The dependence on information technology systems is growing in our social system with increasing specialisation and division of labour. Information technology operates where the flow of water, traffic, food, medicines, energy and money is to be controlled by administration and the economy. The legislator therefore takes into account the important role of information technology as a controlling infrastructure and adopted the IT Security Act (ITSiG) and the Critical Regulations (KritisVO) for the protection of critical infrastructures based on it.
The legislator defines critical infrastructures (KRITIS) as organisations or institutions of important importance for the state community whose failure or impairment would result in supply bottlenecks with a lasting effect, considerable disruptions to public security or other dramatic consequences. The Federal Office for Information Security (BSI) names the areas of energy supply, information technology and telecommunications, transport and traffic, health, water, nutrition, finance and insurance, government and administration as well as media and culture. If more than 500,000 citizens are affected by the failure of an infrastructure in one of these areas, this infrastructure is considered critical. As the operator of such an infrastructure, ITSiG and KritisVO require them to provide the BSI with special evidence.