IT Security Act: Legislation Must Place Focus on Unregulated Industries

“We welcome that fact that several amendments were included in the draft law concluded today that lead to a more precise and more practical regulation,” says Oliver Süme, eco Director of Policy and Law. The newly introduced evaluation of the obligations for the operators of critical infrastructure, and the narrower designation of the investigation results of the Federal Office for Information Security, are seen as positive. The narrower designation of information and knowledge was a reaction to the concerns of companies. “The actual work will only begin when the act comes into force, presumably in summer this year. Then it will be a question of the concrete form of the regulation. For the Internet industry, the question of the scope of application of the law will be in focus,” says Süme. “It crucially depends on precisely defining the critical industries and their sectors, thus placing the focus unambiguously on critical supply services and the operators of critical infrastructure. In this context, eco will continue to advocate for a stronger obligations for as yet unregulated sectors. We continue to reject the further burdening of Internet and telecommunications companies,” says Süme.