<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
	<channel>
		<title>cyber law on ExcellentWiki - Legal Encyclopedia</title>
		<link>https://legal.excellentwiki.com/germany/cyber-law/</link>
		<description>Recent content in cyber law on ExcellentWiki - Legal Encyclopedia</description>
		<generator>Hugo</generator>
		<language>en-US</language>
		
		
		
		
			<lastBuildDate>Mon, 06 Jul 2026 00:00:00 +0000</lastBuildDate>
		
			<atom:link href="https://legal.excellentwiki.com/germany/cyber-law/index.xml" rel="self" type="application/rss+xml" />
			<item>
				<title>German Cyber Law</title>
				<link>https://legal.excellentwiki.com/germany/cyber-law/german-cyber-law/</link>
				<pubDate>Mon, 06 Jul 2026 00:00:00 +0000</pubDate>
				<guid>https://legal.excellentwiki.com/germany/cyber-law/german-cyber-law/</guid>
				<description>&lt;h2 id=&#34;the-bsi-gesetz-and-it-sicherheitsgesetz&#34;&gt;The BSI-Gesetz and IT-Sicherheitsgesetz&lt;/h2&gt;&#xA;&lt;p&gt;The primary statutory framework for cybersecurity in Germany is founded upon the BSI-Gesetz, which establishes the Bundesamt für Sicherheit in der Informationstechnik as the national cybersecurity authority, and the IT-Sicherheitsgesetz, which imposes sector-specific cybersecurity obligations on operators of critical infrastructure. The IT-Sicherheitsgesetz 2.0, enacted in May 2021, significantly expands the scope of the original 2015 legislation by extending mandatory security requirements and incident reporting obligations to companies of particular public interest — including manufacturers of critical components, cloud computing service providers, and companies in the defence, energy, and telecommunications sectors. The amendments introduced a regulatory framework for the detection of IT vulnerabilities, empowering the BSI to conduct automated scans and to inspect source code and other proprietary information where necessary to eliminate security deficiencies. The BSI is also authorised under the revised Act to issue administrative fines of up to €2 million for non-compliance with reporting obligations and up to €50,000 for failure to implement required organisational and technical measures. The Act requires operators of critical infrastructure to deploy systems for attack detection, to report significant IT security incidents to the BSI, and to demonstrate compliance every two years through audits conducted by accredited certification bodies.&lt;/p&gt;</description>
			</item>
	</channel>
</rss>
