The German Federal Network Agency has published a draft catalogue of security requirements for the operation of telecommunications and data processing systems for personal data. The catalogue was drafted in cooperation with the Federal Office for Information Security and the Federal Commissioner for Data Protection and Freedom of Information. The measures include the certification of critical components, trust certificates from manufacturers and system suppliers, integrity of product safety monitoring, and the employment of trained specialists in safety-relevant areas, among others. The catalogue will be submitted for notification to the European Commission.
At the same time, the Federal Network Agency has started a consultation on a draft list of critical functions for key infrastructures with increased risks. These functions will be listed in a document prepared jointly with the Federal Office for Information Security. The functions currently considered critical include subscriber administration and cryptographic mechanisms (if part of the network), cross-network interfaces, network services, and network functions virtualization Management and Network Orchestration (MANO), among others.