#BGBl. 2026 I Nr. 66Umbrella Act for Strengthening the Physical Resilience of Critical Infrastructure (Implementation of EU Directive 2022/2557), dated 11 March 2026

This German federal law, published in the Federal Law Gazette (BGBl. 2026 I Nr. 66) on 16 March 2026 and signed on 11 March 2026, transposes the EU Critical Entities Resilience (CER) Directive 2022/2557 into national law. It establishes a comprehensive legal framework requiring operators of critical infrastructure across key sectors to identify risks, implement physical resilience measures, and report incidents to competent authorities. The Federal Ministry of the Interior leads implementation. The law introduces new and amended legal provisions across multiple regulatory areas (FNA codes: 206-10, 752-6, 752-6-5, 206-9, 7400-4-1, 900-17, 754-3, 754-36, 206-2-2, 752-6-14), covering sectors including energy supply, postal and telecommunications services (Deutsche Post AG, Deutsche Postbank AG, Deutsche Telekom AG), public IT infrastructure, electricity and gas networks, and foreign trade-related infrastructure. Critical entities must conduct regular risk assessments, adopt physical and organizational resilience measures, designate security liaisons, and notify authorities of significant disruptions. The state must in turn identify which entities qualify as 'critical' through national risk assessments, provide guidance, and enable cross-border cooperation with EU partners under the CER framework. The law represents a significant expansion of Germany's existing KRITIS (critical infrastructure) regulatory regime, moving beyond cybersecurity-focused rules (as under BSI-Gesetz) to explicitly address physical threats such as sabotage, natural disasters, and terrorism against critical facilities.

AI-generated summary. May contain errors. Refer to official sources for legal decisions.