Compliance
NIS2, the Software Supply Chain and AI Code
Last updated: 2026-07-024 min read
NIS2 does not mention AI code – and still changed its risk profile. Since Germany’s implementation act took force in December 2025, management bodies of roughly 29,500 in-scope companies must approve and oversee cybersecurity risk management, including development and supply-chain security – the box unverified AI-generated code sits in. There is no special AI liability regime (the AILD was withdrawn); liability assembles from product liability, contract, and these oversight duties. No case law on AI code exists yet.
Contents
What changed in Germany in December 2025
Legal status: July 2, 2026. This article describes regulation for orientation – it is not legal advice; scope and liability analysis for your company belongs to your counsel.
The NIS2 implementation act took force on December 6, 2025, and widened BSI supervision from about 4,500 to roughly 29,500 companies across 18 sectors. Registration ran until March 2026; the first audit-evidence deadline was moved to June 30, 2026. Fines reach €10 million or 2% of global turnover. The design choice that matters for this article: risk management is explicitly a management-body duty – approve, oversee, train – not something that can be fully delegated downward.
The duties, mapped to AI coding
| Duty | What it covers | Where AI code enters |
|---|---|---|
| Risk management measures | State-of-the-art technical and organizational measures | Policy for AI tools; verification of generated changes |
| Supply-chain security | Security of suppliers and service relationships | Tool vendors' data paths; hallucinated/injected dependencies |
| Security in development | Secure development, acquisition, maintenance | AI-generated code as the highest-volume development input |
| Management approval & oversight | Board approves measures, monitors implementation | Can the board show AI-code risk was assessed and controlled? |
| Training | Management undergoes security training | AI failure modes belong in that curriculum |
| Incident reporting | Report significant incidents within tight deadlines | Attribution: which change caused it - and who checked it? |
The liability picture after the AILD withdrawal
A special AI liability regime does not exist: the Commission withdrew the AI Liability Directive in 2025 for lack of agreement. What remains is a three-layer picture. Toward customers: contract, and from December 2026 the new Product Liability Directive, which explicitly treats software as a product under strict liability. Inside the company: the NIS2-sharpened oversight duties above, with personal accountability of management for gross breaches. And in all directions: ordinary fault-based liability. What does not exist, as of July 2026, is any published court decision on damage from AI-generated code – every confident claim about how such a case would end is speculation, ours included.
What prudent organizations document
The pattern across all three layers is the same: liability questions turn into evidence questions. An organization that can show a written AI coding policy, per-change verification records, and an audit trail of what its AI tools did argues from documents; one that cannot argues from memory against a 48% verification statistic that opposing counsel will know too. Building that evidence habit costs least while nobody is asking for it.
Where Reality Graph fits
Reality Graph produces the evidence layer this article keeps pointing at: verification of each AI coding run against its written task, recorded in evidence reports stored with the code, local-first. It does not determine NIS2 scope, does not certify compliance, and does not change who is liable – it changes what your organization can show when the question arrives.
This orientation gives you
- The December 2025 state of Germany's NIS2 regime, dated
- The duty-to-AI-code mapping with its reasoning shown
- The honest liability picture after the AILD withdrawal
- Three artifacts that turn oversight into documents
It does not give you
- A scope determination for your company - counsel runs that
- A prediction of how a court treats AI-code damage - none has yet
- A compliance guarantee from any tool, including Reality Graph
- A reason for alarm - the duties are manageable, documented
If these boundaries fit how your team wants to ship:
FAQ
- Who is liable when AI-generated code causes damage?
- There is no special AI liability regime - the EU withdrew its AI Liability Directive proposal in 2025 - so the ordinary layers apply. Toward customers: contract and, from December 2026 under the new Product Liability Directive, strict product liability that explicitly covers software. Inside the company: management duties, which NIS2 sharpened for in-scope entities - the management body approves and oversees cybersecurity risk management and can be personally accountable for gross breaches of those duties. Who bears what in a concrete case is a counsel question; there is no published case law on AI-generated code yet.
- What does NIS2 require from management, concretely?
- Under Germany's implementation act (in force since December 6, 2025), management bodies of in-scope entities must approve the cybersecurity risk management measures, oversee their implementation, and undergo training. The measures themselves must cover, among other areas, supply-chain security and security in development. Fines for entities reach €10 million or 2% of global turnover; management accountability for breached oversight duties is part of the design.
- Is unverified AI code really a NIS2 topic?
- NIS2 does not mention AI coding tools - it requires managed development and supply-chain risk, and unverified AI-generated code sits squarely in that box: it is high-volume third-party-influenced input to your product with measured defect rates and, per Sonar's 2026 data, a 48% consistent-verification rate. An oversight regime that covers your dependency policy but not your highest-volume code source has a visible gap - that is an argument from the statute's logic, not a cited paragraph.
- Does NIS2 apply to our company at all?
- Scope covers 'essential' and 'important' entities across 18 sectors - energy, transport, health, digital infrastructure, manufacturing subsectors and more - generally from 50 employees or €10 million turnover, with registration duties at the BSI. Roughly 29,500 German companies fall in scope, up from about 4,500 under the old regime. Whether you are among them is a threshold analysis your counsel should run - do not self-classify from a blog table, including this one.
- What happened to the AI Liability Directive?
- The Commission announced its withdrawal in the 2025 work programme, citing no foreseeable agreement, and the withdrawal became official in October 2025. The practical consequence: no AI-specific evidence rules or presumptions arrived; liability questions around AI-generated code resolve through the existing instruments - the new Product Liability Directive for software products, national fault-based liability, and contract.
- What should management ask for, starting now?
- Three artifacts that demonstrate the oversight NIS2 expects: a written AI coding policy (who may use which tools, with which checks), evidence that the checks happen - per-run verification records rather than assurances - and a periodic report on AI-code risk indicators (verification coverage, incident attribution). Boards that can produce those three answer the 'did you oversee this?' question with documents instead of memory.
Keep reading
Sources
- German Federal Government – NIS2 implementation act in force since December 6, 2025 (German)
- OpenKRITIS – NIS2 implementation in Germany: scope, duties, management accountability (retrieved 2026-07, German)
- Directive (EU) 2024/2853 – product liability incl. software, implementation by Dec 9, 2026 (EUR-Lex)
- Bird & Bird – proposed EU AI liability rules withdrawn (2025, law-firm briefing)
- Sonar – State of Code: 48% consistent verification of AI code (2026)