With parallel legislative processes on IT Security occurring at both the German national and European levels, a patchwork of standards and stipulations could be created. And yet, particularly for the topic IT Security, global regulations are required. Oliver Süme, eco Director of Policy and Law, explains in interview the current challenges.
Mr. Süme, why is IT Security not a regional topic?
IT Security is a cross-border challenge which urgently requires European and global solutions and standards. I warn against a “patchwork” of varying national specifications on IT Security – this could well arise because several other EU states apart from Germany are currently working on their own IT Security laws. This would result in significant legal and planning uncertainty for affected companies.
What role does critical infrastructure play in this?
The draft regulations for an IT Security act presented on 17 December 2014 by the German Federal Government propose new legal regulations and obligations, particularly with regard to the IT security of what is known as critical infrastructure. Critical infrastructure here is defined as that which is of central importance for the general community, such as energy providers.
In this context, eco recommends the concentration of the scope of the law to remain on the operators of critical infrastructure, and not to create special provisions for all of the services of the information society. The imposition of additional obligations for the already regulated telecommunications and tele-media providers is not necessary and above all is not justified. These companies have been fulfilling their legal obligations for years and, what is more, further voluntary security commitments as well.
Why are you critical of the Federal Government’s approach to IT Security?
Germany must not take the second step before the first – the parallel legislative processes on IT Security at the national and European levels need to be closely aligned. A national “dash” is, in our eyes, not constructive either in Germany or in other member states, and contributes little to increasing the general IT security in Europe. As the Association of the German Internet Industry, we see the Federal Government as obligated, first and foremost, to advocate for the alignment of the IT Security laws in the context of the planned European NIS Directive, and thus to guarantee companies legal and planning certainty.
