Germany enforces stricter cybersecurity and weather safety rules for 30,000 businesses
Germany has introduced stricter cybersecurity rules under the NIS-2 Directive, affecting around 30,000 businesses. The new measures target companies in key sectors, including energy, health, transport, and digital infrastructure. Firms must now meet tighter security standards or face heavier penalties.
The changes come as extreme weather conditions raise additional safety concerns for outdoor workers. Businesses operating in open environments, such as delivery and contracting firms, must also ensure safer working conditions during heavy rainfall.
The NIS-2 Directive applies to companies with at least 50 employees or an annual turnover exceeding €10 million. Affected sectors include energy, healthcare, waste management, food production, manufacturing, transport, finance, water supply, and digital infrastructure. These businesses must register with the Federal Office for Information Security (BSI) by March 6, 2026.
Under the new rules, firms must implement **risk management systems**, follow a **three-stage reporting process** for security incidents, and ensure senior management takes responsibility for IT security. Non-compliance will result in stricter sanctions than before. The directive also addresses immediate safety risks caused by severe weather. Delivery companies, construction firms, and other outdoor-based businesses must now take extra precautions. The goal is to protect workers from hazards linked to heavy rain and unstable conditions. Authorities have stressed that these measures are temporary but necessary due to the current extreme weather. Companies must adapt quickly to reduce risks while maintaining operations.
The NIS-2 Directive tightens cybersecurity and workplace safety for thousands of German businesses. Affected firms have until early 2026 to register and meet the new requirements. Meanwhile, outdoor workers will see improved protections against weather-related dangers.
Failure to comply with either the cybersecurity rules or the temporary weather safety measures could lead to fines or operational restrictions. The government has made it clear that both digital and physical security remain top priorities.
