heise PlusAbo
Anzeige

NIS2 implementation and Kritis umbrella law finally failed

The German implementation laws for the CER and NIS2 directives will not be passed before the election. The uncertainty for the economy remains.

listen Print view
Pole of an overland power line with stylized background and the visible words "Cyber Attack".

(Image: vectorfusionart/Shutterstock.com)

3 min. read
By

The law to implement the EU NIS2 Directive and strengthen cybersecurity will not be passed before the federal elections. After the SPD, Greens and FDP continued to negotiate on the law even after the end of the traffic light coalition, the responsible rapporteurs have now given up. This means that more than two years after the EU directive was passed, a regulatory loophole remains open and the EU implementation deadline will be exceeded even longer than it already is.

After the end of the traffic light, there was still hope that at least this law, which is considered particularly important by large parts of the economy, would still be passed. Without the law, there are still no clear regulations on how the digital aspects of critical infrastructures must be secured. BSI President Claudia Plattner had also repeatedly expressed the hope that the law could still be passed.

In the end, however, the negotiations failed due to the FDP, among others, who insisted on the vulnerability management once provided for in the coalition agreement and were willing to compromise, especially in terms of time. According to negotiating circles, however, the SPD was not prepared to do so despite a planned lead time of two years. SPD negotiator Sebastian Hartmann accused the FDP of making "maximum demands".

Unsurprisingly, the Greens blame both negotiating partners – but also Federal Minister of the Interior Nancy Faeser (SPD): she had failed to present the draft legislation in good time – after all, the EU directives had been in place for over two years. At the end of the legislative period, the CDU/CSU parliamentary group no longer felt any desire for constructive talks on the two legislative proposals, as the NIS2 proposal in particular was not suitable for negotiation.

Videos by heise

No umbrella without NIS2

Without the NIS2 law, the so-called umbrella law for better protection of critical infrastructures is also pointless: The two legislative procedures form a pair of far-reaching digital and supplementary analog protection provisions for critical facilities and their operators. For example, incidents from both areas should be reported and possible connections made visible to the authorities more quickly.

After the federal elections, a new federal government will have to make a second attempt. The laws must then be introduced, discussed and passed by the newly constituted Bundestag. Parliament cannot simply pick up the threads of its predecessors. This will further delay the implementation of the NIS2 Directive – This should actually have happened by October 2024. The EU Commission is already waving infringement proceedings.

(olb)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten