New EU directives and the Cyber Resilience Act are tightening the requirements for IT security in companies. The logistics industry must also protect its systems and products against cyber attacks. Read here what is needed for this.
New EU laws such as the Cyber Resilience Act and NIS-2 require companies to systematically protect their digital infrastructure.
Cyberattacks are not uncommon in the logistics industry. A recent study by the software company Sophos shows that around eight out of ten companies in the industry have already been affected by cyber attacks. Around 40 percent of the attacks were not aimed at the company's own systems, but at interfaces to business partners. Human error plays a major role: 81 percent of the companies surveyed have identified human error or a lack of security awareness as a major risk. Added to this is the shortage of IT specialists: around three quarters of companies complain about a lack of cybersecurity staff.
Cybersecurity Increasingly Important in Transport And Intralogistics
Telematics systems, fleet management solutions and logistics platforms make work easier for dispatchers, but like all IT systems, they are a target. Networked warehouse and conveyor systems as well as autonomous transport vehicles increase this even further. The increasing integration of warehouse technology and ERP systems is also leading to new data security requirements.
Negligence in IT security increases the risk of attacks and also causes problems with compliance. For some time now, all companies have been subject to comprehensive cybersecurity requirements from the European Union. With the NIS-2 Directive (Network and Information Security) and the Cyber Resilience Act, the EU has created regulations that tighten and standardize security requirements across Europe. The aim is to strengthen the digital resilience of companies and better protect critical infrastructures.
Requirements of the NIS-2 Directive
The NIS 2 Directive applies to companies with at least fifty employees or an annual turnover of more than ten million euros. Whether a company is affected by the directive and what specific obligations result from it can be found in the annexes to the directive. Cautious estimates assume that more than 30,000 companies in Germany alone are subject to the NIS 2 regulations. The Federal Office for Information Security provides an initial assessment of how affected companies are.
According to the NIS 2 Directive, companies must demonstrate that they have taken technical and organizational measures to prevent cyber attacks as far as possible, detect them early and manage them appropriately. These include
Risk management systems,
Early warning and detection devices,
Business continuity and crisis plans and
regular training for employees.
A central part of the NIS-2 directive is the reporting obligation. Serious security incidents must be reported to the relevant authorities within 24 hours. After 72 hours at the latest, the company must submit a detailed assessment of the situation. These requirements significantly increase the responsibility of the management, as they are personally liable in the event of breaches. In addition, there is the threat of high fines of up to ten million euros or two percent of annual global turnover.
The Cyber Resilience Act
The Cyber Resilience Act supplements the NIS 2 Directive at product level. It obliges manufacturers, suppliers and importers of digital products to incorporate cyber security into the development process from the outset or to ensure it for imported products. They must regularly assess risks, rectify security vulnerabilities and provide software updates.
In future, only products that meet these requirements may be sold in the European Union. This is particularly important for the logistics sector, as modern transportation and storage systems are based on networked devices. Manufacturers of telematics and intralogistics systems must ensure that their products are protected against attacks throughout their entire life cycle.
A particular focus of both directives is on security in the supply chain, as they are closely networked with numerous partners and service providers. The new EU regulations require security requirements to be included in contracts with suppliers and service providers. Business partners must provide evidence of NIS 2-compliant protective measures, and providers of logistics technologies must demonstrate compliance with CRA requirements.
Achieving Digital Resilience
Implementing the requirements of NIS-2 and CRA is complex. Individual, separate steps are not sufficient, as the legislator requires a comprehensive security concept that systematically reduces risks. A sensible approach is to introduce an information security management system in accordance with ISO 27001. This system supports the implementation of good security practices, but is more suitable for larger companies. Smaller companies can fall back on the BSI's IT baseline protection, which offers practical assistance and is compatible with the ISO standard.
Date: 08.12.2025
Naturally, we always handle your personal data responsibly. Any personal data we receive from you is processed in accordance with applicable data protection legislation. For detailed information please see our privacy policy.
Consent to the use of data for promotional purposes
I hereby consent to Vogel Communications Group GmbH & Co. KG, Max-Planck-Str. 7-9, 97082 Würzburg including any affiliated companies according to §§ 15 et seq. AktG (hereafter: Vogel Communications Group) using my e-mail address to send editorial newsletters. A list of all affiliated companies can be found here
Newsletter content may include all products and services of any companies mentioned above, including for example specialist journals and books, events and fairs as well as event-related products and services, print and digital media offers and services such as additional (editorial) newsletters, raffles, lead campaigns, market research both online and offline, specialist webportals and e-learning offers. In case my personal telephone number has also been collected, it may be used for offers of aforementioned products, for services of the companies mentioned above, and market research purposes.
Additionally, my consent also includes the processing of my email address and telephone number for data matching for marketing purposes with select advertising partners such as LinkedIn, Google, and Meta. For this, Vogel Communications Group may transmit said data in hashed form to the advertising partners who then use said data to determine whether I am also a member of the mentioned advertising partner portals. Vogel Communications Group uses this feature for the purposes of re-targeting (up-selling, cross-selling, and customer loyalty), generating so-called look-alike audiences for acquisition of new customers, and as basis for exclusion for on-going advertising campaigns. Further information can be found in section “data matching for marketing purposes”.
In case I access protected data on Internet portals of Vogel Communications Group including any affiliated companies according to §§ 15 et seq. AktG, I need to provide further data in order to register for the access to such content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here. This does not apply to data matching for marketing purposes.
Right of revocation
I understand that I can revoke my consent at will. My revocation does not change the lawfulness of data processing that was conducted based on my consent leading up to my revocation. One option to declare my revocation is to use the contact form found at https://contact.vogel.de. In case I no longer wish to receive certain newsletters, I have subscribed to, I can also click on the unsubscribe link included at the end of a newsletter. Further information regarding my right of revocation and the implementation of it as well as the consequences of my revocation can be found in the data protection declaration, section editorial newsletter.
Some general measures are already required by the NIS 2 directive. These include a functioning incident management system that prevents, detects and deals with security incidents. This must be supplemented by an identity and access management system with multi-factor authentication and secure single sign-on. Both communication and stored data must be encrypted. Constant monitoring of the IT infrastructure with automated anomaly detection ensures that failures or attempts at manipulation are detected at an early stage and rectified immediately. Business continuity management, which includes backups, disaster recovery and emergency plans, is required as the keystone.
NIS-2 and the Cyber Resilience Act create binding regulatory requirements that oblige companies to implement systematic security management. This is particularly important for the logistics sector, as networked systems with many interfaces offer great potential for attack. The new regulations increase digital resilience, which strengthens the stability and functionality of companies in the long term.
Ingo Unger is Business Development Manager at DQS
Secure and Compliant Authentication in Laboratories
:quality(80)/p7i.vogel.de/wcms/88/53/8853f7df2fe47a3d2c6f1879f6ac38e6/newsimage417073-1500x843v1v1.jpeg "Measuring setup for friction stir welding: Modular acoustic measuring system with flexibly positioned microphones for recording tool wear and process deviations in real time. (Image:Fraunhofer IDMT)")
:quality(80)/p7i.vogel.de/wcms/28/75/28751a17e2bcca46e53a1e7b8a84c433/schmersal-tiepner-029-6749x3796v1v1.jpeg "Tiepner's compact system produces ID cards made of laminated plastic, which are used as customer cards, ID cards or cheque cards, among other things. Left in the picture: Christian Höltge, Managing Director of Tiepner GmbH. (Image:Tiepner GmbH)")
:quality(80)/p7i.vogel.de/wcms/68/44/6844f9ae752767034c525d8dcdffe13e/0129139999v1.jpeg "Won-jong Kim, CEO of DN Solutions, and Dr. Thorsten Schmidt, CEO of the Heller Group, agree: \"This strategic partnership strengthens the position of both companies in precision technology.\" (Image:Heller)")
:quality(80)/p7i.vogel.de/wcms/c1/5b/c15b198344a31c237d35f919235fa73e/blechnext-20maas-1161x653v1v1.png "Blechnext offers sheet metal processors the Machine-as-a-Service partner model with a Tru Laser Center 7030 from Trumpf. (Image:Blechnext)")
:quality(80)/p7i.vogel.de/wcms/ba/a0/baa0c49f17909b10766fb582d1f8b531/sandvik-olp-case-study-hero-1377x774v1v1.png "With Visual Components' offline programming software, Sandvik has more than halved robot programming time, improved welding quality and repeatability, and increased robot cell utilization. (Image:Visual Components)")
:quality(80)/p7i.vogel.de/wcms/29/1e/291eaf788c2befc4d71686cd260fef3b/0129214102v1.jpeg "RobCo's robots consist of flexibly combinable hardware modules and use AI software for learning. (Image:RobCo)")
:quality(80)/p7i.vogel.de/wcms/de/75/de750a367b39ed3167210c6941b067b6/0129059153v1.jpeg "Figure 1: Preparation for the Cyber Resilience Act. By December 2027, device manufacturers must have implemented a series of mandatory measures. (Image:Microchip)")
:quality(80)/p7i.vogel.de/wcms/e6/e0/e6e0dae794b9068953f24ace08b6b0ca/0113143253v1.jpeg "In our China Market Insider, we regularly provide you with relevant information directly from China. (Image:© Eisenhans - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/0e/52/0e52ee794e7d24f8ddcb3e230f192e08/wscad-electrix-ai-2026-fill-cabinet-04-zoom-en-1720x967v1v1.png "The use of artificial intelligence makes it possible to systematically automate enclosure planning for the first time. This brings a number of advantages. (Image:WSCAD)")
:quality(80)/p7i.vogel.de/wcms/08/7e/087e5cbeb0039395c8759c8fdb54e24c/0129120874v1.jpeg "Digital consistency: Using Fresenius as an example, the article shows how companies benefit from integrated development processes. (Image:Fresenius Medical Care)")
:quality(80)/p7i.vogel.de/wcms/3d/63/3d637efb6dfefc529f08738bab2dc968/adobestock-1271004590--c2-a9-20the-20pixel-20store-20-e2-80-93-20stock-adobe-com-ki-generiert-2787x1568v1v1.jpeg "We present three innovations from the PLM and ALM world. (Image:The Pixel Store stock.adobe.com AI-generated)"){kind=tracking}
:quality(80)/p7i.vogel.de/wcms/59/37/5937b916a3d8bcbe2984391be7c18d8e/0129152959v1.jpeg "Mathworks and dSpace deepen their partnership: Road models created with RoadRunner can now be used directly in ASM OpenX. (Image:dSpac)")
:quality(80)/p7i.vogel.de/wcms/22/dd/22dd3f89e27950caea78d18b4a41766c/0129157014v1.jpeg "Volkswagen's first self-developed zonal electronics architecture goes into series production in China (Image:Volkswagen)")
:quality(80)/p7i.vogel.de/wcms/f5/22/f52293d339d8c952563eb00876da7cab/0129137154v1.jpeg "Joby Aviation is preparing for the first wave of pilot training for eVTOLs with CAE flight simulators. (Image:Joby Aviation)")
:quality(80)/p7i.vogel.de/wcms/36/c6/36c67f2e5e8fcb78c5a5b8d07673eec6/0129154312v1.jpeg "Yuchai intends to use its flywheel system - on the right-hand side of the engine - primarily in commercial vehicles. (Image:Yuchai)")
:quality(80)/p7i.vogel.de/wcms/2e/62/2e62e5977481169dd2a0301ab847dc2b/0129163687v1.jpeg "Increasing the voltage reduces the cable cross-sections and therefore the copper requirement considerably. (Image:Fraunhofer ISE)")
:quality(80)/p7i.vogel.de/wcms/5d/73/5d73b37d605e3d5f44de11d22447cedd/0129209328v1.jpeg "Agent BigEarth is based on a novel combination of several AI modules that work together as specialized sub-agents. (Image:BIFOLD)")
:quality(80)/p7i.vogel.de/wcms/d8/f8/d8f8fc64e23a1ed726fc8ac7ab697747/0129101600v1.jpeg "A new imaging technology makes it possible to detect early signs of heart disease through the skin. This opens up new markets for portable imaging systems. (Image:freely licensed)")
:quality(80)/p7i.vogel.de/wcms/95/e7/95e77e1c2ad5ee51222a6e287609643e/0129119186v1.jpeg "Photo of Micron's \"Site 3\" in Singapore, where NAND flash memory is manufactured. The memory manufacturer plans to invest a further 24 billion US dollars in the construction of an additional fab in Southeast Asia. The new plant is scheduled to go into operation by 2028. (Image:Micron)")
:fill(fff,0)/images.vogel.de/vogelonline/companyimg/76800/76895/65.jpg "FAULHABER_120mm.jpg ()")
:fill(fff,0)/p7i.vogel.de/companies/67/eb/67eba621ef6ea/logo2.png "logo2 (Wuxi InfiMotion)"){kind=logo}
:quality(80):fill(efefef,0)/p7i.vogel.de/wcms/67/ac/67acb931a438c/elatec-wp-gmp.png "Elatec WP GMP")
:quality(80)/p7i.vogel.de/wcms/49/29/4929e9145217933764207c891eab9024/0126622587v1.jpeg "In the future, companies must establish effective risk management focused on network security, access control, and incident response. (Image:Softing Industrial)")
:quality(80)/p7i.vogel.de/wcms/18/fe/18fea5d28ddb2900571729dc660c7c6f/0124187813v1.jpeg "Companies should act now and make cyber security an integral part of their strategy. (Image:Johannes - stock.adobe.com / AI-generated)")