NIS2 Directive: eco Calls for Precise Group of Addressees and Reduction of Bureaucratic Burden for Affected Companies

Commenting on the present draft bill of the German Federal Ministry of the Interior for the transposition of the European NIS2 Directive, eco Board Member for Infrastructure and Networks Klaus Landefeld has the following to say:

“The draft provides for a whole catalogue of new security regulations, registration and notification obligations that will have to be fulfilled in future by an estimated number of 30,000 companies in Germany. With such a number of affected parties – six times more than before! – the scope of application and the group of addressees must be determined in an absolutely binding manner. Above all, we need clearly comprehensible criteria as to who will be regulated in the future. In particular, companies that were not previously affected must be given legal certainty and sufficient time for implementation. In terms of content, the same applies: With such an important topic as cybersecurity, there must be no patchwork of national regulations in Europe. The German federal government must clearly explain how it intends to reconcile the previous KRITIS regulation and the changed criteria and requirements of the NIS2 Directive.”

As was the case with the draft for the German KRITIS umbrella act that became public just a few days ago, Landefeld also critiques the lack of exchange between the federal government with companies and civil society: “In view of this comprehensive reform of the entire legal framework, close coordination and interlinking of the requirements and regulations with us as the addressees of the regulation is imperative in order to establish a homogeneous and coordinated regulatory structure.”

mySCCcreator: Standard Contractual Clauses at the Click of a Mouse 1