Critical infrastructures (abbreviated in German as “KRITIS”) are of considerable importance for many spheres of our societal life. Since the start of the year, the protection of critical infrastructures has been newly regulated by the EU’s NIS2 Directive and the CER Directive. As a result, the regulatory field for critical infrastructures is also growing. Whereas eight critical infrastructure sectors were previously regulated, eighteen public service sectors are now identified in the law. This means that, in future, there will be new challenges and regulatory requirements for numerous German companies that have not yet been classified as operators of critical infrastructures.
At a constituent meeting last Tuesday, this prompted eco – Association of the Internet Industry to set up the KRITIS Competence Group. The KRITIS CG offers its members a platform for the exchange of experience and for the joint representation of interests. In sub-working groups of the KRITIS CG, the operational implementation of security requirements is to be discussed and a common positioning towards politics and regulation is to be developed. Ulrich Plate, Senior Information Security Consultant at the eco member company nGENn GmbH, has been appointed as Head of the Competence Group.
“The political significance of critical infrastructures is steadily increasing. We also want to support our CG members in jointly coping with the new requirements in the critical infrastructure environment. For many eco members, being counted as a provider of critical services is an unfamiliar role. Together, we will also discuss where we see the scope and framework for cooperation in meeting regulatory requirements,” says Head of the CG Ulrich Plate.
In Germany, around 29,000 companies and institutions are affected by the new European regulation of critical infrastructures. This means that, in the future, a large number of eco members who have not yet been counted as operators of critical infrastructures will also fall under the regulation. At the same time, the requirements for the operators of critical infrastructure will become significantly more demanding. The national transposition of the European guidelines will be a central political debate for the Internet industry and for eco.