The German KRITIS Act: Does it really protect?
The blackout in Berlin at the beginning of January 2026 revealed how vulnerable our critical infrastructure is. Tens of thousands of Berliners were left for days without electricity, light, internet, and in some cases without heating, in freezing temperatures. Around 45,000 households and more than 2,200 businesses were offline, train services were limited, and hospitals and care homes had to rely on emergency power. The cause was an arson attack on a cable bridge over the Teltow Canal, which severely disrupted the power supply.
February 13, 2026
The blackout in Berlin at the beginning of January 2026 revealed how vulnerable our critical infrastructure is. Tens of thousands of Berliners were left for days without electricity, light, internet, and in some cases without heating, in freezing temperatures. Around 45,000 households and more than 2,200 businesses were offline, train services were limited, and hospitals and care homes had to rely on emergency power. The cause was an arson attack on a cable bridge over the Teltow Canal, which severely disrupted the power supply.
German KRITIS Act: Approach and goals
The KRITIS umbrella law aims to address this issue by establishing nationwide minimum standards for the protection of critical infrastructures. Its goal is to strengthen the resilience of supply systems – whether electricity, water, telecommunications, or healthcare. Risks from technical failures, sabotage, or cyberattacks are to be minimized. A uniform federal definition of critical infrastructures and clear requirements for operators are intended to ensure that both private and public facilities implement protective measures.
Challenges and criticisms
Despite the fundamentally sound approach, there are still open questions:
1. Imbalance between private and state facilities: Large parts of the federal administration are largely excluded from the protection framework under the draft law, while private operators must meet extensive requirements. This raises the question of whether state-operated supply systems, which are particularly critical to society, are adequately protected.
2. Federal special regulations: The law allows federal states to establish their own rules below the thresholds. This can lead to inconsistent security levels. Uniform nationwide standards are crucial so that authorities, operators, and emergency services can cooperate quickly and efficiently in a crisis.
3. Data security: Central information about pipelines, network structures, or supply points must be protected. Publicly accessible data increases the risk of attacks. Clear access concepts, encryption, and defined permissions are necessary to effectively secure critical infrastructures.
4. Technical implementation: Minimum standards on paper are only helpful if operators have the necessary technical resources, processes, and know-how. Concepts such as Zero Trust, multi-factor authentication, and continuous risk assessments are today’s basic prerequisites for real resilience of critical systems.
KOBIL solutions for KRITIS security
KOBIL offers practical solutions that support the protection of critical infrastructures both technologically and organizationally:
Companies must be empowered to continuously detect risks, automatically secure systems, and demonstrably ensure compliance with key security principles. Germany’s critical infrastructure must have no vulnerabilities – and our society must not pay the price for security gaps.
Key Facts at a Glance
Embark on Your Digital Journey with Our Solution
See how OneID4All™ and OneAPP4All™ can elevate your business to the next level.