What is it about?

The Network and Information Systems Security Directive (NIS 2 Directive for short) aims to improve cyber security in various sectors such as energy, transport, health and digital infrastructure. It places higher security requirements on companies, addresses supply chain security and holds di e managers accountable for breaches. 

Who is affected?

In addition to the critical sectors previously covered by the first NIS Directive (energy, transport, water, health, digital infrastructure and finance), providers of public electronic communication services and digital services, social media operators, manufacturers of critical products (e.g. medical devices) as well as postal and courier services must now also review and, if necessary, adapt their IT security measures. In addition, individual regulations also affect domain registrars as well as manufacturers of certain IT products requiring certification.

Challenges for companies

The risk management measures to be taken by the companies and operators concerned include the following:

  • Participation of the governing bodies in cyber security trainings and implementation of such trainings for the employees;
  • Implement appropriate and proportionate technical, operational and organisational measures;
  • Compliance with tighter reporting requirements for significant security incidents;
  • Registration/information obligations towards national authorities to collect and maintain overviews of critical infrastructure operators.

Current status and timeline

The directive came into force in January 2023, and the member states must now implement the regulations into national law by autumn 2024. Since the end of May 2023, a corresponding draft bill for the revision and expansion of the Federal Office for Information Technology Act (BSIG) is available. 

Our legal services:

SKW Schwarz is ideally positioned to support companies in the implementation of the security requirements and the corresponding measures. Our expertise spans the entire breadth of the challenges posed by the new law. Our consulting services include:

  • Compliance check: We review your current business practices to ensure that they comply with the new regulations and provide recommendations for action for any adjustments.
  • Avoiding fines: Our team will help you avoid fines by guiding you through the requirements of the new law and helping you implement necessary compliance measures.
  • Crisis management and prevention: We stand by you in the event of cyber incidents as well as legal disputes and develop preventive strategies to minimise risks.
  • Trainings: We offer individual training courses on the topic of cyber security for your team, which are now provided for by the legislator.

Our 5 NIS-2 Experts

Dr. Thomas  Hohendorf

Dr. Thomas Hohendorf


Dr. Oliver  Hornung

Dr. Oliver Hornung


Dr. Daniel  Meßmer

Dr. Daniel Meßmer


Dr. Matthias  Orthwein

Dr. Matthias Orthwein


Benjamin  Spies

Benjamin Spies