Berlin – A draft of Germany’s proposed “Cybersecurity Law” (Cybersicherheitsgesetz) is drawing criticism from the eco – Verband der Internetwirtschaft e.V., a leading internet industry association, over concerns it could grant sweeping powers to state security agencies, potentially normalizing levels of government intervention into network infrastructure previously associated with authoritarian regimes. The proposed legislation, intended to strengthen cybersecurity defenses, is now sparking a debate about the balance between security and civil liberties.
According to a statement released on March 2nd, 2026, and further detailed on March 7th, 2026, the eco association warns the draft law shifts the focus of cybersecurity from protection and resilience to a justification for state intervention in networks and systems. This fundamental change in approach is described as “ordnungspolitisch hoch problematisch” – politically problematic – by Klaus Landefeld, a member of the eco board. The core concern revolves around the potential for authorities to actively manipulate and redirect internet traffic.
The proposed law would significantly expand the authority of the Bundeskriminalamt (BKA – Federal Criminal Police Office), the Bundespolizei (BPOL – Federal Police), and the Bundesamt für Sicherheit in der Informationstechnik (BSI – Federal Office for Information Security). These agencies would gain new and expanded powers to issue orders and intervene in digital infrastructure, leading to a substantial shift in competence and power, according to the eco association. The draft legislation allows for not only blocking traffic but likewise its redirection or interruption, and even the ability to collect, delete, or modify data within IT systems.
Expanded Powers and Concerns Over Data Manipulation
The eco association’s critique centers on the potential for these powers to go beyond the existing practice of shutting down demonstrably malicious infrastructure. The ability to redirect data traffic, specifically to systems known as “sinkholes” controlled by law enforcement, is highlighted as a particularly concerning element. This practice, as outlined in the draft law’s justification, could create a technical infrastructure capable of centrally influencing communication flows. Such tools, including DNS and routing interventions, have historically been associated with censorship and control regimes, raising fears of potential abuse.
“If we normalize such mechanisms legally, we establish instruments that could be structurally misused for content control and simultaneously lose credibility in the international debate about digital freedoms,” Landefeld stated. He drew a direct comparison to similar laws in Russia and Turkey, questioning whether Germany should adopt practices previously criticized on the global stage. The eco association emphasizes that cybersecurity should not become a pretext for state control and manipulation of networks.
Echoes of Previous Concerns Regarding Surveillance
This debate builds on previous concerns raised by the eco association regarding digital security and government overreach. In December 2025, the organization warned about a proposed federal police law, criticizing provisions related to “state Trojans,” chat control, and the potential loss of trust in encrypted communication. The current concerns surrounding the Cybersecurity Law appear to represent a continuation of this trend, with the eco association consistently advocating for a balance between security measures and the protection of fundamental rights.
The eco association argues that the focus should be on strengthening the resilience of digital infrastructure, rather than establishing extensive state control and intervention capabilities. They are calling on lawmakers to fundamentally revise the draft law and establish clear, legally sound safeguards.
What’s Next for the Cybersecurity Law?
The draft Cybersecurity Law is currently under review by German lawmakers. The eco association’s strong criticism is likely to fuel further debate and potentially lead to amendments before the legislation is finalized. The outcome will have significant implications for the future of cybersecurity in Germany and the balance between state security and digital freedoms. The debate highlights the ongoing challenge of crafting effective cybersecurity policies that protect critical infrastructure without infringing on fundamental rights.
What are your thoughts on the balance between cybersecurity and privacy? Share your opinions in the comments below.
