HOME
NEWS
Critical infrastructures: No transposition of the NIS-2 and CER Directives before the federal elections

Critical infrastructures: No transposition of the NIS-2 and CER Directives before the federal elections

Feb 5, 2025

The implementation of Directives (EU) 2022/2555 (NIS-2 Directive) and (EU) 2022/2557 (CER Directive) in Germany has failed for the time being. As was recently reported, the previous “traffic light” coalition partners have not been able to agree on the transposition of the directives into German law after the government fell apart. Irrespective of this, companies should review whether they are likely to be affected by the transposition laws and prepare themselves for the implementation of the relevant obligations.

What is the subject matter of the directives?

The purpose of the NIS-2 and CER Directives is to create an uniform EU-wide level of protection with regard to the security of critical infrastructure in sectors such as energy, transport, banking, financial market infrastructure, healthcare, drinking water, waste water, digital infrastructure and space.

The NIS-2 Directive is intended to oblige affected companies to maintain a high level of cybersecurity. The scope of application is significantly broader than under the previous Directive (EU) 2016/1148 (NIS-1Directive), meaning that numerous companies will be affected by specific cybersecurity obligations for the first time. In addition, the obligations go further than under the NIS-1 Directive. In particular, companies will be obliged to assess risks within their supply chain and ensure cybersecurity through adequate measures.

The CER Directive, on the other hand, concerns increasing the physical resilience of critical infrastructures in the face of hybrid threats, natural disasters and extreme weather events caused by climate change. Affected companies are to be obliged to take various measures to ensure the physical resilience of critical facilities. The measures to be summarized in a resilience plan include preventive measures, physical protection, crisis management systems, recovery measures, employee-related security management and awareness-raising measures.

Transposition into German law has failed for the time being

The directives do not apply directly but must first be transposed into national law by EU member states. The deadline for this (October 17, 2024) has already passed.

In Germany, the KRITIS Umbrella Act (KRITIS-Dachgesetz) was supposed to transpose the CER Directive into German law while the NIS-2 Directive was to be transposed into German law through a separate transposition act. Under the leadership of the Federal Ministry of the Interior and Community (BMI), negotiators from SPD, BÜNDNIS90/DIE GRÜNEN and FDP had discussed the government drafts, initially even after the government came to an end in November 2024. However, no agreement was reached, so it will be up to a new federal government to draft the necessary transposition acts and bring them through the legislative process.

What companies should do now

Although the implementation of the NIS-2 Directive and the CER Directive failed during this legislative period, it can be assumed that the next German federal government will transpose the directives into national law as soon as possible, not least because of possible infringement proceedings due to a failure to company with EU law against Germany.

Even if the transposition of the directives has come to a standstill for the time being, affected companies should not waste time and instead prepare for the foreseeable regulations. Certain obligations for companies can already be anticipated on the basis of the directives and their implementation can be prepared.

Companies that have not yet considered the likely impact of the future transposition acts should first review whether they fall within the scope of application of the directives. If this is the case, a risk analysis should be carried out and the extent to which existing IT and physical security measures need to be strengthened or revised should be examined. It is also advisable to begin drafting or amending internal guidelines, in which, among other things, responsibilities are allocated and processes are defined that serve to implement the obligations likely to be contained in the national transposition acts.

ZURÜCK Zur Übersicht
Marian
Niestedt M.E.S.
Lawyer | Managing Director
+49 40 22899 22 0
m.niestedt@cattwyk.com
Kahraman
Altun, LL.M.
Lawyer | Associate
+49 40 22899 22 0
k.altun@cattwyk.com
Weitere News
The U.S. Outbound Investment Security Program and its implications for the EU
The U.S. has implemented restrictions on certain outbound investment activity.
Jan 1, 2025
Amendments to the reporting system (AWV reports) entered into force
Important amendments to the reporting system (Sec. 63 ff. AWV) since 1 Jan 2025.
Jan 8, 2025
End-use documents: New requirements and templates
On December 10, 2024, two important BAFA general orders came into force.
Jan 10, 2025
New General Export Authorizations simplify exports of military and dual-use items
Jan 15, 2025
Cattwyk
Rechtsanwaltsgesellschaft mbH & Co. KG
Hohe Bleichen 8
D-20354 Hamburg
Rue d'Arlon 25
B-1050 Brussels
T +49 40 22899 22 0
F +49 40 22899 22 66
info@cattwyk.com
TOPICSTrade complianceEconomic securitySustainabilityExpertiseteamNewscareer
contact

Get in Touch
© 2024 Cattwyk
IMPRINTPRIVACY
Close Cookie Popup
Consent to cookies & data processing
This website uses cookies and similar functions to process end device information and personal data. The processing serves the integration of content, external services and elements of third parties, statistical analysis/measurement, personalised advertising or remarketing as well as the integration of social media. Depending on the function, data may be passed on to third parties within the EU. Your consent is always voluntary, is not required for the use of our website and can be refused or revoked at any time via the icon at the bottom left. The necessary cookies are listed in our privacy policy.
ACCEPT ONLY NECESSARYCHOOSE COOKIES
Close Cookie Preference Manager
Cookie settings
By clicking 'Accept all cookies', you agree to storing cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts as outlined in our privacy policy.
Strictly necessary (always active)
Cookies required to enable basic website functionality.
ACCEPT ALLSAVE SETTINGS