Cybersecurity—Germany—Q&A guide

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Cybersecurity—Germany—Q&A guide
  • 1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?
  • 2. Which sectors of the economy are most affected by cybersecurity laws and regulations in your jurisdiction?
  • 3. Has your jurisdiction adopted any international standards related to cybersecurity?
  • 4. What are the obligations of responsible personnel and directors to keep informed about the adequacy of the organisation’s protection of networks and data, and how may they be held responsible for inadequate cybersecurity?
  • 5. How does your jurisdiction define cybersecurity and cybercrime?
  • 6. What are the minimum protective measures that organisations must implement to protect data and information technology systems from cyberthreats?
  • 7. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to intellectual property?
  • 8. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to critical infrastructure or specific sectors?
  • 9. Does your jurisdiction have any cybersecurity laws or regulations that specifically restrict sharing of cyberthreat information?
  • More...

Cybersecurity—Germany—Q&A guide

This Practice Note contains a jurisdiction-specific Q&A guide to cybersecurity in Germany published as part of the Lexology Getting the Deal Through series by Law Business Research (published: January 2021).

Authors: Beiten Burkhardt—Dr. Axel von Walter

1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?

The regulation and promotion of cybersecurity in German law is achieved by an array of different statutes. Some of these regulate cybersecurity in relation to particular types of data, some regulate cybersecurity in particular industries or sectors, and some regulate cybersecurity in companies as part of broader compliance requirements.

The EU-wide General Data Protection Regulation (GDPR) and the Federal Data Protection Act provide the basis for cybersecurity obligations and standards in relation to the processing of personal data. Meanwhile the Telecommunications Act (TKG), the Telemedia Act (TMG), the Act on the Federal Office for Information Security (BSIG) and the Act on Raising the Security of Information Technology Systems (IT-SiG) as amended by the Act Implementing the European Directive Concerning Measures for a High Common Level of Security of Network and Information Systems (the NIS-Implementation Act) form the basis of cybersecurity regulation in Germany.

A cabinet resolution on the third draft of a bill updating the IT-SiG was adopted in December 2020: the Second Act Raising the Security of Information Technology Systems (IT-SiG 2.0). When passed, the Act will

Popular documents