Video technology and cyber security for CRITIS

Cybersecurity for CRITIS Operators and NIS-2 Facilities

If companies are so-called CRITIS operators or NIS-2 institutions, they are regulated by law with regard to cybersecurity,

in the European Union (EU) through a mandatory directive to ensure a high level of network and information security (NIS-2 Directive)
in all European countries through national laws transposing the EU NIS-2 Directive into national law

Tightening the rules

As a manufacturer of video surveillance solutions, we are responsible for the security of our products – especially in the use and context of critical infrastructures (KRITIS) and under the new European NIS-2 Directive. The Network and Information Security Directive 2 (NIS-2) is an EU directive designed to strengthen cybersecurity in key sectors and industries. It expands the scope of the previous NIS-1 Directive and introduces stricter requirements and sanctions. Affected operators and companies must better protect their network and information systems and report security incidents.

State-of-the-art technology required

All regulations on CRITIS cyber security are always about ensuring appropriate organizational and technical precautions to prevent disruptions to the

availability
integrity
authenticity
and confidentiality

of information technology systems, components or processes. These must correspond to the current state of the art in order to achieve a high level of security of network and information systems.

In Germany: NIS-2 implementation in force since December 6, 2025

In Germany, the NIS-2 Implementation Act came into force on December 6, 2025 (“Act Implementing the NIS-2 Directive and Regulating Essential Features of Information Security Management in the Federal Administration”). As an omnibus bill, this German implementation act amends many individual laws, but above all the BSI Act, which is the most important law governing the tasks of the BSI and the security of information technology in institutions. Instead of the previous approximately 4,500 institutions (CRITIS operators, companies of particular interest (UBI), and other special cases), around 30,000 organizations will in future be placed under the regulatory supervision of the BSI (Federal Office for Information Security).

You can find more information on this topic, including our technical and organizational solutions and answers, in our blog article: NIS-2 Directive to enhance cybersecurity across the European Union

Dallmeier supports affected NIS-2 institutions in meeting their requirements under the European NIS-2 Directive with cyber-secure video security solutions.

The Dallmeier promise

Dallmeier products and solutions have the highest level of technical precautions and functions that enable customers and CRITIS operators to implement cybersecurity-compliant video security solutions.

Dallmeier stands for the highest level of security in terms of law and compliance, data protection and cybersecurity:

Made in Europe, made in Germany
GDPR-compliant
Compliant with EU-wide cybersecurity regulations such as the EU NIS-2 Directive or national regulations such as the German BSIG

NIS-2 individual requirements

Mirrored in Dallmeier ISO 27001 processes

NIS-2 requirement	NIS-2 Directive (EU)	NIS-2 Implementation Act / BSIG (Germany)	Dallmeier ISO 27001	Dallmeier as upstream supplier/manufacturer
State of the art	Article 21 (1), EG 85	§ 30	ISO 27001 = technology-neutral ISO as the basis for state-of-the-art IT security (TeleTrust guideline) + state-of-the-art video surveillance technology	✓
Security by Design	Article 21 (2) e)	§ 30	A.5.20, A.5.24, A.5.36, 5.37, A.6.08, A.8.09, A.8.19, A.8.20, A.8.21	✓
Supply chain security	Article 21 (2) d), Article 21 (3)	§ 30	A.5.19, A.5.20, A.5.21, A.5.22, A.5.23	✓
Integration chain security	Article 21 (2) d) and e)	§ 30	A.5.19, A.5.20, A.5.21, A.5.22, A.5.23	✓
Regular updates and patches	Article 21 (2) e) and g)	§ 30	A.5.35, A.5.36, A.5.07, A.5.24, A.5.25, A.5.26, A.5.27, A.5.28, A.6.08, A.8.16	✓
Authentication and authorization	Article 21 (2) i) and j)	§ 30	A.5.12, A.5.13, A.5.14, A.5.15, A.5.16, A.5.17, A.5.18, A.8.01, A.8.02, A.8.03	✓
Cryptography and data encryption	Article 21 (2) f)	§ 30	A.8.20, A.8.21, A.8.22, A.8.24	✓
Reporting and vulnerability management	Article 21 (2) e)	§ 30	A.5.07, A.5.24, A.5.25, A.5.26, A.5.27, A.5.28, A.6.08, A8.07, A8.08, A8.15, A8.16	✓
Data protection through IT security	Derivation from Article 20, Article 21 (1), Article 23 (4), EG 14 and 51	§ 30	in particular: A.5.34 Privacy and protection of personal information (PII)	✓
Training and awareness measures	Article 20 (1) and (2), Article 21 (2) d) and g); EG 88 and 89	§ 30	A.5.1, A. 5.2, A.5.3, A.6.3, A. 5.23, A.5.28	✓

Benefits for NIS-2 customers

Cyber resilience along the entire supply chain
Proof of NIS-2 compliance to regulatory authorities
Avoidance of downtime costs through stable business continuity

Avoiding fines for the institution
Avoiding personal liability for management

Further Information

EU NIS-2 cybersecurity directive in force since November 2022:

EU Critical Infrastructure Resilience Directive in force since November 2022:

EU Parliament online: Parliament adopts new rules to protect critical infrastructure in the EU

Our CRITIS expertise and core competence video technology

In the following, we would like to provide you with three pieces of information on our own behalf and for your CRITIS video project:

Info 1 / Top Tip: CRITIS Practical Guide to Video Technology

CRITIS video technology practical guide from Dallmeier provides an overview for security managers (right now in German language only)
80 pages of orientation for decision-makers on the subject of video technology.
Request your personal copy here

Info 2 / Blog post “The EU Regulatory Framework for Critical Infrastructure and other Key Sectors”