Decided in the Bundestag
The Umbrella Act for Critical Infrastructure Protection (KRITIS) has passed the German Bundestag. It establishes nationwide and cross-sector minimum standards for the protection of critical infrastructure. The most important facts at a glance.
2 min reading time
The Umbrella Act for Critical Infrastructure Protection (KRITIS) defines which companies and facilities are part of the critical infrastructure nationwide.
Photo: imago/Jochen Tack
To implement an EU directive to strengthen the resilience of critical systems, the German Bundestag has passed the draft of an Umbrella Act for Critical Infrastructure Protection (KRITIS). This is the first time that the following sectors have been addressed collectively: energy, transport and traffic, finance and insurance, health, drinking water, waste water, municipal waste disposal, information technology and telecommunications, food, space and public administration.
Identification of critical systems
The draft law supplements the existing regulations in the area of information technology (IT) security for critical infrastructure. In addition, the companies and facilities that are part of the critical infrastructure are defined nationwide. The facility must be essential for overall supply in Germany and serve more than 500,000 people.
Minimum requirements for the protection of critical infrastructure
In addition, the draft law sets out nationwide, cross-sector minimum standards for the physical protection of critical infrastructure by operators. This could include, for example, emergency teams, stronger property protection and resilience measures. The basis for this is risk analyses and risk assessments that are prepared by the designated government agencies and made available to the operators. There is also a duty to report incidents.
Changes in the parliamentary process
Changes were made to the government draft in the parliamentary process. In particular, the federal states are given the opportunity to identify further critical facilities for critical services that are solely their responsibility. The Federal Ministry of the Interior is authorised to define the relevant criteria and procedures by statutory order, which requires the approval of the Bundesrat.
Considerations on transparency obligations for critical infrastructure are to be taken into account in the Resilience Strategy for Critical Infrastructure (KRITIS). In addition, the Umbrella Act for Critical Infrastructure Protection (KRITIS) is to be evaluated in two years, rather than waiting five years.
Further information is provided by the Federal Ministry of the Interior.