The German government aims to better protect the country against sabotage, terrorist attacks, and natural disasters. The federal cabinet approved a draft law on Wednesday to improve the protection of critical infrastructure. The law would require companies in sectors such as energy and healthcare to implement measures to guard against service disruptions.
The so-called Kritis Umbrella Act (Kritis-Dachgesetz) originates from a proposal by the previous SPD-Greens-FDP coalition. The Bundestag had already considered the initiative in December, but it was not passed due to the collapse of the coalition. As a result, both the cabinet and the Bundestag must revisit the law, and the Bundesrat will also need to give its approval.
The law aims to define which infrastructure facilities are essential for supplying the population and maintaining economic stability. Eleven sectors, including energy, transport, and logistics, would be affected. For operators of these facilities, the law specifies the minimum protective measures they must take. The law follows an “all-hazards” approach, meaning every conceivable risk must be considered, from natural disasters to sabotage, terrorist attacks, and human error. Failure to comply with state regulations could result in fines ranging from €50,000 to €500,000.
Once the law comes into effect, affected companies and facilities must register by July 17, 2026. They will then be required to create resilience plans demonstrating the protective measures they have implemented. The Kritis Umbrella Act also serves to implement an EU directive from 2023 in Germany.
“With the Kritis Umbrella Act, we make Germany more resilient against crises and attacks. We establish uniform minimum standards, risk analyses, and disruption monitoring,” explained Federal Interior Minister Alexander Dobrindt (CSU). “Our goal is clear: The defensive capacity and resilience of our critical infrastructures must be strengthened.”
Green Party politician Konstantin von Notz accused Chancellor Friedrich Merz (CDU) of having refused to support the Ampel law at the time due to party-political considerations. “This politically irresponsible refusal has led to glaring security gaps that still exist today,” he said. Von Notz also criticized the new law, stating it “no longer accomplishes what is urgently needed, namely a unification of the protection of physical and digital critical infrastructures and coherent implementation of the two EU directives.”
By contrast, the Federal Association of Energy and Water Industries (BDEW) described the law as an “important step toward strengthening the resilience of critical infrastructures.” BDEW Chairwoman Kerstin Andreae said operators now “need legal and investment certainty as quickly as possible so they can continue to ensure the proactive protection of their facilities.”
From breaking news to thought-provoking opinion pieces, our newsletter keeps you informed & engaged.
