KRITIS Compliance

Meeting legal requirements for critical infrastructures – We support you with KRITIS and NIS2 through secure, compliant software development.

What is KRITIS?

KRITIS (Critical Infrastructures) refers to facilities and systems whose failure would have significant impacts on public safety, the economy or essential supply services.

Affected Sectors:

  • Transport & Traffic
  • Energy
  • Water
  • IT & Telecommunications
  • Health
  • Finance & Insurance

Do Airports Concern KRITIS?

Yes! Commercial airports above certain traffic thresholds are classified as critical infrastructures within the German KRITIS framework. Operators must therefore identify and protect all operationally essential systems – from lighting systems and cabling to control systems, data centers and communication networks.

What is NIS2?

NIS2 is the new EU directive on cybersecurity. It replaces the original NIS directive and significantly expands its scope. NIS2 introduces "essential" and "important" entities in sectors such as transport, energy, health and public administration.

What do you have to do under NIS2UmsuCG?

Under NIS2UmsuCG, many airports and their IT/OT service providers become essential or important entities. They must register, implement and document state-of-the-art security measures, and meet strict reporting and information obligations.

1. Registration

As an essential or important entity, your airport must be registered with the competent authority.

2. Compliance Evidence

Proof of appropriate technical and organizational measures: Information security management, risk analyses, policies.

3. Information Obligations

Significant security incidents must be reported and communicated within strict deadlines.

How is Innovence IT Solutions qualified?

Innovence combines many years of experience in airport software with deep knowledge of KRITIS and NIS2UmsuCG regulations.

Security-Oriented Software Development

We develop our solutions according to strict Security-by-Design principles. Threat modeling, code reviews, hardening, encryption and role-based access control are part of our standard development process.

Regulatory Expertise

We combine our regulatory expertise with our software development capabilities. This includes understanding and complying with German and EU cybersecurity regulations as well as risk management and incident response processes.

Achieving Compliance with AIRCAT

With AIRCAT, we already support airports in documenting and operating complex cable and lighting infrastructures in a reliable, field-proven manner.

  • Complete documentation of all critical systems
  • Traceable change history
  • Role-based access management
  • Audit trail for all changes
AIRCAT Architecture

What can we offer you?

Support on your path to KRITIS and NIS2 compliance

Penetration Testing & Vulnerability Analysis

We conduct penetration tests to identify and remediate vulnerabilities in your systems and networks.

  • • Web Application Security
  • • Network Security
  • • Physical Security
  • • Detailed action recommendations

Incident Response & Monitoring

We help you establish an incident response plan and a monitoring system.

  • • Incident response planning
  • • Security monitoring setup
  • • Timely incident handling
  • • Continuous monitoring

Ready for KRITIS & NIS2?

Let's develop and implement your compliance strategy together.

Get in Touch