Implementing the NIS2 Directive: eco Association Advocates for Legal Clarity
The NIS2 Directive should be transposed into German law by October 2024. The eco Association is pushing for a swift solution.
NIS2 Directive aims to strengthen the protection of critical infrastructures and essential services. It requires companies in specific sectors to implement stricter security measures against cyber threats and monitor them continuously. The legal transposition into national law was originally due by October 2024.
Key Takeaways
- The deadline for transposing the NIS2 Directive into German law passed on 17 October 2024.
- eco Association calls for swift legislation to provide legal certainty for around 30,000 affected companies.
- Under NIS2, cybersecurity becomes a leadership responsibility, not just a technical issue.
- IT security accountability must be embedded at the corporate level.
- Unresolved questions around IT risk management are hindering implementation and putting critical infrastructure at risk.
The Committee on Internal Affairs is currently addressing the outstanding questions surrounding the transposition of the NIS2 Directive, whose deadline for national implementation already passed on 17 October 2024. eco – Association of the Internet Industry – is urging swift adoption of the law to provide legal clarity for the approximately 30,000 affected companies.
Klaus Landefeld, eco’s Executive Board Member, states: “The German government must act quickly now to transpose the NIS2 Directive into national law. The missed deadline is creating uncertainty for internationally operating companies.”
A core aspect of the NIS2 Directive is the shift of cybersecurity responsibilities to the executive level. Landefeld emphasizes: “This step is crucial, as cybersecurity is no longer seen as a purely technical task. Instead, it has become a strategic challenge that affects the entire corporate leadership. Companies should view the regulatory requirements as an opportunity to sustainably strengthen their security culture.”
Another critical issue to be addressed in the upcoming hearing is IT risk management. “The pressing questions surrounding this are pivotal for practical implementation. Until the NIS2 Directive is transposed into national law, the security of critical infrastructure remains at risk. It is essential that companies start preparing now to meet the new requirements.”
About eco:
With around 1,000 member companies, eco (www.eco.de) is Europe’s leading association for the internet industry. Since 1995, eco has played a key role in shaping the internet, promoting new technologies, creating framework conditions, and representing its members’ interests in political and international forums. The association’s work focuses on ensuring the reliability and resilience of digital infrastructure, IT security and trust, as well as ethically oriented digitalization. eco advocates for a free, technology-neutral, and high-performance internet.
Frequently Asked Questions
When did the deadline for implementing the NIS2 Directive in Germany pass?
The deadline for national implementation of the NIS2 Directive expired on 17 October 2024.
How many companies are affected by the NIS2 Directive?
Approximately 30,000 companies in Germany are affected by the NIS2 Directive.
What role does corporate leadership play under the NIS2 Directive?
The NIS2 Directive shifts responsibility for cybersecurity to corporate leadership, making it a strategic management priority.
Why is eco Association pushing for swift implementation of the NIS2 Directive?
Without national implementation, legal clarity is lacking – creating uncertainty, particularly for internationally active companies.
What key aspect of the NIS2 Directive will be discussed in the upcoming hearing?
The upcoming hearing will address open questions around IT risk management, a critical factor for practical compliance.
Editor’s Picks
cloudmagazinAPI-First: Why Modern Cloud Architectures Succeed or Fail at the API Design StagecloudmagazinPretext: Can a JavaScript Library Solve the Browser’s 30-Year-Old Problem – or Is It Just Hype?cloudmagazinAWS vs. Azure vs. Google Cloud 2026: An Honest Comparison for DACH EnterprisesMore from the MBF Media Network
SecurityToday | MyBusinessFuture | Digital Chiefs
Source: Header image – Pexels / Pixabay


