Klaus Landefeld, eco Board Member criticises lack of coordination and consultation by the German federal government on new regulations for critical infrastructures.
Recently, the German federal government announced a draft for an umbrella act on the protection of critical infrastructures (KRITIS-DG). The act is intended to oblige the operators of critical infrastructures to prepare risk analyses and implement corresponding measures to enhance resilience. The KRITIS-DG will, therefore, regulate the physical protection of critical infrastructures for the first time, while their IT security will remain subject of the Act on the German Federal Office for Information Security (BSIG).
The fact that only selected representatives of the press were allowed to see the draft bill before the departmental vote recently is sharply criticised by eco – Association of the Internet Industry
Neither the concerned institutions and associations, nor civil society, nor even the government factions in the German Bundestag were given access to the draft beforehand.
“The implementation of the EU directives for critical facilities not only affect telecommunications and the expansion of gigabit networks, but also the entire digital transformation in Germany. The same applies to all other sectors identified as critical for services of general interest. We demand appropriate involvement in this process,” says eco Board Member for Infrastructure and Networks Klaus Landefeld. This is even more important, he adds, because the use of critical components by operators is also being specified, the implementation of the Network and Information Security Directive (NIS2UmsuCG) is to take place simultaneusly with the KRITIS umbrella act, and a new legal ordinance is being authorised to replace the previous KRITIS ordinance.
“As far as we can see, the future regulation for the identification of critical installations is not even foreseeable yet, and the network of responsibilities of the supervisory authorities is also not presented in a transparent and comprehensible manner. A meaningfully interlocked and effective regulatory structure can only be established by coordinating with those affected,” states Klaus Landefeld. “The Internet industry does not need a proliferation of security requirements, but objective, appropriate and reasonable guidelines. The fact that the involvement of affected circles does not work even in such legislative procedures, which are essential for us, is disappointing and in any case does not correspond to the coalition agreement,” Landefeld continues.