Cybersecurity Act: Rebuke from the Federal Audit Office
The German Federal Audit Office has published a report on the NIS-2 Implementation Act. In it, it criticizes the government's work and calls for improvements.
(Image: dpa, Oliver Berg)
Because the Federal Government is not improving known deficits in the implementation of the European Union's Network and Information Security Directive (NIS-2), the German Federal Audit Office believes that information and cybersecurity in Germany is at risk. This is the conclusion of a report by the Court of Auditors, which was submitted to the Bundestag's Budget Committee and Interior Committee on Tuesday. This was first reported by Tagesspiegel Background Cybersecurity.
Even after multiple departmental consultations, the draft bill drawn up by the Federal Ministry of the Interior and passed by the Federal Cabinet at the end of July falls short of the goals it set itself in key points, the auditors criticize. "Important regulations should not be uniformly binding for the entire federal administration. The result would be a 'patchwork quilt' that could jeopardize the information and cybersecurity of everyone involved," they write in the report.
Calls for improvements
The Bundesrechnungshof is therefore calling for the draft law to be amended during the parliamentary process. Exceptions to the central requirements for information and cybersecurity should be limited and the coordinator for information security should be given appropriate tasks and powers, according to two key demands. The report also states that the federal authorities' requirements for additional budgetary resources should be critically scrutinized.
At the heart of the implementation law are extensive new regulations for the cybersecurity of operators of critical infrastructures and facilities (KRITIS). In the future, significantly more public bodies and more companies will be subject to the cybersecurity requirements. Numerous previous regulations will be tightened, or at least the target group will be significantly expanded. For the first time, the law also includes companies in the supply chain.
The NIS 2 Implementation Act was actually supposed to come into force in October, but this is unlikely to happen. On September 27, the Federal Council will first discuss the draft law, even though it does not have to approve it. The Bundestag could then deal with the NIS-2 Implementation Act in the second week of October.
(akn)
