LEGAL REQUIREMENTS 22. AUG 2025
NIS2 is coming in early 2026 – have you chosen the right solution for secure email yet?
NIS2 is back in the spotlight. At the end of July 2025, the government adopted a new draft bill for the so-called “NIS2-Umsetzungs- und Cybersicherheitsstärkungsgesetz (NIS2UmsuCG)”. According to current information, the EU directive will be incorporated into German law at the beginning of 2026 (source: heise). While some questions remain unanswered, various associations have submitted statements and called for improvements – but one thing is clear: the NIS2 directive will come into force, bringing new cybersecurity requirements for companies providing essential services and critical infrastructure, as well as their supply chains.
You will find more information here on the scope, risk management measures, and sanctions under NIS2.
As we explained in our blog article on email encryption in the supply chain in the context of NIS2, secure digital communication in the supply chain through email encryption is a central component of the new cybersecurity requirements. That’s not going to change.
The following still applies:
- Companies affected by NIS2 must secure their digital communications.
- All partners, service providers, and suppliers who exchange emails with these companies must secure their digital communication.
Why is email encryption important for NIS2 companies and their communication partners?
The goal of NIS2 is to strengthen the resilience of critical infrastructures in the EU. In its draft bill of July 25, 2025, the German government mentions the following threats, among others.
The following paragraph has been translated using DeepL for your convenience:
“In the economic sector, (…) dependencies on the IT supply chain and, in this context, cyberattacks via the supply chain (so-called supply chain attacks) are among the most serious threats. (…) In addition, disruptions and attacks in the supply chain sector have increased, both due to cybercrime and recent geopolitical shifts.
These phenomena are no longer isolated incidents, but have become part of day-to-day business operations. Enhancing the resilience of the economy against criminal or state attacks is therefore a key responsibility shared by government, industry, and society alike. (…)”
2026 may seem far off. But those that take action early on secure email communication will avoid last-minute workarounds, compliance violations that result in heavy fines – or espionage and manipulation. Protect the content and attachments of your emails.
How can you achieve NIS2-compliant email encryption?
With Z1 SecureMail, you can encrypt and sign emails centrally, automatically, and in compliance with NIS2 according to the international standards S/MIME and OpenPGP or, alternatively, with password-based encryption. This allows you to rely on future-proof processes that are also used by major market players. You remain interoperable and communicate smoothly with business partners who already encrypt emails (or are required to do so). The gateway solution can be seamlessly integrated into your existing infrastructure and ensures that all your email communication is secure. With Z1 SecureMail, you get CertMagic®, the most automated certificate management solution on the market.
This video shows you how easy email encryption is in everyday business life:
Video (5 min): Business emails automatically sign and encrypt – with every contact
Live webinar with product demo for NIS2-compliant email encryption with Z1 SecureMail (in German)
Our experts will give you an insight into the product and answer your questions live.
Register now for the live webinar
If you prefer an English presentation of Z1 SecureMail, feel free to reach out via our inquiry form.
