Resumen de Informationssicherheitsrecht. IT-Sicherheitsgesetz und NIS-Richtlinie als Bausteine eines Ordnungsrechts für die Informationsgesellschaft
Information Security Law Towards an Order of the Information Society Information security is widely considered to be one of the most pressing problems of our time. Since 2015, lawmakers have started to address the issue and have passed legislation in Germany (IT-Sicherheitsgesetz) and the European Union (NIS-Directive), which is supposed to improve information security for operators of essential and digital services. A look beyond the recent statutes reveals that there already exists a large body of rules governing the safety of information networks and data infrastructures.
This article analyzes the main challenges faced by information security regulation. It explains why the previous legal regime failed to provide for an adequate level of information security – and why the recent approaches can be expected to be more effective. Especially, IT-Sicherheitsgesetz (ITSiG) and NIS-Directive mark a fundamental change in regulatory scope and strategy as well as a regulatory paradigm shift: So far, information security regulation has focused either on the protection of subjective rights or on the deterrence of and retaliation against deliberate attacks. ITSiG and NIS-Directive, on the contrary, attempt to strengthen the public and private IT infrastructure by creating or introducing institutions and instruments such as expert organizations, certification regimes, and information systems.
