On April 9, 2025, the future coalitionist CDU, CSU and SPD in Berlin signed their coalition agreement for the election period 2025 to 2029 of the German Bundestag. A coalition agreement is not a law, but not only the election schedule. Rather, it is a political commitment that the federal government of the future should serve as a common basis for the work of law, administration and political strategy.
Tobias are every lawyer, who focuses on IT law in Vogel and Partner in Carlsuhe. He also studied legal information science and conducted an MBA.
The contract is not legally applied, but politically but highly binding: it acts as a guideline for ministries, legislative and administration. The new coalition agreement consists of 126 pages and is still subject to the consent of party committees. But already it is the most accurate and comprehensive digital reform manifesto of a federal government in history.
Central projects concern the basic reality of the framework for administrative law, data protection, data policy and artificial intelligence and cyber security. For the first time, an independent federal ministry of digital is to be created – with a coordination coordination on cross -deopartal digital projects. For companies, officials and advisory IT service providers, this restructuring is of quite practical importance. This requires not only a technical, but legally a reconsideration above.
Digital Ministry as a clock of new legal architecture
Along with the Digital Ministry, the federal government first draws a clear structural result from the previous fragmentation of digital policy responsibilities. The aim of the Ministry is to control cross-departal implementation of departments, bundle strategic digital projects and above, administrative digital identification, data policy and AI strategy.
In practice, this means: digitization for all digital laws and regulations for administrative procedural law to be developed under the same strategic leadership in future strategic leadership for promotional laws. It expects an increased stability, quick processes and a consistent law.
In practice, it creates a new control example, with which companies working with the public sector deal with. The Digital Ministry becomes a decisive player in approval, standardization and gradation of digital processes – for example in interoperability standards, interface guidelines or certification processes.
Do you already know free IX newspaper? Register now and don’t miss anything every month for the date of publication: Heise.de/s/ny1e The next issue is about the topic theme of Mai-I: how you will be attacked without malware.
Data and AI Government: New Legal Foundation Way
In terms of material, the contract reflects a wide area, which can only be described as an independent legal case: data and AI government. For the first time, the term “data law” is clearly understood as a legal field in the need for regulation. The federal government plans to draft a data code that organizes existing rules and creates new equipment for data availability, processing and use. The validity of the data section is focused: Who can use data, how the rights for the affected people?
(Image: Midjourney / Collage: ix)
The purpose of establishing the data loyalty model provided by the coalition agreement is a mediated structure that is legally safe. The purpose is to create a legal agency between data owners, users and third parties. One of one Small assessment of BICOCOM Udyog Sangh Political goals, including a binding inter-operational ecosystem for the data exchange, were identified- can only be felt by new, clearly defined citizens and public law equipment. It also includes sector -specific data access obligations, such as healthcare system, mobility sector or industry 4.0.
At the same time, the implementation of the European Union AI Act is declared a priority function. The plan to create industry -specific real laboratories with legal freedom of experiment has been flicked by a Planned Federal Use Act. The AI system should be used under human supervision, with obvious rules for liability, auditing and technical traceability. In addition, Germany must play a leading role in the development of safe AI – not only standard, but also through funding programs for voice models and funding programs for dedicated data centers.
Data protection policy between debt bureaucracy and supervisory relevance
In the field of data security, the previous structure of supervision is questioned. The coalition is planning an institutional reform in which the federal commissioner is developed as a representative for the federal commissioner for “data usage, freedom of data protection and information”. It is not only a semantic reddeed, but also shows an important focus on enabling data processing. Data Protection Conference (DSK), so far an informal body, is also equipped with institutional and coordination powers by law.
Legally, attempts to achieve more uniformity when applying GDPR, especially for non -profit organizations with small and medium -rich companies. As can be seen from BCOCOM evaluation to data policy, its purpose is to change the previous variety of data security interpretations with “legal clarity and practicality”. This is particularly relevant to data-intensive digital processes such as smart city infrastructure or AI-based administrative decisions.
In the European context, Germany should also work for GDPR compatibility with data usage in general good interests, for example in public research or public services. This can lead to adjustment of GDPR over moderate to long periods, provided that there is sufficient political support at the European Union level.
Monitoring measures from textbook
While the coalition agreement is ambitious in digital policy terms and is often surprisingly solid, it is found with considerable doubt in parts of civil society – especially where fundamental rights and informative self -abolition are affected. Important voices of editors of Netzpolitik.org or CCC speak of “scary programs for basic and freedom rights” and criticizes a security-stricken digital strategy in which freedom comes under pressure.
For example, the planned expansion of state monitoring capabilities in digital space, including active cyber defense and centralization of security officers, has been interpreted as a threat to the need for separation between police and intelligence services. Also re-designed for source-TKU, data retention or automatic video surveillance by the back door will make the monitoring devices further normal, while on the contrary, judicial control or transparency mechanisms such as counter-weight are not considered equal.
(Image: Midjourney / Collage: ix)
Planned state-aurchastred data approval as part of open data and normal good strategies is not fundamentally rejected, but under suspicion that technical exploitation interests can be done here about personal rights. From this point of view on state control sovereignty, with an open result for civil rights, multi -dialect digital sovereignty -. Critics demand that data security not only addresses data security as an innovation break, but also as a democratically valid digital policy “. Publicity declared in digital legislative processes is seen as “a test stone for your own credibility”. Overall, it is worth estimating that, in the legislative period now, the restriction of fundamental rights within the structure of the IT Safety Policy Act is also discussed violently.
Cyber security and digital flexibility as a legislative mandatory
The subject of cyber security is also legally regulated. The amendment of the BSI law aims to change the form of an authority to an issue from an advisory body to an issue from an advisory body. It also includes new intervention rights for the operators of important infrastructure, for example in a case of failure to implement security standards. For the implementation of NIS2 guidelines, the draft should be transferred to German law-new classifications and reporting requirements are introduced.
At the same time, the government has planned to keep a cloud infrastructure on a new legal basis. Its purpose is to implement a “sovereign administrative cloud”, whose operation has defined national and European requirements and defined security architecture. In BCOCOM evaluation, the intention is clearly emphasized that non-trustworth provider of central infrastructure services is excluded. This will particularly affect the award and security law- European law with potential conflicts on similar treatment principles.
Another important theme is the legal control of data centers: energy efficiency, waste heat use and construction laws are focused here. The desired climate policy of digital infrastructure leads to new regulatory requirements, for example, in motivation protection, construction plan and energy law. Companies providing data center services will be regulators not only technically but also to be certified in the future.
conclusion
If the new coalition agreement is implemented, it marks the onset of a phase of intensive legal restructuring of digital order in Germany. The introduction of a Digital Ministry, a employed data code, national implementation of the AI Act, a corrected data protection supervision and a strategically safe cyber security architecture-all are constructing blocks of a new governance structure that interlock technology, law and political control should be done more closely than before.
(Ur)
