Security First: Schwarz-Rot Restricts Transparency for Kritis

Following the serious attack on Berlin's power infrastructure in early January, politicians want to upgrade security measures. The coalition factions of CDU/CSU and SPD have finalized the new umbrella law for the protection of critical infrastructures (Kritis). The now-leaked amendment to the government draft clarifies that the resilience of the Federal Republic will no longer be solely a matter of IT security in the future, but a comprehensive national security task.

One of the innovations concerns the powers of the federal states. In the future, they will receive significantly greater flexibility in identifying critical facilities. While previously rigid thresholds – such as supplying at least 500,000 people – were often decisive, the states are now allowed to lower these limits independently. This could allow smaller, but regionally system-relevant facilities to be placed under special legal protection if they fall entirely within the responsibility of the respective state. The Federal Ministry of the Interior is to quickly develop a legal ordinance to this effect, which will define the exact criteria and procedures.

In parallel, the factions will introduce a motion for a resolution that marks a U-turn in information policy. They are calling on the federal government to drastically reduce transparency obligations. The demand to review infrastructure information that is already publicly accessible and, if necessary, to consistently remove it from the internet is sensitive. The background is the suspicion that the perpetrators of the Berlin attack could have used publicly available site plans for their sabotage planning. Schwarz-Rot therefore wants to ensure that sensitive data on pipeline routes or power plant nodes will no longer be available to terrorists in the future. The initiative also aims to involve the European level in order to revise EU-wide transparency requirements, for example in energy law.

Transparency to be Weighed

The coalition intends to enshrine in law that security takes precedence over other concerns such as planning or environmental law. Authorities and operators will be encouraged to consistently use existing exceptions to publication obligations. To improve technical monitoring, operators will in future have to report in detail to the Federal Office for Information Security (BSI) which types of critical components they are installing – including the specific version numbers. This information is to flow exclusively to the BSI to be able to issue targeted warnings in the event of security vulnerabilities.

The operational cooperation between the state and the economy will also be newly regulated. The Federal Office for Civil Protection and Disaster Assistance (BBK) will be obliged to confirm incoming incident reports from operators immediately and to support them with relevant follow-up information or guidelines for strengthening resilience. In addition, the BBK is to create regular situation reports on the overall status of critical infrastructure and make them available to operators and authorities. The government is thus responding to criticism that companies often receive too little feedback from the state in crisis.

"No Significant Improvements"

The Schwarz-Rot coalition also wants to strengthen the sanctions for the provisions. The amendment, for example, provides for an increase in fines. In cases of serious violations of reporting or registration obligations, these can amount to up to one million euros. To ensure that the new regulations take effect, the first evaluation of the law has been brought forward from five to two years after its entry into force.

Manuel Atug from AG Kritis still sees no significant improvements. "Transparency obligations are essential in a democracy and protect against accidents," he said. Furthermore, all critical infrastructures must also be recorded in the state and administration. However, the coalition apparently wants to rely on the principle of "security before visibility."

The Bundestag is to adopt the revised draft law on Thursday. Schwarz-Rot is also likely to reject a motion by the opposition Greens. In it, they advocate "for holistic protection of our critical infrastructure."

(mki)