eco on the German KRITIS Umbrella Act: Eliminate Double Regulations and Legal Uncertainties

The German Federal Ministry of the Interior (BMI) aims to strengthen the resilience of critical infrastructures with the KRITIS Umbrella Act, which is currently being coordinated between government departments. For the first time, this act seeks to establish the nationwide uniform regulations for the physical protection of critical facilities, which are to be implemented in German law as a result of the European CER Directive. Among other regulations, it obliges companies to implement risk management and designates the Federal Office of Civil Protection and Disaster Assistance (BBK) as the supervisory authority.

Commenting on the associations’ hearing scheduled for today at the German Federal Ministry of the Interior (BMI), eco Board Member Klaus Landefeld states:

“The protection of critical infrastructures is one of the core tasks of security policy. We welcome the goal of making basic services for the population more resilient, but we are highly uncertain about whether and to what extent this draft act will affect us. The regulations imposed by the KRITIS Umbrella Act are more likely to cause confusion than benefits for the Internet industry. For us, a far more imperative matter would be to engage in discussions with the German federal government on the draft law in transposing the European NIS2 Directive. Although this is already in the coordination process with other ministries, there has been no associations’ hearing on this matter so far. However, the provisions of the KRITIS Umbrella Act are at best incomplete if they are considered separately from the NIS2 Implementation Act. Above all, care must be taken to ensure that no legal uncertainties arise for the affected companies. In particular, the distribution of roles between the existing supervisory authorities – primarily the BSI and BNetzA – and the future-responsible BBK must be clarified so that no double or triple regulation is established here.”

From the perspective of the Internet industry, and in the interest of coherent and comprehensible legislation, it would therefore be advisable to consolidate the regulations for IT companies exclusively in the German NIS2 Implementation Act (NIS2UmsuCG). The eco – Association of the Internet Industry therefore calls for the draft legislation on the NIS2UmsuCG to be promptly submitted to associations’ hearings and to be given a reasonable timeframe for feedback.

eco Board Member Klaus Landefeld on the German Coalition Agreement: “A surveillance overview bill must not just be lip service”