Skip to content
Datenschutz_im_21ten_Jahrhundert_Konferenz
09 September 2014

Germany is preparing for new IT security legislation

As an essential cornerstone of the Government’s Digital Agenda on 19 August Thomas de Maizière, Federal Minister of the Interior, presented a new draft law which aims at increasing the security of information technology systems (IT Security Act).

The IT Security Act draft (IT-SIG-E) provides for amendments in several specific legal acts, particularly in the BSI-G, TMG, TKG, BKA-G and AWG. The law aims to increase the minimum level of IT security. It primarily targets to boost IT security in critical infrastructures. Such infrastructures operate in various sectors which play a very important role for society (energy, health, transport, finance, etc.).

How does the IT Security Act affect the Internet?

Since large parts of the Internet are, in the legal sense, to be understood as “telecommunications infrastructure”, area-specific requirements for the security level already exist – in the German Telecommunications Act or, for telemedia services provider, in the German Teleservices Act.1 These are supposed to be modified and extended by the present legal draft.2 Telecommunications service provider (e.g. access provider) and Telemedia services provider (e.g. website operator), “which play a key role in the security of cyberspace,” are to “made even more accountable.”3

Problems of Internet regulation

Legal regulation however is not capable of resolving all problems regarding the Internet. Due to its global character, legal measures alone – especially when they “only” come from the national or the European level – cannot provide for the security of and in the Internet. For the Internet is just not an intranet. In addition, is an issue as well on the physical as on the logical level. Internet communication, for example, is based on internationally standardized protocols. Many features and services of the Internet which are essential to its security (here in the broad sense) are administrated by decentral actors who are not legally regulated. The Domain Name System (DNS), as another example, is necessary for the functioning of the Internet (it is important for the translation of domain names to IP addresses); the system is however managed by non-governmental organizations. Thus, IT security law can only serve as a partial solution.

Problems to be dicussed

Currently, the IT-SIG-E is submitted for inter-departmental coordination and approval. But However, it should not only be discussed in the ministries but also by computer scientists, legal experts, Internet activists and all other Internet users (and providers). The IT-SIG-E contains many contentious points. These include: the effectiveness and the scope of incident reporting requirements, the extent to which competencies to store inventory, traffic and usage data are required and whether the proposed act alltogether suffices to rise to the complex and manifold challenges.


  1. cf. § 109 TKG bzw. § 13 TMG; see also § 9 BDSG.
  2. for a more detailed legal analysis see Leisterer/Schneider, Das neue IT-Sicherheitsgesetz – Änderungen und Problemfelder, CR 09/2014, (forthcoming). Among other changes, the draft law extends the competences to storage data, modifies the cyber incident notifications requirements, introduces a notification requirement for service providers and makes it mandatory for personalised telemedia providers to offer a authentification method.
  3. IT-SIG-E, explanation, p. 3.

This post is part of a weekly series of articles by doctoral candidates of the Alexander von Humboldt Institute for Internet and Society. It does not necessarily represent the view of the Institute itself. For more information about the topics of these articles and associated research projects, please contact presse@hiig.de.

This post represents the view of the author and does not necessarily represent the view of the institute itself. For more information about the topics of these articles and associated research projects, please contact info@hiig.de.

Hannfried Leisterer, Dr.

Former associate doctoral Researcher: Global Constitutionalism and the Internet

Sign up for HIIG's Monthly Digest

HIIG-Newsletter-Header

You will receive our latest blog articles once a month in a newsletter.

Explore current HIIG Activities

Research issues in focus

HIIG is currently working on exciting topics. Learn more about our interdisciplinary pioneering work in public discourse.

Further articles

Modern subway station escalators leading to platforms, symbolizing the structured pathways of access rights. In the context of online platforms, such rights enable research but impose narrow constraints, raising questions about academic freedom.

Why access rights to platform data for researchers restrict, not promote, academic freedom

New German and EU digital laws grant researchers access rights to platform data, but narrow definitions of research risk undermining academic freedom.

Three groups of icons representing people have shapes travelling between them and a page in the middle of the image. The page is a simple rectangle with straight lines representing data used for people analytics. The shapes traveling towards the page are irregular and in squiggly bands.

Empowering workers with data

As workplaces become data-driven, can workers use people analytics to advocate for their rights? This article explores how data empowers workers and unions.

A stylised illustration featuring a large "X" in a minimalist font, with a dry branch and faded leaves on one side, and a vibrant blue bird in flight on the other. The image symbolises transition, with the bird representing the former Twitter logo and the "X" symbolising the platform's rebranding and policy changes under Elon Musk.

Two years after the takeover: Four key policy changes of X under Musk

This article outlines four key policy changes of X since Musk’s 2022 takeover, highlighting how the platform's approach to content moderation has evolved.