Stay up to date

News, tips and hints from our TISAX® world

Connection between NIS-2 and TISAX®: Does NIS-2 also affect companies with TISAX® certification?

The topics of NIS-2 and TISAX are of great importance for companies dealing with IT security and data protection. Although both terms are relevant in different areas of IT security, there are some connections and potential overlaps.

What is TISAX®?

TISAX® (Trusted Information Security Assessment Exchange) is an information security standard specifically for the automotive industry. Developed by the ENX Association, TISAX is designed to meet the requirements of ISO/IEC 27001 and ensure that suppliers and service providers in the automotive industry maintain a high level of information security. A TISAX® label, often referred to in common parlance as a TISAX® certificate, is therefore an important seal of quality for companies in this sector to prove their information security measures.

What is NIS-2?

NIS-2(Networkand Information SecurityDirective 2) is the revised version of the European Union’s NIS Directive. It aims to strengthen cyber security in the EU member states. NIS-2 primarily affects operators of critical infrastructures and important service providers that are essential for maintaining essential social and economic activities. The directive requires these companies to take strict security precautions and report cyber incidents.

Does NIS-2 also affect companies with a TISAX® label?

Although the NIS 2 directive and the TISAX® standard do not overlap directly, there are points of contact that are relevant for companies that have to comply with both standards. If a company in the automotive industry operates both critical infrastructures and has a TISAX® certificate, it must take the requirements of both directives into account.

Connections and synergies between NIS-2 and TISAX®:

  1. Increased security requirements: Both directives require high standards of information security. Companies that have the TISAX® assessment have already implemented many security measures that can also be helpful for NIS-2 compliance.
  2. Risk management: Both TISAX® and NIS-2 attach great importance to effective risk management. Companies that have a TISAX® label usually already have robust risk assessment and mitigation processes in place that can also meet the requirements of NIS-2.
  3. Reporting of security incidents: NIS-2 requires the reporting of cyber incidents to the relevant authorities. Companies that are TISAX® audited have already implemented procedures for detecting and reporting security incidents, which facilitates compliance with this NIS 2 requirement.


While TISAX® and NIS-2 address different contexts of information security, there are overlaps that companies should be aware of. Especially for companies in the automotive industry that have a TISAX® label and are also covered by the NIS-2 directive, it is important to integrate both standards and utilize synergies in order to design their security strategies effectively and efficiently.

Companies should therefore carefully review the requirements of both sets of regulations and ensure that they are fully prepared to comply with both TISAX® and NIS-2. An integrated approach to information security can help to meet legal requirements while maximizing the security of information systems.

Further information on NIS-2 and KRITIS can be found on our topic page.