{"id":388637,"date":"2026-04-08T12:39:46","date_gmt":"2026-04-08T10:39:46","guid":{"rendered":"https:\/\/reev.com\/nis2-and-electromobility-what-operators-need-to-know-now\/"},"modified":"2026-04-08T14:41:00","modified_gmt":"2026-04-08T12:41:00","slug":"nis2-electromobility","status":"publish","type":"post","link":"https:\/\/reev.com\/en\/nis2-electromobility\/","title":{"rendered":"NIS2 and electromobility: what operators need to know now"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"388637\" class=\"elementor elementor-388637 elementor-388289\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-0fc9c33 color-change e-flex e-con-boxed e-con e-parent\" data-id=\"0fc9c33\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-ee2ae30 jet-breadcrumbs-align-left elementor-widget elementor-widget-jet-breadcrumbs\" data-id=\"ee2ae30\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"jet-breadcrumbs.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-jet-breadcrumbs jet-blocks\">\n\t\t<div class=\"jet-breadcrumbs\">\n\t\t<div class=\"jet-breadcrumbs__content\">\n\t\t<div class=\"jet-breadcrumbs__wrap\"><div class=\"jet-breadcrumbs__item\"><a href=\"https:\/\/reev.com\/en\/\" class=\"jet-breadcrumbs__item-link is-home\" rel=\"home\" title=\"Home\">Home<\/a><\/div>\n\t\t<\/div>\n\t\t<\/div>\n\t\t<\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-54cf700 color-change e-flex e-con-boxed e-con e-parent\" data-id=\"54cf700\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-f6c52e3 e-con-full e-flex e-con e-child\" data-id=\"f6c52e3\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-d6caf8e elementor-widget elementor-widget-heading\" data-id=\"d6caf8e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">NIS2 and EV Charging<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a9dba71 elementor-widget elementor-widget-text-editor\" data-id=\"a9dba71\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<h4 data-start=\"552\" data-end=\"887\"><span style=\"color: #000000;\">What It Means for Operators and How It Is Implemented at reev<\/span><\/h4>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-31cbd49 elementor-widget__width-initial elementor-widget-tablet__width-inherit elementor-widget elementor-widget-image\" data-id=\"31cbd49\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"1376\" height=\"768\" src=\"https:\/\/reev.com\/wp-content\/uploads\/reev-Cybersecurity-Blog_EN-1.jpg\" class=\"attachment-full size-full wp-image-388660\" alt=\"\" srcset=\"https:\/\/reev.com\/wp-content\/uploads\/reev-Cybersecurity-Blog_EN-1.jpg 1376w, https:\/\/reev.com\/wp-content\/uploads\/reev-Cybersecurity-Blog_EN-1-300x167.jpg 300w, https:\/\/reev.com\/wp-content\/uploads\/reev-Cybersecurity-Blog_EN-1-1024x572.jpg 1024w, https:\/\/reev.com\/wp-content\/uploads\/reev-Cybersecurity-Blog_EN-1-768x429.jpg 768w\" sizes=\"(max-width: 1376px) 100vw, 1376px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-5adead5 color-change e-flex e-con-boxed e-con e-parent\" data-id=\"5adead5\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-8ce7142 e-con-full e-flex e-con e-child\" data-id=\"8ce7142\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t<div class=\"elementor-element elementor-element-8fa394b e-con-full e-flex e-con e-child\" data-id=\"8fa394b\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-3860b47 elementor-widget elementor-widget-text-editor\" data-id=\"3860b47\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<h4 aria-level=\"2\"><span style=\"color: #000000;\"><strong>NIS2 in Practice<\/strong> <\/span><\/h4><p><span style=\"color: #000000;\">With the NIS2 Directive (EU 2022\/2555), the European Union specifies requirements for cybersecurity, risk management and management accountability in defined sectors. The directive addresses organisations, not technologies or infrastructures as such. <\/span><\/p><p><span style=\"color: #000000;\">reev has assessed the applicability of the NIS2 Directive as part of an internal evaluation. Based on this assessment and taking into account the German transposition under the amended BSIG framework, reev treats itself as an entity within scope classified as an \u201cimportant entity.\u201d The requirements of the directive are integrated into existing governance and management structures. <\/span><\/p><h4 aria-level=\"2\"><span style=\"color: #000000;\"><strong>Scope and Categorisation<\/strong> <\/span><\/h4><p><span style=\"color: #000000;\">NIS2 distinguishes between \u201cessential entities\u201d and \u201cimportant entities.\u201d Both categories are subject to comparable security requirements. Differences primarily concern the intensity of supervisory oversight. <\/span><\/p><p><span style=\"color: #000000;\">Whether an organisation falls within scope depends on: <\/span><\/p><ul><li><span style=\"color: #000000;\">national transposition <\/span><\/li><li><span style=\"color: #000000;\">sector classification <\/span><\/li><li><span style=\"color: #000000;\">applicable size or relevance thresholds <\/span><\/li><\/ul><p><span style=\"color: #000000;\">Applicability must therefore be assessed on an individual basis. <\/span><\/p><h4 aria-level=\"2\"><span style=\"color: #000000;\"><strong>Core Requirements under NIS2<\/strong> <\/span><\/h4><h5 aria-level=\"3\"><span style=\"color: #000000;\"><strong>Risk Management and Resilience<\/strong> <\/span><\/h5><p><span style=\"color: #000000;\">Organisations are required to implement appropriate and documented measures covering in particular: <\/span><\/p><ul><li><span style=\"color: #000000;\">prevention of cyber threats <\/span><\/li><li><span style=\"color: #000000;\">detection of security incidents <\/span><\/li><li><span style=\"color: #000000;\">response and recovery <\/span><\/li><li><span style=\"color: #000000;\">business continuity and crisis management <\/span><\/li><\/ul><p><span style=\"color: #000000;\">These measures must be risk-based and fall under the responsibility of the management body. <\/span><\/p><h5 aria-level=\"3\"><span style=\"color: #000000;\"><strong>Incident Notification Obligations<\/strong> <\/span><\/h5><p><span style=\"color: #000000;\">Article 23 establishes a three-stage reporting process: <\/span><\/p><ul><li><span style=\"color: #000000;\">early warning within 24 hours of becoming aware of a significant incident <\/span><\/li><li><span style=\"color: #000000;\">updated notification within 72 hours including an initial assessment of impact <\/span><\/li><li><span style=\"color: #000000;\">final report within one month <\/span><\/li><\/ul><p><span style=\"color: #000000;\">Organisations must also maintain structured internal processes defining responsibilities, decision-making pathways and documentation standards. Reporting obligations therefore concern both timing and formalised communication with competent authorities. <\/span><\/p><h5 aria-level=\"3\"><span style=\"color: #000000;\"><strong>Management Accountability<\/strong> <\/span><\/h5><p><span style=\"color: #000000;\">Management bodies are required to approve cybersecurity risk management measures and oversee their implementation. National transpositions may introduce training and information obligations for members of management. <\/span><\/p><p><span style=\"color: #000000;\">Supervisory authorities are granted enforcement powers that may include administrative fines, binding orders, audits and inspections. <\/span><\/p><h5 aria-level=\"3\"><span style=\"color: #000000;\"><strong>Supply Chain Security<\/strong> <\/span><\/h5><p><span style=\"color: #000000;\">Organisations must systematically address risks arising from third-party relationships. This includes: <\/span><\/p><ul><li><span style=\"color: #000000;\">assessing the security posture of critical suppliers <\/span><\/li><li><span style=\"color: #000000;\">implementing appropriate contractual safeguards <\/span><\/li><li><span style=\"color: #000000;\">documenting and monitoring supply chain risks <\/span><\/li><\/ul><p><span style=\"color: #000000;\">Documentation and evidentiary requirements form part of the regulatory framework. <\/span><\/p><h4 aria-level=\"2\"><span style=\"color: #000000;\"><strong>ISO 27001 and NIS2<\/strong> <\/span><\/h4><p><span style=\"color: #000000;\">reev operates an Information Security Management System (ISMS) aligned with ISO 27001. This provides the structural basis for risk management, incident management, business continuity and supplier governance. <\/span><\/p><p><span style=\"color: #000000;\">As part of an internal gap analysis, the requirements of the NIS2 Directive were compared with existing ISO 27001 structures. While ISO 27001 covers key elements of information security management, it does not replace a dedicated NIS2 compliance framework. <\/span><\/p><p><span style=\"color: #000000;\">NIS2 introduces additional formal requirements, including: <\/span><\/p><ul><li><span style=\"color: #000000;\">registration with competent authorities <\/span><\/li><li><span style=\"color: #000000;\">defined regulatory reporting timelines <\/span><\/li><li><span style=\"color: #000000;\">expanded documentation obligations <\/span><\/li><li><span style=\"color: #000000;\">explicit management accountability <\/span><\/li><li><span style=\"color: #000000;\">formalised communication with supervisory authorities <\/span><\/li><\/ul><p><span style=\"color: #000000;\">These additional requirements have been incorporated into existing governance, reporting and supplier management processes and formally embedded within organisational structures. <\/span><\/p><h4 aria-level=\"2\"><span style=\"color: #000000;\"><strong>System Architecture in a Regulatory Context<\/strong> <\/span><\/h4><p><span style=\"color: #000000;\">Regulatory obligations must be supported operationally. <\/span><\/p><p><span style=\"color: #000000;\">In charging operations, a backend system \u2014 commonly referred to as a CPMS (Charge Point Management System) \u2014 typically functions as the central management and control layer of the charging infrastructure. Energy management systems (EMS) may also be integrated to manage grid connection, load distribution and energy optimisation.<\/span><\/p><p><span style=\"color: #000000;\">System architecture constitutes a technical component of regulatory implementation capability, particularly in relation to: <br \/><\/span><\/p><ul><li><span style=\"color: #000000;\">access control<\/span><\/li><li><span style=\"color: #000000;\">logging<\/span><\/li><li><span style=\"color: #000000;\">traceability of security-relevant events<\/span><\/li><li><span style=\"color: #000000;\">support for documented processes <\/span><\/li><\/ul><p><span style=\"color: #000000;\">NIS2 compliance remains an organisational responsibility of the respective entity and encompasses governance, contractual and procedural measures beyond the technical layer. <\/span><\/p><h4 aria-level=\"2\"><span style=\"color: #000000;\"><strong>The Role of the reev Energy and Charging Platform<\/strong> <\/span><\/h4><p><span style=\"color: #000000;\">The reev energy and charging platform is designed to technically support structured security and documentation processes within charging operations. <\/span><\/p><p><span style=\"color: #000000;\">It enables, among other things: <\/span><\/p><ul><li><span style=\"color: #000000;\">implementation of granular access controls and multi-factor authentication <\/span><\/li><li><span style=\"color: #000000;\">structured logging of security-relevant events <\/span><\/li><li><span style=\"color: #000000;\">support for audit-related documentation requirements <\/span><\/li><li><span style=\"color: #000000;\">controlled integration of third-party systems <\/span><\/li><\/ul><p><span style=\"color: #000000;\">These capabilities support the technical implementation of regulatory requirements. <\/span><\/p><p><span style=\"color: #000000;\">The platform itself does not constitute NIS2 compliance. Compliance with regulatory obligations remains the responsibility of the respective organisation.<\/span><\/p><h4 aria-level=\"2\"><span style=\"color: #000000;\"><strong>Conclusion<\/strong> <\/span><\/h4><p><span style=\"color: #000000;\">NIS2 specifies requirements relating to risk management, management accountability, reporting processes and supervisory oversight in the area of cybersecurity. reev treats the directive as an applicable regulatory framework and integrates its requirements into existing ISMS and governance structures. Technical system architecture supports this implementation but does not replace organisational responsibility. <\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-f50bd67 e-flex e-con-boxed e-con e-parent\" data-id=\"f50bd67\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-8f35231 e-con-full e-flex e-con e-child\" data-id=\"8f35231\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;,&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t<div class=\"elementor-element elementor-element-ceec896 e-con-full e-flex e-con e-child\" data-id=\"ceec896\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-e3e2914 elementor-widget elementor-widget-heading\" data-id=\"e3e2914\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Questions about NIS2 and safe operation of charging infrastructure?\n<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5cf162e elementor-widget elementor-widget-text-editor\" data-id=\"5cf162e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<div class=\"flex flex-col text-sm pb-25\"><section class=\"text-token-text-primary w-full focus:outline-none [--shadow-height:45px] has-data-writing-block:pointer-events-none has-data-writing-block:-mt-(--shadow-height) has-data-writing-block:pt-(--shadow-height) [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" data-turn-id=\"request-WEB:5096e472-983e-4777-b5b4-bf466cbfebb6-18\" data-testid=\"conversation-turn-36\" data-scroll-anchor=\"true\" data-turn=\"assistant\"><div class=\"text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm\/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg\/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)\"><div class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\"><div class=\"flex max-w-full flex-col gap-4 grow\"><div class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1\" dir=\"auto\" tabindex=\"0\" data-message-author-role=\"assistant\" data-message-id=\"5a9e8ac5-c246-4054-b208-fa2a56e493c5\" data-message-model-slug=\"gpt-5-4-thinking\" data-turn-start-message=\"true\"><div class=\"flex w-full flex-col gap-1 empty:hidden\"><div class=\"markdown prose dark:prose-invert w-full wrap-break-word light markdown-new-styling\"><p data-start=\"805\" data-end=\"1016\" data-is-last-node=\"\" data-is-only-node=\"\">Find out how you can implement secure and traceable processes for your charging infrastructure. We will be happy to support you. <\/p><\/div><\/div><\/div><\/div><div class=\"z-0 flex min-h-[46px] justify-start\"> <\/div><div class=\"mt-3 w-full empty:hidden\"><div class=\"text-center\"> <\/div><\/div><\/div><\/div><\/section><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9e13992 elementor-align-left reev-button reev-button--white elementor-widget elementor-widget-button\" data-id=\"9e13992\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/reev.com\/en\/contact\/\" target=\"_blank\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t<span class=\"elementor-button-icon\">\n\t\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20\" height=\"20\" viewBox=\"0 0 20 20\" fill=\"none\"><path d=\"M11.25 3.75L17.5 10M17.5 10L11.25 16.25M17.5 10H2.5\" stroke=\"#131923\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><\/path><\/svg>\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Contact us now<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Find out what the NIS2 directive means for operators, which requirements are relevant and how reev integrates them into existing processes.<\/p>\n","protected":false},"author":14,"featured_media":388660,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"32","_seopress_titles_title":"NIS2 and electromobility: what operators need to know now %%sep%% %%sitetitle%%","_seopress_titles_desc":"Find out what the NIS2 directive means for operators, which requirements are relevant and how reev integrates them into existing processes.\n","_seopress_robots_index":"","footnotes":""},"categories":[32],"tags":[811,1305,507,816,368,342,296,555,353,232,1502,1501,658,590,514,744],"class_list":["post-388637","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowlege","tag-charging-en","tag-cybersecurity-en","tag-dienstwagen-en","tag-effizienz-en","tag-elektrofahrzeug-en","tag-elektromobilitaet-en","tag-ladeinfrastruktur-en","tag-ladeloesung-en","tag-ladestationen-en","tag-nachhaltigkeit-en","tag-nis2","tag-operator-2","tag-reev-gmbh-en","tag-smartcharging","tag-unternehmen-en","tag-wallbox-en"],"_links":{"self":[{"href":"https:\/\/reev.com\/en\/wp-json\/wp\/v2\/posts\/388637","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/reev.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/reev.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/reev.com\/en\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/reev.com\/en\/wp-json\/wp\/v2\/comments?post=388637"}],"version-history":[{"count":10,"href":"https:\/\/reev.com\/en\/wp-json\/wp\/v2\/posts\/388637\/revisions"}],"predecessor-version":[{"id":388705,"href":"https:\/\/reev.com\/en\/wp-json\/wp\/v2\/posts\/388637\/revisions\/388705"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/reev.com\/en\/wp-json\/wp\/v2\/media\/388660"}],"wp:attachment":[{"href":"https:\/\/reev.com\/en\/wp-json\/wp\/v2\/media?parent=388637"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/reev.com\/en\/wp-json\/wp\/v2\/categories?post=388637"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/reev.com\/en\/wp-json\/wp\/v2\/tags?post=388637"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}