NIS2 registration deadline is March 6, 2026
Summary:
- Deadline March 6, 2026: Mandatory BSI registration for around 30,000 companies.
- ELSTER bottleneck: Registration requires an organization certificate - the application often takes several days.
- Immediate obligation: Reporting obligations (24-hour deadline) already apply, regardless of registration.
Focus: responsibility instead of delegation
With the NIS2 Implementation Act, cybersecurity explicitly becomes a management task. Management bears legal responsibility for the approval, monitoring and effectiveness of the measures. It must actively monitor implementation anddemonstrably continue their training. The operational implementation can be delegated - but the overall legal responsibility cannot. Violations of registration, security or reporting requirements can result in significant fines.
The registration process: two steps to demonstrate compliance
Do not wait until the deadline of March 6, 2026. The process is administratively complex:
- Company account(MUK): The basis is an ELSTER organization certificate. Check immediately whether this is available (usually in the tax department).
- BSI portal:Reporting in the central portal is only possible with MUK access. Sector classification and 24/7 contact points are stored here.
24 hours to report: The new time calculation
When there are significant security incidents, the clock is ticking:
- 24 hours: First report (early warning) after it becomes known.
- 72 hours: Detailed assessment of the incident.
- 30 days: Final root cause analysis report.
Your incident response processes must be so robust that reports can be made in a legally compliant manner, even on public holidays.
Strategic Roadmap: Your next steps:
- Status quo MAJKE: Check access to the organization certificate today.
- Governance update:Ensure that NIS2 is regularly addressed at board level. Document your monitoring activities to protect against liability claims.
- Supply Chain Check:Anticipate NIS2 requests from your customers and prepare your ownRequirements for your suppliersbefore.
Are you looking for concrete step-by-step instructions for BSI registration? Read our handy guide:NIS2 registration with BSI: Complete instructions in 3 steps
Conclusion:
TheNIS2 registrationis not a technical ticket, but your digital insurance policy. Anyone who misses the March 6th deadline creates an avoidable regulatory risk with potential fines and liability consequences.
Act now:Check ELSTER availability today.
📖 Also read:Missed NIS2 deadline? These fines and liability risks will be imposed from March 2026
📖 Also read:Missed NIS2 deadline? These fines and liability risks will be imposed from March 2026
Related articles
Continue exploring with related insights from our experts.
Cyber Insurance: Requirements, Costs, and Selection Guide for Businesses 2026
Cyber insurance covers financial losses from cyberattacks, data breaches, and IT outages. This guide explains what insurers require in 2026, coverage types, costs by company size, and how to choose the right policy — including how ISO 27001 certification reduces premiums.
Vulnerability Management: The Complete Lifecycle for Finding, Prioritizing, and Remediating Weaknesses
Over 30,000 CVEs are published annually. Effective vulnerability management prioritizes what matters most to your organization and remediates before attackers exploit. This guide covers the full lifecycle: discovery, scanning, risk-based prioritization, remediation, and compliance.
Security Awareness Training: Building Effective Programs and Measuring Impact
The human layer remains the weakest link in cybersecurity. This guide covers how to build an effective security awareness program, run phishing simulations, design role-based training, and measure whether your program actually reduces risk — with benchmarks and KPIs.