Germany seeks to make encryption a legal right

Some digital services may be forced to adopt encryption.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

End-to-end encryption could become mandatory in Germany for some digital services if a new proposed law is passed.

The bill will require messaging platforms, email, and cloud service providers to offer users the possibility to encrypt their data “wherever it is technically possible.”

While governments worldwide are increasingly seeking tobreak encryptionin the name of public safety, Germany could become the first country to defend the right to private and secure communications in a federal law.

Encryption as a legal standard

“Although end-to-end encryption is now the industry standard, individual messenger services do not use end-to-end encryption or only use it for certain functions, without this being justified by technical restrictions,” reads the bill—here’s thefull text in German.

End-to-end encryption (E2E) systems use cryptographic keys to encrypt the data on the sender’s device and decrypt it only when it reaches the intended recipient. Alongside communications applications,VPN servicesalso use E2E to encrypt users' internet data as the traffic travels between destinations online.

By definition,encryptionis the process of scrambling data into an unreadable form to protect it from unauthorized access. This means that no one, even the provider itself, can see what users send to each other.

Many applications now offer E2E—think of thebest secure emailproviders on the market, or messaging apps likeSignal—but such protection isn’t mandatory. The law aims to challenge this and make encryption a new standard, a default for those services that handle people’s most sensitive data and can technically do so.

The draft bill intends to partially amend the German Telecommunications Telemedia Data Protection Act (TTDSG). While introducing an obligation for interpersonal communication andcould servicesproviders to offer encryption—or, if applicable, explaining why it wasn’t possible to implement—it will also require informing users on how to use the protection for maximum security.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Legislators hope that by defending the right to encryption in federal law, they could promote the acceptance of the widespread use of these secure technologies among citizens, businesses, and public bodies alike. They described the practice as “an essential contribution to guaranteeing the fundamental rights to ensure telecommunications secrecy as well as the confidentiality and integrity of information technology systems and cybersecurity.”

⚡ BREAKING: Huge win for #Privacy ⚡German government publishes law to guarantee ‘right to encryption’ 🔒 💪We at Tuta Mail applaud the #German government for this move in the right direction. 👏 👏 👏Here’s our comment: https://t.co/86w3cIXxzn pic.twitter.com/OVXKdi74tyMarch 25, 2024

The bill has been widely welcomed by the cybersecurity industry so far as a win for privacy.

For instance, Hannover-based encrypted emailTuta(formerly known as Tutanota) described it as an “outstanding move” from the German government.

“Along with other IT experts we’ve been saying for years that only strong end-to-end encryption can protect data that is shared online from various cyber threats,” Matthias Pfau, co-founder of Tuta Mail, told TechRadar. “It’s great to see that the German government is now going in the right direction, not following the path of many other politicians who want stronger monitoring laws instead of better privacy protections.”

Also according to the Free Democratic Party (FDP), one of the parties involved in the2021coalition agreementthat first planted the seed for the legal right to encryption, the draft bill is a necessary prevention to potential future legislations, like theEU Chat Control, trying to break this protection—FDP spokesperson Maximilian Funke-Kaisertold digital advocate group Netzpolotik.

Not everybody is fully convinced just yet, though. The lawyer Dennis-Kenji Kipker from the University of Bremen, for instance,labeled the proposed lawas “more of a PR measure than a sustainable strengthening of cybersecurity for everyone” as users will ultimately have to implement the security feature themselves.

However, the bill is just at the beginning of the legislative process. The federal cabinet still needs to reach an agreement, before the Bundestag (German Parliament) will start evaluating the draft proposal.

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up.She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

Get the Fitbit Versa 4 for a record-low price at Amazon ahead of Black Friday