KÖTTER Security calls for greater consideration of private security service providers

Acts of sabotage against railway lines and cyber-attacks on public institutions have recently brought security for critical infrastructures (CRITIS) back into the public focus. Against this backdrop, KÖTTER Security welcomes the German governments recently adopted key points paper for a law on the protection of critical infrastructures. At the same time, however, the largest family-owned company in the security industry calls for a much stronger involvement of the private security industry in the reorientation of CRITIS security.

• Family business welcomes planned framework legislation of the Federal Government
• Security Advisory Council: security industry already an important cornerstone
• Law offers huge opportunity for awarding contracts according to binding quality standards and best-bidder procedures

The private security industry has long been an important cornerstone in the protection of critical infrastructure. For years, service providers have been supporting companies in the affected sectors with holistic risk and business continuity management concepts and, among other things, have taken over the protection of power plants, data centres and internet nodes, (air)ports, public transport, public authorities, etc. through security services and technology.

“A key function, therefore, which is not yet sufficiently taken into account in the Federal Government’s key points paper for the planned framework legislation,” says Dr Harald Olschok, member of the KÖTTER Security Advisory Board. “For example, although the paper mentions requirements for physical security as one of its goals, it otherwise remains solely focused on the state authorities and the CRITIS operators. Unfortunately, concrete statements on the service providers, who already comprehensively provide the personnel and technical protection measures today, are completely missing. This content should therefore be included in the legislation just as much as the recognition of the security industry as a separate KRITIS sector. Because the classification as a systemically relevant sector is another central factor to additionally strengthen its role as an important cornerstone of internal security.”

This is also emphasised by Wolfgang Bosbach, also a member of the KÖTTER Security Advisory Board and one of Germany’s most accomplished domestic experts:

“A key points paper is not yet a draft law and a draft law is not yet a law – nevertheless, one should not underestimate the importance of such papers. The private security industry does not compete with the state security organs, it does not want to take over their tasks in private responsibility. However, it is indisputably an important, indispensable component of a solid security architecture. This is especially true in prevention, because the more effectively danger prevention functions, the more the state authorities are relieved. It would not only be desirable but necessary that this is also recognised by the legislator and taken into account in the upcoming legislative process. Should the Federal Ministry of the Interior and Home Affairs, which is in charge, not take this into account on its own responsibility, it would be the task of the legislator to ensure a correction, or more precisely: an addition. After all, Struck’s law also applies here: no law leaves parliament in the form in which it was introduced.”

KÖTTER Security Advisory Board member Fritz Rudolf Körper highlights the special opportunity arising from the German government’s planned adoption of the “EU Directive on Critical Entities Resilience/CER Directive”, which was adopted at European level at the end of 2022 and must now be transposed into national law within 21 months. “This regulation is a milestone, as for the first time in an EU directive, CRITIS operators are bindingly recommended to cooperate with private service providers exclusively on the basis of fixed standards.” An anchoring in the German legislation to be adapted subsequently thus offers the enormous opportunity to implement the “best bidder principle” long recommended by the European Confederation of Private Security Services (CoESS) for awarding contracts as well as its high-quality standards for all providers of critical infrastructures in connection with the standards to be applied here according to the CER Directive (Art. 16).

An important orientation in the sense of the CER Directive is provided by the European series of standards EN 17483 “Private Security Services – Critical Infrastructure Protection”, which has already been published with the basic requirements in Part 1 and will successively define sector-specific requirements for security service providers in the CRITIS environment in the parts of the standard that are already being developed. Parts 2 and 3 for the areas of “Airport and aviation security services” and “Maritime and port security services” will follow later this year.