On the morning of January 3, 2026, an arson attack in Berlin led to a widespread power outage affecting around 45,000 households and over 2,200 businesses. Less than a year earlier, a fire at a substation in London caused a power outage lasting several hours in tens of thousands of households, and even Europe's largest airport, London Heathrow, came to a standstill. The tense geopolitical situation makes threats to critical infrastructure a real possibility. Such infrastructure is increasingly the target of acts of sabotage. But natural disasters or mundane technical malfunctions can also trigger fatal chain reactions.
Critical infrastructure such as data centers, hospitals, care facilities, substations, and major transportation hubs are particularly dependent on effective fire protection. The responsibility shared by the state and operators is correspondingly great, and time is of the essence. “Cooperation between politicians, authorities, and KRITIS operators has intensified significantly in recent years,” notes Axel Haas, Managing Director of the German Institute for Preventive Fire Protection (DIvB). An example of the network between these levels is the UP KRITIS alliance, a cooperation platform between the federal government, the states, and industry. Here, risks are analyzed, threat scenarios simulated, and measures coordinated. At the same time, there are still many issues to be resolved: Currently, there are no uniform interfaces, too many federal differences, and unresolved financing issues.
Security Act 3.0 and the gold standard
But solutions are in sight. The KRITIS umbrella law (“Security Act 3.0”) passed by the German Bundestag pursues an all-hazards approach: detailed regulations as in building law, but with enough flexibility to also address new forms of threats such as hybrid attacks or climate-related risks.
“At the same time, KRITIS needs an expanded, quasi ‘gold standard’ of preventive fire protection,” says Axel Haas. By this he means a combination of physical and digital security. While classic preventive fire protection, which has proven itself over decades, focuses primarily on saving lives and preventing damage to buildings, KRITIS focuses on resilience, i.e., maintaining the functionality of facilities.
This “gold standard” would provide for decoupled fire compartments, independent extinguishing systems, sensor-based early warning systems with their own emergency power supply, and continuous monitoring. Regular stress tests and crisis exercises would realistically simulate scenarios ranging from power failures to cyberattacks.
