Back Germany

    Status regarding Budapest Convention

Status regarding Budapest Convention

Status : Party Declarations and reservations : Declarations on Articles 2, 7, 24, 27, 35 and 40. Reservation on Article 42. See legal profile

Cybercrime policies/strategies

The German cybercrime policies are largely in place with the provisions of the Budapest Convention on Cybercrime. The German Federal Ministry of Internal Affairs developed the Cyber Security Strategy for Germany with implementation from November 2016. The strategic objectives and measures proposed are:

  • Protection of critical information infrastructures
  • Secure IT systems in Germany
  • Strengthening IT security in public administration
  • Setting up a National Cyber response Centre that reports to the Federal Office for Information Security (BSI)
  • Setting up of a National Cyber Security Council
  • Effective crime control also in cyberspace – strengthening the capabilities of LEA; the Federal Office for Information Security and the private sector in combatting cybercrime, also with regard to protection against espionage and sabotage. This ambitious Objective supposes the exertion of a significant effort towards achieving global harmonization in criminal law based on the Budapest Convention on Cybercrime.
  • Effective coordinated action to ensure cyber security in Europe and worldwide – such as supporting the extension and moderate enlargement of ENISA’s mandate.
  • Use of reliable and trustworthy information technology.
  • Personnel development in federal authorities.
  • Tools to respond to cyber-attacks – in terms of ensuring effective and sufficient statutory powers and Lander levels

The German Federal Ministry of Internal Affairs had developed in 2014 a concise Cyber Security Strategy, including a Cyber Security Bill, in order to improve the IT-security of the industry sector, an enhanced protection of German internet-users and in connection thereto also the strengthening of the Bundesamt für Sicherheit in der Informationstechnik (BSI) and the Bundeskriminalamt (BKA). To that purpose amendments for several statutes were proposed, like the Telecom Act, the Nuclear Act and others like the Data Protection Act dealing a.o. with critical information structures and legal duties to report security incidents and breaches to the BSI. Under this policy no amendments of Criminal law and Criminal Procedural Law were deemed necessary.

Specialised institutions

  • In each of the German States there is an operational state criminal police office (Landeskriminalamt -LKA) in charge with criminal investigations. As a response to the increasing number of internet crime, some Lander consider the establishment of a (specialized) cybercrime center;
  • The Bundeskriminalamt (BKA) co-ordinates national and international police contacts. In addition to its task to investigate serious (organized) crimes the BKA is also mandated to investigate cases of particular serious cybercrime. The BKA also co-ordinates between national and international law enforcement bodies with regard to child pornography;
  • Some District Prosecution Offices already avail over a plan to establish a specialized cybercrime coordinating center, whether in combination with other forms of (serious) crime, such as Zentralstelle zur Bekämpfungder Cyberkriminalität (ZAC-Köln), Zentralstelle zur Bekämpfung der IuK Kriminalität – Cybercrime, Zentralstelle Organisierte Kriminalität (ZOK Celle). Concerning the judiciary, there is no similar structure or organization.
  • National Authority for Telecommunications (Bundesnetzagentur) in Bonn;
  • Federal Commissioner for Data Protection and Freedom of Information (Bundesdatenschutzbeauftragter fur den Datenschutz und Informationsfreiheit- BfDI) in Bonn;
  • National Cyber Defense Centre (National Cyber-Abwehrzentrum- NCAZ), operational since February 2011.

Jurisprudence/case law

Dodos-attack on website of company is criminalised by § 303a StGB (LG Dusseldorf, March 22, 2011.

Seizure of e-mails: applicable conditions, Landesgericht Ravensburg 9 december 2002.

Legality of on-line searches: BVerfG, February 27, 2008.

Out of action of Data retention: BGH, July 3, 2014.

Sources and links

Research and Databases:



Tools on Cybercrime & Electronic Evidence Empowering You!

These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe. 


  Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?

  Share this information with us helping to keep this platform up to date.

Useful links