When the NIS-2 Implementation Act comes into force on December 6, 2025, the registration and reporting requirements listed therein will apply. To fulfill the registration and reporting requirements under the NIS-2 Implementation Act, the BSI provides you with the “BSI Portal” at portal.bsi.bund.de.

Registration in accordance with NIS-2 is carried out exclusively via the BSI portal provided for this purpose and not via MIP2.

Companies and public authorities can register and report security incidents on the BSI portal in accordance with the requirements of the NIS-2 Implementation Act and the Aviation Security Act. Companies that are not covered by the NIS-2 Implementation Act also have the option of voluntarily reporting incidents there. In addition, the BSI portal offers the option of anonymously reporting vulnerabilities to the BSI.

Once you have registered on the BSI portal, we ask that you use it for all future reports of security incidents or vulnerabilities.

KRITIS operators and federal authorities will continue to use MIP2 as their primary means of submitting reports, allowing them to continue using established processes during the transition period. MIP2 will remain available for this purpose until at least July 31, 2026, and is expected to remain available until December 31, 2026.

It is not necessary to submit the same report additionally via the BSI portal.