NIS 2 Directive and NIS2UmsuCG

IT security obligations, their implementation, and the liability regime for NIS 2 organizations

training

Favorite Share Open as PDF (German) PDF FILE

This training is held in German.

The NIS 2 Directive and the German NIS 2 Implementation Act significantly raise the requirements for cybersecurity and IT security risk management for a large number of companies. Depending on the sector, size, and importance, this affects not only operators of critical facilities, but also numerous other "important" and "particularly important" institutions. The training a thorough introduction to the NIS 2 Directive and the German NIS 2 Implementation Act and demonstrates in a practical manner how the new obligations under the BSI Act can be implemented in risk management, technical and organizational measures, governance, and reporting processes. The liability and training rules from Section 38 BSIG are also part of the seminar, as are transition issues, timelines, and priorities for implementation in your own company.

What is important for companies now!

EU NIS-2 Directive

Objective, structure, and scope of the NIS 2 Directive.
Categories of affected facilities: Operators of critical facilities, "particularly important" and "important" facilities – overview of sectors and activities.
Obligations regarding risk management, technical and organizational measures, and the documentation and reporting of security incidents.
Personal responsibility and liability risks of company management in the event of violations of cybersecurity obligations.
Timeframe at EU level and interaction with national implementation acts.

German implementation law for NIS-2

Role of the NIS2UmsuCG as the central implementing law for the NIS 2 Directive in Germany.
Federal cybersecurity strategy, central contact points for cybersecurity, CSIRTs, and expanded responsibilities for the BSI.
Classification of companies as operators of critical facilities, "particularly important" and "important" facilities; criteria (including size, turnover, sectors).
Risk management measures, reporting obligations, notification processes, and supervisory powers of the authorities.
Liability issues with a focus on personal liability and training obligations of management.
Initial effective dates and deadlines (e.g., registration and documentation requirements).

Practical application and implementation in the company

Approach to NIS 2 gap analysis: Where are there new legal requirements compared to the previous specifications?
Integration with existing ISMS and data protection management.
Examples of appropriate technical and organizational measures (TOM) in light of NIS-2.

Improving the IT security strategy

Support in developing or improving a company-wide cybersecurity and risk strategy in line with legal requirements.
Involvement of company management and integration with compliance structures.

Networking and exchange of experience

Exchange with subject matter experts participants from various industries on challenges and best practices.

Preparation for future developments

Classification of NIS-2 in other European and national cybersecurity projects.
Outlook on possible concretization through regulations, supervisory authorities, and standards.

Learning environment

In your online learning environment, you will find useful information, downloads and extra services for this training course once you have registered.

Your benefit

Updated knowledge:

Understanding the requirements of the NIS 2 Directive and the German implementation law on NIS 2, as well as the practical measures required by the BSI to be implemented within your own organization.

Compliance fulfillment:

Clarity about whether and in which category (operator of critical facilities, "particularly important" or "important" facility) your own company falls and what obligations regarding risk management, reporting, and verification processes result from this—including the implementation, monitoring, and training obligations to be fulfilled by management.

Practical implementation strategies:

Concrete approaches for implementing NIS 2 requirements in a practical manner—from gap analysis and the definition of measures to integration into existing management systems and reporting processes.

Network expansion:

Exchange with industry experts practitioners to reflect on your own questions, discuss possible solutions, and gather ideas for further project planning.

trainer

Sabine Sobola

Methods

Lecture and presentation, specific case studies, discussion of current practical cases, design tips for implementation in your own company, answers to individual questions.

Recommended for

The training at IT security experts and officers, information security and compliance officers, risk managers, and executives (including those from KRITIS areas) from companies with more than 50 employees or an annual turnover of more than €10 million that are considered "important" or "particularly important" institutions within the meaning of NIS-2/NIS2UmsuCG.

Open Badges - Show what you can do digitally too.

Open Badges are recognized, digital certificates of participation. These verifiable credentials are the current standard for integration in career networks such as LinkedIn.

With them, you digitally demonstrate the competences you possess. After successful completion, you will receive an Open Badge from us.

View into the product

Here you can get impressions of the training as well as information about the training topic.

VIDEO
TECH PAPER

What you can expect from the "NIS 2 Directive and NIS2UmsuCG" training

Articles, interviews or whitepapers on the topic

NIS 2 Directive: The new EU cyber security requirements

The NIS 2 Directive, which came into force on January 16, 2023, is a comprehensive revision of the original NIS Directive and aims to significantly increase the level of cybersecurity in the European Union. The new directive, which will apply from October 2024, significantly expands the scope of application and sets stricter security requirements for companies and organizations. Check now, [...]

Learn more here

VIDEO

What you can expect from the "NIS 2 Directive and NIS2UmsuCG" training

TECH PAPER

Articles, interviews or whitepapers on the topic

NIS 2 Directive: The new EU cyber security requirements

Learn more here

On-site training together

Booking number
36435

€ 920,- plus VAT

Details

1 day

in Frankfurt a. M./Offenbach

on 20.03.2026

German

In-person trainings

Joint online training

Booking number
36097

€ 920,- plus VAT

Details

1 day

Online

on 14.04.2026

German

Live online events

Train several employees internally

Pricing upon request

Customized training courses according to your needs
Directly at your premises or online
Cost advantage from 5 participants
We contact you within 24 hours (Mon-Fri)

1 day

In-person or Online

Request

Ratings and feedback from our participants

4.7

17 Ratings

training content:

4.6

Content comprehensibility:

4.8

Practical relevance:

4.5

Trainer expertise:

4.6

Participant orientation:

4.9

Method variety:

4.5

Start dates and details

All

In-person

Online

Date

Select time period

Location

Zip

0 events

show only bookable events

20.03.2026

Frankfurt a. M./Offenbach

Details

Booking number: 36435

€ 920,- plus VAT.

€ 1,094.80 incl. VAT.

Venue

Leonardo Hotel Offenbach Frankfurt

Kaiserleistraße 39, 63067 Frankfurt a. M./Offenbach

Arrival via Deutsche Bahn

Travel at reduced rates by booking via the learning environment.

Days & Times

1 day

Friday, 20.03.2026

09:00 am - 5:00 pm

Fee includes

The participation fee includes

one joint lunch per full seminar day,
Catering during breaks and
extensive working documents.

Participants will be charged directly by the hotel for their hotel accommodation. You will find a reservation form for hotel bookings in your learning environment.

14.04.2026

Live-Online

Details

Booking number: 36097

€ 920,- plus VAT.

€ 1,094.80 incl. VAT.

Course

zoom

Technical notes

We use various software to conduct our online events.

To the system check

Days & Times

1 day

Tuesday, 14.04.2026

09:00 am - 5:00 pm

Sufficient places are still free.

Don't wait too long to book.

Fully booked.

The next booking ensures this course will take place

Booking number: 36435

€ 920,- plus VAT.

€ 1,094.80 incl. VAT.

Details

1 day

Fee includes

The participation fee includes

one joint lunch per full seminar day,
Catering during breaks and
extensive working documents.

Participants will be charged directly by the hotel for their hotel accommodation. You will find a reservation form for hotel bookings in your learning environment.

Booking number: 36097

€ 920,- plus VAT.

€ 1,094.80 incl. VAT.

Details

1 day

Book later

You are welcome to make a non-binding advance reservation.

Book in advance

No suitable date?

You are welcome to be notified by e-mail as soon as new dates are released.

e-mail notification

FAQ on the training NIS 2 Directive and NIS2UmsuCG

Who is affected by the NIS 2 Directive?
The NIS 2 Directive affects companies that are considered critical infrastructure. The training helps you to understand whether your company is one of them and which specific requirements need to be implemented.

What are the main changes to the NIS 2 Directive?
The changes include extended reporting obligations and higher security requirements. The training teaches how these new requirements can be implemented in a legally compliant manner.

Why is the NIS 2 directive important for my company?
The directive protects critical infrastructures from cyber attacks. The training shows how companies can be better protected through compliance guidelines and security measures.

When do security incidents have to be reported?
The reporting deadlines have been shortened and are binding. The training explains how to set up an efficient reporting system in order to meet deadlines and avoid penalties.

How do I create a security strategy in accordance with NIS 2?
In the training , you will learn methods for developing a security strategy that meets the legal requirements and is also practical.

What are the biggest challenges in implementing the NIS 2 Directive?
The challenges often lie in adapting existing systems. The training offers concrete solutions to close security gaps and ensure compliance.

Please note: We use third-party tools for selected events. Personal data of the participant will be passed on to them for the implementation of the training offer. You can find more information in our privacy policy.

About us - The Haufe Akademie

Your optimizer, innovator and companion since 1978 -
Your professional partner for professional development and seminars, training courses and topical conferences.

Whether on site, live online or in-house - our customised solutions, our claim to the highest level of consulting expertise and training tailored to your needs simplify the acquisition of skills for the working world of the future and sustainably facilitate professional development.

A wide range of seminars, individual coaching and our flexible formats support HR managers and decision-makers in shaping the future and developing employees, in-house teams and companies.

Experience the benefits of online training from the comfort of your own home. Our online formats meet the highest quality standards and are in no way inferior to face-to-face events in terms of practical relevance. Learn together live online in interactive groups or digitally at a time of your choice.

3,500+ further training

620,000+ apprentices per year

Over 95% positive reviews

2,600+ trainers and coaches

18,000+ training courses held per year

Call us or send an email