Second act on increasing the security of IT systems (German IT Security Act 2.0)
With its signing by the Federal President and publication in the Federal Law Gazette :the second act on increasing the security of IT systems (German IT Security Act 2.0) entered into force. The Federal Council approved the Act on 7 May 2021. The law had been passed in the German Bundestag on 23 April 2021. The BSI has thus gained new authorities that significantly strengthen its work as the federal cyber security authority.
The German IT Security Act 2.0 strengthens the BSI in the following areas:.
- Detection and defence: The BSI has received increased authorities in the detection of security vulnerabilities and the defence against cyber attacks. As Germany's primary competence centre for information security, the BSI can thus shape secure digitalisation and, among other things, set binding minimum standards for the federal authorities and monitor them more effectively.
- Cybersecurity in mobile networks: The Act contains a regulation on prohibiting the use of critical components to protect public order or security in Germany. Network operators must also meet specific high-level security requirements, and critical components must be certified. Among other things, the law ensures information security in 5G mobile networks.
- Consumer protection: The BSI is to become the independent and neutral advisory body for consumers on IT security issues at the federal level. This means consumer protection is now a function of the BSI. The introduction of the uniform IT Security Mark for citizens is intended to make IT security more transparent in the future and to make it clear which products already comply with specific IT security standards.
- Security for businesses: Critical infrastructure has been expanded to include the municipal waste management sector. In addition, other companies in the special public interest (for example, arms manufacturers or companies of particularly high economic importance) will also have to implement certain IT security measures in the future and will be included in exchanges of confidential information with the BSI.
- National Cybersecurity Certification Authority: According to Section 9a (1), the BSI is the National Cybersecurity Certification Authority (NCCA) within the meaning of Article 58(1) of Regulation (EU) 2019/881, also known as the Cybersecurity Act (CSA). The NCCA is responsible in particular for overseeing and enforcing rules as part of the European schemes for cyber-security certification. The activities of supervision and certification are to be kept strictly discrete and carried out independently.
By their very nature, information security and digitalisation go hand in hand. They are two sides of the same coin, and of the BSI. With the German IT Security Act 2.0, the German Bundestag and the Federal Council have completed a clear and urgent upgrade of information security in Germany. For the digital transition to succeed in a secure manner, the BSI needs to function as a strong federal cybersecurity authority. Providing advice, information and warnings will become increasingly important in the future.
To the topic
- Companies in the special public interest
- Aviation security
