NIS-2 Directive to enhance cybersecurity across the European Union

Dallmeier supports affected NIS-2 entities in meeting the requirements of the European NIS-2 Directive with cybersecure video security solutions.

What is NIS-2?
The NIS-2 Directive (Network and Information Security Directive 2) is an EU-wide piece of legislation aimed at strengthening cybersecurity. It entered into force in January 2023, replacing the previous NIS-1 Directive. Its objective is to raise and harmonize the overall level of security of network and information systems across the European Union. NIS-2 expands the scope of previously affected entities – namely operators of critical facilities (referred to as “CRITIS operators”) – to include a broader group of so-called “essential and important entities”. The directive imposes more stringent requirements in areas such as cyber risk management, business continuity, vulnerability management, documentation and evidence obligations, incident reporting, and penalties. In addition to extending the range of affected organizations and their obligations, NIS-2 also introduces mandatory supply chain security. This means that compliance requirements are extended beyond a company’s own operations to include manufacturers, upstream suppliers, and service providers. Failure to comply with the directive may result in significant financial penalties for the organization, as well as personal liability for executive management of NIS-2 entities.

EU member states are required to transpose the NIS-2 Directive into national legislation. Most countries failed to meet the original deadline of October 18, 2024. In Germany, for example, the national implementation law – titled “Act to Implement the NIS-2 Directive and to Regulate Key Aspects of Information Security Management in the Federal Administration” – did not enter into force until December 6, 2025. As an omnibus act, this German legislation amends several existing laws, most notably the BSI Act, which is the key legal framework governing the responsibilities of the German Federal Office for Information Security (BSI) and the cybersecurity of regulated entities. As a result, the number of organizations under the BSI’s regulatory supervision will increase from approximately 4,500 (including CRITIS operators, companies of special public interest, and other specific cases) to around 30,000.

NIS-2 requires verifiable cybersecurity – only a certified and regularly audited ISO 27001 creates trust and security within the supply chain.”

Jürgen Seiler, Head of Business Development at Dallmeier electronic GmbH & Co.KG

Why NIS-2?
The years 2025 and 2026 mark a period of intensified regulation for essential and important entities – not only in the area of information and cybersecurity, but increasingly also in terms of physical security. This development is driven by a continuous rise in cyberattacks, physical security threats, and an increasingly tense and volatile geopolitical security environment. As the market has proven largely incapable of sufficiently regulating IT security on its own – a case of market failure – governments are stepping in to introduce stricter regulations. This is especially true for critical, essential, and important entities that are vital to the functioning of public life. A disruption or impairment of these organizations could result in severe supply shortages or threats to public security. A growing number of EU and international regulations, directives, and legislative initiatives are therefore aimed at strengthening both the cyber resilience and physical resilience of these entities.

Three dimensions of resilience, visualized in a resilience triangle, together with the corresponding European regulations

Who is affected by NIS-2?
Directly affected:
NIS-2 directly and primarily applies to all essential and important entities (in Germany, these are officially referred to as “particularly important” and “important” entities) that provide critical or important services to the European economy and civil society. 

Indirectly affected:
NIS-2 also indirectly and secondarily affects manufacturers, suppliers, sub-suppliers, and service providers, as NIS-2 entities are required to demonstrate the implementation of technical and organizational security measures throughout their supply chain (third-party risk management). Due to the explicit obligation for NIS-2 entities to ensure supply chain security, manufacturers or upstream suppliers may be subject to contractual cybersecurity requirements imposed by their NIS-2 customers.

What does NIS-2 mean for manufacturers of video surveillance systems like Dallmeier?
Video surveillance systems today are highly networked. They are often part of complex IT and OT environments, which makes them security-relevant components and potential entry points for cyberattacks – placing them directly or indirectly within the scope of NIS-2 requirements. Manufacturers of video surveillance solutions bear responsibility for the cybersecurity of their products, especially when used by NIS-2 entities or operators of critical facilities, and particularly in light of the new European NIS-2 Directive.

With NIS-2, the EU has tightened the security and resilience requirements for NIS-2 entities and critical infrastructure operators. In many cases, this also includes manufacturers and upstream suppliers, due to the legal obligation to ensure supply chain security. While the NIS-2 Directive does not directly target manufacturers, it effectively compels them to achieve a high level of cybersecurity maturity – driven by supply chain pressure and the security expectations of regulated customers. Manufacturers and suppliers who proactively implement security processes, transparency, and cooperation structures not only position themselves as preferred partners and trusted advisors – they also protect themselves from reputational damage and liability risks.

Dallmeier NIS-2 whitepaper builds transparency and trust
At Dallmeier, we support affected NIS-2 entities not only on a technical level, but also with informational and organizational guidance. For this reason, we have created a whitepaper specifically for NIS-2 customers and interested parties. This compendium provides all relevant stakeholders and decision-makers with a clear overview of the legal framework, its requirements, and compliance obligations. In Chapter 4, we outline in detail our organizational and technical approaches and the support we offer as a manufacturer, upstream supplier, and trusted advisor – including our NIS-2-compliant manufacturer profile for ensuring a secure supply chain.

NIS-2 means understanding, implementing, and accepting cybersecurity as a leadership responsibility – including full accountability and liability. At the same time, NIS-2 also defines cybersecurity as a supply chain responsibility that must be addressed through structured third-party risk management. Manufacturers become an indirect part of NIS-2 compliance through the directive’s explicit requirement for supply chain security.

The well-known principles still apply:

  • A security chain is only as strong as its weakest link
  • There is no secure supply chain without secure manufacturer products and processes

The Whitepaper is designed to serve not only as an information resource for our customers and prospects, but also to position Dallmeier as a reliable technology and supply chain partner and as a trusted advisor. We hope you find it both informative and engaging to read.

Download the whitepaper:

Whitepaper: NIS-2

[German Version]

Our personalized offering
With cybersecure video security technology Made in Germany, built-in IT security features at the product level, and our own ISO 27001 certified and regularly audited security processes, Dallmeier supports NIS-2-affected and regulated customers in meeting their NIS-2 security requirements.

If you would like to learn more about how we as a manufacturer of video surveillance solutions can actively support your NIS-2 strategy – from resilient and cybersecure systems to compliance services – feel free to contact us. Our experts are ready to work with you to develop a NIS-2-compliant solution tailored to your needs.

Are you planning a video surveillance project and unsure how to account for NIS-2, DORA, and the German CRITIS umbrella legislation?
Schedule your free 30-minute 1:1 online consultation with our CRITIS expert Jürgen Seiler – expert, practical, and straight to the point.

Further information and links:

About the Author: