IT Security Act

In June 2015 the German parliament passed the first Geman IT Security law (IT-SiG).

Amongst others the IT-SiG regulates that operators (companies) of socalled critical infrastructures (KRITIS) must prove a minimum level of IT security and security organization. At the same time IT security incidents must be detected, identified and notified to the Federal Office for Information Security (BSI). The objective is to ensure the reliable supply of the FR Germany and the independent operation of critical company processes. 

The IT-SiG applies for companies of critical infrastructures (KRITIS). The branch specific definition of "critical infrastructures" will be defined and regulated (UV KRITIS) by the Federal Ministry of the Interior (BMI). 

The infringement of the law will result in penalties in a million euro range.   

The IT-SiG applies for already regulated institutions as e.g. the Federal Network Agency, the German Financial Supervisory Authority but also for every company with more than 10 employees and an annual turnover of more than 2 mio. Euro. And also service provider and sub suppliers of KRITIS companies must comply to the conditions of IT-SiG.   

Important to know is that companies must prove that the conditions of the IT security law are not applicable. KRITIS companies must confirm the compliance of legal requirements by means of a first audit until the end of 2017 and afterwards at regular intervals of 2 years.

Which branches and industries are affected by the IT-SiG?

• Energy
• Health care
• Information technology & Telecommunication
• Transportation 
• Water
• Finance and Insurance 
• Food Industry


With the SecuRisk GmbH the Data Center Group disposes of a highly specialist component within the group of companies. The SecuRisk GmbH advises and supports regarding open issues  concerning the IT security law. 

Contact details


RZ-Products GmbH
In der Aue 2
57584 Wallmenroth

Phone: +49 2741 9321-0
Fax: +49 2741 9321-111

Data Center Group
Data Center Group

This website uses external components, such as maps, videos or analysis tools, all of which can be used to collect data about your behaviour. For more information about the services we use and how to withdraw your consent, please see our privacy policy.
Your consent to this is voluntary, not necessary for the use of the website and can be revoked at any time with effect for the future.