13 Okt. Bundestag hearing on the proposed NIS2 legislation: VATM warns against duplicate structures at federal and state levels
Berlin, 13. Oktober 2025. The European Union’s NIS 2 Directive will require approximately 29,000 companies in Germany, including many telecommunications service providers, to implement robust cybersecurity measures. Strengthening cybersecurity in Germany is a key concern for the VATM. However, the current draft of the NIS 2 Implementation and Cybersecurity Strengthening Act, which is being discussed at a public hearing today, requires swift revision in several key areas.
“An effective law must increase security without hindering companies‘ commitment through unnecessary duplicate structures at federal and state level,” emphasises VATM Managing Director, Dr Frederic Ufer. Bureaucratic processes must therefore be streamlined, and a uniform reporting portal must be introduced. “Security is primarily achieved through clear, simple and digital processes. That is why a centralised, cross-agency system must be set up quickly for a trial period and, in the long term, function across Europe. Especially for companies that operate globally, it is essential that internationally uniform standards apply.”
Ufer criticises that the draft bill still suffers from the different requirements relating to the private sector and public authorities. “Security guarantees must apply equally. When it comes to the necessary obligations and sanctions, legislators must not differentiate between the economy and state institutions. Instead, we need a solid, future-orientated and standardised level of protection for the economy, administration and society.”
Unfortunately, it has not yet been possible to consider physical and cyber security together. “The NIS2UmsuCG and the KRITIS umbrella law (CER Directive) are two sides of the same coin and are closely linked in practice,” said the managing director. “Standardised regulations in both laws would prevent companies from facing unnecessary double burdens and inefficiencies. The Federal Digital Minister’s modernisation agenda sums up the objectives: we need pragmatic solutions for reducing bureaucracy and legislation that is practical and target-oriented. This must also be taken into account in further deliberations on the NIS2 draft law in the Federal Council and Bundestag.”
Considering the ongoing EU infringement proceedings and the resulting increased pressure to implement the legislation, the NIS2UmsuCG and KRITIS umbrella laws must finally be passed. Ufer emphasises that national legislation must not differ from EU law to achieve a harmonised European legal framework.
