Neil Ford explains:
Germany has passed a new IT security law requiring critical infrastructure institutions to implement minimum information security practices or face fines of up to €100.000.
The new law, which was drafted last August, was passed by the Bundestag last month and has now been passed by Germany’s upper house, the Bundesrat.
It gives more than 2,000 essential service providers two years to comply with the new requirements, which include achieving certification to cyber security standards and obtaining clearance from the Federal Office for Information Security (BSI). The BSI itself will be expanded to cover new obligations, which include evaluating reports of possible cyber attacks on critical infrastructure.
Read more on IT Governance.