10 February 2021
Within the scope of the cross-sector review regime, the reportable facts (so-called regulartory examples) will be increased from 11 to 27. A large number of so-called emerging technologies are thus subject to the reporting obligation. In doing so, the German legislator partly concretises the terminology of the EU Screening Regulation, either by referring to specific German or EU laws such as the Satellite Data Security Act or certain item numbers of Regulation 428/2009 ("Dual-Use-Regulation"). This approach is to be welcomed as it leads to a much clearer delimitation of the relevant activities than the EU rules. Other countries have adopted the terminology of the EU regulation one-to-one. Nevertheless, some of the new German reporting requirements are also unclear. The draft bill contains the following additional reporting requirements:
The "sharpening" of some existing regulatory examples is to be welcomed. Thus, the legisla-tor clarifies with regard to "cloud computing services" (Section 55a (1) no. 4 AWV) that the server capacities used for the respective cloud computing service and not the total capacity of the server infrastructure used (e.g. Amazon Web Services), which may for the most part have no relation to the cloud computing service, are decisive for reach-ing the threshold value. The old version of the regulatory example had led to considera-ble legal uncertainty in cases where the target company offers services via "software as a service".