Navigation and service

The requirements of both regulations are immediately applicable from 10 May 2018. No additional implementation deadline is provided.

In this case, a distinction must be made between the character as an operator of critical infrastructure and as a provider of a digital service. For the parts of the company that are considered to be critical infrastructure (systems pursuant to the BSI KRITIS Regulation), the requirements and obligations in Sections 8a and 8b BSIG are decisive. For the digital service, the provider must comply with the requirements and obligations in the applicable regulations. Any mutual dependencies should be taken into consideration within the framework of conventional risk management procedures.

Digital service providers are not legally required to register and the BSI does not maintain such a register.

We recommend that all companies join the Alliance for CyberSecurity. This organisation provides information, for example, BSI cyber security warnings and other services from the BSI and its partners.

Online shops used by retailers to sell their own goods are not marketplaces within the meaning of Section 2 BSIG.

An online marketplace is a platform that is offered as a third-party service to a large number of sellers so that they can focus the sale of their goods to buyers. The objective of the regulation is to protect the quasi-infrastructural importance of the marketplace. If it fails, there is a threat of economic consequences for a majority of sellers and buyers, not just for an individual provider.