The Bundesamt für Sicherheit in der Informationstechnik (BSI) is the German federal government's central cybersecurity agency, headquartered in Bonn. It was established on 1 January 1991 under the BSI-Errichtungsgesetz and operates under the supervision of the Federal Ministry of the Interior (BMI). The agency emerged in part from cryptographic functions previously housed within the Zentralstelle für das Chiffrierwesen, a unit linked to the BND.
The BSI's mandate covers a broad range of activities:
- Setting IT security standards for the federal administration, including the well-known IT-Grundschutz baseline protection methodology.
- Certifying products and services under Common Criteria and national schemes.
- Operating CERT-Bund, the computer emergency response team for federal agencies, and the National IT Situation Centre.
- Warning the public and industry about vulnerabilities and active threats, including consumer-facing guidance through initiatives like BSI für Bürger.
- Supervising critical infrastructure (KRITIS) operators' security obligations.
Its powers were significantly expanded by the IT-Sicherheitsgesetz of 2015 and the IT-Sicherheitsgesetz 2.0 of 2021, which added authority over operators of "companies in the special public interest," strengthened reporting duties, and introduced the concept of components from untrustworthy vendors in 5G networks. The BSI is also the national competent authority under the EU NIS Directive and its successor NIS2.
The BSI publishes an annual Lagebericht zur IT-Sicherheit in Deutschland assessing the national threat landscape. It has been at the centre of several high-profile episodes, including responses to the 2015 Bundestag hack attributed to APT28 and ongoing debates over Huawei equipment in German 5G infrastructure. A 2022 controversy led to the dismissal of then-president Arne Schönbohm over alleged contacts with a Russia-linked association; Claudia Plattner became BSI president in July 2023. The agency is frequently compared to the US CISA, France's ANSSI, and the UK's NCSC.
Example
In its 2023 annual situation report, the BSI characterised the cyber threat level in Germany as "higher than ever before," citing a surge in ransomware attacks against municipalities and small businesses.
Frequently asked questions
The BSI is a federal agency under the supervision of the Federal Ministry of the Interior and Community (BMI).
Keep learning