Fines now possible: Deadline for NIS2 registration requirement
The deadline for companies and authorities to register under NIS2 rules ends today. Initial figures are causing political consternation.
(Image: Ivan Marc / Shutterstock.com)
On Friday, the NIS2 deadline ends for all authorities, companies, and other entities that were already covered by the amended rules for critical infrastructures when they came into force. They must notify the Federal Office for Information Security (BSI) that they are affected. However, further technical details about affected critical components, public IP address ranges, and details about systems, as prescribed in §33 of the BSI Act, are also due.
Anyone falling under the rules of the amended IT security regulations of the European Union must, starting today, three months after they came into force, expect the BSI to inquire about the registration obligation and demand the corresponding information. Failure to register can constitute a punishable administrative offense.
Videos by heise
The probability that the BSI will have to at least send a reminder is high: According to information from the responsible Federal Ministry of the Interior in response to an inquiry by Green Party digital politician Jeanne Dillschneider, only 4856 “important and particularly important entities” had registered with the BSI two weeks before today's deadline. However, when the law was passed, the federal government expected around 30,000 affected entities.
Greens demand less cyber-talk and more IT security from the Interior Minister
This is a “poverty of achievement” for the Green politician: “The NIS2 directive is not only being implemented poorly, but there is also no serious idea on how to effectively enforce the requirements.” The law would only have an effect if it were also implemented. She expects more support from the federal government for affected organizations to complete the demanding registration process. The politically responsible party for this is Federal Interior Minister Alexander Dobrindt (CSU). “Apparently, the Interior Minister is so busy dreaming of cyberdomes and active cyberdefense that he completely forgets about cybersecurity in his country,” criticizes Green Party member Dillschneider.
The Federal Office for Information Security provides extensive instructions and information in the so-called BSI portal. However, registration there requires first creating a company account based on an Elster organizational certificate in the “Mein Unternehmenskonto” (MUK) portal.
(emw)
