In the article, Gaycken notes that with the new regulations, many companies will be required to "establish a minimal set of security measures, prove they’ve implemented them by conducting security audits, identify a point of contact for IT-security incidents and measures, and report severe hacking incidents to the federal IT-security agency." Although "the government sought private sector input early on in the process of conceptualizing the law," Gaycken observes that "German industry continues to disagree with most of its contents."

To read this article published by the Council on Foreign Relations, click here.

To read this article published by Defense One, click here.