{"id":48023,"date":"2026-06-29T08:55:00","date_gmt":"2026-06-29T06:55:00","guid":{"rendered":"https:\/\/www.cloudmagazin.com\/?p=48023"},"modified":"2026-06-29T10:16:27","modified_gmt":"2026-06-29T08:16:27","slug":"kritis-in-the-cloud-what-secures-the-migration","status":"publish","type":"post","link":"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/","title":{"rendered":"KRITIS in the Cloud: What Secures the Migration"},"content":{"rendered":"<p style=\"color:#6190a9;font-size:0.9em;margin:0 0 16px;padding:0;\">6 min read<\/p>\n<p><strong>Since March 17, 2026, the KRITIS Omnibus Act has been in effect. Companies migrating sensitive systems to the cloud must now consider availability, data sovereignty, and compliance obligations from the outset. The migration process will determine whether a future audit becomes a formality or a major headache.<\/strong><\/p>\n<h2>Key Takeaways<\/h2>\n<ul>\n<li><strong>The scope expands:<\/strong> Over 30,000 companies now fall under enhanced security obligations due to the NIS2 Implementation Act, with many classifying themselves as important or critical entities for the first time.<\/li>\n<li><strong>C5 gets tougher:<\/strong> The new C5:2026 criteria catalog includes 168 requirements-up from 121-and explicitly addresses containers, supply chain security, and confidential computing for the first time. It becomes mandatory on June 1, 2027.<\/li>\n<li><strong>Order beats speed:<\/strong> Clarifying protection needs before choosing a provider avoids costly rework. Architecture and exit planning determine whether migration remains a compliance burden or becomes a resilience advantage.<\/li>\n<\/ul>\n<p style=\"font-size:0.88em;color:#666;margin:20px 0 32px 0;border-top:1px solid #e5e5e5;border-bottom:1px solid #e5e5e5;padding:10px 0;\"><span style=\"color:#004a59;font-weight:700;text-transform:uppercase;font-size:0.72em;letter-spacing:0.14em;margin-right:14px;\">Related:<\/span><a href=\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/25\/the-cheap-cloud-chip-with-the-expensive-exit-route\/\" style=\"color:#333;text-decoration:underline;\">The cheap cloud chip with the expensive exit<\/a>&nbsp;&nbsp;<span style=\"color:#ccc;\">\/<\/span>&nbsp;&nbsp;<a href=\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/24\/ingress-nginx-is-discontinued-the-path-to-gateway-api\/\" style=\"color:#333;text-decoration:underline;\">Ingress-NGINX is deprecated: The path to Gateway API<\/a><\/p>\n<h2 style=\"margin-top:64px;margin-bottom:20px;padding-top:16px;\">Assess Protection Needs Before Choosing a Provider<\/h2>\n<p><strong>What is KRITIS?<\/strong> Critical Infrastructure refers to facilities whose failure would endanger public supply-such as energy, water, healthcare, finance, or transportation. Operators are subject to special security and reporting obligations. Since the NIS2 Implementation Act and the KRITIS Omnibus Act, significantly more companies are affected than before.<\/p>\n<p>The most common-and most costly-approach is to pick a hyperscaler first, then ask what needs protecting. For KRITIS operators, this logic is reversed. The starting point is classifying each workload based on protection requirements, criticality to the supply mission, and recovery time objectives. A billing system handling personal data has different needs than an internal wiki. This distinction later determines the deployment model.<\/p>\n<p>In practice, this means categorizing data and services into three classes: What can run in a public region? What requires a sovereign environment? What should remain in-house for now? Drawing this map before the first migration ticket is issued means negotiating with providers based on concrete requirements-not marketing slides.<\/p>\n<h2 style=\"margin-top:64px;margin-bottom:20px;padding-top:16px;\">Data Residency: Where Workloads *Actually* Reside<\/h2>\n<p>Selecting an EU region from a dropdown menu doesn\u2019t guarantee data sovereignty. What matters is who has technical and legal access to the data, where the provider is based, and whether support or maintenance is handled from third countries. For sensitive KRITIS workloads, the key questions are: Who holds the encryption keys-the provider or the customer? Can the provider\u2019s access be technically blocked, for example, through confidential computing or customer-held keys?<\/p>\n<p>The C5:2026 catalog takes these points more seriously than its predecessor. With 168 requirements instead of 121, it now explicitly addresses container management, supply chain security, and confidential computing as distinct focus areas. For migration, this means data residency is an architectural issue that ties together encryption, key management, and operational models. A checkbox on a procurement form won\u2019t cut it.<\/p>\n<div class=\"evm-stat evm-stat-highlight\" style=\"text-align:center;background:#004a59;border-radius:12px;padding:32px 24px;margin:32px 0;\">\n<div style=\"font-size:48px;font-weight:700;color:#fff;letter-spacing:-0.03em;\">168 criteria<\/div>\n<div style=\"font-size:15px;color:rgba(255,255,255,0.8);margin-top:8px;max-width:420px;margin-left:auto;margin-right:auto;\">in the new C5:2026 catalog-up from 121 in the previous version. Mandatory from June 1, 2027, with early adoption recommended.<\/div>\n<div style=\"font-size:12px;color:#0bb7fd;margin-top:8px;\">Source: BSI, C5:2026<\/div>\n<\/div>\n<h2 style=\"margin-top:64px;margin-bottom:20px;padding-top:16px;\">A C5 Attestation Opens the Door-Nothing More<\/h2>\n<p>A provider\u2019s C5 attestation is often the entry ticket for procurement close to KRITIS. It proves the vendor meets the catalog requirements, but says nothing about whether your own configuration actually leverages that security. Cloud security is a shared responsibility: the provider delivers the attested platform, while the operator configures identities, network segmentation, and logging. A flawless attestation won\u2019t protect you from an exposed storage bucket.<\/p>\n<p>When selecting a provider, a clear-eyed comparison of operating models pays off. Each has its place, depending on the protection class identified in step one.<\/p>\n<div style=\"overflow-x:auto;margin:24px 0;\">\n<table style=\"width:100%;border-collapse:collapse;font-size:0.95em;min-width:560px;\">\n<thead>\n<tr style=\"background:#004a59;color:#fff;\">\n<th style=\"padding:12px 14px;text-align:left;\">Operating Model<\/th>\n<th style=\"padding:12px 14px;text-align:left;\">KRITIS Suitability<\/th>\n<th style=\"padding:12px 14px;text-align:left;\">Trade-off<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr style=\"border-bottom:1px solid #e5e5e5;\">\n<td style=\"padding:12px 14px;\"><strong>Public Cloud, EU Region<\/strong><\/td>\n<td style=\"padding:12px 14px;\">Medium to high, depending on key sovereignty<\/td>\n<td style=\"padding:12px 14px;\">Scalability vs. provider access and third-country risks<\/td>\n<\/tr>\n<tr style=\"border-bottom:1px solid #e5e5e5;background:#f8fbfd;\">\n<td style=\"padding:12px 14px;\"><strong>Sovereign Cloud<\/strong><\/td>\n<td style=\"padding:12px 14px;\">High, with local operations and staff<\/td>\n<td style=\"padding:12px 14px;\">Data sovereignty vs. narrower service catalog and higher costs<\/td>\n<\/tr>\n<tr style=\"border-bottom:1px solid #e5e5e5;\">\n<td style=\"padding:12px 14px;\"><strong>Hybrid with In-House Core<\/strong><\/td>\n<td style=\"padding:12px 14px;\">High for the most critical workloads<\/td>\n<td style=\"padding:12px 14px;\">Full control vs. operational overhead and integration burden<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h2 style=\"margin-top:64px;margin-bottom:20px;padding-top:16px;\">The Exit Plan Determines Availability<\/h2>\n<p>For KRITIS, availability carries the weight of the supply mandate. If the service fails, supply fails. A cloud migration only improves resilience if the contingency plan comes before the business-as-usual plan. That starts with lock-in: How quickly can a service be shifted to a second provider or back to your own data center if the vendor fails, prices spike, or an authority demands it?<\/p>\n<p>Building critical services on portable components-like containers and standardized interfaces instead of proprietary managed services-keeps the escape route open. Multi-cloud pays off precisely where the failure of a single provider would jeopardize the supply mandate. For non-critical services, it remains an expensive overhead.<\/p>\n<figure style=\"margin:36px 0;padding:0;\">\n<blockquote style=\"position:relative;margin:0;padding:30px 34px 28px;background:linear-gradient(135deg,#013a47 0%,#004a59 100%);border-radius:12px;box-shadow:0 10px 30px rgba(0,40,60,0.18);overflow:hidden;\"><p>\n<span aria-hidden=\"true\" style=\"position:absolute;right:22px;top:6px;font-family:Georgia,serif;font-size:90px;line-height:1;color:#0bb7fd;opacity:0.18;\">&rdquo;<\/span><\/p>\n<div style=\"font-family:'SF Mono','Monaco','Consolas',monospace;font-size:10.5px;color:#0bb7fd;letter-spacing:0.18em;text-transform:uppercase;margin-bottom:13px;\">\/\/ Core Statement<\/div>\n<p style=\"margin:0;font-size:1.15em;line-height:1.6;color:#f2fafd;font-weight:500;position:relative;\">A migration with no way back only shifts dependency-it doesn\u2019t reduce it.<\/p>\n<\/blockquote>\n<\/figure>\n<h2 style=\"margin-top:64px;margin-bottom:20px;padding-top:16px;\">The Audit Starts Before Migration<\/h2>\n<p>Proof of compliance is where good architecture either shines or falls short. Affected organizations must register with the BSI. Under the KRITIS Dachgesetz, physical resilience will require a second registration with the BBK, with a deadline of July 17, 2026. If you only implement logging, asset inventories, and incident processes after migration, you\u2019re documenting gaps-not control.<\/p>\n<p>That\u2019s why evidence gathering belongs in the migration plan: centralized logging, a maintained directory of outsourced services, and clear reporting channels from day one. Then, the audit at the end simply pulls a report from ongoing operations.<\/p>\n<h2 style=\"padding-top:64px;margin-bottom:20px;\">Frequently Asked Questions<\/h2>\n<details>\n<summary><strong>Are KRITIS operators even allowed to move sensitive data to the public cloud?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">There is no blanket ban. What matters are the protection requirements, key sovereignty, and an operating model that limits provider access. Highly critical workloads tend to end up in sovereign or hybrid environments, while less sensitive services can run in an EU region with customer-held keys.<\/p>\n<\/details>\n<details>\n<summary><strong>Is a provider\u2019s C5 attestation sufficient for compliance?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">It\u2019s a prerequisite for many tenders, but it doesn\u2019t replace your own audit. The attestation refers to the provider\u2019s certification status at a given point in time. If you use it, check the scope: Which services, regions, and cut-off date are covered? No provider checks your own configuration.<\/p>\n<\/details>\n<details>\n<summary><strong>What changes with C5:2026 compared to the previous version?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">The catalogue expands from 121 to 168 criteria and now explicitly addresses container management, supply chain security, post-quantum cryptography, and confidential computing. Monitoring and incident management requirements are stricter. C5:2026 becomes mandatory on 1 June 2027, but early adoption is recommended.<\/p>\n<\/details>\n<details>\n<summary><strong>By when do affected organisations need to register?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">Registration with the BSI must be completed no later than three months after a company first meets the criteria. For physical resilience under the KRITIS umbrella law, an additional registration with the BBK is required, with a deadline of 17 July 2026.<\/p>\n<\/details>\n<details>\n<summary><strong>Why is an exit plan so critical for KRITIS migration?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">In the KRITIS environment, a single provider can itself become a risk. Without a tested fallback, a provider outage or contract termination directly extends your downtime. The exit plan must be tested: Regular dry runs show whether the transition back can be completed within the required recovery time.<\/p>\n<\/details>\n<div class=\"evm-styled-box\" style=\"background:#f0f8ff;padding:20px 24px;margin:32px 0 24px;border-top:3px solid #0bb7fd;\">\n<h2 style=\"margin-top:0;margin-bottom:12px;font-size:1.05em;\">Editor\u2019s Picks<\/h2>\n<p style=\"margin:0 0 8px;\"><a href=\"https:\/\/www.cloudmagazin.com\/en\/2026\/04\/22\/bsi-kritis-and-the-cloud-2026-nis2-the-umbrella-law-and-c\/\">KRITIS umbrella law meets NIS2 and C5 upgrade<\/a><\/p>\n<p style=\"margin:0 0 8px;\"><a href=\"https:\/\/www.cloudmagazin.com\/en\/2026\/04\/28\/architecture-drives-compliance-costs\/\">Compliance costs: Architecture makes the difference<\/a><\/p>\n<p style=\"margin:0;\"><a href=\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/26\/finops-realistically-reducing-cloud-costs-by-30-percent\/\">FinOps: Cutting cloud costs by 30 percent is realistic<\/a><\/p>\n<\/div>\n<p style=\"margin:0 0 12px 0;font-size:0.78em;font-weight:700;text-transform:uppercase;letter-spacing:0.18em;color:#666;\">More from the MBF Media Network<\/p>\n<div style=\"background:#fafafa;border-left:3px solid #69d8ed;padding:14px 18px;margin:0 0 12px;\">\n<div style=\"font-size:0.72em;font-weight:700;text-transform:uppercase;letter-spacing:0.12em;color:#69d8ed;margin-bottom:6px;\">SecurityToday<\/div>\n<p><a href=\"https:\/\/www.securitytoday.de\/2026\/06\/25\/nis2-dora-dsgvo-meldefristen-vergleich-startpunkt-incident\/\" style=\"color:#222;text-decoration:none;font-weight:600;\">When the reporting deadline clock really starts ticking<\/a>\n<\/div>\n<div style=\"background:#fafafa;border-left:3px solid #d65663;padding:14px 18px;margin:0 0 12px;\">\n<div style=\"font-size:0.72em;font-weight:700;text-transform:uppercase;letter-spacing:0.12em;color:#d65663;margin-bottom:6px;\">Digital Chiefs<\/div>\n<p><a href=\"https:\/\/www.digital-chiefs.de\/cloud-kapazitaet-wird-knapp-cios-muessen-jetzt-planen\/\" style=\"color:#222;text-decoration:none;font-weight:600;\">Cloud capacity is running low-CIOs need to act now<\/a>\n<\/div>\n<div style=\"background:#fafafa;border-left:3px solid #202528;padding:14px 18px;margin:0 0 12px;\">\n<div style=\"font-size:0.72em;font-weight:700;text-transform:uppercase;letter-spacing:0.12em;color:#202528;margin-bottom:6px;\">MyBusinessFuture<\/div>\n<p><a href=\"https:\/\/mybusinessfuture.com\/was-die-pleitewelle-vom-mittelstand-verlangt\/\" style=\"color:#222;text-decoration:none;font-weight:600;\">What the wave of insolvencies demands from SMEs<\/a>\n<\/div>\n<p style=\"text-align:right;color:#868e96;font-size:0.85em;margin-top:48px;\"><em>Image source: AI-generated (June 2026)<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"Operators of critical infrastructures are shifting sensitive systems to the cloud.","protected":false},"author":31,"featured_media":48018,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_yoast_wpseo_focuskw":"KRITIS Cloud Migration","_yoast_wpseo_title":"KRITIS in the Cloud: What Secures the Migration","_yoast_wpseo_metadesc":"KRITIS operators shift sensitive systems to the cloud. Migration success determines compliance, availability, and C5 compliance.","_yoast_wpseo_meta-robots-noindex":"","_yoast_wpseo_meta-robots-nofollow":"","_yoast_wpseo_meta-robots-adv":"","_yoast_wpseo_canonical":"","_yoast_wpseo_opengraph-title":"","_yoast_wpseo_opengraph-description":"","_yoast_wpseo_opengraph-image":"","_yoast_wpseo_opengraph-image-id":0,"_yoast_wpseo_twitter-title":"","_yoast_wpseo_twitter-description":"","_yoast_wpseo_twitter-image":"","_yoast_wpseo_twitter-image-id":0,"ngg_post_thumbnail":0,"pre_headline":"","bildquelle":"","teasertext":"","language":"de","_evm_translation_lang":"","featured_post":0,"featured_post_sortierung":0,"_wp_old_slug":[],"footnotes":""},"categories":[722,964],"tags":[],"industry":[],"class_list":["post-48023","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-rechenzentren","category-security"],"evm_reading_time_minutes":7,"wpml_language":"en","wpml_translation_of":48016,"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>KRITIS in the Cloud: What Secures the Migration<\/title>\n<meta name=\"description\" content=\"KRITIS operators shift sensitive systems to the cloud. Migration success determines compliance, availability, and C5 compliance.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"KRITIS in the Cloud: What Secures the Migration\" \/>\n<meta property=\"og:description\" content=\"KRITIS operators shift sensitive systems to the cloud. Migration success determines compliance, availability, and C5 compliance.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/\" \/>\n<meta property=\"og:site_name\" content=\"cloudmagazin\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cloudmagazincom\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-29T06:55:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-29T08:16:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/06\/kritis-cloud-migration-c5-nis2-dachgesetz-cover-hero.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1248\" \/>\n\t<meta property=\"og:image:height\" content=\"832\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Alec Chizhik\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@cloudmagazin\" \/>\n<meta name=\"twitter:site\" content=\"@cloudmagazin\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alec Chizhik\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/\"},\"author\":{\"name\":\"Alec Chizhik\",\"@id\":\"https:\/\/www.cloudmagazin.com\/en\/#\/schema\/person\/ce38baaa19a580268aedce096597eb3c\"},\"headline\":\"KRITIS in the Cloud: What Secures the Migration\",\"datePublished\":\"2026-06-29T06:55:00+00:00\",\"dateModified\":\"2026-06-29T08:16:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/\"},\"wordCount\":1215,\"publisher\":{\"@id\":\"https:\/\/www.cloudmagazin.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/06\/kritis-cloud-migration-c5-nis2-dachgesetz-cover-hero.jpg\",\"articleSection\":[\"Data Centers\",\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/\",\"url\":\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/\",\"name\":\"KRITIS in the Cloud: What Secures the Migration\",\"isPartOf\":{\"@id\":\"https:\/\/www.cloudmagazin.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/06\/kritis-cloud-migration-c5-nis2-dachgesetz-cover-hero.jpg\",\"datePublished\":\"2026-06-29T06:55:00+00:00\",\"dateModified\":\"2026-06-29T08:16:27+00:00\",\"description\":\"KRITIS operators shift sensitive systems to the cloud. Migration success determines compliance, availability, and C5 compliance.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/#primaryimage\",\"url\":\"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/06\/kritis-cloud-migration-c5-nis2-dachgesetz-cover-hero.jpg\",\"contentUrl\":\"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/06\/kritis-cloud-migration-c5-nis2-dachgesetz-cover-hero.jpg\",\"width\":1248,\"height\":832,\"caption\":\"Rechenzentrum als Infrastrukturstandort f\u00fcr abgesicherte Cloud-Migrationen\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cloudmagazin.com\/en\/home\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"KRITIS in the Cloud: What Secures the Migration\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cloudmagazin.com\/en\/#website\",\"url\":\"https:\/\/www.cloudmagazin.com\/en\/\",\"name\":\"cloudmagazin\",\"description\":\"Inspiration f\u00fcr Businessentscheider\",\"publisher\":{\"@id\":\"https:\/\/www.cloudmagazin.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cloudmagazin.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cloudmagazin.com\/en\/#organization\",\"name\":\"cloudmagazin\",\"url\":\"https:\/\/www.cloudmagazin.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cloudmagazin.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2020\/04\/cloudmagazin-logo-klein_menu.jpg\",\"contentUrl\":\"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2020\/04\/cloudmagazin-logo-klein_menu.jpg\",\"width\":150,\"height\":150,\"caption\":\"cloudmagazin\"},\"image\":{\"@id\":\"https:\/\/www.cloudmagazin.com\/en\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/cloudmagazincom\/\",\"https:\/\/x.com\/cloudmagazin\",\"https:\/\/www.linkedin.com\/showcase\/cloudmagazin\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cloudmagazin.com\/en\/#\/schema\/person\/ce38baaa19a580268aedce096597eb3c\",\"name\":\"Alec Chizhik\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cloudmagazin.com\/en\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/03\/alec-chizhik.jpg\",\"contentUrl\":\"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/03\/alec-chizhik.jpg\",\"caption\":\"Alec Chizhik\"},\"description\":\"Alec is the Chief Digital Officer at Evernine and writes about cloud architectures, IT security, and digital operations practices.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/alecchizhik\/\"],\"url\":\"https:\/\/www.cloudmagazin.com\/en\/author\/alec\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"KRITIS in the Cloud: What Secures the Migration","description":"KRITIS operators shift sensitive systems to the cloud. Migration success determines compliance, availability, and C5 compliance.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/","og_locale":"en_US","og_type":"article","og_title":"KRITIS in the Cloud: What Secures the Migration","og_description":"KRITIS operators shift sensitive systems to the cloud. Migration success determines compliance, availability, and C5 compliance.","og_url":"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/","og_site_name":"cloudmagazin","article_publisher":"https:\/\/www.facebook.com\/cloudmagazincom\/","article_published_time":"2026-06-29T06:55:00+00:00","article_modified_time":"2026-06-29T08:16:27+00:00","og_image":[{"width":1248,"height":832,"url":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/06\/kritis-cloud-migration-c5-nis2-dachgesetz-cover-hero.jpg","type":"image\/jpeg"}],"author":"Alec Chizhik","twitter_card":"summary_large_image","twitter_creator":"@cloudmagazin","twitter_site":"@cloudmagazin","twitter_misc":{"Written by":"Alec Chizhik","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/#article","isPartOf":{"@id":"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/"},"author":{"name":"Alec Chizhik","@id":"https:\/\/www.cloudmagazin.com\/en\/#\/schema\/person\/ce38baaa19a580268aedce096597eb3c"},"headline":"KRITIS in the Cloud: What Secures the Migration","datePublished":"2026-06-29T06:55:00+00:00","dateModified":"2026-06-29T08:16:27+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/"},"wordCount":1215,"publisher":{"@id":"https:\/\/www.cloudmagazin.com\/en\/#organization"},"image":{"@id":"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/06\/kritis-cloud-migration-c5-nis2-dachgesetz-cover-hero.jpg","articleSection":["Data Centers","Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/","url":"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/","name":"KRITIS in the Cloud: What Secures the Migration","isPartOf":{"@id":"https:\/\/www.cloudmagazin.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/#primaryimage"},"image":{"@id":"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/06\/kritis-cloud-migration-c5-nis2-dachgesetz-cover-hero.jpg","datePublished":"2026-06-29T06:55:00+00:00","dateModified":"2026-06-29T08:16:27+00:00","description":"KRITIS operators shift sensitive systems to the cloud. Migration success determines compliance, availability, and C5 compliance.","breadcrumb":{"@id":"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/#primaryimage","url":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/06\/kritis-cloud-migration-c5-nis2-dachgesetz-cover-hero.jpg","contentUrl":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/06\/kritis-cloud-migration-c5-nis2-dachgesetz-cover-hero.jpg","width":1248,"height":832,"caption":"Rechenzentrum als Infrastrukturstandort f\u00fcr abgesicherte Cloud-Migrationen"},{"@type":"BreadcrumbList","@id":"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cloudmagazin.com\/en\/home\/"},{"@type":"ListItem","position":2,"name":"KRITIS in the Cloud: What Secures the Migration"}]},{"@type":"WebSite","@id":"https:\/\/www.cloudmagazin.com\/en\/#website","url":"https:\/\/www.cloudmagazin.com\/en\/","name":"cloudmagazin","description":"Inspiration f\u00fcr Businessentscheider","publisher":{"@id":"https:\/\/www.cloudmagazin.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cloudmagazin.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cloudmagazin.com\/en\/#organization","name":"cloudmagazin","url":"https:\/\/www.cloudmagazin.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cloudmagazin.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2020\/04\/cloudmagazin-logo-klein_menu.jpg","contentUrl":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2020\/04\/cloudmagazin-logo-klein_menu.jpg","width":150,"height":150,"caption":"cloudmagazin"},"image":{"@id":"https:\/\/www.cloudmagazin.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/cloudmagazincom\/","https:\/\/x.com\/cloudmagazin","https:\/\/www.linkedin.com\/showcase\/cloudmagazin\/"]},{"@type":"Person","@id":"https:\/\/www.cloudmagazin.com\/en\/#\/schema\/person\/ce38baaa19a580268aedce096597eb3c","name":"Alec Chizhik","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cloudmagazin.com\/en\/#\/schema\/person\/image\/","url":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/03\/alec-chizhik.jpg","contentUrl":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/03\/alec-chizhik.jpg","caption":"Alec Chizhik"},"description":"Alec is the Chief Digital Officer at Evernine and writes about cloud architectures, IT security, and digital operations practices.","sameAs":["https:\/\/www.linkedin.com\/in\/alecchizhik\/"],"url":"https:\/\/www.cloudmagazin.com\/en\/author\/alec\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/posts\/48023","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/users\/31"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/comments?post=48023"}],"version-history":[{"count":1,"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/posts\/48023\/revisions"}],"predecessor-version":[{"id":48024,"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/posts\/48023\/revisions\/48024"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/media\/48018"}],"wp:attachment":[{"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/media?parent=48023"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/categories?post=48023"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/tags?post=48023"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/industry?post=48023"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}