nexalign

Glossary term

KRITIS

Also: Critical Infrastructures (Germany)

Critical infrastructures under the German BSI Act and KritisV. Facilities whose failure would lead to substantial supply disruption or threats to public safety. NIS2 substantially extends KRITIS.

KRITIS spans nine sectors: energy, water, food, IT and telecommunications, health, finance and insurance, transport and traffic, media and culture, municipal waste management, state and administration. Thresholds set in the BSI KritisV.

Duties: BSI registration, appropriate technical and organisational measures by state of the art (proof every two years), immediate notification of significant IT disruptions to the BSI, KRITIS umbrella law additionally requires physical and all-hazard resilience.

Relationship with NIS2: NIS2 extends the scope beyond KRITIS but does not replace it. Many companies are both KRITIS and NIS2 entities; the KRITIS umbrella law and NIS2UmsuCG are transposed in parallel.

Related terms

NIS2

EU directive on network and information security. Replaces NIS1, widens scope to around 30,000 Germa

BSI C5

Cloud audit catalogue of the German BSI that defines minimum security baseline and transparency duti

ISO 27001

International standard for information security management systems. Current version ISO/IEC 27001:20

AI Act Conformity Assessment

Procedure to demonstrate that a high-risk AI system complies with the EU AI Act before being placed

AI Act Risk Categories

Four-tier classification under the EU AI Act: prohibited (Art. 5), high-risk (Annex I/III), limited

Audit-ready decision

A decision whose record is structured, evidence-backed and stakeholder-signed to a level that a thir

BAIT

BaFin circular that concretises IT requirements for credit institutions. Specifies MaRisk AT 7.2 for

BCM

Discipline for maintaining critical business processes during disruptions. Standards: ISO 22301, BSI

← All termsBook a demo →