The German transposition of the EU CER Directive covers physical security, supply-chain resilience and organisational continuity on top of cybersecurity. KaitoSec runs all of it on the same data model as your ISMS, BCMS and DSMS.
CER critical-entity sectors transposed into German law
KRITIS-DG and NIS2 cross-mapped onto the same controls
ISO 22301 BC plans serve KRITIS-DG continuity evidence
KRITIS-Dachgesetz, the German transposition of the EU Critical Entities Resilience (CER) Directive, extends beyond cybersecurity to cover physical security, supply chain resilience and organisational continuity for operators of critical infrastructure. KaitoSec models all of those layers on one inventory.
Most KRITIS operators carry both KRITIS-DG and NIS2 obligations. KaitoSec maps the two regimes against the same controls so an investment made for one is captured as evidence for the other. No parallel programmes, no duplicate audit cycles.
The ISO 22301 BCMS, the asset register, the supplier list and the physical-site catalogue live in one workspace. A failure of a primary site, a supplier or an ICT system traces through the same BIA chain that feeds your CER reporting.
A single view of your KRITIS-DG obligations: sector classification, designated entities, physical security measures, BC plans, incident notifications and supervisory deadlines. Each obligation shows ownership, evidence status and the next supervisory checkpoint.
Sites, perimeters, controlled areas, ICT systems and processing activities share the same inventory. The KRITIS-DG resilience plan and the ISO 22301 BIA both read from the same source.
KRITIS-DG inherits the EU CER incident notification structure. KaitoSec calculates the relevant reporting deadlines, pre-fills the notification template, and connects the supervisory submission to the same incident workflow that feeds NIS2 reporting.
Built on open catalogs: BSI, MITRE, OWASP, ENISA
Related platform features
KaitoSec