EMET NEWS PRESS

The legislative realignment of the BND Act (BNDG) transforms the Federal Intelligence Service in response to the demands of modern asymmetric conflict scenarios within the information domain. This amendment tightens the agency’s mandate for intelligence-led reconnaissance of complex threat vectors and adapts its operational parameters to rapidly evolving technological conditions. The reform operates within a strict, constitutionally determined framework heavily shaped by the restrictive requirements of the Federal Constitutional Court, which safeguard the principle of proportionality and fundamental rights. Within the organizational structure, these intelligence competencies are assigned to specific directorates, whose functional frameworks have been legally re-contained by the new legislation.

The execution of signals intelligence (SIGINT) falls under the responsibility of the Technical Reconnaissance Directorate (Abteilung Technische Aufklärung – TA). At the core of the new legal framework is the strategic collection of foreign-to-foreign communications and transit traffic tangentially passing through the territorial borders of the Federal Republic of Germany. A groundless, indiscriminate interception of global data streams at domestic Internet Exchange Points (IXPs) is legally excluded. The Federal Constitutional Court explicitly prohibits indefinite mass data retention absent a concrete threat matrix; technical collection is therefore strictly tethered to specific search terms known as selectors. Traffic data may be held within the operational repository for a legally defined maximum duration of six months to facilitate the detection of threat patterns.

For signals processing, the service implements automated heuristics and machine-learning algorithms designed to detect anomalies in metadata structures, alongside biometric facial recognition software deployed on unexamined image and video files. However, the deployment of these AI-driven analytical procedures carries significant constitutional risks. Algorithmic bias and automated pattern recognition threaten an unpredictable depth of infringement on fundamental rights, systematically complicating the technical isolation of the absolutely protected core of private life. In parallel, the TA Directorate steers the space-based reconnaissance project GEORG (Geschäftliche Optimierung der Aufklärung durch Raumsegment-Generierung), whose high-resolution electro-optical and radar components (IMINT) are designed to augment the intelligence cycle. This endeavor, however, remains burdened by severe budgetary and technological distortions; its deployment, originally scheduled for 2022, has slipped into the current year of 2026 due to extensive delays, underscoring the agency's logistical capacity challenges.

This signals intelligence infrastructure relies on publicly known domestic outstations. These include interception nodes in Bad Aibling (focusing on satellite and mobile communications under the cover name "Fernmeldestelle der Bundeswehr"), Schöningen (specializing in satellite collection), and Rheinhausen (responsible for high-frequency and satellite signals). Administrative and cryptanalytical leadership is concentrated at the headquarters in Berlin-Mitte, while the historical site in Pullach functions as a technological and logistical hub for support components.

In day-to-day operations, technical screening processes generate substantial error rates (false positives), structurally complicating the filtering of protected personal data at the front end. The persistent risk of inadvertently capturing the communications of EU citizens or legally privileged professions necessitates continuous refining to strictly guarantee the protection of the private core. Furthermore, these expanded SIGINT capabilities exacerbate federal tensions within the German security architecture. While the BND achieves a massive informational advantage by pooling data streams at central IXPs, the decentralized State Offices for the Protection of the Constitution (LfV) find themselves increasingly marginalized. This ongoing centralization of intelligence collection at the federal level threatens to functionally hollow out the constitutionally anchored, federal early-warning structure.

The Cyber Reconnaissance and Cyber Operations Directorate (Abteilung Cyberaufklärung und Cyberoperationen – CY) consolidates operational competencies in the digital sphere. The service's mandate here centers primarily on reconnaissance and technical support for cyber defense (SIGINT Support to Cyber Defense). Infiltrating foreign IT systems of state and non-state actors for intelligence collection (Computer Network Exploitation – CNE) is permissible under strict legal caveats through specialized software tools or the exploitation of zero-day vulnerabilities, primarily to identify cyber adversaries early. Active offensive countermeasures in digital space aimed at the functional degradation or disruption of foreign IT infrastructures (Computer Network Attack – CNA) are strictly regulated under the BNDG. Such active operations for cyber counter-defense face a dense political control threshold and must not cross the line into a geopolitically impermissible intervention under international law. They also intersect with the constitutional responsibilities of the German Armed Forces, specifically the Cyber and Information Domain Command (CIR), which retains exclusive authority over defensive and offensive cyber operations within the framework of national and alliance defense. The BND operates in this context primarily as a provider of technical SIGINT.

Interventions against IT infrastructures within Germany to counter acute, foreign-directed attacks routing through domestic proxy servers are strictly hemmed in by law. Here, the constitutional principle of separation (Trennungsgebot) serves as a rigid baseline: because the BND, as an intelligence agency, is completely stripped of executive enforcement powers, domestic counter-hacking must under no circumstances infringe upon police hazard-prevention mechanisms or criminal procedural coercive measures. The operational boundary between intelligence gathering and police enforcement must remain unbreached to prevent granting executive disruptive capabilities to a clandestine agency.

These cyber-operational interventions, particularly those involving interventions in global IT supply chains, carry profound international risks. The covert manipulation of software or hardware components in transit endangers trust with international partners and provokes diplomatic friction. While cooperation within the Western intelligence alliance (Five Eyes) is intensified through mutual data exchange, the offensive posturing of German cyber capabilities creates operational friction points at the interfaces with allied services, should their infrastructures be unintentionally affected. Furthermore, conducting retaliatory digital strikes surfaces the problem of attribution under international law. Pinpointing a cyberattack conclusively and legally to a foreign state actor in real-time remains technologically fraught, as sophisticated obfuscation tactics, false-flag operations, and shifting proxy networks drastically increase the risk of erroneous attributions and subsequent diplomatic or military escalation cascades.

Intelligence synthesized from these technical axes is funneled directly to the Directorate for Global Situational Awareness and Analysis (Abteilung Gesamtlage und Auswertung – GL). Its regional desks (Russia/CIS/Eastern Europe, Middle East/Africa, Asia/Pacific) and the thematic desk for Transnational Threats and Proliferation fuse raw data through all-source analysis—integrating Open Source Intelligence (OSINT) and Human Intelligence (HUMINT)—into strategic situational reports, threat assessments, and arms control briefings for the Federal Government. Human source intelligence remains a core capability, managed by the Directorate for Operative Reconnaissance via a global network of covert stations (residenturen) housed within German diplomatic missions. The authority for covert operations abroad is legally bound to early-warning guidelines. The BNDG contains no legal provisions authorizing physical sabotage, such as the deliberate destruction of infrastructure or the widespread disruption of energy and communication grids, as such actions would raise severe conflicts with the territorial sovereignty of foreign nations under international law. For the deployment of human assets abroad, the legal framework provides functional safeguards to ensure the creation of cover identities (legends) and asset protection. A blanket criminal exemption for serious felonies is completely absent from German law. Institutional self-protection is overseen by the Security and Counterintelligence Directorate (Abteilung Sicherheit und Eigensicherung – SI), which handles personnel vetting (SÜ 1 to SÜ 3) and the infrastructural protection of the secure compounds in Berlin and Pullach.

The ongoing reform debate of 2025 and 2026 pulls operational deficits and legal boundaries back into the focus of the legislature and the public. Reports by Tagesschau and ZDF document an intense political divide over new draft legislation originating from the Federal Chancellery. The Federal Government and subordinate security agencies, citing sharply escalated hybrid threat vectors and targeted sabotage campaigns orchestrated by the Russian Federation and the People's Republic of China, push for a sweeping expansion of authority. Opposing them is a united front of civil liberties NGOs, the parliamentary opposition, and elements of the federal states, who warn against a constitutionally non-compliant erosion of civil liberties. In an international comparison, the BND continues to operate significantly more defensively than foreign partners due to these dense rule-of-law shackles; for instance, the French foreign intelligence service DGSE or the Anglo-Saxon agencies of the Five Eyes network operate largely without comparable judicial-like prior oversight and command vastly more robust mandates for offensive cyber warfare and extraterritorial interventions. Whether dense German oversight overly constrains operational agility against highly agile APT actors, or rather safeguards indispensable democratic resilience, remains empirically contested within strategic and legal literature.

To guarantee the rule of law and preserve the horizontal separation of powers, all operational activities of the BND are subject to a three-pillared oversight architecture. The Independent Control Council (Unabhängiger Kontrollrat – UKRat) is established as an independent supreme federal authority for prior legality review. Its structure is bifurcated into an administrative oversight body with its own technical staff and a judicial-like control body. The latter consists of up to six judges from the Federal Court of Justice (BGH) or the Federal Administrative Court (BVerwG), or federal judges appointed for life. Appointments are made by the Federal Chancellor upon recommendation by a selection committee of the German Bundestag for a six-year term, with the panel facing continuous institutional rotation due to personnel shifts and upcoming retirements in 2026. All strategic signals intelligence at the DE-CIX, BCIX, and ECIX nodes, the definition of new selector catalogs, and all offensive CNA measures are subject to the strict judicial warrant requirement of the UKRat. The council is backed by an engineering and IT-forensics substructure that seamlessly audits the BND's data processing. Political oversight remains vested in the Parliamentary Oversight Panel (PKGr) of the German Bundestag. Panel members are elected by the plenary with an absolute majority of Bundestag members (Chancellor's majority), ensuring all factions are represented. The PKGr possesses sweeping statutory rights to demand files, gain access to all secure installations, and interrogate agency personnel, supported in its routine oversight by a Permanent Commissioner. Finally, the G10 Commission decides exclusively on interferences with the privacy of correspondence, post, and telecommunications under Article 10 of the Basic Law. Appointed by the PKGr for the duration of a legislative period, this independent commission must grant prior case-by-case approval for targeted collection targeting German citizens or individuals inside federal territory. Should the BND identify domestic data during mass transit collection, an immediate processing ban takes effect until the commission renders a final ruling.

The judicial and strategic evaluation of these intelligence competencies remains the subject of intense professional debates among security agencies, state governments, and fundamental rights organizations. This discourse directly impacts core constitutional protections and the separation of powers. Legal scholars and non-governmental organizations argue that the technical capabilities of metadata analysis and biometric processing touch upon the right to informational self-determination (Art. 2 Para. 1 in conjunction with Art. 1 Para. 1 of the Basic Law). They contend that mass transit collection stresses the principle of specificity, given that the technical isolation of protected data streams at the ingestion point is rarely error-free. Proponents view the stringent architecture of the UKRat as a sufficient counterweight, while critical voices maintain that the principle of proportionality remains compromised. Extraterritorial intelligence operations, especially in the cyber domain or via supply-chain interventions, navigate a complex international legal matrix. Every infiltration of a foreign network challenges the principle of territorial sovereignty. While the security imperative of early warning against hybrid threats is emphasized, legal analyses underscore the risk of diplomatic fallout and lawful counter-measures under international law, should the service's operational measures be classified as unlawful interventions. The legal architecture of the BNDG attempts to mitigate these geopolitical risks via restrictive, mandatory authorization pathways routed directly through the Federal Chancellery.

[DE]

Die Novellierung des BND-Gesetzes (BNDG) reagiert auf die verschärfte geopolitische Bedrohungslage durch asymmetrische Konflikte und hybride Akteure im globalen Informationsraum. Die Reform transformiert den Bundesnachrichtendienst von einer passiv-analytischen Aufklärungsbehörde zu einem technologisch proaktiven Akteur im Rahmen der multidimensionalen Kriegführung („Multi-Domain Warfare“). Die legislativen Änderungen erweitern die operativen Kompetenzen des Dienstes in den technischen Kernbereichen, bewegen sich jedoch in einem engen, verfassungsrechtlich determinierten Rahmen. Das Bundesverfassungsgericht untersagt eine anlasslose Massenüberwachung; die strategische Fernmeldeaufklärung von Auslands- und Transitverkehren an zentralen Internet-Knotenpunkten (IXPs) bleibt strikt an spezifische Suchmerkmale (Selektoren) und eine sechsmonatige Speicherfrist gebunden.

Im cyber-operativen Sektor bündelt die Abteilung Cyberaufklärung und Cyberoperationen (CY) die Kompetenzen. Das Mandat fokussiert sich auf die netzwerkgestützte Informationsbeschaffung („Computer Network Exploitation“ – CNE) sowie auf restriktiv geregelte offensive Gegenmaßnahmen („Computer Network Attack“ – CNA) zur Cyber-Abwehr. Das verfassungsrechtliche Trennungsgebot fungiert hierbei als strikter roter Faden: Dem BND ist jede exekutive Befugnis entzogen, weshalb das inländische Counter-Hacking polizeiliche Maßnahmen der Gefahrenabwehr nicht tangieren darf. Zudem werfen digitale Gegenschläge („Hack-Back“) das völkerrechtliche Zurechnungsproblem („Attribution Problem“) sowie erhebliche Risiken bei Eingriffen in globale IT-Lieferketten auf.

Die Reformdebatte der Jahre 2025 und 2026 legt eine tiefe Spaltung offen. Während die Bundesregierung und Sicherheitsbehörden angesichts von Sabotagekampagnen aus Russland und China auf eine Ausweitung der Speicherfristen auf zwölf Monate drängen, warnen Opposition, Bundesländer und Bürgerrechts-NGOs vor einer Aushöhlung von Freiheitsrechten und einer informationellen Marginalisierung der dezentralen Landesämter für Verfassungsschutz (LfV).

Zur Absicherung der Gewaltenteilung unterliegt die Behörde einer dichten, dreisäuligen Kontrollarchitektur. Das gerichtsähnliche Organ des Unabhängigen Kontrollrates (UKRat), besetzt mit bis zu sechs Bundesrichtern, übt eine präventive Vorabkontrolle unter striktem Richtervorbehalt aus. Die politische und parlamentarische Aufsicht verbleibt beim Parlamentarischen Kontrollgremium (PKGr) des Deutschen Bundestages sowie der weisungsunabhängigen G10-Kommission. Im internationalen Vergleich agiert der BND aufgrund dieser rechtsstaatlichen Fesseln weiterhin deutlich defensiver als partnerliche Dienste des „Five-Eyes“-Netzwerks oder der französische DGSE.

Glossary

Active Cyber Defense:

A strategic approach to countering digital threats that extends beyond purely passive defense measures to include offensive counter-operations aimed at disrupting or neutralizing an adversary's cyber attack infrastructure.

Air-Gapped Systems:

Information technology systems or networks that are kept physically isolated from unsecured networks and the public internet to prevent unauthorized remote digital access.

APT (Advanced Persistent Threat):

A highly sophisticated, targeted, and prolonged cyber operation directed against critical infrastructure or state institutions, typically executed by state-backed or state-directed actors commanding significant resource pools.

BGP-Hijacking (Border Gateway Protocol Hijacking):

The malicious manipulation of internet routing tables to covertly redirect global data traffic across unauthorized, adversary-controlled servers before it reaches its destination.

Bulk Data Collection:

The unselected, large-scale interception of digital data streams at central telecommunication bottlenecks for subsequent intelligence filtering and systematic evaluation.

C2-Server (Command and Control Server):

A centralized computer or server infrastructure utilized by cyber actors to issue technical commands to compromised systems, maintain botnets, and receive exfiltrated data.

CNA (Computer Network Attack):

Offensive actions executed in digital space designed to disrupt, manipulate, degrade, or functionally destroy foreign information systems, data networks, or connected infrastructures.

CNE (Computer Network Exploitation):

Clandestine operations within digital environments primary serving intelligence collection, reconnaissance, and the systematic exfiltration of data from target systems.

DE-CIX / BCIX / ECIX:

Domestic Internet Exchange Points located in Frankfurt am Main, Berlin, and Düsseldorf, serving as principal physical routing hubs for national and international internet traffic.

GEORG: The technical procurement project aimed at optimizing the space-based reconnaissance capabilities of the Federal Intelligence Service through its own orbital collection components.

Hack-Back:

Active digital tracking and the technological neutralization of an adversary within their own or utilized IT systems abroad, executed in immediate response to an ongoing cyber attack.

HUMINT (Human Intelligence): 

The traditional discipline of intelligence collection derived from human sources, clandestine informants, or operational intelligence officers.

IMINT (Imagery Intelligence): 

The intelligence discipline encompassing the collection, processing, and analysis of visual imagery and radar data acquired via satellites, reconnaissance aircraft, or unmanned aerial vehicles.

IXP (Internet Exchange Point): 

A physical telecommunications infrastructure where various network operators and Internet Service Providers interconnect to exchange data traffic.

OSINT (Open Source Intelligence): 

The systematic acquisition, processing, and analysis of intelligence data derived from publicly available, unclassified information streams.

Selectors:

Specific technical criteria—such as telephone numbers, IP addresses, or e-mail identifiers—utilized to filter large-scale data streams for relevant intelligence information.

SIGINT (Signals Intelligence):

The intelligence discipline comprising the interception, collection, and analysis of foreign electromagnetic signals, electronic emissions, and global telecommunications.

Trennungsgebot (Principle of Separation):

The German constitutional doctrine mandating a strict organizational and functional separation between intelligence agencies (which lack police powers) and law enforcement authorities (which hold executive enforcement powers).

UKRat (Independent Control Council):

The independent supreme federal authority composed of federal judges tasked with providing mandatory, judicial-grade legal and technical review prior to the execution of strategic surveillance operations.

Zero-Day-Exploit:

A digital tool or software script engineered to exploit a specific, unpatched vulnerability in an application or operating system that remains unknown to the vendor.

References

Federal Intelligence Service Act (BND-Gesetz - BNDG): §§ 6 (Strategic Signals Intelligence), 7 (Processing of Traffic Data), 9 (Transmission of Data), 19 (Processing of Data Domestically), and 23 (Special Operational Authorities).

Act on the Parliamentary Oversight of Federal Intelligence Activities (Kontrollgremiumgesetz - PKGrG): § 2 (Election and Composition) and § 5 (Oversight Competencies, File Inspection, Access Rights).

Act on Restrictions on the Secrecy of Correspondence, Post and Telecommunications (Artikel 10-Gesetz - G 10): Provisions governing the organization, independent status, and case-by-case review executed by the G10 Commission.

Federal Constitutional Court (BVerfG), Judgment of the First Senate of May 19, 2020 - 1 BvR 2835/17: Landmark ruling on the constitutionality of foreign-to-foreign signals intelligence, establishing the extraterritorial binding nature of the Basic Law on the BND; mandate for the creation of the Independent Control Council (UKRat).

Federal Constitutional Court (BVerfG), Order of September 28, 2022 - 1 BvR 2354/21: Refinement of constitutional standards regarding the protection of the information core of private life and the operational independence of intelligence oversight bodies.

German Bundestag, Printed Paper (Drucksache) 19/26103: Draft legislation introduced by the Federal Government to amend the BND Act to align foreign-to-foreign surveillance with the mandates issued by the Federal Constitutional Court.

German Bundestag, Printed Papers (Drucksachen) 20/8615 and 20/9412 (alongside continuous drafts up to mid-2026): Comprehensive reports, policy recommendations, and legislative blueprints aimed at adapting the BNDG regarding extended retention windows, procedural frameworks for cyber defense, and operational synchronization with the CIR Command.

Assessments by the Research Services of the German Bundestag, Department WD 3 (Constitutional and Administrative Law) / Department WD 2 (International Law), including WD 3 - 3000 - 012/21: Legal analyses on the constitutional parameters of offensive cyber operations (*Active Cyber Defense*) and the international law implications of extraterritorial interventions.

Tagesschau and ZDF heute: Editorial coverage and analytical documentation spanning 2025 and 2026 tracking the internal parliamentary committee debates over the doubling of intelligence data retention windows and the constitutional compliance of state-authorized counter-hacking within the current geopolitical matrix.