide you will find free resources such as checklists, instructions and an in-depth whitepaper on NIS2 implementation and compliance.
