Businesses should adopt a holistiic approach to Germany’s new critical infrastructure regulatory framework.
The KRITIS Framework Act (KRITIS-DachG) was passed into law by the German Bundestag on 17 March in response to growing threats to critical infrastructure, particularly those resulting from acts of sabotage and hybrid threat scenarios.
Through bringing KRITIS-DachG into force, Germany has implemented the requirements of the EU Directive on the resilience of critical infrastructure (Directive (EU) 2022/2557) at the national level. The aim is to establish a uniform, cross-sectoral minimum level of protection for the physical security and organisational resilience of critical infrastructure.
As well as forming a central role in Germany’s national cybersecurity strategy, the KRITIS-DachG affects a wide range of businesses and operators, thus raising a number of significant issues under employment law, which we outline below.
Companies must meet a new comprehensive resilience obligation under the KRITIS-DachG framework. Under section 13 paragraph 1, operators of critical infrastructure are obliged to take appropriate measures to prevent incidents from occurring; to ensure adequate protection; to respond to and mitigate incidents; to limit their impact; and to ensure the rapid restoration of critical services in the event of a disruption.
The necessary measures may be of a technical, security-related or organisational nature and must be based...
Shabana Mahmood has warned of a “dangerous undercurrent” surrounding commentary on the death of Henry Nowak after revealing that a police officer was forced to relocate for his own safety after be...