Between DIN EN 50136, KRITIS requirements and operator responsibility: Why secure alarm transmission is far more than just signal forwarding

Reliable notification of the fire service is one of the key protection objectives of modern fire alarm systems (FAS). Nevertheless, the technical and organisational complexity of alarm transmission is often underestimated in practice. Whilst fire detectors, fire alarm control panels and structural fire protection measures are usually the focus of attention, the actual transmission of alarms is increasingly becoming a critical infrastructure issue – with significant technical, organisational and liability implications.

The latest information sheet “Alarm messages from fire alarm systems – Secure and standards-compliant transmission to the emergency services” published by the ZVEI and the BHE Federal Association for Security Technology makes it clear that the secure connection of fire alarm systems goes far beyond a mere communication link to the fire service. Rather, the focus is on how continuous availability, monitoring and accountability can be ensured in compliance with standards throughout the entire alarm process chain.

Alarm transmission becomes a safety-critical process chain

Fire alarm systems are used for early fire detection and the rapid alerting of emergency services. They play a central role in safety, particularly in buildings with high occupancy, increased fire load or complex structural designs. Typical applications range from hospitals and care homes to industrial facilities, high-rise buildings, museums and hotels.

However, the actual protective effect is not achieved solely through the detection of a fire, but only through the reliable transmission of the alarm to the relevant fire service control centre. This is precisely where the so-called alarm transmission system (AÜA) comes into play.

The information sheet describes the AÜA as a complete system comprising:

• transmission equipment (ÜE),
• transmission paths or networks,
• and the alarm receiving equipment (AE).

The architecture follows a high-availability approach. Redundant transmission paths are generally used, consisting of a primary alarm transmission path and a backup path. The aim is to ensure reliable alarm transmission even in the event of a fault or failure.

It is precisely this redundancy that demonstrates that modern alarm transmission can no longer be understood as a simple signal line. Rather, it is a continuously monitored security infrastructure.

DIN EN 50136 redefines responsibility

This becomes particularly clear in the context of DIN EN 50136. The standard forms the central technical and organisational foundation of modern alarm transmission systems.

One aspect is particularly interesting here: the standard not only defines technical requirements for transmission paths and performance characteristics, but also establishes clearly defined responsibilities within the entire alarm process chain.

At the centre is the so-called ‘Alarm Transmission Service Provider’ (ATSP). According to the standard, this provider assumes responsibility for:

• specifying,
• operating,
• management,
• monitoring,
• and documentation

of the performance characteristics of an alarm transmission system.

This shifts the focus from a purely technical installation to a permanently operated security service model.

It is precisely this point that is of considerable practical relevance. This is because many operators and even specialist installers are hardly able to fully guarantee the organisational and operational requirements stipulated by the standard on their own.

The underestimated gap between technology and operation

The information sheet expressly points out that problems frequently arise in practice when neither the local authority nor the fire service appoints a concessionaire or alarm provider to operate the AÜA. In such cases, responsibility effectively remains with the operator or the installer of the fire alarm system.

This is precisely where a critical gap arises.

For whilst the technical installation of a fire alarm system can be inspected by experts, the long-term organisational assurance of the availability of alarm transmission cannot be demonstrated by a single technical inspection alone.

However, the standard requires continuous performance monitoring and documentation. For certain transmission categories such as DP3, for example, an availability of at least 99.8 per cent must be demonstrated within any seven-day period. The relevant records must be retained for several years.

This means that alarm transmission is not a one-off installation project, but a continuously monitored operational process.

Two-stage acknowledgement as a resilience mechanism

Of particular interest is the standards-compliant reference architecture described in the information sheet. This not only provides for redundant transmission paths, but also integrates a two-stage acknowledgement procedure.

This not only verifies whether the alarm message has reached the public control centre, but also whether the alarm has actually been received and processed by the alarm service or the operations management system.

This approach highlights a fundamental shift within modern security architectures: it is no longer sufficient to merely ensure technical signal transmission. Full traceability of the entire intervention chain is becoming increasingly crucial.

Alarm transmission is thus evolving from a traditional communication function into a resilience-oriented security process.

Control centres are themselves becoming KRITIS

In parallel, regulatory requirements for control centres and alarm service providers are becoming significantly stricter. The guidance note points out that BOS control centres are increasingly regarded as critical infrastructure or as ‘important facilities’.

This also increases the requirements for:

• information security,
• reliability,
• IT protection,
• emergency response plans,
• attack detection,
• patch management,
• and compliance structures.

This trend is likely to intensify further, at the latest with the implementation of NIS2 and stricter KRITIS requirements.

It is interesting to note that traditional fire safety issues are increasingly overlapping with cybersecurity and resilience concerns. Alarm transmission is thus becoming part of larger digital security architectures.

Liability risks are significantly underestimated

The liability implications of non-compliant solutions described in the information sheet are particularly serious. This is because a lack of evidence or inadequate organisational safeguards can have significant consequences.

Even at the level of building regulations, a missing or faulty connection can result in the fire service refusing approval or building control authorities imposing usage bans.

However, the potential civil and criminal liability consequences in the event of damage are even more serious.

If, for example, the fire service is alerted late due to faulty alarm transmission, this can result in substantial claims for damages. Those affected may include:

• operators,
• installers,
• service providers,
• telecommunications providers,
• or other parties involved in the process chain.

The leaflet makes it clear that compliance with technical regulations is increasingly also regarded in legal terms as the benchmark for fulfilling safety and contractual obligations.

The fire service alone is no longer sufficient

A particularly important point in the document is the clear delineation of responsibilities. Fire services handle the receipt of alarms – but do not automatically assume responsibility for the standard-compliant operation of the alarm transmission system.

This distinction is likely to be frequently underestimated in practice.

Many operators apparently continue to assume that the technical connection to the fire service automatically entails full organisational safeguards. However, according to the leaflet, this is by no means necessarily the case.

The authors therefore clearly advocate the explicit designation of a responsible ATSP. Only in this way can overall responsibility in accordance with standards be ensured throughout the alarm process chain.

Alarm transmission is becoming part of modern security architectures

Overall, the guidance document impressively demonstrates how significantly the requirements for fire detection and alarm transmission systems are changing.

Connecting a fire alarm system is no longer merely an isolated telecommunications issue. It is increasingly evolving into a highly regulated, continuously monitored and liability-relevant security process.

In this context, traditional fire safety requirements are becoming increasingly intertwined with:

• KRITIS resilience,
• cybersecurity,
• IT governance,
• high-availability architectures,
• as well as compliance and documentation obligations.

Particularly at a time of growing regulatory requirements, the role of specialised alarm transmission service providers is therefore likely to become even more important.

After all, in an emergency, it is not merely the existence of a fire alarm system that determines the effectiveness of the protection concept – but the secure, verifiable and standards-compliant transmission of the alarm right through to the fire service’s response chain.