The German federal cabinet is preparing to adopt a new “Kritis-Dachgesetz” this Wednesday, a framework law designed to enhance the protection of critical infrastructure across the country.
The draft bill introduces binding standards for operators of energy companies, airports, financial services, IT systems and other vital facilities to shield Germany against sabotage, terrorism and natural disasters.
The new law comes in response to growing threats and recent incidents such as the large-scale power outage in southern Berlin, triggered by an arson attack earlier this week.
The government argues that existing patchwork rules must be replaced with unified national standards to strengthen resilience.
Key obligations for operators
Under the draft law, operators of critical infrastructure will be required to:
- Guarantee adequate physical security of their premises and assets.
- Implement incident response mechanisms to limit negative consequences.
- Register facilities and develop resilience plans tailored to sector-specific risks.
- Report disruptions and security incidents promptly to authorities.
Non-compliance could result in financial penalties, ensuring that all providers meet minimum safety benchmarks.
Broad definition of critical infrastructure
According to the draft, critical infrastructure includes facilities that supply at least 500,000 people or are essential for national services.
Ten sectors fall under this category: energy, transport, finance, social security, healthcare, food supply, water, waste management, information technology/telecommunications, and space operations.
By setting cross-sector resilience requirements for the first time, the government hopes to prevent cascading failures where, for example, disrupted transport networks can also affect food distribution.
A second pillar: EU cyber security directive
The law complements Germany’s planned transposition of the European NIS-2 directive, which aims to bolster cyber resilience in essential services.
That draft has already passed the cabinet and will be debated in the Bundestag this Thursday.
Together, the two measures form the backbone of a comprehensive national security strategy for critical infrastructure.
Background and political context
Efforts to pass a similar law date back to the former “traffic-light” coalition (SPD, Greens, FDP). Although a cabinet agreement was reached, political disagreements in parliament prevented progress.
Now, following the collapse of that coalition, the CDU-led interior ministry is pushing the proposal forward with new urgency.
As Interior Ministry officials put it: “With the Kritis-Dachgesetz we are making Germany more resilient to crises and attacks.”
