DSI Publications

Two articles explain the genesis and contents of the German IT Security Act 2.0, which was enacted in May 2021. This first article focuses on the origins of the law, the obligations of companies as operators of information technology, and the new regulations on the security of IT products.

The chapter summarises the current state of the application of international law to cyberspace and reviews attempts to find consensus among the community of states. While virtually all states agree that international law applies to state conduct in cyberspace, the 'how' remains a hotly contested issue. The chapter focuses on the prohibition of the use of force, the prohibition of intervention, and the principle of sovereignty and assesses their legal status vis-à-vis cyber operations. It follows a brief treatment of further international efforts to increase transnational cybersecurity, such as internet governance and arms control treaties.

The article deals with necessity as one of the circumstances precluding wrongfulness under customary international law and how it will likely gain relevance in view of the difficulty to quickly attribute malicious cyber operations that threaten important assets of a state. While the necessity doctrine seems fit for purpose, it lacks granularity and is problematic from an international rule-of-law point of view. Taking these pitfalls into account, the article proposes some general principles for a possible special emergency regime for cyberspace.

The article examines the legal qualification of state-led information operations that aim to undermine democratic decision-making processes in other states. After a survey of the legal attitudes of states towards such operations during the Cold War, the impact of the digital transformation on the frequency and quality of information operations is explained. The article then assesses scholarly responses to the outlined paradigm shift regarding the prohibition of intervention, respect for sovereignty and the principle of self-determination. The study then inquires whether it is possible to detect a change in how states qualify adversarial information operations by tracking recent state practice and official statements of opinio juris. The survey concludes that there is insufficient uniformity to allow for an inference that the content of the analysed rules of customary international law has already shifted towards more restrictive treatment of foreign interference. As a possible way forward, the article ends with a proposal to focus on deceptive and manipulative conduct of information operations as the most viable path to outlaw such state behavior in the future. Instead of attempting to regulate the content of information, this approach is better suited to safeguard freedom of speech and other potentially affected civil rights.

© Cambridge University Press and The Faculty of Law, The Hebrew University of Jerusalem 2020

Increasing dependence on information technology calls for strengthening the requirements on their safety and security. Vulnerabilities that result from flaws in hardware and software are a core problem which market mechanisms have failed to eliminate. A strategy for resolving this issue should consider the following options: (1) private- and public-sector
funding for open and secure production, (2) strengthening the sovereign control over the production of critical IT components within an
economic zone, and (3) improving and enforcing regulation. This paper
analyses the strengths and weaknesses of these options and proposes
a globally distributed, secure supply chain based on open and mathematically proved components. The approach supports the integration
of legacy and new proprietary components.

The public hearing of the Digital Agenda Committee on the topic of "IT security of hardware and software as a precondition for digital sovereignty" on Wednesday, December 11, 2019, analyzed how citizens, companies, but also public administration organizations in Germany are positioned with regard to digital sovereignty . The Committee led by Hansjörg Durz (CDU/CSU) focused primarily on the current state of Germany's IT infrastructure and governance, the need for legislative action, and security gaps.
In her statement, Isabel Skierka gives an assessment of Germany's industrial policy position in the field of digital technologies and the IT security situation and recommendations for strengthening digital sovereignty and IT security at the national and European level.

[Wie die Bürger, Unternehmen, aber auch die Verwaltung in Deutschland hinsichtlich der digitalen Souveränität aufgestellt sind, dazu gaben die Sachverständigen bei einer öffentlichen Anhörung des Ausschusses Digitale Agenda zum Thema „IT-Sicherheit von Hard- und Software als Voraussetzung für Digitale Souveränität“ am Mittwoch, 11. Dezember 2019, unterschiedliche Einschätzungen ab. Bei der Expertenbefragung unter Leitung von Hansjörg Durz (CDU/CSU) ging es vor allem um den Ist-Zustand der IT-Struktur Deutschlands, gesetzgeberischen Handlungsbedarf und Sicherheitslücken.
In ihrer Stellungnahme gibt Isabel Skierka eine Einsch¨ätzung zur industriepolitischen Stellung Deutschlands im Bereich digitaler Technologien sowie der IT-Sicherheitslage und Empfehlungen für die Stärkung digitaler Souveränität und der IT-Sicherheit auf nationaler und europäischer Ebene.]

The Commission “‘Competition Law 4.0’” was set up by the German Federal Minister for Economic Affairs and Energy with the task to draw up recommendations for the further development of EU competition law in the light of the digital economy. The final report with 22 recommendations was handed over in September 2019.
The commission finds that the practical and actual power of consumers to dispose of their own data must be improved, clear rules of conduct for dominant platforms must be introduced, legal certainty for cooperation in the digital sector must be enhanced, and the institutional linkage between competition law and other digital regulation must be strengthened.

Cybersicherheit ist für Europa zu einer Schlüsselfrage der globalen digitalen Transformation geworden. Mit dem Cybersecurity Act, also der Cybersicherheitsverordnung, hat die EU einen rechtlichen Rahmen mit dem Anspruch globaler Ausstrahlung vorgelegt. Eingebettet in eine Politik, die digitale Souveränität mit strategischer Verflechtung kombiniert, kann die Verordnung das Tor zu einem dritten Weg Europas im Cyberraum sein, der zwischen dem US-amerikanischen Modell der Marktfreiheit und dem chinesischen Modell des autori- tären Staatskapitalismus verläuft. Der Cybersecurity Act wird verbindlicher Handlungsrahmen und Rückenwind für die bundesdeutsche Cybersicherheitspolitik sein.

The Commission “‘Competition Law 4.0’” was set up by the German Federal Minister for Economic Affairs and Energy with the task to draw up recommendations for the further development of EU competition law in the light of the digital economy. The final report with 22 recommendations was handed over in September 2019.
The commission finds that the practical and actual power of consumers to dispose of their own data must be improved, clear rules of conduct for dominant platforms must be introduced, legal certainty for cooperation in the digital sector must be enhanced, and the institutional linkage between competition law and other digital regulation must be strengthened.