Skip to content

Interior Ministry Plans Restructuring of BND and Constitutional Protection Service for Enhanced Cyber Capabilities

At a glance: Planned reforms of the Intelligence Services Act are intended to grant BND and Constitutional Protection Service explicit offensive cyber capabilities, including zero-day exploitation, and place the BSI structurally under their control.

The Federal Interior Ministry is preparing a fundamental systemic shift in German intelligence law that would enable BND and Constitutional Protection Service to conduct offensive cyber operations. The BSI would be downgraded to a supplier role for zero-day exploits and other cyberattacks.

According to reporting by Heise, the Federal Interior Ministry is planning a fundamental systemic shift in German intelligence law. The core initiative is the explicit legalization and expansion of offensive cyber capabilities for BND and Constitutional Protection Service, including the use of zero-day exploits – that is, security vulnerabilities that are not yet publicly known at the time of exploitation and for which no patches exist.

This organizational change would entail the Federal Office for Information Security (BSI), previously responsible for national cybersecurity and government defense, being degraded to a supplier function for BND and Constitutional Protection Service. The BSI would have to procure or develop zero-days and other offensive cyber tools and pass them to the intelligence services – instead of closing these security vulnerabilities or coordinating their disclosure. This affects not only BSI independence but also creates potential conflicts of interest between defensive and offensive objectives.

For CISOs and cybersecurity executives in the private sector, this reorganization means: the BSI’s previous coordination role in vulnerability management and national defense coordination could be fragmented, while at the same time state cyber capabilities are legitimized against foreign targets (or under security pretexts also domestically). The balance between security gains from defensive measures and risk exposure due to forgoing zero-day disclosure shifts in favor of the intelligence services. Transparency regarding the scope and control of these operations remains limited.


Source: www.heise.de · Published 10 July 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.

Share on: