On the basis of the principles coordinated in March 2019, the Bundesnetzagentur (Federal Network Agency), the Federal Office for Information Security and the Federal Commissioner for Data Protection and Freedom of Information have presented new security requirements for telecommunications system operators and service providers. The draft envisages enhanced security requirements for all system operators and service providers in the operation of telecommunications networks.

Additional specific security requirements are defined for public telecommunications networks and services exposed to a higher potential risk, including the 5G network.

Economic Affairs Minister Peter Altmaier said: “The future 5G network will provide central and critical infrastructure for tomorrow’s technologies. In view of the extremely great importance of 5G for Germany’s future competitiveness, the hardware and software used in the roll-out of 5G must meet the highest security standards. This is the goal we are pursuing in the revised catalog of security requirements. We need high standards so that we can guarantee security for all users in Germany.”

Interior Minister Horst Seehofer added: “The integrity of our telecommunications networks is a fundamental element of our security architecture. If we are to maintain home security, we must give consideration to all aspects of it. The new security requirements mark an important first step towards attaining this goal.”

The security requirements cover the following aspects:

certification of critical components,

proof that the manufacturers and suppliers are trustworthy,

safeguarding of product integrity,

introduction of security monitoring,

special standards to be met by staff in security-relevant areas,

provision of sufficient redundancies,

avoidance of monocultures.

The binding requirements apply to system technology of all types and from all manufacturers. The relevant companies and business associations have until 13 November 2019 to comment on the new security requirements. After this date, the security catalog is to be finalized.

In a second step, the Federal Government will present proposals for changes to legislation (e.g. Section 109 Telecommunications Act).