On 6 December 2025, NIS2 stopped being a directive somewhere in Brussels and became binding German law. The NIS2-Umsetzungsgesetz took effect with no transition period, and the number of companies under BSI supervision jumped from roughly 4,500 to around 29,500 across 18 sectors1. Many of those companies are mid-sized manufacturers, suppliers, and service providers that never thought of themselves as critical infrastructure.
At the same time, AI agents are moving from pilot to production on the shop floor and in the back office. Gartner expects 40 percent of enterprise applications to feature task-specific AI agents by the end of 2026, up from less than 5 percent in 202518. An agent is not a chatbot. It reads from your ERP, writes to your systems, holds credentials, and takes actions. That makes it the fastest-growing attack surface in enterprise IT and, at the same time, an asset that now sits squarely inside a BSI-regulated ISMS.
This guide is for the CISO, CTO, or Geschaeftsfuehrer who has to do both things at once: deploy AI agents that create real value, and keep them inside the lines of a cybersecurity law that carries personal liability. No fear, no hype. Just what NIS2 actually asks, where agents change the picture, and how to build a deployment that is compliant from the first pilot.
TL;DR
NIS2 is now binding - the German implementation law took effect on 6 December 2025 with no transition period, pulling around 29,500 companies under BSI supervision.
AI agents are in scope by default - there is no AI carve-out. An agent that touches your systems falls inside your Section 30 risk management and your ISMS.
Agents are a double exposure - a new attack surface (broad permissions, prompt injection, shadow AI) and a newly regulated asset at the same time.
The clock is real - significant incidents, including agent failures, trigger a 24-hour early warning, a 72-hour notification, and a one-month final report to the BSI.
Management is personally liable - Section 38 BSIG requires directors to approve measures, supervise them, and attend cybersecurity training. It cannot be delegated away.
The Double Exposure: Attack Surface and Regulated Asset
Most articles treat AI agents and NIS2 as two separate projects. They are not. An AI agent deployment changes your cyber risk and your regulatory position in the same move, which is why it needs a single, joined-up plan.
- Agents expand the attack surface - 48 percent of cybersecurity professionals name agentic AI and autonomous systems as the top attack vector for 2026, ahead of deepfakes and other risks17.
- Agents act with real permissions - unlike a read-only chatbot, an agent authenticates, holds credentials, and takes actions across systems, so a compromise is not a leaked answer but an executed transaction22.
- Shadow AI is already inside - an estimated 68 percent of employees use AI tools without IT approval, creating agents and integrations that no ISMS currently covers21.
- Agents misbehave in the wild - 80 percent of IT professionals report having seen AI agents take unauthorised or unexpected actions21.
- The same agent is now regulated - if your company is in scope, that agent is part of the network and information systems the BSI supervises under Section 30 BSIG3.
- The cost is measurable - the average AI-agent-related data breach is estimated at 4.7 million dollars in 2026, before any regulatory fine is added17.
Why This Matters Now
Deploying an agent without a NIS2 lens does not save time - it defers the work to a worse moment. Retrofitting least-privilege access, logging, and an incident runbook onto a live agent that already holds broad credentials is slower and riskier than building them in from the first pilot. The double exposure is cheapest to close before the agent goes live.
| Dimension | Chatbot / Copilot | AI Agent | NIS2 Relevance |
|---|---|---|---|
| Access | Reads context, answers | Reads and writes across systems | Access control, MFA (Section 30) |
| Action | Suggests | Executes transactions | Incident potential, reporting |
| Credentials | Usually the user’s session | Own identity and secrets | Identity governance, logging |
| Blast radius | A wrong answer | A wrong action at machine speed | Business continuity, containment |
| Supply chain | One model API | Model, tools, data connectors, host | Supply chain security duty |
What NIS2 Now Requires (In Plain Terms)
NIS2 in Germany lives in the amended BSIG. Five paragraphs carry most of the weight, and it helps to know them by number because the BSI and your auditors will refer to them directly.
- Section 28 - Scope - defines who counts as a besonders wichtige (essential) or wichtige (important) Einrichtung, based on sector, headcount, and revenue5.
- Section 30 - Risk management - the ten minimum technical and organisational measures every in-scope entity must implement4.
- Section 32 - Reporting - the 24-hour, 72-hour, and one-month reporting duties for significant incidents8.
- Section 38 - Management duties - directors must approve and supervise measures and attend training, with personal liability attached7.
- Section 65 - Fines - up to 10 million euros or 2 percent of global turnover for essential entities, up to 7 million euros or 1.4 percent for important entities1.
The dates are already behind us, which is the point people miss. There was no grace period.
| Milestone | Date | What It Means |
|---|---|---|
| Law in force | 6 December 2025 | Risk management, reporting, and registration duties apply immediately1 |
| BSI registration portal live | From December 2025 | In-scope entities self-register via the BSI portal11 |
| Registration deadline | 6 March 2026 | Three months after the law took effect; late registration still possible10 |
| Section 39 proof of implementation | Within three years (by December 2028) | Essential entities must evidence effective measures via audits or certification9 |
Key Data Point
The BSIG lists ten minimum measures under Section 30: risk analysis, incident handling, business continuity and backups, supply chain security, security in acquisition and development, effectiveness testing, cyber hygiene and training, cryptography, access control and asset management, and multi-factor authentication with secured communications4. Every one of them applies to an AI agent the moment it touches your systems.
Are You In Scope? Essential vs Important Entities
The first question is not about agents at all. It is whether your company is regulated. NIS2 sorts in-scope organisations into two tiers, and the tier decides how hard the supervision bites.
The two tiers
| Criterion | Besonders wichtig (Essential) | Wichtig (Important) |
|---|---|---|
| Typical size | 250+ employees or over 50M euro revenue in high-criticality sectors | 50+ employees or over 10M euro revenue |
| Supervision | Proactive: audits, inspections, information requests | Reactive: after an incident or indication |
| Maximum fine | 10M euro or 2% of global annual turnover | 7M euro or 1.4% of global annual turnover |
| Proof of implementation | Required within three years (Section 39) | On request |
| Registration | Mandatory via BSI portal | Mandatory via BSI portal |
How to run the scope check
- Match your sector - check whether your activity falls in one of the 18 sectors, from energy, transport, and manufacturing to digital services, waste, food, and chemicals5.
- Apply the size thresholds - combine headcount and revenue against the tier definitions in Section 28. Group structures can pull a small subsidiary into scope5.
- Check for special cases - some entities are in scope regardless of size, such as certain digital infrastructure and public administration providers3.
- Register on the BSI portal - if in scope, register the company. The deadline was 6 March 2026 and late registration is still possible10.
- Document the determination - even a company that concludes it is out of scope should keep a dated record of the reasoning. Scope can change with the next acquisition or revenue year.
Common Trap
Many Mittelstand suppliers assume NIS2 is for utilities and banks. It is not. Manufacturing, food, waste, chemicals, and a long list of B2B service sectors are covered, and the threshold starts at 50 employees for important entities. If you sell into critical sectors, your customers will also push their supply chain security duty down to you by contract, whether or not you are directly in scope12.
Why AI Agents Widen the Attack Surface
An agent earns its value by acting on your behalf. The same property is what makes it dangerous when it is compromised or confused. These are the failure modes NIS2 expects you to manage.
- Prompt injection - a malicious instruction hidden in an email, document, or web page hijacks the agent’s goal, turning a helpful assistant into an exfiltration tool. OWASP ranks goal hijacking as the top risk for agentic applications in 202621.
- Excessive permissions - agents are often granted broad, standing access so they “just work”. A single compromised agent then reaches far more than any one employee could22.
- Identity sprawl - agents spawn service accounts, tokens, and secrets faster than IAM tools can track. Gartner warns that agent sprawl without a registry becomes ungovernable19.
- The confused deputy - an agent with legitimate access is tricked into using it for an attacker’s purpose, and the logs show the agent, not the attacker.
- Data leakage through context - an agent that pulls sensitive records into a prompt can echo them into a downstream tool, a log, or a third-party model.
- Supply chain compromise - the model, the tool integrations, and the data connectors are all third-party components that can be poisoned or breached22.
- Shadow agents - business teams stand up agents on personal accounts, outside IT’s view, with no logging and no owner21.
| Agent Risk | What Goes Wrong | NIS2 Section 30 Control |
|---|---|---|
| Prompt injection | Goal hijacked by untrusted input | Security in development, effectiveness testing |
| Excessive permissions | One compromise, wide blast radius | Access control, MFA |
| Identity sprawl | Untracked agent accounts and secrets | Asset management, cryptography |
| Data leakage | Sensitive data echoed to third parties | Cryptography, supply chain security |
| Shadow agents | Ungoverned agents outside the ISMS | Risk analysis, cyber hygiene and training |
“Every institution or person reachable from the internet is in principle under threat. Attackers deliberately search for the most vulnerable attack surfaces.”
- Claudia Plattner, President of the German Federal Office for Information Security (BSI)16
Bringing Agents Into Your Section 30 Risk Management
You do not need a separate “AI ISMS”. You extend the one you already run so that an agent is treated like any other high-privilege system - just with a few agent-specific twists. If you hold ISO 27001, industry estimates put the overlap with Section 30 at roughly 70 to 80 percent, so most of this is extension, not invention13.
Mapping the ten measures to an agent
- Risk analysis - assess each agent as its own asset: what it can read, write, and trigger, and what the worst plausible action is. Add agents to the risk register.
- Incident handling - define an agent incident class with detection signals, a kill switch, and an owner who can pause the agent within minutes.
- Business continuity - plan for the agent being wrong or offline. Keep the manual process runnable and back up the agent’s configuration and memory.
- Supply chain security - assess the model provider, tool integrations, connectors, and host. Put security terms and data location in the contract12.
- Security in acquisition and development - review prompts, tools, and connectors like code. Test against prompt injection before go-live.
- Effectiveness testing - red-team the agent regularly. Replay adversarial inputs and confirm guardrails still hold after model or prompt changes.
- Cyber hygiene and training - train the people who supervise agents to recognise abnormal behaviour and to escalate.
- Cryptography - encrypt the agent’s data in transit and at rest, and manage its secrets in a vault, not in a prompt or a config file.
- Access control and asset management - give the agent its own identity, least-privilege and time-boxed access, and an entry in the asset inventory.
- Multi-factor authentication and secured communications - protect the human and machine accounts around the agent, and route its actions over authenticated channels4.
Agent-in-ISMS Readiness Checklist
- Every production agent has a named owner and an entry in the asset inventory
- Each agent has its own identity, not a shared or human account
- Agent permissions are least-privilege and reviewed on a schedule
- All agent actions are logged in a tamper-evident, queryable store
- A kill switch can pause any agent within minutes
- Prompt-injection testing is part of the go-live gate
- The agent’s supplier is covered by your supply chain assessment
- An agent failure is a defined incident class in your runbook
Standing Broad Access vs Least-Privilege Agent Identity
Least-Privilege Agent Identity
- ✓ Small blast radius - a compromise reaches only scoped resources
- ✓ Clean audit trail - actions map to one agent identity
- ✓ Revocable - kill one agent without breaking others
- ✓ Maps to Section 30 - satisfies access control and asset management
Standing Broad Access
- ✗ Wide blast radius - one token unlocks many systems
- ✗ Opaque logs - shared accounts hide who did what
- ✗ Hard to revoke - pulling access breaks unrelated work
- ✗ Fails an audit - no least-privilege story to show the BSI
Deploy AI agents that pass a NIS2 audit
Book a 30-minute call. We will map your highest-value use case and the controls it needs from day one.

When an Agent Causes an Incident: The 24/72/30 Clock
Section 32 BSIG sets a three-stage reporting duty for significant incidents, and the clock starts the moment you become aware8. An agent that leaks data or takes a harmful action can be exactly such an incident. The reportability test looks at impact on your service, not at whether a human or a machine caused it.
The three stages
| Stage | Deadline | What You Submit |
|---|---|---|
| Early warning | Within 24 hours | Initial notice: that a significant incident occurred and whether it looks malicious or cross-border23 |
| Incident notification | Within 72 hours | Assessment: severity, impact, indicators of compromise, initial containment23 |
| Final report | Within one month | Root cause, full impact, mitigation, and lessons learned8 |
| Parallel GDPR notice | Within 72 hours | If personal data is affected, a separate Article 33 notice to the data protection authority23 |
An agent incident runbook
- Detect - alert on abnormal agent behaviour: permission escalation, unusual data volumes, actions outside the agent’s defined scope.
- Contain - hit the kill switch. Pause the agent, revoke its tokens, and isolate the systems it touched.
- Assess - use the action log to reconstruct exactly what the agent did and whether the service impact is significant.
- Report - if significant, file the 24-hour early warning to the BSI, then the 72-hour notification, then the one-month final report8.
- Recover - restore from backups, fix the root cause (a prompt, a tool, a permission), and re-test before the agent goes back online.
- Learn - feed the incident into the risk register and the effectiveness testing so the same failure cannot recur silently.
The 24-Hour Rule in Practice
The 24-hour early warning does not require a full analysis. The BSI expects a preliminary assessment, not a finished forensic report. The guidance from practitioners is blunt: better to report early and incomplete than late and detailed. An agent incident that is still being contained is exactly the kind of event the early warning exists for23.
Supply Chain, Vendors, and Management Liability
Two of the most under-appreciated parts of NIS2 land hardest on AI agent projects: the duty to secure your supply chain, and the personal duty on management. An agent is built from third-party parts and approved by named directors, so both apply directly.
The agent supply chain
- Assess every layer - the foundation model, the orchestration framework, the tool and connector integrations, and the hosting environment are all suppliers under Section 3012.
- A vendor certificate is evidence, not a discharge - a supplier’s own ISO 27001 helps, but it does not by itself meet your duty; you still assess the risk to your service14.
- Fix data location and processing - know where prompts and outputs go, which sub-processors are involved, and whether data leaves the EU.
- Get contractual security terms - reporting duties, audit rights, breach notification, and secure development commitments belong in the contract, not in a slide.
- Keep an exit path - you must be able to switch off or replace a compromised supplier without halting your service.
Management liability under Section 38
- Approve the measures - the management body must formally approve the Section 30 risk management measures, in writing7.
- Supervise implementation - approval is not enough; directors must oversee that the measures are actually in place and working7.
- Attend training - managers must take part in cybersecurity training regularly, and it must be documented7.
- Cannot be delegated - these duties cannot be outsourced to a third party; they sit with the leadership personally7.
- Personal liability - managers can be held personally liable for damage caused by a breach of these duties, which is what elevates NIS2 to a board topic7.
Build Governance In vs Retrofit It Later
Governance From Day One
- ✓ Cheaper - controls designed in cost a fraction of retrofits
- ✓ Audit-ready - documentation exists when the BSI asks
- ✓ Faster scaling - the second and third agents reuse the pattern
- ✓ Liability cover - management can show approval and supervision
Retrofit After Go-Live
- ✗ Expensive - re-scoping a live agent’s access is disruptive
- ✗ Gaps go live - the agent runs ungoverned in the meantime
- ✗ No audit story - missing logs cannot be recreated after the fact
- ✗ Exposure - unreported incidents and untrained management stay open
The 90-Day NIS2-Ready Agent Deployment
A NIS2-ready deployment is not slower than a normal one - it is a normal one done properly. Here is a week-by-week path that produces both a working agent and the evidence the BSI expects.
Phase 1: Scope and design (Weeks 1-4)
- Week 1: Confirm regulatory scope - determine your NIS2 tier and register with the BSI if you have not already. Document the determination either way.
- Week 2: Map the use case and data flows - define exactly what the agent will read, write, and trigger, and which systems and data it touches.
- Week 3: Design the agent identity - assign a dedicated identity, least-privilege scopes, secret storage, and the kill switch before any build starts.
- Week 4: Threat model and supplier check - run a prompt-injection and abuse threat model, and complete the supply chain assessment for model, tools, and host.
Phase 2: Build and test (Weeks 5-8)
- Week 5-6: Build with guardrails - implement the agent with scoped tools, input validation, and full action logging from the first line, not as an afterthought.
- Week 7: Red-team - attack your own agent with injection, confused-deputy, and data-exfiltration scenarios. Fix what breaks.
- Week 8: Write the runbook - finalise the agent incident class, detection signals, and the 24/72/30 reporting steps. Rehearse the kill switch.
Phase 3: Deploy and evidence (Weeks 9-12)
- Week 9: Controlled rollout - deploy to a limited scope with a human-in-the-loop on high-impact actions. Monitor closely.
- Week 10-11: Expand and monitor - widen scope as confidence grows, keeping logging and alerting live. Train the supervising team.
- Week 12: Produce the evidence - management approves the measures under Section 38, records the training, and files the documentation that supports a Section 39 proof later.
NIS2-Ready Go-Live Gate
- Company scope determined and BSI registration complete
- Agent has a dedicated, least-privilege identity
- All agent actions are logged and queryable
- Prompt-injection red-teaming passed
- Supplier assessment complete with contractual security terms
- Incident runbook written and kill switch rehearsed
- Management has approved measures and completed training
- Documentation stored for a future Section 39 proof
How Superkind Fits
Superkind builds custom AI agents for SMEs and enterprises, and it builds them to sit inside a regulated environment from the start. The approach is process-first and control-first: your workflows and your ISMS shape the agent, not the other way around.
- Dedicated agent identity - every agent gets its own identity, scoped credentials, and secret storage, so access control and asset management map cleanly to Section 30.
- Least-privilege by design - agents receive the narrowest access that makes the use case work, and access is reviewed rather than granted once and forgotten.
- Full action logging - every read, write, and trigger is recorded in a queryable, tamper-evident store, so an incident can be reconstructed and evidenced.
- Kill switch and human-in-the-loop - high-impact actions pause for human approval, and any agent can be stopped within minutes.
- Prompt-injection hardening - agents are built and red-teamed against goal hijacking and confused-deputy attacks before they go live.
- Runs on EU infrastructure - data stays within your infrastructure or EU-hosted environments, with clear data location and encrypted connections.
- Supplier transparency - clear documentation of the model, tools, and connectors so the agent fits your supply chain assessment.
- Audit-ready documentation - the deployment produces the records management needs to approve measures and support a Section 39 proof.
| Approach | Generic AI Platform | Superkind |
|---|---|---|
| Agent identity | Often a shared key or user account | Dedicated per-agent identity and secrets |
| Access | Broad by default | Least-privilege, scoped, reviewed |
| Logging | Basic usage metrics | Full action log for incident reconstruction |
| Data location | Often US-hosted | Your infrastructure or EU-hosted |
| Compliance evidence | Your problem | Produced as part of delivery |
Superkind
Pros
- ✓ NIS2-aware by design - controls built in, not retrofitted
- ✓ Fits your existing ISMS - extends what you run rather than adding a silo
- ✓ EU data posture - clear location and encrypted connections
- ✓ Audit-ready - documentation and logs for the BSI
Cons
- ✗ Not a self-serve tool - it involves working with our team
- ✗ Needs process access - we map the real workflow, not just docs
- ✗ Not a compliance service - we build compliant agents, we do not run your ISMS for you
- ✗ Capacity-limited - we work with a focused number of clients at a time
Decision Framework: Deploy, Harden, or Wait
NIS2 is not a reason to stop deploying agents. It is a reason to deploy them well. This framework helps you decide what to do with each agent idea on your list.
| Situation | What It Means | Action |
|---|---|---|
| In scope, new agent idea | Clean slate to build governance in | Run the 90-day NIS2-ready playbook |
| In scope, agent already live | Likely ungoverned exposure | Audit access and logging now, retrofit least-privilege |
| Shadow agents in the business | Unknown attack surface outside the ISMS | Discover, inventory, and bring under governance or shut down |
| Not sure if in scope | Scope risk compounds with growth and acquisitions | Run the Section 28 scope check and document it |
| Supplier to critical sectors | Customers push their duty down to you | Prepare supply chain evidence even if not directly in scope |
| High-impact autonomous action | Blast radius too large for full autonomy | Keep a human-in-the-loop until controls and evidence mature |
“Enterprises are treating AI agent governance as binary, either locked down or fully trusted, and that is the root cause of failure.”
- Shiva Varma, Senior Director Analyst at Gartner20
Frequently Asked Questions
NIS2 does not name AI agents, but it covers the network and information systems that run your essential and important services. An AI agent that reads from your ERP, moves data between systems, or triggers actions is part of those systems. If you are in scope as a company, the agent falls inside your ISMS and your risk management obligations under Section 30 BSIG. There is no separate AI carve-out.
The NIS2 implementation law (NIS2-Umsetzungsgesetz, which amends the BSIG) was promulgated and entered into force on 6 December 2025, with no transition period. Registration, reporting, and risk management duties applied immediately. Around 29,500 companies across 18 sectors are now under BSI supervision, up from roughly 4,500 under the previous KRITIS regime.
Besonders wichtige Einrichtungen (essential entities) are the largest or most critical organisations and face the strictest oversight, including proactive audits and fines up to 10 million euros or 2 percent of global annual turnover. Wichtige Einrichtungen (important entities) face lighter, reactive supervision and fines up to 7 million euros or 1.4 percent of turnover. Classification depends on sector, headcount, and revenue thresholds.
Section 32 BSIG requires a three-stage report to the BSI for significant incidents. An early warning is due within 24 hours of becoming aware, a fuller incident notification within 72 hours, and a final report within one month. If personal data is affected, a separate GDPR Article 33 notification to the data protection authority within 72 hours runs in parallel.
It can be. An agent that leaks data, takes a harmful autonomous action, or is manipulated through prompt injection can cause a significant disruption to your service, which is the trigger for reporting. The reportability test is about impact on the service, not about whether a human or an agent caused it. Your incident runbook should treat agent failures as a defined incident class.
No, but it gets you most of the way. Industry estimates put the overlap between a mature ISO 27001 ISMS and the Section 30 measures at roughly 70 to 80 percent. The gaps that ISO 27001 does not fully cover are the explicit supply chain security duties, the fixed 24/72/30 reporting timelines, personal management accountability, and specific controls like multi-factor authentication. NIS2 also makes the measures a legal duty, not a voluntary standard.
Section 38 BSIG places duties on the management body itself. Directors must approve the risk management measures, supervise their implementation, and attend cybersecurity training. These duties cannot be delegated to a third party, and managers can be held personally liable for damage caused by a breach of duty. This is the reason NIS2 is a board-level topic, not just an IT topic.
You register the company, not the individual agent. In-scope entities had to register via the BSI portal within three months of the law taking effect, by 6 March 2026, and late registration remains possible. What matters for agents is that they appear in your asset inventory and are covered by the risk management measures you attest to.
Supply chain security is one of the ten mandatory measures under Section 30. You must assess and manage the security of your direct suppliers and service providers, including the company that builds or hosts your AI agent. A vendor holding its own ISO 27001 certificate is helpful evidence but does not by itself discharge your duty. You need contractual security terms, data location clarity, and the ability to audit.
You carry two compounding risks. The first is the security risk of an ungoverned agent with broad permissions, which is the fastest-growing attack surface in enterprise IT. The second is the regulatory risk: unreported incidents, missing risk management, and untrained management can trigger BSI enforcement and fines up to 10 million euros or 2 percent of global turnover for essential entities.
Yes. NIS2 does not ban agents or slow down well-run deployments. It asks for the same things a competent rollout already does: a clear scope, least-privilege access, logging, an incident plan, and vendor due diligence. Teams that build these in from the first pilot move faster later because they never have to retrofit governance onto a live agent.
For a single use case, a focused team can reach a NIS2-ready production deployment in about 90 days. The first weeks map scope, data flows, and the agent identity model. The middle weeks build least-privilege access, logging, and the incident runbook. The final weeks run a controlled rollout with monitoring and produce the documentation the BSI expects. Retrofitting an ungoverned agent takes longer.
Related Articles
- AI Agent Security: Prompt Injection, Data Leakage, and the OWASP LLM Top 10 for the Mittelstand
- Agent Identity: How Mittelstand IT Teams Govern Authentication and Access for AI Agents
- DPIA for AI Agents: How the German Mittelstand Implements GDPR Article 35 for Agent Rollouts
- AI as a Compliance Assistant: How the Mittelstand Automates Audit Trails, Policies, and Reporting
- Sovereign Company Brain: Running Your Knowledge Layer on EU Soil Without Sending It to the US
Sources
- Bundesgesetzblatt - Gesetz zur Umsetzung der NIS-2-Richtlinie (NIS2UmsuCG)
- Bundesregierung - Umsetzung der NIS-2-Richtlinie beschlossen
- BSI - NIS-2-Pflichten fuer regulierte Unternehmen
- BSI - NIS-2 Risikomanagementmassnahmen (#nis2know)
- OpenKRITIS - NIS2-Umsetzungsgesetz in Deutschland
- secjur - NIS2 Anforderungen: 10 Pflicht-Massnahmen nach Paragraph 30 BSIG
- secjur - NIS2 Haftung Geschaeftsfuehrer: Paragraph 38 Pflichten
- secjur - NIS2 Meldepflicht: Fristen, Ablauf und Meldewege
- secjur - NIS2 Umsetzung Deutschland: Gesetz, Fristen und Schritte
- Security-Insider - NIS2: BSI-Registrierung bis 6. Maerz 2026
- dhpg - Registrierungspflicht nach NIS-2: BSI-Portal freigeschaltet
- NIS 2 Directive - Article 21: Cybersecurity risk-management measures
- A-LIGN - ISO 27001: The Gateway to NIS2 Compliance
- Orbiq - ISO 27001 Is Not NIS2 Compliance: What Is Actually Missing
- BSI - Jahresbericht 2025: Fortschritte bei Cybersicherheit, weiterhin hohe Verwundbarkeit
- Forschung IT-Sicherheit - BSI-Praesidentin Plattner zur Bedrohungslage
- Kiteworks - Agentic AI Attack Surface: The #1 Cyber Threat of 2026
- Gartner - 40% of Enterprise Apps Will Feature Task-Specific AI Agents by 2026
- Gartner - Six Steps to Manage AI Agent Sprawl
- Gartner - Uniform Governance Across AI Agents Will Lead to Failure (Shiva Varma)
- Practical DevSecOps - AI Security Statistics 2026
- Bessemer Venture Partners - Securing AI Agents: The Defining Challenge of 2026
- matproof - NIS2-Meldepflicht: 24h, 72h, 1 Monat
Ready to deploy AI agents that stay inside the lines?
Book a 30-minute call with Henri. We will map your highest-value use case and the controls it needs to pass a NIS2 audit - no commitment, no sales pitch.
Book a Demo →
