Ayhan Simsek
27 May 2026•Update: 27 May 2026
Germany’s government on Wednesday approved draft legislation that would give authorities new powers to intervene directly against cyberattacks, including by disrupting the systems and infrastructure used by attackers.
Interior Minister Alexander Dobrindt called the bill “a milestone of Germany’s security architecture,” saying its centerpiece is what the government describes as “proactive” cyber defense.
“We will strike back; we will neutralize the threat when we are attacked,” Dobrindt told a news conference. “We will be able to disrupt attackers and destroy their infrastructure.” He said the measures would target attackers’ software and servers, even if they are abroad.
Germany has long been a major target for cyberattacks, and authorities have repeatedly warned that foreign powers and state-linked groups are behind sophisticated operations aimed at industry, small and midsize businesses, the scientific community, government institutions, and political parties.
Dobrindt stressed that German authorities would not engage in “hackbacks,” or retaliatory cyber strikes, but would focus on neutralizing threats and averting danger.
“We are targeting the threat,” he said. “We act directly against the attacker. We switch off their ability to attack. That is what we understand by active cyber defense.”
Under the Cabinet-approved draft, Germany’s Federal Criminal Police Office, known as the BKA, the federal police Bundespolizei, and the Federal Office for Information Security, or BSI, would be given new powers.
The draft law would also expand the BSI’s ability to collect, store, and analyze data, including searching for activities that could indicate preparations for an attack. Telecommunications companies and major digital platforms would be required to pass on BSI warnings about “concrete dangers” to users.
German lawmakers are expected to debate the draft legislation in parliament in the coming weeks. It must pass a vote before it can take effect.
