Germany Passes Strict Cyber-Security Law to Protect 'Critical Infrastructure'

In the wake of ever-increasing cyber-security threats, Germany has passed legislation ordering that over 2,000 essential service providers implement new minimum information security standards or face penalties if they fail to do so within two years.

The law passed its final hurdle in the upper house of the German parliament, the Bundesrat, on Friday after having passed the lower house in June.

The law will affect institutions listed as "critical infrastructure," such as transportation, health, water utilities, telecommunications providers, as well as finance and insurance firms. It gives companies two years to introduce cyber security measures or face fines of up to €100,000 ($111,000).

The Bundesrat-approved IT security law obliges firms and federal agencies to certify for minimum cyber-security standards and obtain Federal Office of Information Security (BSI) clearance. The companies must also notify the Office of suspected cyber-attacks on their systems.