Christoph Kurth


In brief The Federal Information Security Act (ISA), which only entered into force on 1 January 2024 is already being amended with an obligation to report cyberattacks for operators of critical infrastructures. The term “critical infrastructures” is defined in a broad manner and captures many private companies. On 18 January 2024, the deadline for challenging the amendment by way of a public referendum expired. This means that the amended version (“revISA”) will become law, with…