Status of NIS2 Implementation in Germany and Implications for Japanese Companies

The transposition of the EU-wide NIS2 Directive into German law is currently facing significant delays, which are also of great importance for Japanese companies operating in Germany. The main cause of these delays is the recent general elections, which have led to political uncertainties and slowed down legislative work. This directly affects the introduction of the NIS-2 Implementation and Cybersecurity Enhancement Act (NIS2UmsuCG), which was published on October 2, 2024, and continues to be actively debated.

A second hearing in the Bundestag was recently held, where experts from various fields expressed their concerns about the current draft of the law. This recorded session, which is publicly available, reveals deep criticism of the current form of the draft. Experts have pointed out that the draft may not sufficiently take into account the specific needs and capabilities of businesses of all sizes.

This situation presents potential risks as well as opportunities for Japanese companies doing business in Germany. The delays could lead to short-term uncertainties, especially regarding compliance requirements and the planning of security measures.

Despite these uncertainties, we strongly recommend that Japanese companies start implementing the measures described in Article 21 of the NIS2 Directive without delay. This article focuses on key security strategies and risk management processes essential for the protection of critical infrastructures and ensuring the security of networks and information.

Early adaptation to the provisions of NIS2 offers several advantages for Japanese companies:

1. Risk Minimization: By implementing the required security measures, companies can reduce their vulnerability to cyber attacks and improve the resilience of their IT infrastructures.
2. Competitive Advantage: Companies that can demonstrate compliance early on position themselves as trustworthy partners in the German and European market.
3. Clarity and Planning Certainty: Engaging with the requirements of NIS2 allows for better strategic planning and investment in future-proof technologies.

Although the final form of the NIS2UmsuCG is not yet established, actively engaging with the known directive content provides a solid foundation for the development and implementation of effective security strategies. It is advisable for Japanese companies to use this period as an opportunity to set the course for a safe and successful future in Germany.