-> Family business welcomes planned framework legislation by the Federal Government
-> Security Advisory Board: Today, the security industry is an important cornerstone of society and industry
-> Law offers huge opportunity for awarding contracts according to binding quality standards and best bidder procedures
Essen/Berlin (25.01.2023). Acts of sabotage against railway lines and cyber-attacks on public institutions have recently brought security for critical infrastructures (CRITIS) back into the public focus. Against this backdrop, KÖTTER Security welcomes the key points paper for a Critical Infrastructure Protection Act recently adopted by the German government. At the same time, however, the largest family-owned company in the security industry is calling for much greater involvement of the private security industry in the reorientation of critical infrastructure security.
The private security industry has long been an important cornerstone in the protection of critical infrastructure. For years, the service providers have been supporting companies in the affected sectors with holistic risk and business continuity management concepts, and have taken on responsibility for the protection of power plants, data centres and internet nodes, (air)ports, public transport, authorities, etc. through security services and technology.
“A key function, therefore, which has not yet been sufficiently taken into account in the federal government’s key points paper for the planned framework legislation, ” says Dr Harald Olschok, member of the KÖTTER Security Advisory Board. “For example, although the paper lists physical security requirements as one of its objectives, it is otherwise focused solely on government authorities and critical infrastructure operators. Unfortunately, there is a complete lack of specific information on the service providers who already provide comprehensive personnel and technical protection measures. This content should, therefore, be included in the legislation, as well as the recognition of the security industry as a separate critical infrastructure sector. This is because the classification as a systemically important sector is another key factor to further strengthen its role as an important cornerstone of internal security.”
This is also emphasised by Wolfgang Bosbach, also a member of the KÖTTER Security Advisory Board and one of Germany’s most accomplished interior security experts: “A key points paper is not yet a draft law, and a draft law is not yet a law – nevertheless, we should not underestimate the importance of such papers. The private security industry does not compete with the state security bodies, and it does not want to take over their tasks under the scope of private industry responsibility. However, it is, without doubt, an important, indispensable component of a robust security architecture. This applies, in particular, to the area of prevention, because the more effectively danger prevention functions, the more the state authorities are relieved of such a burden. It would not only be desirable but absolutely necessary that this is also recognised by the legislator and taken into account in the upcoming legislative process. Should the Federal Ministry of the Interior and Home Affairs not take this into account within the scope of its own responsibility, it would be the task of the legislator to ensure a correction, or more precisely: a supplementation, here. After all, the old legal adage applies here, too: no bill leaves parliament as it was introduced.”
KÖTTER Security Advisory Board member Fritz Rudolf Körper highlights the special opportunity arising from the German government’s planned adoption of the “EU Directive on Critical Entities Resilience/CER Directive”, which was adopted at European level at the end of 2022 and must now be transposed into national law within 21 months. “This regulation is a milestone, because for the first time, an EU Directive recommends critical infrastructure operators to cooperate with private service providers exclusively on the basis of fixed standards.” An anchoring thereof within German legislation (with subsequent adaptation) would thus offer a huge opportunity to implement the “best bidder principle” long recommended by the European Confederation of Private Security Services (CoESS) for awarding contracts, as well as its high-quality standards for all providers of critical infrastructure in connection with the standards to be applied in this context according to the CER Directive (Art. 16).
An important source of orientation in the sense of the CER Directive is provided by the European series of standards EN 17483 “Private Security Services – Critical Infrastructure Protection”, which has already been published with the basic requirements in Part 1 and will successively define sector-specific requirements for security service providers in the critical infrastructure environment in the parts of the standard already being developed for this purpose. Parts 2 and 3 for “Airport and aviation security services” and “Maritime and port security services”, respectively, will follow later this year.