{"id":21976,"date":"2026-07-05T08:00:00","date_gmt":"2026-07-05T08:00:00","guid":{"rendered":"https:\/\/www.securitytoday.de\/2026\/07\/05\/what-is-nis2-definition-obligations-liability\/"},"modified":"2026-07-11T07:31:48","modified_gmt":"2026-07-11T07:31:48","slug":"what-is-nis2-definition-obligations-liability","status":"publish","type":"post","link":"https:\/\/www.securitytoday.de\/en\/2026\/07\/05\/what-is-nis2-definition-obligations-liability\/","title":{"rendered":"What Is NIS2? Definition, Obligations, and Liability"},"content":{"rendered":"<div class=\"st-definition\">\n<p><strong>What is NIS2?<\/strong> The directive (EU) 2022\/2555 on the security of network and information systems, short NIS2, is an EU legal act that extends the cybersecurity framework for critical infrastructure and important services across the European Union. It obliges affected organizations to implement risk management, to report security incidents, and to hold the management personally liable.<\/p>\n<\/div>\n<div style=\"background:#003340;color:#fff;padding:32px 36px;margin:32px 0;border-radius:8px;\">\n<p style=\"margin:0 0 18px 0;font-size:0.95em;font-weight:800;text-transform:uppercase;letter-spacing:0.2em;color:#69d8ed;border-bottom:2px solid rgba(105,216,237,0.25);padding-bottom:12px;\">Key Takeaways<\/p>\n<ul style=\"margin:0;padding-left:22px;color:rgba(255,255,255,0.92);line-height:1.6;\">\n<li style=\"margin-bottom:10px;\"><strong style=\"color:#69d8ed;\">Implementation:<\/strong> In Germany, NIS2 is implemented via the NIS2 Transposition Act (NIS2UmsuCG), which enshrines the obligations in the BSI Act (BSIG).<\/li>\n<li style=\"margin-bottom:10px;\"><strong style=\"color:#69d8ed;\">Legal framework:<\/strong> The provisions have been applicable in Germany since December 2025. There is no transition period.<\/li>\n<li style=\"margin-bottom:0;\"><strong style=\"color:#69d8ed;\">Liability:<\/strong> Management is personally liable for gross breaches of duty. Fines can reach up to 10 Mio. Euro or two percent of worldwide turnover.<\/li>\n<\/ul>\n<\/div>\n<h2>What NIS2 Actually Means<\/h2>\n<p>NIS2 shifts the regulatory landscape of IT security significantly. The previous approach focused on a limited group of critical infrastructures. NIS2, by contrast, covers a broad range of essential economic sectors. Germany&#8217;s implementation is carried out via the NIS2 Implementation Act (NIS2UmsuCG), which embeds the obligations directly into the BSI Act (BSIG).<\/p>\n<p>A central feature is the lack of a transition period. The provisions have been in force in Germany since December 2025. Affected entities are fully required to implement the requirements from that point onward. There is no period during which compliance would be merely recommended.<\/p>\n<p>The obligations rest on three pillars, defined in Article 21 of NIS2 and Section 30 of BSIG. First, registration with the Federal Office for Information Security (BSI) is required. Second, significant security incidents must be reported to the BSI without delay. Third, risk management measures must be implemented and documented, including the handling of security risks, crisis management, and supply chain security.<\/p>\n<p>Financial penalties also enforce the requirements. For entities classified as &#8220;especially important,&#8221; fines of up to 10 million euros or up to two percent of worldwide annual turnover of the preceding fiscal year may be imposed. The higher of the two amounts applies.<\/p>\n<h2>Who is affected<\/h2>\n<p>The pool of affected organizations is expanding significantly. Under the previous regulatory framework, around 4.500 entities were covered in Germany. NIS2 (the EU&#8217;s second iteration of the Network and Information Security Directive) raises this figure to approximately 29.500. This is due to the division into two categories: &#8216;especially important entities&#8217; and &#8216;important entities&#8217;. The classification depends on the size and strategic significance of the organization within its sector.<\/p>\n<div data-element=\"stat_row\" style=\"display:flex;flex-wrap:wrap;gap:16px;margin:32px 0;\">\n<div style=\"flex:1 1 200px;min-width:0;background:#003340;border:1px solid rgba(105,216,237,0.28);border-radius:10px;padding:22px 20px;box-sizing:border-box;\">\n<div style=\"font-size:2.1em;font-weight:800;color:#69d8ed;line-height:1.1;word-break:keep-all;\">50<\/div>\n<p style=\"margin:10px 0 0;font-size:0.88em;color:#e6e3da;line-height:1.5;\">Employees above threshold<\/p>\n<\/div>\n<div style=\"flex:1 1 200px;min-width:0;background:#003340;border:1px solid rgba(105,216,237,0.28);border-radius:10px;padding:22px 20px;box-sizing:border-box;\">\n<div style=\"font-size:1.7em;font-weight:800;color:#69d8ed;line-height:1.1;word-break:keep-all;\">10 Mio \u20ac<\/div>\n<p style=\"margin:10px 0 0;font-size:0.88em;color:#e6e3da;line-height:1.5;\">Annual turnover above threshold<\/p>\n<\/div>\n<div style=\"flex:1 1 200px;min-width:0;background:#003340;border:1px solid rgba(105,216,237,0.28);border-radius:10px;padding:22px 20px;box-sizing:border-box;\">\n<div style=\"font-size:2.1em;font-weight:800;color:#69d8ed;line-height:1.1;word-break:keep-all;\">18<\/div>\n<p style=\"margin:10px 0 0;font-size:0.88em;color:#e6e3da;line-height:1.5;\">regulated sectors<\/p>\n<\/div>\n<\/div>\n<p>For medium-sized companies, which often previously fell outside the strict scope, NIS2 introduces new thresholds. A company becomes subject to obligations if it employs at least 50 staff or generates an annual turnover of 10 Mio \u20ac. Additionally, it must operate in one of the 18 defined sectors, ranging from energy and transport to health and water, as well as digital infrastructure and public administration.<\/p>\n<p>The distinction between &#8216;especially important&#8217; and &#8216;important&#8217; entities determines the level of supervision and the height of penalties. Especially important entities are subject to stricter requirements and higher fines. But &#8216;important entities&#8217; are fully obliged to implement the technical and organizational measures stipulated in Art. 21 NIS2. There is no exemption from these basic obligations for either group, as long as the size or turnover thresholds are met.<\/p>\n<p>This also brings heightened personal accountability for corporate leadership. Under \u00a7 38 BSIG (German Cybersecurity Act), the governing bodies, i.e., managing directors or board members, must approve the security measures and monitor their implementation. They must also attend cybersecurity training. In cases of serious violations, the managers can be held personally liable. As a result, IT security moves from the specialist department to the executive board level and becomes a governance issue.<\/p>\n<h2>What Companies Must Verify Now<\/h2>\n<p>First, firms must assess their own situation to determine whether they fall under the &#8220;important&#8221; or &#8220;especially important&#8221; entities. The initial step involves matching their employee count and annual revenue against the thresholds of 50 employees and 10 million Euro.<\/p>\n<div data-element=\"checklist\" style=\"background:#23261f;border:1px solid rgba(105,216,237,0.22);border-radius:10px;padding:22px 24px;margin:32px 0;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 2px 10px rgba(0,0,0,0.22);\">\n<p style=\"margin:0 0 12px;font-family:'IBM Plex Mono',ui-monospace,SFMono-Regular,monospace;font-size:0.72em;letter-spacing:0.12em;text-transform:uppercase;color:#69d8ed;\">CHECK NOW<\/p>\n<ul style=\"margin:0;padding-left:0;list-style:none;\">\n<li style=\"margin:0 0 10px;padding-left:26px;position:relative;color:#e6e3da;line-height:1.5;\"><span style=\"position:absolute;left:0;color:#69d8ed;\">&#10003;<\/span>Check personnel count and turnover against the thresholds (50 employees, 10 million Euro)<\/li>\n<li style=\"margin:0 0 10px;padding-left:26px;position:relative;color:#e6e3da;line-height:1.5;\"><span style=\"position:absolute;left:0;color:#69d8ed;\">&#10003;<\/span>Identify affiliation with one of the 18 regulated sectors<\/li>\n<li style=\"margin:0 0 10px;padding-left:26px;position:relative;color:#e6e3da;line-height:1.5;\"><span style=\"position:absolute;left:0;color:#69d8ed;\">&#10003;<\/span>Complete registration with the BSI (Federal Office for Information Security)<\/li>\n<li style=\"margin:0 0 10px;padding-left:26px;position:relative;color:#e6e3da;line-height:1.5;\"><span style=\"position:absolute;left:0;color:#69d8ed;\">&#10003;<\/span>Document security processes against Art. 21 NIS2<\/li>\n<li style=\"margin:0 0 10px;padding-left:26px;position:relative;color:#e6e3da;line-height:1.5;\"><span style=\"position:absolute;left:0;color:#69d8ed;\">&#10003;<\/span>Define reporting procedures for significant incidents<\/li>\n<\/ul>\n<\/div>\n<p>Once the scope of applicability is established, registration with the BSI must be completed. The BSI portal for this purpose has been available since January 2026. Early registration is advisable, as the registration forms the basis for communication with the competent authorities. At the same time, existing security processes must be examined against the requirements of Art. 21 NIS2, including the documentation of all risk management measures.<\/p>\n<p>Another key aspect is the incident reporting procedure. Companies must ensure that significant incidents are identified, assessed and promptly reported to the BSI. This requires clear internal escalation paths and a defined interface with the authority. Finally, management should formally approve and monitor the measures. Given the risk of personal liability, decisions and training participation by senior management must be carefully documented.<\/p>\n<h2>Distinction from Related Terms<\/h2>\n<p>NIS2 is often confused with the Digital Operational Resilience Act (DORA). However, the legal nature and scope of the two frameworks differ clearly. DORA is a regulation, NIS2 a directive. As a regulation, DORA applies directly in all member states without a national implementation reservation, whereas NIS2 is implemented through national laws such as the NIS2UmsuCG.<\/p>\n<p>The decisive difference lies in the sector. DORA applies exclusively to the financial sector and governs the operational resilience of banks, insurers, and other financial market participants. NIS2, however, covers not only the financial sector but also energy, health, transport, digital infrastructure, and other areas.<\/p>\n<p>In the financial sector, the principle of specificity applies. Since DORA is the more specific legal instrument for the financial sector, it takes precedence over NIS2. Financial companies therefore primarily meet the requirements of DORA. To the extent that DORA does not regulate something, NIS2 obligations may still apply. For companies outside the financial sector, NIS2 remains the primary instrument for ensuring network and information security.<\/p>\n<h2 style=\"padding-top:64px;margin-bottom:20px;\">Frequently Asked Questions<\/h2>\n<p class=\"st-faq-hint\">Every question is locked. A tap unlocks the answer.<\/p>\n<details>\n<summary><strong>Is there a transition period for implementing NIS2?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">No. The requirements apply in Germany from December 2025 immediately. There is no transition period, the obligations are binding from this point onward.<\/p>\n<\/details>\n<details>\n<summary><strong>What are the maximum fines for particularly important facilities?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">Up to 10 million Euro or up to two percent of the global turnover of the previous financial year. The higher of the two amounts applies.<\/p>\n<\/details>\n<details>\n<summary><strong>When does registration with the BSI start?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">The BSI (Federal Office for Information Security) portal for registration has been available since January 2026. Affected institutions must register there as soon as their obligations come into effect.<\/p>\n<\/details>\n<details>\n<summary><strong>What size of company makes a company subject to NIS2?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">From 50 employees or an annual turnover of 10 million Euro, provided the company operates in one of the 18 regulated sectors. For individual critical services, smaller entities can also be included.<\/p>\n<\/details>\n<details>\n<summary><strong>How does NIS2 differ from DORA?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">DORA is a directly applicable regulation that applies exclusively to the financial sector, whereas NIS2 is a directive covering 18 sectors and must be transposed into national law. Within the financial sector, DORA constitutes the more specific provision.<\/p>\n<\/details>\n<p><!--ST-LOWER-CARDS lang=en--><\/p>\n<h3 style=\"margin:48px 0 18px;padding-left:12px;font-size:1.05em;font-weight:800;color:#e6e3da;border-left:3px solid #69d8ed;line-height:1.2;\">Editor&#8217;s Picks<\/h3>\n<p><a href=\"https:\/\/www.securitytoday.de\/en\/2026\/07\/02\/five-positions-that-require-a-siem-budget\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/security-budget-priorisierung-nis2-paragraf-30-cover-hero-250x143.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#69d8ed;margin-bottom:5px;\">Editor&#8217;s Pick<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">Five Line Items That Need Budget Before SIEM<\/span><\/span><\/a><a href=\"https:\/\/www.securitytoday.de\/en\/2026\/06\/30\/what-management-must-document-under-nis2\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/geschaeftsfuehrung-nis2-dokumentationspflicht-bsig-cover-hero-250x143.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#69d8ed;margin-bottom:5px;\">Editor&#8217;s Pick<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">What Management Must Document Under NIS2<\/span><\/span><\/a><a href=\"https:\/\/www.securitytoday.de\/en\/2026\/06\/29\/dora-in-operation-what-the-regulator-wants-to-see\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/06\/dora-finanzinstitute-resilienz-nachweis-tlpt-cover-hero-250x141.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#69d8ed;margin-bottom:5px;\">Editor&#8217;s Pick<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">DORA in Operation: What the Regulator Wants to See<\/span><\/span><\/a><\/p>\n<h3 style=\"margin:48px 0 18px;padding-left:12px;font-size:1.05em;font-weight:800;color:#e6e3da;border-left:3px solid #69d8ed;line-height:1.2;\">More from the MBF Media Network<\/h3>\n<p><a href=\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/net-kritis-cloud-migration-c5-nis2-dachgeset-70478771.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#0bb7fd;margin-bottom:5px;\">cloudmagazin<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">KRITIS in the Cloud: What Secures the Migration<\/span><\/span><\/a><a href=\"https:\/\/mybusinessfuture.com\/en\/the-ai-oversight-in-germany-now-has-an-address\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/net-die-ki-aufsicht-in-deutschland-hat-jetzt-91048899-250x141.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#aa8ac2;margin-bottom:5px;\">MyBusinessFuture<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">The AI oversight in Germany now has an address<\/span><\/span><\/a><a href=\"https:\/\/www.digital-chiefs.de\/en\/the-ai-writes-the-code-who-is-liable-for-it\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/net-ki-generierter-code-haftung-governance-r-68881977-250x143.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#e8828d;margin-bottom:5px;\">Digital Chiefs<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">The AI writes the code. Who is liable for it?<\/span><\/span><\/a><!--\/ST-LOWER-CARDS--><\/p>\n","protected":false},"excerpt":{"rendered":"NIS2 introduces new cybersecurity rules. Learn who must comply, key obligations since December 2025, and why executives face personal liability.","protected":false},"author":10,"featured_media":20756,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_yoast_wpseo_focuskw":"NIS2 directive","_yoast_wpseo_title":"What Is NIS2? Definition, Obligations, and Liability","_yoast_wpseo_metadesc":"NIS2 explained: Who is affected, what obligations apply since December 2025, and why leadership faces personal liability.","_yoast_wpseo_meta-robots-noindex":"","_yoast_wpseo_meta-robots-nofollow":"","_yoast_wpseo_meta-robots-adv":"","_yoast_wpseo_canonical":"","_yoast_wpseo_opengraph-title":"","_yoast_wpseo_opengraph-description":"","_yoast_wpseo_opengraph-image":"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/was-ist-nis2-cover-hero-1.jpg","_yoast_wpseo_opengraph-image-id":0,"_yoast_wpseo_twitter-title":"","_yoast_wpseo_twitter-description":"","_yoast_wpseo_twitter-image":"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/was-ist-nis2-cover-hero-1.jpg","_yoast_wpseo_twitter-image-id":0,"evm_cvss":0,"evm_risk":0,"evm_casefile":"","evm_primary_cve":"","evm_external_preview_token":"","evm_external_preview_expires":"","_evm_translation_lang":"en","featured_post":0,"featured_post_sortierung":0,"_wp_old_slug":[],"footnotes":""},"categories":[263],"tags":[],"class_list":["post-21976","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sicherheitslexikon-en"],"evm_reading_time_minutes":7,"wpml_language":"en","wpml_translation_of":20745,"_links":{"self":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts\/21976","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/comments?post=21976"}],"version-history":[{"count":1,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts\/21976\/revisions"}],"predecessor-version":[{"id":21987,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts\/21976\/revisions\/21987"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/media\/20756"}],"wp:attachment":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/media?parent=21976"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/categories?post=21976"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/tags?post=21976"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}