-
Digital advisory & IT consulting
Mastering digitalisation together
-
Operational Advisory
Solidifying and supporting transformation
-
Deal Advisory
We’ll advise you on national and international transactions
-
Valuation & economic and dispute advisory
We’ll value your business fairly and realistically
-
Debt advisory & treasury services
Funding and treasury consulting to the client’s advantage
-
Tax for businesses
Because your business – national or international – deserves better tax advice.
-
Tax for financial institutions
Financial services tax – for banks, asset managers and insurance companies
-
Global mobility services
Avoid double taxation – and minimise costs
-
Employment law
Representation for businesses
-
Commercial & distribution
Making purchasing and distribution legally water-tight.
-
Financial Services | Legal
Your Growth, Our Commitment.
-
Business legal
Doing business successfully by optimally structuring companies
-
Real estate law
We cover everything on the real estate sector, the hotel industry, and the law governing construction and architects, condominium ownership, and letting and renting.
-
IT, IP and data protection
IT security and digital innovations
-
Mergers & acquisitions (M&A)
Your one-stop service provider focusing on M&A transactions
-
Sustainability strategy
Laying the cornerstone for sustainability.
-
Sustainability management
Managing the change to sustainability.
-
Legal aspects of sustainability
Legal aspects of sustainability
-
Sustainability reporting
Communicating sustainability performance and ensuring compliance.
-
Sustainable finance
Integrating sustainability into investment decisions.
-
Grant Thornton B2B ESG-Study
Grant Thornton B2B ESG-Study
-
International business
Our country expertise
-
Entering the German market
Your reliable partners.
NIS2 Directive – the current status
The NIS2 Directive has the overarching objective of establishing a uniform minimum standard for information security within various sectors and industries in the EU. In particular, there are to be stricter security measures and better collaboration on the European level.
In Germany, there is still no final national transposing law that will make the NIS2 Directive definite. But the current bill for the NIS 2 Implementation Act (NIS2UmsuCG) is expected to be passed by March 2025. This gives companies only a limited amount of time to prepare for the provisions to come. These new rules will probably particularly affect retail companies that:
- process large amounts of customer data
- use digital payment systems or
- are heavily involved in interconnected supply chains.
NIS2 requirements in the retail sector
The new rules present considerable hurdles to many businesses. The greatest challenge in the retail sector will presumably be complex supply chains, which often include external IT service providers, logistics companies and other partners. The IT and cyber security standards of these partners could also influence the entire ecosystem. For example, a security incident at a single external member of this chain can have serious consequences for the company’s entire organisation. At the same time, the pressure is rising to safeguard customers’ digital data (which are increasingly a focus) and to ensure the NIS2 rules are complied with on time, that is, by the start of 2025.
The additional regulatory burden that NIS2 brings with it includes obliging companies not only to prevent security incidents, but also to document them properly. The details of particularly serious incidents are even to be reported to the responsible authorities. Furthermore, companies must carry out regular reviews and updates of their IT security measures. This can be a big burden, especially for mid-market or regional retailers, who often don’t have the necessary resources or know-how. On top of this, existing IT systems and measures frequently don’t conform to the security requirements laid down by NIS2. This can make additional investment necessary.
Solutions and outlook for the retail sector
Despite these challenges, at the same time, the implementation of NIS2 offers retail potential and opportunities. The first step for companies is to conduct a comprehensive risk analysis. This allows IT assets to be identified on a risk basis and vulnerabilities in your IT infrastructure exposed. Based on the results, targeted steps can then be taken to close gaps in security and comply with the relevant requirements of the NIS2 Directive. Furthermore, clear strategies to respond to potential security incidents are indispensable. Contingency plans, reporting processes or even a structured way of dealing with security incidents can be decisive in mitigating the effects of a cyber-attack.
Working closely with experienced IT security experts can effectively help implement the requirements efficiently. External partners often have the expertise necessary to both examine existing systems and optimise processes.
Businesses that respond to the necessary requirements early are not only able to mitigate risks but also gain an advantage over the competition. A robust cyber-security strategy not only strengthens resilience against attacks but also builds trust with customers and partners. NIS2 has not yet been finally transposed into German law. Nevertheless, companies should act now, because at present no deadlines for implementing the NIS2 measures have been laid down. You should already have implemented the requirements by the time the national NIS2UmsuCG comes into force. So using the remaining time to prepare as best you can is important.
Our expertise gained from a variety of NIS2 projects can help you implement the requirements efficiently and for the long-term. Contact us to develop a customised cyber-security strategy for your company together.
The article was written by our expert Jonas Neurath.