NIS-2 Directive and NIS-2 Implementation Act
IT security obligations, their implementation, and the liability regime for NIS 2 organizations
4.7
Contents
EU NIS-2 Directive
- Objective, structure, and scope of the NIS 2 Directive.
- Categories of affected facilities: Operators of critical facilities, "particularly important" and "important" facilities – overview of sectors and activities.
- Obligations regarding risk management, technical and organizational measures, and the documentation and reporting of security incidents.
- Personal responsibility and liability risks of company management in the event of violations of cybersecurity obligations.
- Timeframe at EU level and interaction with national implementation acts.
German implementation law for NIS-2
- Role of the NIS2UmsuCG as the central implementing law for the NIS 2 Directive in Germany.
- Federal cybersecurity strategy, central contact points for cybersecurity, CSIRTs, and expanded responsibilities for the BSI.
- Classification of companies as operators of critical facilities, "particularly important" and "important" facilities; criteria (including size, turnover, sectors).
- Risk management measures, reporting obligations, notification processes, and supervisory powers of the authorities.
- Liability issues with a focus on personal liability and training obligations of management.
- Initial effective dates and deadlines (e.g., registration and documentation requirements).
Practical application and implementation in the company
- Approach to NIS 2 gap analysis: Where are there new legal requirements compared to the previous specifications?
- Integration with existing ISMS and data protection management.
- Examples of appropriate technical and organizational measures (TOM) in light of NIS-2.
Improving the IT security strategy
- Support in developing or improving a company-wide cybersecurity and risk strategy in line with legal requirements.
- Involvement of company management and integration with compliance structures.
Networking and exchange of experience
- Exchange with subject matter experts participants from various industries on challenges and best practices.
Preparation for future developments
- Classification of NIS-2 in other European and national cybersecurity projects.
- Outlook on possible concretization through regulations, supervisory authorities, and standards.
Learning environment
In your online learning environment, you will find useful information, downloads and extra services for this training course once you have registered.
Your benefit
Updated knowledge:
- Understanding the requirements of the NIS 2 Directive and the German implementation law on NIS 2, as well as the practical measures required by the BSI to be implemented within your own organization.
Compliance fulfillment:
- Clarity about whether and in which category (operator of critical facilities, "particularly important" or "important" facility) your own company falls and what obligations regarding risk management, reporting, and verification processes result from this—including the implementation, monitoring, and training obligations to be fulfilled by management.
Practical implementation strategies:
- Concrete approaches for implementing NIS 2 requirements in a practical manner—from gap analysis and the definition of measures to integration into existing management systems and reporting processes.
Network expansion:
- Exchange with industry experts practitioners to reflect on your own questions, discuss possible solutions, and gather ideas for further project planning.
Methods
Lecture and presentation, specific case studies, discussion of current practical cases, design tips for implementation in your own company, answers to individual questions.
Recommended for
The training at IT security experts and officers, information security and compliance officers, risk managers, and executives (including those from KRITIS areas) from companies with more than 50 employees or an annual turnover of more than €10 million that are considered "important" or "particularly important" institutions within the meaning of NIS-2/NIS2UmsuCG.
36435
36097
- Customized training courses
- Direct application in practice
- Efficient use of time and resources
Ratings and feedback from our participants
Start dates and details
Thursday, 12.11.2026
09:00 am - 5:00 pm
Wednesday, 10.02.2027
09:00 am - 5:00 pm
- one joint lunch per full seminar day,
- Catering during breaks and
- extensive working documents.
- one joint lunch per full seminar day,
- Catering during breaks and
- extensive working documents.
Questions about the seminar content
The NIS 2 Directive applies to companies that are considered critical infrastructure. This training you understand whether your company falls into this category and what specific requirements need to be implemented.
The changes include expanded reporting requirements and stricter security standards. The training how to implement these new requirements in a legally compliant manner.
The directive protects critical infrastructure from cyberattacks. The training how companies can be better protected through compliance guidelines and security measures.
The reporting deadlines have been shortened and are mandatory. This training how to set up an efficient reporting system to meet deadlines and avoid penalties.
In training , you training methods for developing a security strategy that complies with legal requirements while also being practical.
Challenges often arise when adapting existing systems. The training concrete solutions to address security vulnerabilities and ensure compliance.
About us - The Haufe Akademie
Your optimizer, innovator and companion since 1978 -
Your professional partner for professional development and seminars, training courses and topical conferences.
Whether on site, live online or in-house - our customised solutions, our claim to the highest level of consulting expertise and training tailored to your needs simplify the acquisition of skills for the working world of the future and sustainably facilitate professional development.
A wide range of seminars, individual coaching and our flexible formats support HR managers and decision-makers in shaping the future and developing employees, in-house teams and companies.
Experience the benefits of online training from the comfort of your own home. Our online formats meet the highest quality standards and are in no way inferior to face-to-face events in terms of practical relevance. Learn together live online in interactive groups or digitally at a time of your choice.
Do you have any questions?
We are there for you Monday to Friday 8:00 a.m. - 5:00 p.m.
Questions & Answers
In our Questions & Answers (FAQ) section, you will find all the answers and the most frequently asked questions about your selected topic.
Munzinger Str. 9
79111 Freiburg
- Planning security
- Free seminar places
- Quality standards
- Planning and locations
- Funding opportunities
- Training app
- Business Solutions
