On April 10, 2025, the German CDU/CSU centre-right and SPD centre-left parties announced their coalition agreement (PDF link, German language) for the 21st German legislative session. The 146-page document contains a wide range of policy and ideological commitments, and a “wish list” of objectives that will be subject to budgetary and legislative realities and negotiation. Due to Germany’s influence in Europe and on the global stage, both economically and politically, the incoming government’s positions bear close inspection for anyone with an interest in any of these positions.
CyAN’s comments on the document relate to our mission of enhancing information security, trust, safety, and resilience, and fall into 5 rough categories:
I. Increased commitment to digitalisation and reduction of bureaucracy
The coalition has expressed its desire to cut through bureaucracy, and to push increased digitalisation of records, services, and processes, in order to bring German digital capabilities up to speed and in line with other, more digitally integrated and agile countries in the European Union.
CyAN believes that improved digital services bear both opportunities and risks for German citizens, business, and society as a whole. Countries like Estonia and the Netherlands have shown that a strong culture of online services can foster entrepreneurship, digital education, and democratic engagement.
At the same time, we hope that this will not conflict with Germany’s traditionally strong focus on individual rights, particularly in the fields of privacy and criminal law. Numerous countries have shown that it is possible to reconcile digitalisation and both economic and political agility in the online sphere with freedom of conscience and expression, and respect for citizens’ natural rights.
II. Cybersecurity
We are encouraged by the parties’ expressed desire to:
- include cybersecurity as a focal research area
- reform cyber-crime laws, including implementing protections for responsible cybersecurity vulnerability researchers. This is especially promising given the legal ambiguity currently surrounding Germany’s infamous “Hackerparagraph” §202a StGB (criminal code)
III. Cyberdefence, Hybrid warfare, and Disinformation
The coalition agreement includes the following objectives:
- improve national cybersecurity and cyberdefence of vulnerable critical sectors
- strengthen overall resilience of critical infrastructure and the population as a whole
- fight disinformation and information manipulation, for example by strengthening media consumption education, and evaluating screen time and social media usage
- support expanded defence capabilities, including through cyber- and related technologies
CyAN applauds the inclusion of these elements as important steps in more effectively defending German citizens and society against electronic and information-borne threats.
IV. Digital Surveillance and Individual Rights
The agreement makes mention of increased use of data-based surveillance and law enforcement techniques. It states that “the tense relationship between security requirements and data protection rules must be reevaluated”, and proposes the introduction of a mandatory 3-month archival duty for IP addresses and ports. Law enforcement surveillance of “data sources” is to be enabled.
This raises significant concerns for privacy and the respect for the value of end-to-end encryption. CyAN has in the past commented extensively in opposition to proposed laws in the EU as a whole, France, Sweden, the UK, the US, Japan, and elsewhere that seek to undermine encryption through backdoors or other measures. We believe these simply do not work, and bear great risk of damaging both online democracy and electronic commerce, not to mention the individual right to the privacy and integrity of one’s own data.
We also believe that the focus on law enforcement, and the implication that privacy rights should be reviewed raised the spectre of law enforcement-deployed spyware (“Staatstrojaner”). Tools such as the NSO Group’s Pegasus spyware have in the past been used by multiple authoritarian governments against dissidents. Spyware used without strong legal guardrails, and without very clear constitutional controls and judicial oversight has no place in a liberal democratic society. CyAN urges exceptional caution in the adoption of such tools, as they bear the danger of a “slippery slope” that leads to an erosion of rights to digital privacy and online freedom of expression.
On a positive note, the agreement specifically mentions both net neutrality, and the need to “protect fundamental digital rights”. We believe that the fact the new government is stresses the importance of these concepts sends an important signal.
V. Illegal Content
The coalition wants to combat threats to constitutional order, including extremism. It aims to fight deepfakes and hateful content more effectively, building on Germany’s already strong legal provisions against hate speech and hateful symbols, such as StGB § 86a and § 130. Platforms are to be held liable for violations, and the EU’s Digital Services Act will to be implemented quickly and effectively. The coalition wants to pass a law against digital violence.
While CyAN welcomes moves against illegal hateful and violent content online in the interest of public safety, great care must be exercised to ensure that these do not conflict with freedoms of expression, conscience, and privacy. The agreement mentions stronger controls over media. This must not open the door to censorship of legitimate content in the interests of vague public security without very clear, consistent, principles-based rules and constitutional review.
In conclusion, the German coalition agreement contains a wide range of elements related to digital security, stability, and rights. CyAN firmly supports those policies which improve agility, individual rights, societal resilience, and prosperity. We also caution against any half-baked measures that sacrifice vital rights as part of a drive for security and safety that is not founded on evidence-based policies, and which risks compromising basic principles as well as impacting trust and safety online.