NIS2 for telecom operators and ISPs.
Public electronic communications networks and services are essential entities under NIS2 — independent of size. Coordinate BSI obligations with BNetzA supervision under TKG and the European Electronic Communications Code.
Why this matters now
Germany's modernized TKG already imposed security obligations on telecom operators. NIS2 adds broader supply-chain, training, and incident-notification duties — with BSI now the cyber authority alongside BNetzA.
- Dual regulator coordination: BNetzA under TKG § 167, BSI under NIS2
- Legacy incident-reporting flows (TKG § 168) need alignment with NIS2 Art. 23
- Supply-chain obligations extending to roaming partners and international interconnection
- Essential-entity status regardless of size — applies to small regional operators
How Matproof covers NIS2 for Telecom & Electronic Communications
Dual regulator notification
NIS2 24h/72h/1 month to BSI; TKG § 168 notifications to BNetzA. Matproof auto-populates both from one incident record.
Supply chain for telecom
Roaming agreements, interconnection partners, network-equipment vendors (especially given EU 5G Toolbox restrictions) require structured vendor management under NIS2 Art. 21(2)(d).
Network-security-specific controls
NIS2 Art. 21 combined with sector-specific expectations from BSI Orientierungshilfe for telecom covering routing security, DDoS readiness, BGP integrity, signaling system security.
Registration and executive accountability
Registration with BSI + BNetzA coordination; § 38 BSIG-neu executive liability + TKG officer responsibilities.
In scope
- Providers of public electronic communications networks (fixed line, mobile, satellite)
- Providers of publicly available electronic communications services (calls, messaging, internet access)
- ISPs and hosting-plus-connectivity bundled providers
- Submarine cable operators
- Neutral hosts and small cell networks with public service provision
Frequently asked questions
Does NIS2 replace TKG security obligations for German telecom?+
No — it layers on top. TKG § 165-168 remain in force for BNetzA-supervised telecom-specific obligations. NIS2 § 30 BSIG-neu adds cross-sector cyber obligations. A single incident may need to be reported both to BSI and BNetzA. Matproof handles the dual flow.
Are mobile virtual network operators (MVNOs) in scope?+
Yes, typically as essential entities under NIS2 Annex I. Even small MVNOs without physical network infrastructure are covered as 'providers of publicly available electronic communications services'.
How does the EU 5G Toolbox interact with NIS2 supply-chain obligations?+
The 5G Toolbox restricts 'high-risk vendors' in critical network components. NIS2 Art. 21(2)(d) requires general supply-chain security. They reinforce each other. Matproof's vendor register tags 5G Toolbox-restricted suppliers and tracks their reduction roadmap alongside general NIS2 supplier due diligence.
Ready to start with NIS2?
30-minute demo tailored to Telecom & Electronic Communications. We show you exactly how Matproof covers NIS2 for your sector.