NIS 2 Directive:
Greater security for
Europe's cyberspace.
The NIS 2 Directive expands the 2016 NIS Directive to cover more industries and sectors. The goal: a unified level of cybersecurity across the EU. Here are the key points summarised for you.
NIS 2: Who is affected?
The previous NIS Directive focused on critical infrastructure companies. With the updated NIS 2 Directive, a significantly larger number of companies are now required to comply. This aims to address the growing threats in the digital space. The following sectors, among others, are affected by NIS 2:
• Financial market infrastructure
• Transport
• Energy
• Healthcare
Why is taking action so important?
4,000
cyberattacks occur daily across Germany.
~ 30,000
companies are affected by NIS 2.
60 %
are still not NIS 2 compliant.
Up to €10 million
in fines for non-compliance.
FTAPI supports you with risk management under NIS 2.
We help you ensure secure data exchange.
FTAPI supports NIS 2 measures.
Your industry in focus. Select your sector and find out how FTAPI supports you with the specific requirements.
Maintaining operational capability
Cyber attacks threaten the state’s operational capability. Incidents such as the attack on Südwestfalen-IT in October 2023 demonstrated just how vulnerable digital administrative structures are. NIS 2 therefore demands strengthened protection of ICT systems and robust contingency plans.
FTAPI encrypts your external data exchange end-to-end and provides an independent communication channel for crisis situations. This allows you to close security gaps in email traffic and reliably fulfil statutory documentation requirements.
Maximum protection for patient data
IT outages threaten patient care. NIS 2 therefore requires the highest level of protection for all digital processes, extending beyond organisational boundaries—for example, when medical reports or laboratory results are sent to external partners.
FTAPI seamlessly integrates GDPR-compliant data protection into your daily routine: send medical reports and laboratory results to external partners with end-to-end encryption. This prevents data leakage and effectively protects you against malware attacks.
Securing supply chains and intellectual property
NIS 2 demands stricter standards for supply chain security. Insecure emails with suppliers are often the weakest link; a cyber attack via this route can lead to production shutdowns lasting for weeks.
FTAPI protects sensitive CAD data and blueprints in virtual data rooms and hardens data transfer against industrial espionage. This keeps your production running and satisfies strict industry compliance requirements.
Efficiently meeting DORA and NIS 2 requirements
Although DORA takes precedence, NIS 2 affects you indirectly: disruptions in customer portals or insecure channels for contract data now explicitly violate statutory due diligence obligations regarding business continuity. Furthermore, the executive board is personally liable for cyber risks.
FTAPI secures your customer communication in an audit-compliant manner and automatically provides comprehensive audit trails. This allows you to provide the required compliance evidence for the BSI, BaFin, and your partners at the touch of a button, minimising liability risks.
Expertise on demand.
Webinar: Secure data exchange in compliance with NIS-2
NIS-2 presents new challenges for businesses, particularly in secure data exchange. Our experts, Björn Röckle and Wiktor Nisnewitsch, will guide you through the essential measures required under the NIS-2 directive to ensure compliant and efficient data exchange. Additionally, the video provides practical insights into how FTAPI can support you in implementing NIS-2 requirements.
The webinar is in German and took place on 11 March 2025.
Webinar: NIS 2 – The countdown is on
In this expert talk, Prof. Dr. Dennis-Kenji Kipker, IT law expert and founder of the cyberintelligence.institute, and Ari Albertini, CEO of FTAPI, provide in-depth insights into NIS 2 and practical advice on what steps to take next. You'll also learn why there’s no need to panic or rush into hasty measures.
Please note: The webinar is in German and took place in April 2024, so some information may be outdated.
Verified and certified security for your data.
Frequently asked questions.
In addition to belonging to a specific group (critical infrastructure, highly important entities, or important entities), companies must also operate in sectors classified as critical.
As of now, municipalities are excluded from NIS 2 based on a decision by the IT Planning Council. However, they are increasingly targeted by cyberattacks and should urgently address cybersecurity—regardless of NIS 2 compliance.
There is no single solution for achieving NIS 2 compliance. The first step should be a comprehensive risk assessment to identify vulnerabilities and derive appropriate measures to mitigate risks effectively.
At EU level, NIS 2 has been in force since January 2023 and has applied since October 2024. In Germany, the Bundestag adopted the act on 13 November 2025 and the Bundesrat approved it on 21 November 2025. The act was published in the Federal Law Gazette on 5 December 2025 and enters into force one day after its promulgation, i.e. on 6 December 2025.
Since NIS 2 is an EU directive, the same conditions apply across the entire EU, including Austria. Switzerland, however, is not an EU member. Nevertheless, due to close economic ties between Switzerland and the EU—particularly in trade—the NIS 2 Directive is likely to have an indirect impact on Swiss organisations.
Free initial consultation.
Discover more.
Blog
NIS 2: Strengthening cybersecurity in the European Union
Why the tightened NIS Directive is a wake-up call for digital security across Europe.
Product
SecuMails: Secure emails made easier than ever
Send encrypted emails with just one click—directly from Outlook or your browser.
Blog
Supply Chain Act puts companies under obligation
Discover how the Supply Chain Act can be a chance for more efficient processes.
Blog
No matter when – NIS 2 is coming: Why to act now
Find out why preparing for NIS 2 is not optional but a necessity for businesses.