IT Security Act
What is the IT Security Act?
The IT Security Act of the Federal Office for Information Security (BSI – https://www.bsi.bund.de/) serves to protect so-called critical infrastructures in Germany. It came into force in 2015 with the aim of increasing the security of information technology systems of infrastructures that have a socially and economically important function. The background to this was the increasing global threat of cyber attacks.
Who does the IT security law affect?
According to the law, “critical infrastructures” are facilities or installations that
- belong to the energy, water, food, health, telecommunications, information technology, traffic and transport, and finance and insurance sectors, and
- are of critical importance to the community, as their impairment would result in supply shortages or threats to public safety.
Information Security Management
Critical infrastructures must meet specific minimum standards, which include in particular the introduction of information security management. Furthermore, relevant incidents affecting IT security must be reported to the BSI.
As a result of the IT Security Act, the Energy Industry Act was amended. The amendment obliges electricity and gas network operators to implement the IT security catalogue (issued by the Federal Network Agency) and to introduce an information security management system.
IT Security Act 2.0
The draft of a second version of the IT Security Act appeared in 2019, in which the competences of the BSI are strengthened. Criminal offences in IT security and related investigative powers are expanded. Reporting obligations and implementation measures affect a larger group of addressees.
Further information on this topic can be found here:
Do you have any more questions?