Cybersecurity in CRITIS regulated by law

If companies belong to the so-called critical infrastructures (CRITIS), they are regulated by law with regard to cyber security, for example

  • in the European Union (EU) through a mandatory directive to ensure a high level of network and information security (NIS-1 and NIS-2 directive)
  • in Germany by a national law that transposes the EU NIS directive into national law.

Tightening the rules

In Germany, this law is called the "IT Security Act" (version 2.0 since 2022), which is an article law that amends the "individual law" relevant to CRITIS, namely the BSI Act, or BSIG for short.

With the IT Security Act 2.0 or the amended BSIG, the obligations for German CRITIS operators have become even more stringent. The group of companies affected has also increased due to new definitions and threshold values.

In our view, with the IT Security Act 2.0, Germany, as with the NIS 1 Directive, has "pre-empted" the NIS 2 Directive in terms of content and time. The strict IT Security Act 2.0 should already have implemented large parts of the new NIS-2 Directive. The missing parts would then possibly be transposed into national law in an IT Security Act 3.0 or in the planned CRITIS umbrella law. The same implementation scenario is also considered likely for the EU RCE Directive on the resilience of critical entities, the CER Directive.

State-of-the-art technology required

All regulations on CRITIS cyber security are always about ensuring appropriate organisational and technical precautions to prevent disruptions to the

  • availability
  • integrity
  • authenticity
  • and confidentiality

of information technology systems, components or processes. These must correspond to the current state of the art in order to achieve a high level of security of network and information systems.

In Germany: Optional guarantee declaration on the part of the manufacturer / upstream supplier

In Germany, since 2022, in addition to the CRITIS operators, manufacturers and upstream suppliers must also optionally submit a guarantee declaration / trustworthiness check for critical components in accordance with § 9b paragraph (3) BSIG.

The Dallmeier promise

Dallmeier products and solutions have the highest level of technical precautions and functions that enable customers and CRITIS operators to implement cybersecurity-compliant video security solutions.

Dallmeier stands for the highest level of security in terms of law and compliance, data protection and cybersecurity: