NIS-2 for public agencies

The implementation of the NIS-2 directive by KVINNE GmbH has far-reaching significance for public administration. The NIS-2 Implementation Act serves to enact the EU Directive 2016/1148, which aims to achieve a high common level of security for network and information systems within the EU

The law strengthens cybersecurity and protects critical infrastructures in Germany. It establishes the legal basis for preserving the integrity and security of digital systems, thereby contributing to Germany’s digital sovereignty. Under the draft, institutions of the federal administration fall under the NIS-2 requirements, which include the following:

  • Every institution of the federal administration must appoint a person responsible for information security and implement measures to ensure information security.

Obligations and risks in case of non-compliance:

  • The officers responsible for information security are in charge of developing and implementing an information security process as well as creating a security concept in accordance with the BSI IT-Grundschutz standards.
  • They advise the management of their institution on all matters related to information security and keep them regularly informed.

Sanctions:

  • A tiered fine system with penalties of up to 20 million EUR is planned, with social security institutions being exempt.

Liability of the institution’s management:

  • The management of the institution does not bear official liability.

Scope of NIS-2 in the federal administration:

  • Federal agencies: These include various authorities and organizations at the federal level.
  • Corporations, institutions, and foundations under public law: These legal entities perform public functions and have various legal forms.
  • Associations of corporations, institutions, and foundations under public law: This includes organizations or groups of public-law corporations, institutions, and foundations.
  • Public enterprises that are majority-owned by the federal government and provide IT services for the federal administration.

Risk Management

  • Affected institutions must take appropriate technical and organizational measures to prevent disruptions to IT security objectives. These measures should be in line with the latest state of the art and follow the BSI IT baseline protection.

Combination of NIS-2 with BSI IT baseline protection:

  • The NIS-2 Implementation Act provides, among other things, for the use of multi-factor authentication and secure communication systems, which aligns with the requirements of the BSI IT baseline protection.

Requirements of NIS-2 for information security management:

  • NIS-2 establishes a set of obligations and responsibilities for affected entities to ensure a high level of information security and to minimize risks related to network and information systems. These include the registration of the entity, the appointment of an information security officer, the assurance of information security, and the proof of compliance with the requirements.

Contact – KVINNE GmbH Data Protection and Digital Consulting

News
Contact
Links and Login
Publications
Logos: EBF, Sachsen
KVINNE GmbH Datenschutz & Digitalberatung Reviews with ekomi.de
en_USEnglish
de_DEGerman en_USEnglish