eco Publishes Position on the NIS Directive Implementation Law

On the occasion of the association hearing on the NIS Directive Implementation Law carried out by the German Federal Ministry of the Interior (BMI), eco has published a position paper on the draft legislation (in German). With the implementation law, the European directive “concerning measures for a high common level of security of network and information systems” is to be put into practice in Germany. According to the draft law, the Federal Office for Information Security (BSI) will receive new powers regarding requests for information from operators of so-called digital services, and these operators will be obligated to report significant IT security incidents. The BSI is also in future to have the power to obligate the producers of IT systems to collaborate in the elimination of disruptions and vulnerabilities. The specific requirements that companies are to fulfill in future will, according to the draft law, be regulated in a separate regulation from the BMI. eco sees the urgent need for improvement: The draft law in its current form does not represent a solid foundation for the implementation of the NIS Directive.