Berlin (dpa) – The Bundestag passed a second IT security law on Friday, which is intended, among other things, to protect important infrastructure such as mobile communications and energy networks.
One of the innovations is that the Federal Ministry of the Interior can prohibit the use of safety-relevant components if the manufacturer is controlled by the government of another country or has already been involved in hazardous activities. Previously, the focus was on a statement of assurance from the manufacturer itself.
The law increases the role of the Federal Information Security Agency (BSI), which should be more concerned with consumer cybersecurity. IT security labels will be introduced so that consumers can find their way more easily.
The IT Security Act 2.0 is the result of a long discussion. It was also held against the background of whether the Chinese network provider Huawei may participate in the expansion of the new 5G data network. With the new version, there is a broader legal basis for excluding Huawei.
The US, in particular, has accused Huawei of close ties to the Chinese government and has imposed severe sanctions on the company, citing the risk of espionage and sabotage. Huawei dismisses the allegations.
“With the expansion of the 5G network, security issues are now of central concern,” said Mathias Middelberg, national spokesperson for the CDU / CSU faction. The responsible EU rapporteur Christoph Bernstiel emphasized that in addition to a technical review, there would also be a political review of the manufacturers. However, it is not “Lex Huawei” because the same requirements apply to everyone. SPD rapporteur Sebastian Hartmann emphasized that Parliament has set clear criteria for this.
At the same time, Green network expert Konstantin von Notz accused the government of doing too little for IT security over the years – and is now “in the last corner of the legislature” with a design that has been criticized by many experts. The law was passed with the votes of the governing coalition.
The digital association Bitkom criticized the new security law as “a combination of technical certification machines and political and regulatory discretion with questionable added value for IT security”. The Federation of German Industries (BDI), on the other hand, welcomed the law. It paves the way for the expansion of a secure 5G network in Germany.
BSI chief Arne Schönbohm told the German news agency that the BSI as a strong federal cybersecurity authority was needed for digitization to work securely. “Advising, informing and warning will become increasingly important in the future.” The new law would allow extensive improvements in all three of the BSI’s main areas of responsibility.
On the one hand, the BSI’s mandate to protect the federal administration will be reinforced by new audit and control powers. “I am delighted that BSI will become the independent and neutral consumer counseling center on IT security issues at the federal level.” In addition, the scope of the BSI will be extended to companies that are of particular economic importance due to their high added value or whose failure would impact critical infrastructure as a result of an attack. “This step is correct and consistent because the cybercrime threat situation in Germany remains at a tense, high level.”