Se­cu­ri­ty in­ci­dent re­port­ing

Security incident report in accordance with section 168 of the Telecommunications Act (TKG)

Pursuant to section 168 TKG, public telecommunications network operators or providers of publicly accessible telecommunications services are legally bound to notify the Bundesnetzagentur and the Federal Office for Information Security (BSI) without undue delay of a security incident with a significant impact on network operation or service provision. This includes faults that result in a restriction in the continuity of supply of services provided over those networks or in unauthorised access to the users' telecommunications and data processing systems.

This provision transposes into German law subsection 2 of Article 40 of Directive (EU) 2018/1972 of the European Parliament and of the Council of 11 December 2018 establishing the European Electronic Communications Code (Recast).

In its reporting concept, the Bundesnetzagentur describes the national procedure for reporting security incidents with a significant impact on network operation or service provision in accordance with section 168(1) TKG. Section 182(1) TKG remains unaffected.

In accordance with section 13 para 2 of the Administrative Procedure Act (VwVfG), stakeholders – here, all operators of public telecommunications networks and providers of publicly accessible telecommunications services – are to be consulted. They are invited to submit their responses to the reporting concept and form to section 217 no later than 28th April 2022 by
email: or
by post: Section 217
An der Trift 40
66123 Saarbrücken
(as shown by the Bundesnetzagentur's date stamp).

The implementation concept and the reporting form are available below for download.

Meldekonzept für die Mitteilung von beträchtlichen Sicherheitsvorfällen nach § 168 TKG (pdf / 694 KB) (in German)
Mitteilung eines Sicherheitsvorfalls nach § 168 Telekommunikationsgesetz (TKG) (pdf / 310 KB) (in German)

Information about reporting confidentiality

In the reporting concept on section 168 TKG, the Bundesnetzagentur draws attention to the confidentiality of reporting. In addition to mentioning the Bundesnetzagentur's confidential treatment of the reporting – conditional upon other legal provisions – the recommendation is made to use a secure transmission procedure in order to appropriately ensure confidentiality of the content being reported.

To report security breaches by email, the Bundesnetzagentur provides section 217's public PGP key to enable encrypted transmission to the following email address:

The public PGP key is available below as a text file for download.
Public key security breach (txt / 1 KB)

To allow you to verify the authenticity of this public PGP key, the key ID and fingerprint are given below
Date created: 5 January 2022
Key ID: BA96 AB6C 6F98 EE4C
Fingerprint: A3BE50F656D84FA6CA6F9371BA96AB6C6F98EE4C

Once the key ID and fingerprint of the public PGP key have been imported into your own PGP key collection, a match can be verified.

The public PGP key of the Federal Office for Information Security can be downloaded as a text file from the link below:


Referat 217
An der Trift 40
66123 Saarbrücken
Fax: (0681) 9330 - 775