SC171: NIS-2 Executive Training – Management Responsibility and Liability

Agenda:

• Introduction to NIS-2 and the NIS-2 Implementation Act (BSIG-E)
  
  

• Legal obligations and liability risks of management
  
  

• Implementation and monitoring of risk management measures
  
  

• Minimum requirements according to Section 30 of the BSIG-E
  
  

• Reporting and registration obligations
  
  

• Resilience, business impact and crisis management
  
  

• Cyber hygiene and security culture in the enterprise
  
  

• Key Questions of the BSI™ and self-assessment of the organization
  
  

• Summary, verification and recommendations for action

Objectives:

• identify their legal obligations according to §§ 30 and 38 BSIG-E
• classify responsibility and liability within the framework of NIS-2 regulations
• develop an individual NIS2 implementation plan
• handle reporting obligations and technical minimum measures with confidence

Target audience:

• Chief Executive Officers
• Board Members and Division Heads of "important" and "particularly important" entities according to NIS-2 Implementation Act (§ 38 BSIG-E)
• Senior personnel from Compliance, Information Security, Data Protection and Risk Management who advise or represent executive management

Prerequisites:

To be able to follow the course content and learning pace of the workshop SC171 NIS-2 Executive Training – Management Responsibility and Liability effectively, you should bring the following prerequisites:

• Basic understanding of operational processes and enterprise risks
• Knowledge of ISO 27001 or BSI™ IT-Grundschutz is helpful, but not mandatory
• Technical detail knowledge is not required

Description:

With the implementation of the EU NIS-2 Directive into German law, the requirements for management are increasing significantly. According to Section 38 of the BSIG-E, management is required to implement appropriate risk management measures, monitor their effectiveness, and participate in regular training courses.
This half-day (4 hours) training course provides a practical overview of all the content recommended by the Federal Office for Information Security (BSI™) as mandatory for management in its guidance dated September 30, 2025.

The focus is on legal and organizational aspects: from fulfilling reporting and registration obligations to establishing effective risk management and promoting a culture of security.
Using realistic scenarios (e.g., supply chain attacks, ransomware incidents), participants reflect on their own organizational and decision-making structures. The BSI™'s guiding questions serve as a tool for self-assessment and developing an individual three-point action plan.

The workshop fulfills the legal training requirements under Section 38 (3) of the BSIG-E and lays the foundation for sound, liability-proof management decisions in the area of ​​cybersecurity.


For all NIS2 implementation managers, we recommend the workshop SC175 NIS2 Lead Implementer to deepen expertise.