On 25 July 2015 in Germany, the new IT Security Act entered into force. The law aims to improve IT security in companies and public bodies, especially in the field of critical infrastructure, thus stipulating minimum security standards and reporting obligations for operators and providers of communication systems.
The law will affect institutions listed as “critical infrastructure” such as energy, information technology, telecommunications, transport and traffic, health, water, and food supply, as well as finance and insurance firms.
The new cyber-security law obliges firms and federal agencies to certify for minimum cyber-security standards and obtain Federal Office of Information Security (BSI) clearance. Operators of critical infrastructure will have to report significant security incidents and even suspected cyber-attacks to the BSI. It gives companies two years to introduce cyber-security measures. Fines of 100,000 Euro for non-compliance will be enforced.