Germany is preparing a fundamental shift in its national security strategy, moving from a posture of passive resilience to one of “active cyberdefence.” The move comes as Berlin grapples with a surge in sophisticated online attacks, many of which are being amplified by artificial intelligence to target the nation’s critical infrastructure and economic stability.
Interior Minister Alexander Dobrindt announced Tuesday that he will seek cabinet approval this month for a new legal framework. If passed, the law would grant German security services the authority to retaliate against the servers and digital infrastructure used by attackers, effectively allowing the state to “hit back” to neutralize threats in real-time.
The policy shift reflects a growing frustration within the German government over the limitations of traditional defensive measures. For years, the strategy has focused on “hardening” targets—patching software and building firewalls. However, the Interior Ministry now argues that deterrence requires the ability to disrupt and destroy the tools the attackers use before they can launch a strike.
“This means ensuring that someone attacking us from a server system, for example, to attack an energy company in Germany from abroad, will no longer be able to do so in future with that infrastructure, that server, that software or those facilities,” Dobrindt said during a press conference in Berlin.
The AI Arms Race and Economic Fallout
The urgency of the new legislation is driven by the integration of generative AI into the toolkit of cybercriminals. According to the Interior Ministry, AI-based tools have allowed attackers to operate with a level of precision and speed previously reserved for state-sponsored intelligence agencies. These tools can automate the discovery of vulnerabilities and craft highly convincing phishing campaigns, making traditional human-led defense insufficient.
The economic consequences have been severe. The ministry reported that serious cybercrime and targeted attacks on government agencies and private companies caused more than €200 billion in economic damage last year. This figure encompasses not only direct theft and ransom payments but also the massive costs associated with system downtime and recovery.
The scale of the threat is further illustrated by the sheer volume of incidents. In 2025, Germany registered approximately 334,000 cases of cybercrime. Two-thirds of these attacks originated from abroad or unknown locations, and officials believe a significant number of breaches remain unreported by companies fearing reputational damage.
Targeting the Infrastructure of Conflict
While cybercrime is often associated with financial gain, Berlin is increasingly viewing these attacks through the lens of geopolitical conflict. Minister Dobrindt specifically pointed to a “significant increase in activism originating from Russia” following the 2022 invasion of Ukraine, suggesting that the line between criminal hacking and state-sponsored hybrid warfare has blurred.
The ministry’s data highlights a worrying trend in the types of attacks hitting German soil:
| Attack Type | Reported Volume | Year-on-Year Trend | Primary Impact |
|---|---|---|---|
| Ransomware | 1,000+ cases | ↑ 10% | Financial extortion / Data locks |
| DDoS Attacks | 36,706 cases | ↑ 25% | Service disruption / Website outages |
| General Cybercrime | 334,000 cases | High | Intel theft / Economic loss |
Ransomware attacks alone extorted more than $15 million (€12 million) last year, though these figures likely underrepresent the total cost when including the operational paralysis of the affected firms.
Financial Stability and the ‘Patching’ Crisis
The threat is not only a matter of national security but of systemic financial risk. Mark Branson, head of the German financial regulator BaFin, has issued a stark warning to the banking and insurance sectors. He noted that new AI models can identify and exploit vulnerabilities in IT systems with “remarkable speed,” leaving human administrators struggling to keep up.
Branson urged financial firms to accelerate their patching cycles, arguing that the window between the discovery of a vulnerability and its exploitation has shrunk to nearly nothing. “Cybersecurity is an urgent and essential investment,” Branson said, noting that BaFin is strengthening its supervision of cyber risks to ensure that a single breach does not trigger a wider systemic failure in the German economy.
The proposed “active defence” law is expected to create a complex legal landscape. Under international law, “hacking back” can be interpreted as a violation of another state’s sovereignty, depending on where the servers are located. It remains unclear how Germany will navigate these diplomatic waters or if the law will include strict oversight mechanisms to prevent accidental escalation.
Disclaimer: This article contains information regarding legal and financial regulatory updates; This proves provided for informational purposes and does not constitute legal or financial advice.
The next critical step will be the cabinet meeting later this month, where the draft law will be formally presented for approval. Following cabinet approval, the legislation will move to the Bundestag for debate and a final vote.
Do you believe “active cyberdefence” is a necessary deterrent or a dangerous escalation? Share your thoughts in the comments below or share this story on social media.
