Se­cu­ri­ty in­ci­dent re­port­ing

• Security incident report in accordance with section 168 of the Telecommunications Act (TKG)
• Information about reporting confidentiality

Security incident report in accordance with section 168 of the Telecommunications Act (TKG)

Pursuant to section 168 TKG, public telecommunications network operators and providers of publicly available telecommunications services are legally bound to notify the Bundesnetzagentur and the Federal Office for Information Security (BSI) without undue delay of a security incident with a significant impact on network operation or service provision. This includes faults that result in a restriction in the continuity of supply of services provided over those networks or in unauthorised access to users’ telecommunications and data processing systems.

In its reporting concept, the Bundesnetzagentur describes the national procedure for reporting security incidents with a significant impact on network operation or service provision in accordance with section 168(1) TKG. Section 182(1) TKG remains unaffected.

Since the entry into force of the national legislation implementing the European NIS 2 Directive, the initial early report of a security incident has to be submitted without undue delay, and in any event within 24 hours of becoming aware of the incident. This initial report has to indicate whether the incident is suspected of being caused by unlawful or malicious acts or could have a cross-border impact.

As quickly as possible, and in any event within 72 hours, a full report has to be submitted to update or confirm the above-mentioned information. If requested, both the Bundesnetzagentur and the BSI can require an intermediate report to be submitted.

A final report has to be submitted via the Federal Portal no later than one month after the full report has been submitted. If the security incident is still ongoing after one month of the initial report of the incident, an intermediate report has to be submitted. A final report then has to be submitted no later than one month after completing processing of the incident.

The reporting concept and the reporting form are available below for download:

Meldekonzept für die Mitteilung von beträchtlichen Sicherheitsvorfällen nach § 168 TKG (pdf / 694 KB) (in German)
Mitteilung eines Sicherheitsvorfalls nach § 168 Telekommunikationsgesetz (TKG) (pdf / 310 KB) (in German)

Information about reporting confidentiality

In the reporting concept relating to section 168 TKG, the Bundesnetzagentur draws attention to the confidentiality of reporting. In addition to mentioning the Bundesnetzagentur’s confidential treatment of the reports – conditional upon other legal provisions – the recommendation is made to use a secure transmission procedure in order to appropriately ensure confidentiality of the content being reported.

To report security breaches by email, the Bundesnetzagentur provides Section 217’s public PGP key to enable encrypted transmission to the following email address: sicherheitsvorfall.tkg@bnetza.de

The public PGP key is available below as a text file for download.
Public key security breach (txt / 1 KB)

To allow you to verify the authenticity of this public PGP key, the key ID and fingerprint are given below
Date created: 5 January 2022
Key ID: BA96 AB6C 6F98 EE4C
Fingerprint: A3BE50F656D84FA6CA6F9371BA96AB6C6F98EE4C

Once the key ID and fingerprint of the public PGP key have been imported into your own PGP key collection, a match can be verified.

The public PGP key of the Federal Office for Information Security can be downloaded as a text file from the link below:

http://bsi.bund.de/FAQ-Meldepflicht-IT-SiG