September 05, 2023 / BG / Reading time: 3 min

EU Directive NIS2: Expert Talk with Steffen Zimmermann

NIS2 stands for ‘Network and Information Security Directive 2’ and represents a further development of the European Network and Information Security Directive NIS1, which came into force in 2016. Its aim is to strengthen the resilience of EU member states against cyber threats.

Previously, the focus was particularly on large corporations and companies from the KRITIS sector (critical infrastructures). In NIS2, both the selection criteria and the measures were expanded, thus significantly widening the group of companies concerned. By October 2024, all EU member states must have implemented the requirements in national law.

Here you can find the official publication of the NIS2 Directive (officially: Directive (EU) 2022/2555) by EUR-Lex, the online gateway to EU Law: NIS Directive

With Steffen Zimmermann from the association of Germany’s engineering industry (VDMA), we explain what the new directive is all about and go into more detail on the following questions:

  • What is NIS2 about and what deadlines apply?
  • IT or OT – Which systems are affected by NIS2?
  • Will companies choose between security or compliance in the future?
  • How do you meet the individual requirements such as the supply chain audit?


Steffen Zimmermann knows exactly what he is talking about. As Head of Industrial Security at the VDMA, based in Frankfurt, he has been responsible for security issues such as information security, OT security and product security within the association for many years.

Sebastian Pfaller is Head of Product Management at ondeso. As such, he is in constant exchange with our customers regarding the latest requirements for our products and services. He is also a regular member of the VDMA Industrial Security working group.


Here you can find the recording:
(German only)


By loading the video, you agree to YouTube's data processing.
Learn more

Load video


A foretaste to the interview:

The new EU directive NIS2 – what exactly is it about? As an extension of the original NIS directive, NIS2 provides a guideline that defines authoritative regulations for the countries of the EU. The purpose of the whole matter is to bring the often widely divergent rules of the individual countries to a common standard and to ensure more security – especially for critical infrastructures.

Important, system-relevant companies, such as waterworks, and also their suppliers or service providers are seen as critical infrastructures. This is now covered by the new regulation.

In general, NIS2 affects both the IT and OT areas. Therefore, a detailed list of all assets is important for proper risk management. A system-relevant company must be able to continue production even in the event of an exception. All technical systems must be considered with the aim of functioning reliably over the long term and surviving cyberattacks with little to no effect.

Furthermore, the question arises to what extent the requirements of NIS2 must be reviewed. The fact is that this must happen regularly without losing focus. Because even if the company is constantly checked in terms of compliance (adherence to regulations), the actual goal of the whole thing must not be neglected: secure, reliable operation.


More useful info:

Any questions?

If you want to learn more about what the new EU directive will mean for you and your company, don’t hesitate to contact us!


Do you know all of your OT clients?

With ondeso SR you are able to capture and manage OT clients from different manufacturers.


About ondeso

Here you can learn more about our company and our expertise as a pioneer and market leader.



Here you will find an overview of our products and solutions.


Contact us

Would you like to learn more? Do not hesitate to contact us, we will be happy to help you.