Policy & Legislation Overview — Understanding the Pulse of the Nation — All about general news.

Decision on extending has not been ratified by the Commission as of yet.

Cabinet approves EU directives execution. Wintergerst voices concerns over potential legal ambiguity and excessive administrative responsibilities.

, and ASMedia

2025 September 22 . 10:03 AM

2 min read

Extension of Commission's Decision Regarding Remainder Remains Pending

Decision on extending has not been ratified by the Commission as of yet.

The German government has adopted the KRITIS umbrella law, a significant step towards protecting critical infrastructure in the country. The law, which transposes an EU directive into German law, is set to be implemented by October 18, 2024.

Operators of critical infrastructure in Germany will be required to conduct a risk assessment for hybrid threats under the KRITIS umbrella law. However, concerns have been raised about potential legal uncertainties and unnecessarily high bureaucratic burden due to overlaps and different requirements with the NIS2 directive.

Dr. Ralf Wintergerst, President of Bitkom, has expressed his concerns, stating that the different terms and requirements in the KRITIS umbrella law and the NIS2 directive could lead to double regulations for sectors that already meet specific security requirements today.

One of the key points of contention is the exclusion of state administrations and administrative infrastructures from the KRITIS umbrella law. This exclusion could result in a higher level of security being forsaken in the core area of the state, leaving these entities exposed to physical and hybrid risks.

The EU Commission has initiated a contract infringement procedure against Germany due to the delay in implementing the KRITIS umbrella law. The search results do not contain specific information regarding which federal authorities or administrative infrastructures are excluded from the KRITIS umbrella legislation.

The KRITIS umbrella law is of significant importance for the protection of critical infrastructure in Germany. However, its implementation must be carefully managed to avoid potential legal uncertainties and ensure a harmonious integration with existing security measures, as reiterated by Dr. Ralf Wintergerst.

As the deadline for implementation approaches, it is crucial for all stakeholders to understand the implications of the KRITIS umbrella law and work together to ensure the protection of critical infrastructure in Germany.