What are the consequences of NIS2 for mechanical and plant engineering? A compact review of key requirements, obligations and practical guidance for companies.
Many companies are not yet aware that they are affected by the new NIS2 law – or they are putting the issue off because it seems complex and daunting. However, mechanical and plant engineering in particular is one of the relevant sectors and should deal with the new cyber security requirements.
NIS2 is not a classic IT topic. It is not about an isolated project in the IT department, but about the cyber resilience of the entire company. Clear structures, defined processes and effective risk management are required – with the management taking responsibility.
With this in mind, ProduktionNRW and the NIS2 Anlaufstelle NRW – the neutral and free orientation and advice center funded by the state of North Rhine-Westphalia – held a virtual information event on May 19, 2026. The aim was to provide North Rhine-Westphalian companies with clear guidance and to highlight the first concrete steps to take.
Overview and obligations regarding NIS2
Jana Knuth, project manager of the NIS2 contact point NRW, started the event by providing an overview of the directive: NIS2 aims to create a uniform level of security across Europe. This includes binding reporting obligations in the event of security incidents as well as significantly stricter sanctions. The national implementation law has been in force since December 6, 2025.
The focus was then on the specific requirements for companies. Affected organizations must register and are divided into “important” and “particularly important” facilities depending on their importance.
In addition, companies must establish a structured risk management system. This includes, among other things
- the systematic analysis of risks
- Measures to deal with security incidents
- Safeguarding ongoing operations
- regular training of employees
- technical protective measures such as secure communication and access controls
A key point: NIS2 is explicitly aimed at company management. It is responsible for implementing and monitoring the measures and can be held liable in the event of breaches.
Clarification of who is affected
For many participants, the question of how they would be affected was particularly relevant. This depends on company size, turnover and sector, among other things. However, the classification is often not clear, especially in mechanical and plant engineering. Practical support is provided by digital tools such as the FitNIS2 Navigator or the BSI’s impact assessment.
Another important aspect is the supply chain: even companies that are not directly covered by NIS2 can be indirectly affected – as suppliers, for example. It is becoming apparent that security requirements will be contractually regulated more along the value chain in future. Companies should therefore prepare for the corresponding verification and coordination at an early stage.
Exchange of experience and discussion
In the concluding discussion, it became clear that international corporate structures in particular raise questions. The decisive factor here is how closely IT and security structures are interlinked between different locations. Whether and to what extent individual units are affected depends largely on this.
The event has clearly shown: NIS2 is more than just new regulation. It is a strategic task for company management – and at the same time an opportunity to systematically improve your own cyber security and remain competitive in the long term.
Further information
- You can find the NIS2 contact point NRW here.
- You can find the FitNIS2 Navigator here.
- The BSI impact assessment can be found here.
Organizer
The event was organized by ProduktionNRW. ProduktionNRW is the cluster of mechanical engineering and production technology in North Rhine-Westphalia and is organized by VDMA NRW. ProduktionNRW sees itself as a platform for networking, informing and marketing companies, institutions and networks with each other and along the value chain. Significant parts of the services provided by ProduktionNRW are funded by the Ministry of Economic Affairs, Industry, Climate Protection and Energy of the State of North Rhine-Westphalia.