Support Centre

Germany: Bundestag adopts draft IT Security Act 2.0

The German Federal Parliament ('Bundestag') adopted, on 23 April 2021, the draft of a Second Act to Increase the Security of Information Technology Systems ('IT Security Act 2.0'). In particular, the draft IT Security Act 2.0, aims to increase the security of information technology systems and enhance the powers of the Federal Office for Information Security ('BSI') allowing it to issue orders to telecommunications and telemedia providers to protect against specific dangers to information security.

In addition, the draft IT Security Act 2.0 provides that the BSI will be tasked with regulating consumer protection and that the basis for a uniform IT security label will be introduced to make the IT security of products visible to consumers. Furthermore, the draft IT Security Act 2.0 seeks to, among other things, expand the obligations for operators of critical infrastructures and other companies that are of 'particular public interest.'

You can read the Bundestag's press release, only available in German, here.

UPDATE (10 May 2021)

Bundesrat adopts draft IT Security Act 2.0

The Federal Council ('Bundesrat') adopted, on 7 May 2021, the draft IT Security Act 2.0 as well as an accompanying resolution during its 1,004th meeting. In particular, the resolution calls on the Federal Government ('Bundesregierung') to develop a normative basis so that responsible authorities under state law can be immediately informed of relevant IT security information, therefore allowing them to take necessary action.

The draft IT Security Act 2.0 needs to be signed by the Federal President of Germany, Frank-Walter Steinmeier, and promulgated in the Federal Law Gazette ('Bundesgesetzblatt') before entering into effect. In addition, the Bundesrat's accompanying resolution has also been forwarded to the Federal Government for consideration.

You can read the Bundesrat's press release here, and the resolution here, all only available in German.