Nearly Two-Thirds of German Companies Miss New Cybersecurity Law Registration — Fines Loom
22.06.2026 - 19:58:03 | boerse-global.de
Germany’s NIS-2 implementation law has been in effect since 6 December 2025, but a majority of businesses subject to its reporting requirements have failed to register. By the 6 March 2026 deadline, 62 percent of the roughly 30,000 affected companies had not completed their initial registration with the Federal Office for Information Security (BSI).
The penalties are severe: fines of up to €10 million or 2 percent of global annual turnover, plus potential personal liability for management. On 26 May 2026, the Federal Ministry of the Interior sharpened the rules further with a draft Kritis ordinance that sets new thresholds for critical facilities in the energy sector, covering grid connections and district cooling supply.
Another regulatory deadline is approaching
Businesses that deploy high-risk artificial intelligence systems face their own hard cut-off. The EU AI Act requires compliance with governance obligations by 2 August 2026. Violations can bring sanctions of up to €35 million or 7 percent of worldwide turnover.
The twin deadlines underscore a broader shift: regulatory compliance is no longer a back-office chore but a strategic risk factor that can hit the bottom line hard.
The cost of supply chain fragility
Disruptions are already taking a massive toll. Supply chain problems cost companies more than $1.6 trillion in lost revenue growth annually, according to an Accenture analysis. Over half of affected firms lose at least one month of operational capacity when disruptions hit. The World Economic Forum notes that tariff escalations in 2025 have shifted global trade flows worth over $400 billion.
The flip side: organisations with resilient supply chains grow 3.6 percent faster than their peers.
Sustainability as a differentiator
Environmental performance is increasingly seen as a competitive edge. The Sustainable Procurement Barometer 2026 reports that 65 percent of executives now view supply chain sustainability as a clear advantage. Leading procurement functions are using innovation to drive return on investment. Ecovadis and BCG calculate that consistent loss avoidance delivers a return three to six times the investment.
AI steps into the gap
Mid-June 2026, T?Systems and SupplyOn announced a partnership that connects the Industrial AI Cloud to SupplyOn’s supply chain platform. Around 140,000 companies will gain access to AI-powered sourcing services. Meanwhile, SAP is weaving AI agents deeper into its ERP systems, aiming to cut logistics costs and reduce production error rates.
Risk management lags behind ambition
Nearly half of all companies still lack a dedicated Third Party Risk Management system. Yet 96 percent of respondents in a BlueVoyant report plan to expand their supplier ecosystem. Responsibility for compliance sits outside the IT department in 64 percent of cases, landing instead with procurement or legal.
Visibility improves — but not deep enough
Traditional metrics such as on-time delivery are now being joined by compliance-related data: customs clearance times, or the status of an Authorised Economic Operator (AEO) certification. The EU’s CSRD directive will directly require fewer companies to report on sustainability going forward, placing more emphasis on voluntary standards for smaller players. In the United States, California’s law SB 253 demands Scope?1 and Scope?2 emissions reporting from 2026, with Scope?3 coming in 2027.
Transparency at the top of the supply chain has improved from 27 percent in 2024 to 48 percent for direct (Tier?1) suppliers. But visibility into lower tiers remains murky.
