Comply with IT-Sicherheitsgesetz 2.0 to strengthen national cybersecurity readiness

IT-Sicherheitsgesetz 2.0 is Germany’s strengthened cybersecurity law designed to protect critical infrastructure and other high impact organizations. The law expands earlier requirements and introduces stricter obligations around risk management, incident reporting, and security governance.

 

CyberArrow helps organizations implement IT-Sicherheitsgesetz 2.0 and stay audit ready without manual spreadsheets or fragmented compliance efforts.

FREE DEMO
LEARN MORE

Trusted by the world’s biggest brands across the US, Europe, Africa, Asia and the Middle East.

What is IT-Sicherheitsgesetz 2.0 and can I get certified?

IT-Sicherheitsgesetz 2.0 is a German cybersecurity law that strengthens security requirements for critical infrastructure operators and companies of special public interest. It defines legal obligations for managing cybersecurity risks, implementing appropriate technical and organizational measures, and reporting security incidents to the German Federal Office for Information Security.

IT-Sicherheitsgesetz 2.0 is not a certifiable standard. Organizations do not receive a formal certificate for compliance. Instead, affected entities are required to implement the law’s requirements and be able to demonstrate compliance during regulatory audits, inspections, and supervisory reviews.

Once IT-Sicherheitsgesetz 2.0 requirements are implemented, organizations must maintain continuous compliance readiness and retain documentation and evidence to support ongoing regulatory oversight.

Requirements to implement IT-Sicherheitsgesetz 2.0 using CyberArrow

There are no special prerequisites to start. CyberArrow Customer Success guides organizations through the full compliance journey, including applicability assessment, control implementation, documentation, evidence collection, and regulatory readiness.

CyberArrow is a technology first GRC platform that automates control management, risk assessments, documentation, and evidence tracking for IT-Sicherheitsgesetz 2.0. The platform also supports policy management, task assignments, reporting, and audit preparation to reduce manual effort and compliance pressure.

CyberArrow can be used by critical infrastructure operators, companies of special public interest, and regulated organizations operating in Germany and across the European Union.

How can we help?

CyberArrow simplifies the implementation of IT-Sicherheitsgesetz 2.0 by automating as much as 90% of the work involved

automation icon

Implementation Automation

Implement IT-Sicherheitsgesetz 2.0 quickly with automations. Become certified against ISO standards with our cross-standard mappings.

chat icon

Virtual CISO

Get expert cyber security advice from a dedicated virtual CISO through the chat function and over calls.

users icon

Dedicated Team

Get a dedicated team who will work with you hand in hand during the implementation journey.

security lock icon

Low-Touch Audits

Invite auditors to conduct audits through the CyberArrow system.

What are customers saying about CyberArrow?

Ongoing IT-Sicherheitsgesetz 2.0 Monitoring

Say good-bye to manual spreadsheets and identifying security controls across multiple systems, CyberArrow  automatically gathers evidence. CyberArrow supports 80+ integrations and comes packed with auditor pre-approved document templates.

Become Compliant Today!

Security KPI Monitoring

CyberArrow continuously monitors your security posture by integrating with your technologies and processes. Security control KPI assessments and reporting is automated so you can put your time where it’s needed.

People

Process

Technology

Automated Risk Management

CyberArrow automatically manages your risk assessments. You can also upload your manual spreadsheets and take advantage of CyberArrow’s powerful reporting dashboards. The solution comes pre-mapped with 300+ risks and mitigations across IT-Sicherheitsgesetz 2.0 and other standards.

Asset Based

Service Based

Scenario Based

Why choose CyberArrow?

dollar sign icon

Save Time and Money

Automate IT-Sicherheitsgesetz 2.0 implementation process, get compliant within 3 weeks.

Plug and Play icon

Plug & Play

Be up and running within 30 minutes, we support 80+ integrations.

Growth rocket icon

No Manual Work

Put your cyber security compliance on autopilot with CyberArrow.

Ready to automate IT-Sicherheitsgesetz 2.0?

By eliminating the hundreds of hours of manual effort that were previously required to maintain your Compliance reports and certifications, you can now spend more time on other daily tasks.

Schedule a Free Demo

CyberArrow – Your Compliance Hero

compliance expert icon

Speak to Compliance Experts

Get chat support from CyberArrow’s compliance experts.

security report icon

Security Reports

Share your real-time security posture in report-format using CyberArrow.

KPI monitoring icon

KPI Monitoring

CyberArrow’s real-time KPI monitoring, assures you adhering to your security KPIs.

dedicated support icon

Dedicated Support

We provide global support. Both for technical issues and compliance questions.

Risk assessment icon

Risk Assessment

CyberArrow automates your risk-assessment end-to-end.

security icon

Security Training

CyberArrow includes a Native Awareness module to educate your staff on cyber security.

asset inventory icon

Asset Inventory

Integrate CyberArrow with your favorite asset management solution.

third party security icon

Third Party Security

Run third party assessments to ensure that your vendor's security is up to the mark.

evidence collection icon

Automated Evidence Collection

CyberArrow automatically gathers evidence across systems and documents.

1. Is IT-Sicherheitsgesetz 2.0 a certifiable standard?

No. IT-Sicherheitsgesetz 2.0 is a legal requirement, not a certifiable standard. Organizations do not receive a certificate. They must demonstrate compliance during regulatory audits and supervisory reviews.

2. How can organizations prove compliance with IT-Sicherheitsgesetz 2.0?

Organizations prove compliance through documented policies, risk assessments, implemented controls, incident records, and audit evidence. Regulators may request this information during inspections.

3. Who must comply with IT-Sicherheitsgesetz 2.0?

The law applies to critical infrastructure operators, companies of special public interest, and certain organizations with high relevance to public security or economic stability in Germany.

4. How does IT-Sicherheitsgesetz 2.0 relate to ISO 27001 and BSI IT-Grundschutz?

Many organizations use ISO 27001 or BSI IT-Grundschutz to structure their security programs. These frameworks help implement controls and maintain evidence that supports compliance with IT-Sicherheitsgesetz 2.0.

5. How often should compliance be reviewed?

Compliance should be reviewed on an ongoing basis. Organizations must be ready to demonstrate compliance at any time during audits, inspections, or regulatory inquiries.

CyberArrow can help you automate your compliance efforts with ease.