Your resultKRITIS / Essential Entities: Critical infrastructure as a subset of essential entities
If you operate critical infrastructure, you are very likely affected by the NIS2 Directive – and not just in theory. Being classified as critical infrastructure comes with concrete legal obligations. You must designate an official, clearly named point of contact for authorities that can be reached quickly in the event of an incident. Security incidents or significant IT disruptions must be reported without delay; postponing is not permitted. Your systems must meet the current state of the art, “somewhat secure” is no longer enough. In addition, you are required to provide formal proof every two years that you have implemented the security requirements in writing, verifiable, and traceable.
By using our contact form, you agree that your data will be used to process your request. You may withdraw your consent at any time by sending an email to info@ics-gmbh.de. For more information, please refer to our Privacy Policy.
Your resultwE: Important Entities
NIS2 is likely to apply to your company – and this comes with obligations. Based on your inputs, your company very likely falls under the NIS2 Directive and is therefore classified as an Important Entity. This classification brings specific requirements. You must officially register with the competent supervisory authority – including information on company data, IP ranges, business activities, EU countries in which you provide services, and the responsible authority. NIS2 also requires an effective risk management approach for cyber threats, as well as the prompt and traceable reporting of significant security incidents.
Your resultwesE: Essential Entities
Based on the information available, your company belongs to the entities to which the NIS2 Directive applies. This is not theoretical – it means quite concretely that you are subject to a registration requirement and must report to the competent authority. Among other things, the following data will be requested: company details such as name, legal form and commercial register entry, location and contact information including IP ranges, the relevant NIS2 sector or industry, the EU countries in which your services are provided, and the supervisory authority responsible for you – depending on the federal state or at the federal level. In addition, you must actively manage security. It is not sufficient to implement security measures “somehow”. What is required is a structured risk management approach and a clear process to report significant security incidents without delay.
Your resultGood news: Currently not affected
Based on your input, your company does not fall under the NIS2 Directive at this time. This means: no registration requirement, no new obligations – for now. However, if your industry, company size or role within a supply chain changes, this may change quickly. If you wish, we can keep you informed.