Banks saving institutions gain additional time to reinforce their financial safeguard measures
The financial landscape in Germany is set for a significant shift as the country moves to strengthen its bank security systems. The latest developments revolve around the implementation of the Network and Information Security Directive (NIS2) aimed at bolstering IT risk management, incident response procedures, supply chain security, and governance obligations for critical entities, including banks.
The German Federal Cabinet approved the significant security regulation updates in August 2025, marking a major legislative milestone. While the draft bill focuses on cybersecurity and IT security governance rather than banking system reform per se, the regulatory demands often overlap with financial sector oversight required by BaFin and the European Central Bank (ECB).
The essential changes likely involve robust IT risk management frameworks and incident reporting, strengthened governance and accountability on security matters within bank management, compliance with supply chain security requirements affecting bank services and contracts, and training and awareness programs for staff on security policies and regulation adherence.
The legislative timeline runs from draft submission in August 2025 to expected adoption by the end of 2025. Given the ECB and BaFin’s emphasis on systemic risk and operational resilience, savings and state-owned banks in Germany will likely be required to comply with these evolving security standards within similar time frames.
However, a distinct public timeline or detailed reform plan focused solely on a "joint security system" for savings and state-owned banks has not been found in recent information. The DSGV (German Savings Banks Association) is expected to announce its position on the restructuring of the joint security system after consulting with its committees in December 2020.
The joint security system, which requires savings banks, state-owned banks, and state-owned building societies to support each other in crisis situations and jointly rescue threatened institutions, has been the subject of protracted disputes, particularly in supporting state-owned banks. The financial supervisory authority has identified seven major deficiencies in the system, and the savings banks must submit a plan by the end of 2020 to address each deficiency.
Institutions are also required to establish a separate fund to rescue struggling banks and a pot for securing customer deposits. The restructuring must be approved by 30 June 2023. The DSGV has not yet made a public statement regarding the restructuring of the joint security system.
In conclusion, the updated key regulatory framework influencing joint bank security systems in Germany centres on NIS2 implementation, targeting critical infrastructure including banks. The legislative timeline runs from draft submission in August 2025 to expected adoption by the end of 2025. Required changes broadly cover IT risk management, incident handling, supply chain security, governance, and staff training consistent with ECB and BaFin priorities. A more specific reform plan for the joint security system of savings and state-owned banks is still pending and will likely be announced by the DSGV after consulting with its committees in December 2020.
- The German Federal Cabinet's approval of regulatory updates in August 2025 will impact other business sectors, specifically banks, as the new regulations will require compliance with evolving security standards that share similarities with financial sector oversight.
- Under the new regulatory framework, savings and state-owned banks in Germany will be required to address identified deficiencies in their joint security system by the end of 2020, which follows recommendations from both the European Central Bank (ECB) and BaFin for addressing systemic risk and operational resilience.
