On 13 November 2025, the German Bundestag passed the final ‘NIS 2 Implementation and Cybersecurity Strengthening Act’ (NIS2UmsuCG). This ends the uncertainty: the EU’s NIS 2 Directive is now binding German law.

The 3 most important game changers in today’s decision:

1. Expanded scope of applicability:

The focus is no longer solely on the traditional 2,000 or so ‘KRITIS’ operators. The categories ‘important’ (e.g. mechanical engineering, food production, chemicals) and ‘particularly important’ (e.g. energy, banking, health) facilities mean that the probability of your company (as one of a total of around 40,000) now being affected has increased massively.

2. Personal liability of management:

The management boards (managing directors, board members) are now personally responsible for the implementation (and non-compliance!) of cybersecurity measures. They must accept the measures and monitor their implementation. Violations are subject to heavy fines that can no longer simply be passed on to the company.

3. Stricter requirements & deadlines:

It is no longer just a matter of having a firewall. NIS2 requires comprehensive risk management that covers the entire supply chain. In addition, the reporting requirements for security incidents are drastically reduced (often to 24 hours for an initial report).

What you should do now:

Those who have only been analysing the situation so far must now take action. NIS2 is not purely an IT issue; it is a strategic management issue that determines the resilience and future viability of companies.

Clarify whether you are affected: Does your company fall under the new regulations? If so, you will also have to meet the requirements of your customers/supply chains.

Perform a gap analysis: Where do you stand? Which of the required measures are missing?

Involve management: Top management must understand the new personal liability risks and release the necessary resources.

Create a roadmap: Develop a clear, prioritised plan to close security gaps and implement management processes.

Still not quite sure what exactly to do? Then we recommend our NIS2 Readiness Check:

The TXOne Networks Portable Inspector enables operations personnel to perform regular digital cleaning and inventory management tasks on the fly, safeguarding the production environment!

The benefits in a nutshell:

3-in-1 toolset for safety inspection, which can be used individually and together.

Independent technical design that does not require installation.

Safeguarding the supply chain by checking incoming/outgoing devices, systems/machines and media (NIS2 relevant).

Secure data transmission between the devices with AES-256 encryption.

Simplifying compliance and audits.

Recording and summarizing the system vulnerabilities for each asset.

Check information set below or contact us for additional information!