BSI Act: What now?

With the BSI Act, Germany has significantly tightened the cyber security requirements for companies. The aim is to achieve a uniformly high level of protection.

With the BSI Act (formerly the NIS-2 Directive), Germany has significantly tightened the cyber security requirements for companies. The aim is to achieve a uniformly high level of protection for network and information systems – particularly in critical sectors – without a transitional period.

Who is affected by the BSI Act?

Whether a company is affected must be checked independently. Two criteria are decisive here. Firstly, the size of the company is relevant. A company is generally considered to be affected if at least one of the following criteria is met:

  • more than 50 employees or
  • more than 10 million euros annual turnover

The corporate sector is also crucial. This is because the BSI Act affects 18 critical and important sectors, including, among others:

  • Energy
  • IT and telecommunications
  • Transportation and traffic
  • Healthcare
  • Industry and production

What specific obligations does the BSI Act entail? The requirements affect not only IT, but the entire company, including the management level. Central requirements include:

  • Extended technical and organizational security measures, e.g. risk management, access protection and supply chain security
  • Strict reporting obligations for security incidents within defined deadlines
  • Supervision and possible sanctions for violations
  • Personal responsibility of the management including training obligations

Implementing the BSI Act: The role of IT infrastructure

Many of the requirements of the BSI Act can only be reliably fulfilled with a secure, highly available and resilient IT infrastructure. And this is exactly where PFALZKOM steps in. Our infrastructure is built to high security standards and fulfills key requirements of the BSI Act, including in the areas of:

  • Availability and reliability
  • Access protection and network security
  • Operating, emergency and safety processes
  • Operation in German, certified Data Centers

We also offer data sovereignty, Gaia-X compliance, IT infrastructure at a certified level and secure, highly available Data Centers. Companies must now check whether they fall under the BSI Act, what security gaps exist and how the legal requirements can be met efficiently. A resilient IT infrastructure is the decisive basis for a secure future. Do you have any questions? We are here for you!

Act now

Current posts