The German Offshore Wind Energy Association (hereinafter "BWO") comments on the current government draft of the law "Implementation of Directive (EU) 2022/2557 and strengthening the resilience of critical installations". We welcome the fact that the federal government has established this draft law to strengthen the security of critical infrastructure, but we would like to see more transparency and participation in the further process in the consultation on future requirements for operators of critical infrastructure. From the industry's point of view, the main issue here is the extent to which the state wants to hold the operators of offshore wind energy plants (WEA) responsible for their protection. We consider protection against attacks to be a state sovereign task that should not be delegated to operators of offshore wind farms.

The summary of the statement:

Fast and simple reporting channels for effective action: We welcome the establishment of a central reporting point by the Federal Office of Civil Protection and Disaster Assistance (BBK) and the Federal Office for Information Security (BSI). This means that the principle of "one incident - one report" can be adhered to even in complex security situations for operators of critical systems.

Create transparency in the process for further measures: When advising on the specific design and interpretation of the necessary measures for operators of critical facilities, we would like to see an open exchange from the federal ministries and federal authorities involved. With its expertise from concrete practical experience in the maritime environment, the industry can provide crucial assistance in the preparation of resilience plans and risk analyses.

Taking into account the special features of maritime critical infrastructure: We consider the responsibility of the Federal Network Agency in cooperation with the Federal Maritime and Hydrographic Agency for maritime critical infrastructure to be positive, as is the explicit mention of it. However, the current draft does not yet allow any concrete conclusions to be drawn from this special position. Here we would like to emphasize once again the importance of the exchange with the offshore wind industry.

Create coherence between the regulations in the NIS2 Implementation Act and the Cyber ​​Security Strengthening Act and the current draft law: Uniform terminology with regard to the definitions of "critical systems" and the reporting chain should play an important role in order to avoid any possible regulatory gap in the area of ​​security. It is also important to avoid contradictions and possible double registration of companies.