The implementation of the NIS-2 Directive (Network and Information Security Directive 2.0) is not only a regulatory obligation for many companies, but also a decisive step towards strengthening their own resilience to cyber risks. The NIS-2 significantly expands the scope of application compared to its predecessor directive and obliges many more companies - including SMEs from critical sectors such as energy, transport, healthcare, digital infrastructure and manufacturing - to take comprehensive measures in the area of cyber security.

At the centre of the new legal requirements is the establishment and operation of a company-wide risk management system for information security. According to the implementation law, this forms the basis for all other security-related measures. Respo ...