Technology- & IT-Law

German government on China strategy (2024)

The Federal Government’s China Strategy provides a comprehensive perspective on the current state of and future opportunities for relations with China. It serves as a guideline for the various ministries of the German government to pursue a unified and coherent policy towards China, especially with regard to digital issues. Current questions in the Bundestag reveal the current position of the German government with regard to China in terms of digital policy.

Promoting and strengthening the technological and digital sovereignty of Germany and Europe is a key concern of the German government. A key objective of the German government is to ensure that the European Union does not become dependent in key areas on technologies from countries that do not share Europe’s fundamental values. As explained in section 4.3 of the strategy, this is to be achieved in particular in critical areas of information technology.

This includes securing and expanding technological capabilities as well as diversifying supply chains and sources of supply, always taking into account the innovative capacity and resilience of technological and digital systems.

What are key technologies?

From the government’s perspective, technologies that are central to the decarbonization of production processes, but also to its own technological sovereignty, will play a key role in global competition in the future. This includes the areas of semiconductors, energy/green technologies, digitalization/information and communication technologies (ICT), artificial intelligence (AI), quantum and biotechnologies (see BT-Drucksache 20/9953).

Note: The government defines technological dependence as, in particular, dependence on technological competencies and capacities as well as dependencies in supply chains and sources of supply for new technologies (BT-Drucksache 20/9953). The Federal Government defines digital sovereignty as the capabilities and opportunities of states or communities of states to exercise their role in the digital world independently, self-determinedly and securely, from technological sovereignty (critical components) and data sovereignty to cyber security and digital infrastructures. From the government’s perspective, digital sovereignty means building on one’s own strengths and reducing strategic weaknesses within the framework of open markets and rules-based trade (BT-Drucksache 20/6271).

According to the Federal Government, various federal authorities are using different methods of strategic foresight to anticipate future developments, to better prepare for them and to shape them. As part of the Federal Ministry of Education and Research’s foresight process, approaches are currently being developed to monitor existing and identify potential future key technologies that will play a decisive role in global competition. Both expert-based and data-based methods are being used. These approaches are currently still in the development and testing phase (BT-Drucksache 20/9953).

Bundesregierung zu China-Strategie (2024): Rechtsanwalt Ferner zum Ausblick auf Auswirkungen chinesischer Sicherheitspolitik in Deutschland und Europa

Anyone dealing with cybersecurity and IT security law cannot avoid regular consideration of the political situation, especially between Germany/EU <> China.

eSpionage: Chinese digital espionage activities

The Federal Government states that Chinese cyber espionage activities against German targets can be reliably traced back to 2015 as part of the attack campaigns analyzed by the federal intelligence services. Chinese cyber actors focus in particular on industrial espionage against German companies and the theft of intellectual property, as well as cyber attacks on state institutions. A significant increase in the technical capabilities of Chinese state cyber actors can be observed over the entire period. In addition to spear phishing campaigns, supply chain attacks and the targeted exploitation of vulnerabilities in hardware and software can also be observed (BT-Drucksache 20/9953). Recently, the Netherlands complained about corresponding Chinese activities, which the Chinese embassy immediately rejected.

In recent years, the communication strategy of the Chinese Communist Party has increasingly aimed to steer the world’s perception of China in its favor and prevent criticism. In addition to using traditional PR tools, the Chinese government is trying to increase its influence in and via traditional and social media. Digital platforms also play a central role in this influence strategy. To the knowledge of the German government, the Chinese government used so-called bots in the context of the protests in Hong Kong to defame the protest movement in the social media and spread its own narrative (BT-Drucksache 20/9953).

This naturally raises the question of how the security of the components can be guaranteed. The German government is of the opinion that, as the information technology complexity of critical (software) components increases, a significant part of the controllability of the technology remains with the manufacturer itself or in the wider supply chain as part of product maintenance (software updates, firmware updates, closing security gaps) (BT-Drucksache 20/10149).

The overall problem is exacerbated by the fact that almost every digital device contains Chinese components. In the view of the German government, this makes it more difficult to even recognize such components in the Bundeswehr, for example: This is because individual parts originating from China are also installed in products from European and US manufacturers, which cannot be identified as Chinese by Bundeswehr personnel. The protective measures in the Bundeswehr ensure that these devices cannot communicate unnoticed (BT-Drucksache 20/7956).

Due to the high complexity of critical components and the expected constant software/firmware updates, high technical security requirements, for example, do not provide sufficient guarantee that manufacturers will not implement abusive access options to hardware and software or carry out other actions that enable sabotage or espionage (see the Committee on Economic, Monetary and Industrial Policy’s recommended resolution and report of 10.12.2006). Resolution recommendation and report of the Committee on Internal Affairs and Home Affairs, 4th Committee, BT-Drs. 19/28844, p. 43 f. as well as the Federal Government’s draft law “Draft of a second law to increase the security of information technology systems”, BT-Drs. 19/26106, p. 85). In addition, software updates cannot be fully verified in the standard process and even intensive testing cannot guarantee complete security (BT-Drucksache 20/7956).

Furthermore, it is technically possible in principle and also customary on the market for software components to be configured via remote maintenance or for software components to be accessed remotely (cf. the Federal Government’s answer to questions 11 and 14 on Bundestag printed paper 20/7956 and BT printed paper 20/10149).

Limits of cooperation

According to the preamble of the CCP’s statutes, the so-called strategy for the development of civil-military integration is one of the central goals in the process of modernizing the People’s Republic of China. It aims to transfer civilian knowledge to the military sector (BT-Drucksache 20/6271).

What does this Chinese strategy mean in practice: All companies based in the People’s Republic of China are subject to the law of the People’s Republic of China. According to Article 7 of the Intelligence Law of the People’s Republic of China, all organizations and citizens of the People’s Republic of China are obliged to support and cooperate with the intelligence authorities in accordance with the law. Article 14 of the Law on the Intelligence Services of the People’s Republic of China grants the aforementioned authorities the power to request support, assistance and cooperation from organs, organizations and citizens in their work (BT-Drucksache 20/6271).

This Chinese policy of civil-military fusion places limits on cooperation. The Federal Government is aware that civilian research projects, including basic research, can also be strategically examined by China for their military usability. The Federal Government therefore considers it important and right to further develop scientific relations in a value- and interest-oriented manner. This includes – also in the context of cooperation on digital technologies – respect for the constitutionally guaranteed principle of academic freedom and the associated responsibility. Risks to the freedom of research and teaching, illegitimate influence and one-sided knowledge and technology transfer must be minimized and transparency and publicity maximized (BT-Drucksache 20/9953).

Critical components & 5G from China

A legal basis for the exclusion of certain components in public 5G telecommunications networks due to a lack of reliability on the part of the respective manufacturer currently only exists in the form of Section 9b BSIG. The German legislator has opted for a technology- and manufacturer-neutral approach. A blanket exclusion of individual products or manufacturers from 5G networks is not provided for in Section 9b BSIG – with the exception of the serious cases in paragraph 7 (BT-Drucksache 20/6271).

However, in the procedures pursuant to Section 9b (4) BSIG, the focus is on a security policy forecast decision (BT-Drucksache 20/7956). The following also applies: Only components used for the first time are subject to the notification obligation pursuant to Section 9b (1) BSIG. In order to also obtain an overview of the inventory, the BMI initiated an ex-post review in accordance with Section 9b (4) BSIG in March 2023 (BT-Drucksache 20/7956).

Note: Insofar as the Federal Government has taken the view that the classification of individual manufacturers as high-risk providers is not provided for in German law, this may be formally correct (BT-Drucksache 20/7956). In fact, however, the current version allows for the de facto sanctioning of individual manufacturers by classifying them as untrustworthy (Section 9b (5) BSIG). China is keeping a close eye on what is happening in this country – the press there is already reporting on the absurdly high costs of having to remove components once they have been installed.

Accordingly, the use of each component is examined on a case-by-case basis by the BMI, taking into account all relevant circumstances and with the involvement of the departments concerned, to determine whether its use could impair the public order or security of the Federal Republic of Germany. The state’s influence on the manufacturer is also taken into account (BT-Drucksache 20/6271).

With regard to the use of 5G components by Huawei/ZTE in German 5G mobile networks, an investigation has been initiated in accordance with Section 9b (4) BSIG (ex-post investigation). The review is currently in the fact-finding phase, which is expected to be completed in summer 2023. A resolution will then be passed by the Federal Government (BT printed matter 20/7956). As things stand at the beginning of 2024, however, the investigation of the facts has not yet been completed and no information is expressly provided on the ongoing procedure for the 5G components (BT printed matter 20/10149).

Ban on the sale and import of Chinese communication and surveillance technology?

The German government is currently expressly not considering a ban on the sale and import of communication and surveillance technology from the Chinese technology companies Huawei and ZTE: there is currently no recognizable legal basis for such a ban. Foreign trade law contains very high hurdles for the enactment of national import or export bans. Restrictions on the movement of goods are only permissible under strict conditions and in accordance with European and international law (BT-Drucksache 20/6271).

Chinese Compulsory Certification

By extending the “Chinese Compulsory Certification” (CCC) certification regime to IT products, China has created its own certification framework beyond the internationally recognized schemes (Common Criteria, etc.). However, the German government rejects the CCC. In the view of the German government, it contains irrelevant requirements and non-transparent testing methods that could encourage an undesirable outflow of intellectual property (IP) (see BT-Drucksache 20/9953).

Combating product piracy

According to the Federal Government, combating product piracy is an important concern: The Federal Government points out that it is working constructively at international and national level to ensure that the political, legal and social framework conditions for combating product piracy are continuously improved. At international level, for example, it advocates better protection of intellectual property both within the G7/G20 and in the relevant bodies of the World Trade Organization.

The German government and the German missions abroad in China also provide direct political support to German companies in enforcing their intellectual property rights, be it through high-level political interventions with the Chinese government or through the establishment of an IP attaché at the German embassy in Beijing.

Cooperation at European level is also of great importance. The Federal Government works closely with the European Commission and the European Intellectual Property Office (EUIPO) and supports the European Observatory on Infringements of Intellectual Property Rights set up by the EUIPO. At national level, the remit of the German Patent and Trade Mark Office (DPMA) was extended by the new Section 26a of the Patent Act introduced in 2021 to include informing the public, in particular small and medium-sized enterprises, about intellectual property rights, including the exercise and enforcement of these rights. This includes providing information about the dangers of pirated products.

The Federal Government also refers to the existing regulations for dealing with product piracy: In order to prevent the import of pirated goods, the Central Industrial Property Office of the German customs administration works closely with the DPMA, the EUIPO, the European customs authorities and the European Commission, both nationally and throughout the EU. There is also close cooperation with the companies concerned. If the German customs authorities identify goods that are suspected of infringing an intellectual property right that is the subject of an application for border seizure filed by the right holder and approved by the Central Industrial Property Office, they will suspend the release of the goods or detain them. If the requirements of Article 23 of Regulation (EU) No. 608/2013 are met, the goods shall be destroyed in order to prevent them from entering the economic cycle (see BT-Drucksache 20/9953).

German Lawyer at Law Firm Ferner Alsdorf
I am a specialist lawyer for criminal law + specialist lawyer for IT law and dedicate myself professionally entirely to criminal defence and IT law, especially software law. Before becoming a lawyer, I was a software developer. I am an author in a renowned commentary on the German Code of Criminal Procedure (StPO) as well as in professional journals.

Our law firm specialises in criminal defence, white-collar crime and IT law / technology law. Note our activity in digital evidence in IT security and software law.
German Lawyer Jens Ferner (Criminal Defense & IT-Law)