German, Cybersecurity

German Cybersecurity Law Puts 29,500 Firms Under Deadline, With Personal Liability for Executives

Veröffentlicht: 15.07.2026 um 23:51 Uhr, Redaktion boerse-global.de

Nearly 30,000 German companies must register under NIS2 by July 31, 2026, or risk personal fines up to €10 million. BSI portal changes and low compliance add pressure.

NIS2 Compliance Urgency: German Firms Face €10M Fines by July 2026
German Cybersecurity Law Puts 29,500 Firms Under Deadline, With Personal Liability for Executives Illustration mit AI erstellt ĂĽbermittelt durch boerse-global.de

Corporate leaders at nearly 30,000 German companies now face a hard stop: register under the NIS2 cybersecurity directive by July 31, 2026, or risk personal fines of up to €10 million — or two percent of worldwide revenue. The clock started ticking when the directive took effect in December 2025, but recent technical changes have added fresh urgency.

The Federal Office for Information Security (BSI) tightened access to its corporate portal on July 15. Local account logins are gone. Anyone who needs to submit a security incident report — a requirement that kicks in within 24 hours for an initial warning, followed by a detailed report at 72 hours — must now use the “Mein Unternehmenskonto” (MUK) authorisation system. That means obtaining an ELSTER organisational certificate, which ties into Germany’s tax declaration infrastructure. Each authorised employee needs their own certificate, enabling granular permission controls but also adding administrative friction.

The BSI estimates that approximately 29,500 companies must complete this registration process. Missing the July 2026 cutoff is not just a bureaucratic slip: the law allows penalties of up to €10 million or two percent of global turnover for violations, and senior management bears personal liability for gross negligence.

Despite the high stakes, a gulf exists between perception and reality. The latest SMK Risk Barometer 2026 finds that roughly 80 percent of mid-sized companies feel secure about their IT defences. Yet BSI data shows only 56 percent meet even basic cybersecurity standards. Industry association Bitkom puts total damage from cyberattacks at around €289.2 billion, with 87 percent of businesses already hit. Meanwhile, 60 percent of companies lack a structured risk management framework. Many firms treat data protection as a part-time role, and succession planning for security roles remains neglected.

Regulators are paying special attention to critical sectors. In mid-July the BSI released new guidance for medical, dental, and psychotherapy practices. Obligations — mandatory since October 2025 for doctors and since January 2026 for dentists — include patch management, regular data backups, and a formal emergency plan. Universities are also under pressure: the latest University Barometer reports that nearly 70 percent of surveyed institutions have suffered cyberattacks, from phishing to ransomware, often lacking the resources to mount adequate defences.

Technical scrutiny is intensifying as well. On July 15 the BSI published a 169-page analysis of Windows Hello for Business, concluding that biometric data is only secured by the Trusted Platform Module (TPM) when the “Enhanced Sign-in Security” (ESS) feature is active. The agency recommends registering no more than one user per device.

Looking ahead, the threat landscape is shifting. Experts warn that AI-powered agents are already making attacks faster and more precise, forcing companies to maintain tight control over their own AI tools. And from September 2026, the EU Cyber Resilience Act (CRA) will impose new requirements on manufacturers and importers of digital products, adding another layer of penalty risk for companies throughout the supply chain.

Disclaimer zu unseren Artikeln: Keine Anlageberatung, keine Kauf oder Verkaufsempfehlung. Angaben zu Kursen, Unternehmen und Märkten ohne Gewähr; Änderungen jederzeit möglich. Börsengeschäfte können zu hohen Verlusten führen. Unsere Beiträge werden ganz oder teilweise automatisiert mit Unterstützung von AI erstellt und geprüft.

en | boerse | 69775738 |