• Thema Reducing Bureaucracy 07/01/2024

    Statement: Family Businesses Demand a Practical Implementation of IT Security Regulations (NIS2 Implementation and Cybersecurity Strengthening Act – NIS2UmsuCG)

    IT security risks are developing into one of the main risks for companies in the course of the advancing digitalization of the German economy. The growing importance of this topic is accompanied by high legislative activity. At the European level, the NIS-2 Directive and the CER Directive contain new requirements for regulating corporate security. As a first step, the federal legislator is implementing the requirements of the NIS-2 Directive in the NIS2UmsuCG (NIS-2 Implementation Act).

Zurück

A. Summary of Demands

1. Enable specialized division of labor: Delete § 38 (1) BSIG-E without replacement or limit it to the management’s responsibility for IT security measures.

2. Legal clarity: Define the frequency of executive training in the law.

Ensure security as an organizational goal through an independent security officer.

4. Encourage creative solutions instead of regulatory micromanagement – no general authority for the BSI to dictate corporate risk management.

5. No “Wall of Shame”: Companies must not fear public shaming after reporting a security incident.

6. Avoid unnecessary bureaucratic burdens in crises: One report for everything – now and in the future!

B. In Detail

Navigation
Navigation