- The IT Security Act introduces mandatory minimum standards for the IT security systems of critical infrastructures as well as the requirement to report significant IT security incidents.
- Critical infrastructures are installations and facilities in the sectors of energy, telecommunications, transportation and traffic, health, water and agriculture, as well as finance and insurance that are important for the community and impairment would have adverse effects on supply or public safety.
- Sources convey that approximately 2,000 companies will fall under the ‘critical infrastructure’ provisions – a separate ordinance will provide further specification.
- The Federal Office for Information Security (BSI) will be responsible for enforcing compliance with minimum standards – including the right to impose fines for non-compliance.
- The IT Security Act is in line with the EU-Network and Information Security Directive (NIS), which currently being negotiated between the EP and the Council.
For more information on what this means for your business, please contact Markus Weidling in our Berlin office on +49 30 28 88 29 17