German Workshop Directors Personally Liable for IT Security Under New EU Cyber Law
03.07.2026 - 15:24:41 | boerse-global.de
Company executives in Germany’s automotive service sector face a personal liability trap if they fail to implement adequate cyber defences by the end of July 2026. Christoph Neukam, an IT specialist at service provider Axians, warned that simply registering for the EU’s NIS-2 directive is insufficient. “Businesses must demonstrate functioning incident-response processes by 31 July 2026,” he said. Under the German GmbH Act and Stock Corporation Act, directors and managing officers can be held personally liable for cyber incidents if they have not installed a proper information security management system (ISMS). A single ransomware attack could cause damage running into millions of euros.
Paradoxically, at the same time the federal government is trying to cut red tape. In early July it presented an amendment to the Gewerbeordnung – the trade regulation code – that would allow digital submission of inspection reports. Economic Affairs Minister Wolfgang Hattmannsdorfer, Innovation Minister Peter Hanke and State Secretary Sepp Schellhorn unveiled the deregulation package, which is expected to eliminate roughly 5,000 on-site checks each year. For car dealerships, the novella brings permit exemptions for photovoltaic systems and electric-vehicle charging stations. Permits at temporarily paused sites will now remain valid for up to seven years, and in exceptional cases up to ten. New business owners get a transition period of five years for handover processes.
To help workshops navigate the growing compliance burden, DEKRA launched a specialised operator-duty management service at the start of July 2026. The package systematically covers the inspection of work equipment, electrical installations and pressure vessels, ensuring alignment with the Betriebssicherheitsverordnung (Occupational Safety Ordinance) and DGUV rules. It also addresses the handling of hazardous substances and the transport of dangerous goods. Updated inspection and certification offers for manufacturing and logistics industries follow a similar logic, with a focus on sustainable supply chains and cybersecurity.
Handling hazardous substances and dangerous goods demands thorough documentation to meet legal duties and avoid costly penalties. A free COSHH Risk Assessment Toolkit provides 43 fully customizable templates, checklists, and toolbox talks designed to simplify compliance with COSHH regulations. Download the free COSHH Risk Assessment Toolkit
Meanwhile, another regulatory deadline looms. The Barrierefreiheitsstärkungsgesetz (BFSG) – the Accessibility Strengthening Act – came into force in summer 2025, but experts expect a wave of checks and warnings in 2026, particularly for websites offering consumer services.
On the technology front, the upcoming Automechanika trade fair will showcase AI-based telephone assistants and high-voltage battery training. A first brake fluid containing 60 percent recycled content is also entering the market. Volkswagen, together with partners, is pushing ahead with predictive maintenance: real-time vehicle data will be integrated into fleet-management systems so that dealers can forecast service needs before a breakdown occurs. The full European rollout is planned over five years.
To prepare leaders for digitalisation and new mobility concepts, the VDIK (Association of International Motor Vehicle Manufacturers) and the ZDK (German Association for the Motor Industry) have teamed up with the University of St. Gallen. Their Senior Executive Programme begins in March 2027; applications are open until the end of November 2026.
