Every day, criminal hackers attack the networks of companies, authorities and other organisations - far too often with success. Cyberattacks are a real, omnipresent threat. This is why cybersecurity is becoming more and more important: it offers protection against online attacks.

Management and IT security officers are those responsible for ensuring this kind of protection in organisations. To do so, they need clear legal requirements - which is what politics is called to establish. The TÜV Association and its members therefore use their expertise to contribute to the discussions in the relevant forums in order to create the necessary standards with sufficiently high security requirements.

Businesses demand stricter rules

The need for action is growing - for companies as well as in politics. 47 percent of German companies are calling for higher legal IT security requirements. This is a result of a representative Ipsos-survey commissioned by the TÜV Association. 59 percent of the respondents consider legal action as important since it contributes to a better IT security for their company.

According to the "TÜV Cybersecurity Study", three out of four companies state that the importance of IT security has increased in the past five years. 78 percent of the respondents said that this is due to the progressing digitalisation, while 29 percent attributed this to a cyberattack in their own company.

Standards do help

According to the survey, standards such as ISO 27001 play an important role for the IT security of businesses. They provide rules and processes on how organisations can ensure security in practice. Independent bodies can confirm that companies comply with a certain standard through a certificate. By doing so, companies can document – for instance vis-à-vis their clients or suppliers - that their IT systems are as secure as possible. Two out of three companies are already oriented towards standards or even comply with them fully according to the TÜV Cybersecurity Study.

In addition, the TÜV Association considers legal requirements as a decisive factor in improving the protection of businesses and private users against cyberattacks. Therefore, the TÜV Association has issued two main recommendations for further action:

TÜV covers cybersecurity spectrum

With our wide range of services in the field of cybersecurity, we actively contribute to increasing the cybersecurity of public administration, companies, research and consumers. Read here which services are covered by the TÜV organisations. The cybersecurity services and products (extract) provided by the TÜV companies include both mandatory cybersecurity certifications based on legal requirements and voluntary certifications.

Download the expert opinions

Executive Summary of the Supplementary Expert Opinion (February 2022)

Supplementary Expert Opinion (January 2022)

Brief Expert Opinion by Prof. Spindler on the Compatibility of the Cybersecurity Act and the New Legislative Framework (March 2021)

Summary of the Expert Opinion by the TÜV-Association



CRA: TÜV Association calls for more ambitious regulation


Cyber Resilience Act


Make AI regulation ambitious and future-proof


Recommendations for the AI Act trilogue negotiations


TÜV Cybersecurity Study 2023


Artificial intelligence: almost one in four uses ChatGPT


TÜV Association welcomes Machinery Products Regulation


AI moratorium letter illustrates need for political action


Consumers want smart home devices to be independently assessed


On the EU Commission proposal for a Cyber Resilience Act


Further tightening of the Cyber ​​Resilience Act required


Whitepaper "Towards Auditable AI Systems"


Log4Shell: Establish IT security management in companies


TÜV Association calls for test centres for AI


AI survey: Consumers call for tests marks


Testing AI with high risk for safety


Statement on the AI Act by the European Commission


Cybersecurity in a Digital Railway System


AI-based systems and products


Promote security in IoT

Your contact

[Translate to Englisch:]

Marc Fliehe

Director of Digitalisation and Cybersecurity

+49 30 760095-460