RC: Could you provide a brief overview of Germany’s proposed IT Security Act? What are its main features?

Lehmann: The overall objective of the new proposal for an IT Security Act is to provide better protection against cyber attacks by centralising competencies and by unifying standards for IT security. The Act is designed to enhance IT security, particularly with respect to critical infrastructure, by initiating standards in the sectors that are regarded as particularly important. It should also provide better protection of consumers from risks in connection with the use of the internet by imposing security standards on telecom and telemedia providers. Further, the Act aims to protect IT in the public sector – however, due to constitutional peculiarities limited to federal government authorities. It also seeks to make the Federal Office of Information Security the central government authority for IT security, with powers not only to monitor IT security closely and set standards, but also to enforce these standards. Finally, the German Federal Office for Criminal Investigation becomes competent for the prosecution of cyber crime, thus ensuring that the best equipped department of the federal police has the power to fight cyber crime.

RC: What are the reasons behind the introduction of these new provisions? How does the Act tie in with the Federal Government’s Digital Agenda 2014-2017?

Jan-Mar 2015 Issue