NIS2: Cabinet hands over open construction sites to Bundestag
When it comes to NIS2 implementation, the government is leaving contentious issues to the Bundestag, which will not meet again until September.
Federal Chancellery in Berlin.
(Image: Rico Markus/Shutterstock.com)
The Federal Cabinet has agreed on a draft for the implementation of the revised EU Network and Information Security Directive (NIS2). The German government is thus deferring most of the unresolved problems of the German implementation, which has been overdue for almost a year, to the Bundestag for further debate.
“Higher level of security”
“With the new law, we are creating a significantly higher level of security for our economy and administration,” says Federal Minister of the Interior Alexander Dobrindt (CSU). The new regulations will make them more resistant to cyberattacks. In the future, almost 30,000 jobs will be subject to stricter cyber security requirements instead of the previous 4500.
While the failed attempt by Ampel was intended to go beyond the European requirements, Black-Red has taken up the cause of wanting to implement the EU directive as far as possible without any overcompliance. “We are focusing on clear rules without unnecessary bureaucracy,” emphasizes Dobrindt.
However, many of the formulations now contained in the cabinet draft are by no means clear and uncontroversial. The internet industry association Eco, for example, criticizes the fact that “central questions” remain unanswered, such as the planned exemptions for companies whose critical role is “negligible”. “What sounds politically pragmatic is tricky in terms of European law,” criticizes Ulrich Plate for the Eco association.
Videos by heise
China clause much broader?
The German Broadband Association (Breko) has also criticized the implementation of NIS2. The regulations on so-called “critical components,” which the German government is now reformulating, may go well beyond what was previously understood by the “Huawei” paragraph 9b of the BSI Act. Breko CEO Stephan Albers fears that this could “not only prohibit the use of planned or already operational components in 5G networks, but also in fiber optic networks.”
In other words, the Ministry of the Interior could in the future prohibit the operation of technology from foreign countries that are not always friendly and oblige providers to replace it. However, the criteria for critical components are quite demanding; according to the draft law, several must be met. At midday, the Ministry of the Interior was unable to provide any more detailed information on whether the obligations had been extended to the last millimetre before the cabinet decision.
Members of the Bundestag are also likely to face numerous disputes in the coming weeks regarding the question of which public bodies will actually be subject to the NIS2 implementation. The responsible members of parliament are to carry out preparatory work during the parliamentary summer break. The Bundestag will not officially reconvene until September 10. After that, however, the German NIS2 implementation is to go through the parliamentary process quickly – a promise that has already failed several times in the past due to the complexity of the regulatory matter.
Kritis umbrella law to follow soon
The complementary law must continue to wait for this interim step: the Kritis umbrella law should implement the Directive on the better physical protection of critical facilities (CER Directive) –, i.e., regulations on fencing, video surveillance, incident reporting and other security measures. A spokesperson for the Federal Ministry of the Interior said at midday that work on this law was continuing at full speed.
(mma)
