If you operate critical infrastructures, you must prove that the security of your information technology corresponds to the state of the art. You must submit proof to the Federal Office for Information Security (BSI) every two years.

Unfortunately this specification of service has not yet been completely translated.