German Businesses Face Personal Liability Crunch as EU Cybersecurity Rules Bite

German Businesses Face Personal Liability Crunch as EU Cybersecurity Rules Bite

German Businesses Face Personal Liability Crunch as EU Cybersecurity Rules Bite

https://www.ad-hoc-news.de/boerse/news/ueberblick/german-businesses-face-personal-liability-crunch-as-eu-cybersecurity-rules/69753954

Publish Date: 2026-07-12 09:22:00

Source Domain: www.ad-hoc-news.de

Company directors across Germany are now personally on the hook for cybersecurity failures, as the NIS2 implementation law that took effect in December 2025 begins to bite. Under the rules, top management can be fined up to ten million euros or two percent of global annual turnover for non-compliance.

The stakes are high. According to the Federal Office for Information Security (BSI), only 11,500 of the roughly 29,500 affected companies – a mere 39 percent – had registered by July 9. Even fewer, 34 percent, already meet all regulatory requirements. The one-off investment needed to comply is estimated at about 2.2 billion euros, with annual follow-up costs of around 2.3 billion euros.

Advertisement

While cybersecurity compliance demands attention, the same rigorous approach to risk documentation can protect your business from costly workplace safety failures. Many directors underestimate the gap in their occupational safety records, exposing them to personal liability. Download the free Risk Assessment Toolkit – 41 ready-to-use templates and checklists that simplify compliance.

These numbers emerged shortly after the European Commission unveiled a new action plan for artificial intelligence and cybersecurity on July 7. Yet the gap between Brussels’ announcements and on-the-ground reality remains stark.

Cyber attacks hit production lines hard

Roughly 87 percent of German companies have suffered cyber attacks, with total damages nearing 290 billion euros. Particularly concerning: 73 percent of attacks deliberately target production systems. Despite this, studies show that more than half of all firms have significant gaps in their workforce’s digital skills.

Internal vulnerabilities compound the threat. IT forensics analyses reveal that over 80 percent of businesses have problems with authentication. In more than 60 percent of cases, security-relevant events are insufficiently logged.

A well-functioning emergency plan can cut…

Source