Kaspersky registers with Germany’s BSI under NIS 2 Directive across the European Union

The NIS 2 Directive creates a unified EU-wide framework to strengthen cybersecurity across 18 critical sectors. It requires member states to develop national cybersecurity strategies and enhances cross-border cooperation with the EU for swift response and enforcement. The obligation to register under NIS 2 applies to medium and large organizations, typically starting from 50 employees onwards or a minimum annual turnover of 10 million Euros, which operate in critical sectors such as energy, transportation, banking, health, digital infrastructure, manufacturing, ICT service management and others.

Kaspersky has been actively involved in the development of the NIS 2 Directive since 2020, both at EU level and within Member States. The company has contributed its expertise to expert hearings, public consultations, and industry dialogue initiatives. This includes formats such as the EU Cyberpolicy Forum, where Kaspersky convened policymakers and industry leaders to discuss the future of cybersecurity in Europe, as well as training programs and webinars designed to support companies and public authorities on their path to NIS 2 compliance. Additionally, some years back, Kaspersky launched its internal NIS 2 compliance program and has continuously aligned its processes, documentation, and risk management practices with evolving technologies, the threat landscape and regulatory requirements.

Strong foundation in transparency and international standards

Transparency has become a fundamental requirement in today’s digital environment. Through its Global Transparency Initiative (GTI; launched in 2017), Kaspersky implements a range of concrete measures that enable the broader cybersecurity community and stakeholders to validate the integrity and trustworthiness of its products, internal processes, and business operations. These efforts are supported by internationally renowned certifications and audits conducted by independent institutions.

Kaspersky is certified under ISO/IEC 27001, one of the most widely recognized international standards for information security. This framework provides a structured approach to identifying and managing information security risks, implementing appropriate controls, and continuously monitoring their effectiveness. The certification is based on independent audits covering key systems and processes involved in handling and storing data across Kaspersky’s global infrastructure.

In addition, Kaspersky has renewed its SOC 2 Type II audit, confirming that its processes for developing and delivering antivirus databases are effectively protected against unauthorized manipulation. Both ISO 27001 certification and SOC 2 audits are conducted by independent third parties and form an integral part of Kaspersky’s Global Transparency Initiative, reinforcing trust through continuous verification of its security practices.

“Our sustained efforts in implementing a broad range of transparency measures and third-party certifications during the last years provide a strong foundation for compliance with NIS 2 requirements and demonstrate Kaspersky’s commitment to verifiable security practices and accountability”, said Waldemar Bergstreiser, Managing Director of Kaspersky Labs GmbH. “Independent assessments, such as the study ‘Transparency Review and Accountability in Cyber Security’ by AV Comparatives [2] have also highlighted the company’s leadership in transparency and accountability within the cybersecurity industry, underlining the importance of measurable trust and governance in today’s digital landscape”.

Kaspersky supports the growing integration of transparency requirements and internationally recognized risk management standards into European legislation. In this context, the company also welcomes the alignment between NIS 2 and related initiatives such as the Cyber Resilience Act (CRA), which promotes security by design and enhanced transparency.”

Looking ahead: collaboration with BSI and European stakeholders

By contributing its expertise and threat intelligence, Kaspersky aims to further strengthen cybersecurity resilience across Europe and support organizations in navigating the evolving regulatory landscape. Backed by long-standing engagement in European cybersecurity policy, active contribution to public-private partnerships, and a strong foundation in transparency and internationally recognized standards such as ISO/IEC 27001 and SOC 2, the company continues to support organizations and authorities in navigating NIS 2 requirements and enhancing cyber resilience across the region.

“Kaspersky looks forward to the collaboration with the BSI as market surveillance authority, as well as active participation in public-private partnerships and expert forums”, concludes Waldemar Bergstreiser, Managing Director of Kaspersky Labs GmbH. “The company greatly appreciates the comprehensive information provided by the BSI on the NIS 2 implementation, which offers affected entities valuable guidance and implementation support.”

[1] The German company Kaspersky Labs GmbH is registered as a "Besonders wichtige Einrichtung." (essential entity) The registration as an MSSP applies to the entire EU. The German entity Kaspersky Labs GmbH is registered as a "particularly important entity." The MSSP registration applies to the entire EU. The text subsequently refers to the company simply as Kaspersky.

[2] “Transparency Review and Accountability in Cybersecurity" 2025 edition, commissioned by WKO (Tyrol Chamber of Commerce) and conducted by AV-Comparatives, MCI | The Entrepreneurial School®, and Studio Legale Tremolada: https://www.wko.at/tirol/information-consulting/transparency-review-and-accountability-in-cyber-security-tra.pdf