Critical Infrastructure Protection Act (KRITIS umbrella law)
With the planned law on the protection of critical infrastructure (KRITIS umbrella law), Germany aims to significantly strengthen the protection of central supply and infrastructure systems. The law is intended to create a uniform cross-sector legal framework for critical infrastructure for the first time and oblige operators to take comprehensive measures for resilience, risk analysis and crisis prevention. The background to this is increasing geopolitical risks, cyber threats and the growing dependence of modern societies on functioning energy, IT, transport, health and supply structures. The KRITIS umbrella law supplements existing requirements – such as those from IT security law and the European NIS2 Directive – and expands them in particular to include requirements for the physical protection of critical facilities.
Operators of critical infrastructures and companies along the corresponding supply and value chains are faced with the task of adapting their risk management, security and compliance structures to the new legal requirements. These include risk analyses, protection concepts, reporting obligations and organisational measures to strengthen resilience. Our lawyers provide comprehensive advice to companies in connection with the KRITIS umbrella law, assist them in implementing regulatory requirements and support them in preparing their organisations for the new legal requirements at an early stage.
Our main areas of activity in connection with legal advice on the KRITIS umbrella law:
Assessing whether companies are classified as operators of critical infrastructure (KRITIS) within the meaning of the new law
Advising on risk analyses, protection concepts and resilience measures for critical facilities
Support in the implementation of governance and compliance structures in the KRITIS area
Advice on reporting obligations and communication with the relevant authorities
Classification of requirements in conjunction with the NIS2 Directive, IT Security Act and cyber security law
Legal support in the development and implementation of security and crisis management plans
Advice on supply chain and third-party risks in the KRITIS context
Representation before supervisory and security authorities
Training for management, compliance and security officers
Ongoing updates on regulatory developments in KRITIS and security law
