The NIS2 Directive has been transposed into German law since October 2024. It requires affected companies to systematically manage risks across their entire supply chain — including all third parties, service providers and IT suppliers.
What does NIS2 require from companies?
NIS2 Art. 21 Para. 2 lit. d requires companies to actively manage their supply chain risks — identification of all relevant suppliers, continuous risk assessment and incident reporting.
Companies must ensure security in the supply chain, including security-related aspects of the relationship between companies and their direct providers or service providers.
Which companies are affected?
NIS2 applies to companies in 18 sectors: energy, transport, health, financial services, digital infrastructure and manufacturing. From 50 employees or 10 million euros in turnover, the directive applies in most sectors.
How does 360TPRM support NIS2 implementation?
360TPRM natively maps all NIS2-relevant requirements: supplier register, continuous monitoring, automated risk assessment and audit-ready reports at the push of a button.
NIS2 provides for fines of up to 10 million euros or 2% of global annual turnover.
More topics in this area
FAQ
Achieve NIS2 compliance with 360TPRM
Sehen Sie in einer 45-minütigen Demo, wie 360TPRM Ihre Anforderungen konkret erfüllt.
Demo →