According to the digital association Bitkom, the Bundestag's decision on November 14 to implement the EU's NIS 2 Directive has strengthened cybersecurity in Germany and created greater legal certainty for companies. At the same time, the new regulations on the use of so-called critical components could have a significant impact on companies' investment decisions and thus on digitalization in Germany.
"The implementation of the European NIS 2 Directive was long overdue. Cyberattacks threaten the economy, administration, and society. German companies have recently suffered annual losses of €202 billion as a result," says Bitkom President Ralf Wintergerst. The aim of the NIS 2 Directive is to strengthen resilience and cybersecurity in member states. To this end, the definition of critical infrastructure has been expanded, requiring a large number of companies to implement special security measures.
ㅤ
ㅤ
"Companies need reliable framework conditions; bans can have a significant impact on the
Business activities."
Ralf Wintergerst,
President,
Bitkom
Bitkom considers it extremely positive that the newly adopted law includes downstream federal authorities within the scope of NIS 2. Security breaches can cause considerable financial damage and undermine trust in democratic institutions, particularly in sensitive areas of federal administration. „An effective and credible cybersecurity architecture requires the state itself to adhere to the highest security standards. It is only logical and right that federal authorities should in future be subject to the same risk management requirements as regulated companies,“ said Wintergerst.
Critical components
In contrast, the Digital Association believes that the new regulations on so-called critical components recently introduced into the legislative process are rather harmful.
The plan now is for the Federal Ministry of the Interior, in consultation with other departments, to define critical components and, in future, to be able to prohibit their use independently. „Companies need reliable framework conditions; bans can have a significant impact on business activities. Before such important decisions are made, it is essential that those affected are consulted in advance,“ said Wintergerst.
According to Bitkom, the definition of critical components should continue to be based on technical criteria and determined by the Federal Network Agency and the Federal Office for Information Security (BSI).
Source: Bitkom
DE 
EN 
ES 
FR 
