Germany's digital self-determination remains unrealized
In the face of increasing cyberattacks, it's crucial for individuals and businesses to prepare for potential threats and consider effective countermeasures. This is a message emphasized by the German Federal Office for Information Security (BSI) chief, Arne Schönböln (Plattner).
Plattner stresses the importance of collaboration, but warns against relying too heavily on others. He urges quick decisions on how to prevent targeted injections and malicious use of Artificial Intelligence (AI), without blocking innovations. Cyberattacks on Germany, Europe, and the EU have become more frequent in recent years, according to Plattner.
The regulations needed for distributing these tasks are currently being worked out by the federal government. It is not yet clear who in Germany is responsible for ensuring that AI models do not pose risks. The roles of the Federal Network Agency and the BSI in ensuring AI security are still not fully clarified.
In a regulatory context, the BSI advocates for technical and organizational measures to ensure data protection and sovereignty. This includes encryption, strict access controls, and transparent data processing. The BSI recommends that organizations adopt reliable cloud security certifications and compliance frameworks that align with European data protection standards, such as GDPR, enabling secure international data exchange while maintaining control over sensitive information.
For scenarios involving foreign laws like China’s stringent data regulations, the BSI highlights the importance of a risk-based approach. This includes conducting thorough risk assessments of legal frameworks in jurisdictions where data is stored or transferred. The BSI encourages the use of end-to-end encryption and data minimization techniques to limit the exposure of sensitive data to foreign authorities.
The unique feature of the Ionos solution, a German cloud provider, is that this platform is not connected to the public internet. In the spring, Ionos received an order from the federal administration for the setup of a strictly secured computer cloud solution. The private enterprise cloud, certified by the BSI, is operated in the data centers of the Information Technology Center of the Federal Government.
Meanwhile, China’s recent cybersecurity and data laws—such as the Cybersecurity Law (CSL), Data Security Law, Personal Information Protection Law (PIPL), and the Administrative Regulation on Network Data Security—impose stringent requirements on data localization, security assessments before cross-border data transfers, and grant broad enforcement powers to Chinese authorities for data oversight and incident response. These resemble the Cloud Act’s focus on government access to data held by service providers but are often perceived as more state-centric, emphasizing national security and cyber sovereignty.
In contrast to the U.S. Cloud Act, which allows access to data stored overseas by American service providers under certain conditions, China’s laws prioritize preventing data from leaving the country without government approval and impose heavy penalties for non-compliance, including fines and potential shutdowns of services.
Since August 2, EU-wide rules apply to ChatGPT, Gemini, and other AI models, intended to make artificial intelligence more transparent and secure. However, the problematic laws in China comparable to the U.S. Cloud Act mainly revolve around data sovereignty, strict control over cross-border data transfers, and extensive government access to data.
In conclusion, while China’s laws impose considerable restraints and risks around data sovereignty and government access (similar in impact but differing in approach to the U.S. Cloud Act), the BSI recommends a strong security posture based on technical safeguards, compliant cloud services, and legal risk management to protect data security and control in such complex cross-border data environments.
Read also:
- Latest Tech Highlights: Top Gadgets of March 2025
- MSI's COMPUTEX 2025 Exhibition Highlights: Titanium Graphics Processing Units, Artificial Intelligence Assistant, and 500Hz Gaming Monitors Steal the Hardware Spotlight
- Asparagus: Examination of its nutritional value, advantages, and potential hazards
- Web3 Esports undergoes transformation as Aylab and CreataChain collaborate for a radical change
