# NIS2 & Regulation for the German Mittelstand | ZEMID URL: https://zemid.de/en/leistungen/nis2-regulatorik Language: English Provider: ZEMID – Zentrum für Mittelstand und Digitalisierung GmbH Location: Frankfurt am Main, Germany NIS2 holds executives personally liable — for cybersecurity, risk management and reporting obligations. ZEMID supports Mittelstand companies strategically at leadership level, not at IT level. --- ## hero Services · NIS2 & Regulation Since December 2025, executives are personally liable. For cybersecurity. The NIS2 directive is in force. It holds executives directly responsible — for risk management, reporting obligations and security measures. The ticketing system is the wrong place for this. ## alert NIS2 security measures have been mandatory since December 2025 with no transition period. Applies to all affected entities in 10 security domains. Fines up to €10m or 2% of annual turnover. ## metrics €10m maximum fine for essential entities 24 hrs deadline for initial notification after a significant security incident 10 security domains mandated by NIS2 ## problem "NIS2 is not a checklist. It is an ongoing duty — with personal liability of the management for any failures." Liability is underestimated NIS2 obliges executives directly — not just the company. Whoever delegates without steering remains liable. Wrong ownership The topic ends up in the IT department or with the lawyer. Both fall short — NIS2 requires entrepreneurial decisions. Compliance ≠ security Working through the checklist meets the form. Understanding the substance protects the company and the individual. ## phases Approach Three steps to NIS2 conformity Scope assessment Am I affected at all — and to what extent? Classification by sector, size and entity type (essential / important) Supply chain check: exposure via customers or clients Clarification of the registration obligation with the BSI Initial assessment of the action required Gap analysis & action plan What is missing — and what has to be done by when? Assessment of the 10 mandatory security domains Prioritisation by urgency and effort Development of a realistic implementation plan Documentation framework for the burden of proof Executive briefing & implementation support How do I document that I take this seriously? Executive briefing on personal liability and reporting obligations Building internal governance structures and responsibilities Preparation for regulatory inquiries and audits Regular sparring during the implementation phase ## useCases Where we are deployed When we are brought in Scope check Quick clarification: am I an essential or important entity? What specifically applies to my company? Executive briefing Concise introduction to personal liability, reporting obligations and minimum requirements — for leadership, not for IT. Supply chain responsibility When customers or clients pass on NIS2 requirements — classification, negotiation support, documentation. Incident management & reporting In a real case: what has to be reported when and to whom? Preparing for the incident before it occurs. ## diff Differentiation What ZEMID does differently Neither an IT provider nor a law firm. IT firms see NIS2 as a technology project. Lawyers see it as a compliance task. We bring it to decision-maker level — as a strategic leadership task. Pragmatic instead of perfectionist. NIS2 conformity is not a one-off project. We develop solutions that a Mittelstand company can implement with realistic resources — not enterprise templates from large corporations. Regulation in overall context. NIS2, AI Act, DORA, e-invoicing — we keep track of all relevant deadlines and clarify what really affects your company. Without scaremongering, without trivialisation. ## cta Do you know whether your company is affected? A 30-minute conversation clarifies whether and to what extent NIS2 applies to you — and what the next steps are. Arrange initial conversation → View the Compliance Radar — all regulatory deadlines → --- Contact: hallo@zemid.de · +49 69 300 38 658 Address: Schumannstraße 27, 60325 Frankfurt am Main Web: https://zemid.de/en Additional machine-readable resources: https://zemid.de/llms.txt · https://zemid.de/sitemap.xml