The guide “Post-Quanten-Kryptografie in Umsetzung” supports municipalities, government agencies, and other organizations to plan and implement the transition to quantum-resistant cryptography in a structured manner. It explains why action is needed now, for example due to the so-called “Harvest-Now-Decrypt-Later” principle, in which encrypted data is stored today so that it can be decrypted in the future using quantum computers. It also provides recommendations for first steps, risk analysis, and future IT procurement.

Download (in German) (PDF, 1,7 MB)

© Catharina Frank

Leading experts from the German Research Center for Artificial Intelligence (DFKI), the Jülich Supercomputing Centre (JSC), ATHENE, TU Darmstadt, Goethe University Frankfurt, and Saarland University have jointly developed a strategy for a national AI infrastructure. The key messages are:

• Establishment of a national AI infrastructure with its own competitive base models
• Standardization instead of federal fragmentation
• Science-driven decisions
• Cyber­security as an integral component from the outset
• Establishment of an effective German AI agency with a clear mandate for implementation

The strategy was presented at the ATHENE conference “Cybernation Germany: Future Forum on AI and Cyber­security” on September 23, 2025.

To the strategy (in german)

This paper explains how the CRA's risk management requirements differ from traditional organisational cybersecurity standards, and offers practical advice on integrating these requirements into SecDevOps processes. It is intended for manufacturers of products with digital elements.

Download (PDF, 817 KB)

Digital technologies are increasingly shaping our lives, but they are also having a growing impact on how we deal with death, grief, and remembrance. Technologies within the context of the Digital Afterlife Industry (DAI) enable the “continued existence” of and interaction with digital representations of the deceased in the form of avatars, chatbots, or text message senders. An interdisciplinary team, including ATHENE researchers from Fraunhofer SIT, has analyzed the technical, legal, and ethical challenges of this development. In their study “Edilife – Ethics, Law, and Security of Digital Afterlife,” they provide a systematic overview of the digital afterlife.

Download (in german) (PDF, 5,04 MB)

The whitepaper is aimed at manufacturers and retailers of connected products and provides specific recommendations for designing business processes in compliance with the CRA. Topics discussed include, for example, how to address vulnerabilities, the automated generation of software bill of materials (SBOMs), and the integration of security testing into the development process.

Download (in german) (PDF, 1,0 MB)

Compliance with legal requirements often poses a major challenge for startups, as they are, on the one hand, already “large enough” to be required to comply with legal requirements, yet, on the other hand, still “too small” to have their own legal expertise or to be able to hire a specialist in this field. Our data protection experts have therefore compiled the most important terms in data protection law and explained them in detail. This provides startups with a practical guide to help them better understand data protection requirements.

Download the guide (in german) (PDF, 390 KB)

Connected products are set to become more secure across the EU—that is the goal of the Cyber Resilience Act (CRA), an EU regulation expected to take effect this year. A white paper from ATHENE, the National Research Center for Applied Cyber­security, explains which companies and products are likely to be affected and provides a concise overview of the CRA’s key provisions.

Download Whitepaper "EU CYBER RESILIENCE ACT: A LEGAL OVERVIEW" (in german) (PDF, 2,5 MB)

Download Whitepaper's summary (in german) (PDF, 309 KB)

© Fraunhofer SIT

Cyber­security researchers are often unable to comply with data protection regulations because they do not know, before beginning a research activity, whether they will process personal data or exactly what kind of personal data they will process. Our data protection experts have therefore drafted a proposed amendment to the GDPR and published it as a position paper. Their aim: to establish legally binding provisions for data protection safeguards within the GDPR.
Data protection precautions are intended to resolve the legal gray area surrounding unplanned data processing and thus create legal certainty, while at the same time ensuring that the rights and freedoms of data subjects are adequately protected.

Download the paper (in german) (PDF, 341 KB)

In this study, our data protection experts examine the specific legal challenges posed by large datasets, particularly those originating from various sources and in different formats. The study focuses specifically on data protection and IT security, but also addresses copyright and trade secret protection. Naturally, given the multitude of issues, only specific sub-areas can be selected to develop coherent concepts for their application. In doing so, the experts aim to contribute to enabling the legally compliant use and exploitation of large datasets in accordance with data protection and IT security laws.

Download study "Systematic Privacy for large, real-life Data Processing Systems" (PDF, 1,0 MB)

Our data protection experts have investigated whether people’s behavior changes when they are being observed, and what this means from a legal perspective. The result: People feel influenced by various forms of observation, whether by a camera or a person, and inhibited in their free self-expression. The researchers, legal scholars from Goethe University Frankfurt, Fraunhofer SIT, Darmstadt University of Applied Sciences, and the University of Kassel, have thus empirically confirmed what had previously been largely only assumed in legal scholarship.

Download (in german) (PDF, 889 KB)

Starting a business comes with many challenges. In addition to organizational and financial tasks, founders also face legal requirements and obstacles. Which business structure should they choose, how can they protect their business idea, and what data protection considerations must they keep in mind when it comes to marketing and sales?

The white paper provides an overview of key legal requirements for startups in the early stages.

Download White paper Compliance (in german) (PDF, 518 KB)

The supplementary checklist clearly summarizes all the points listed in the white paper to provide founders with an at-a-glance overview of the most important compliance requirements.

Download Checkliste (in German) (PDF, 225 KB)

© Fraunhofer SIT

The feasibility study identifies technologies that can help protect children and adolescents from online abuse and mistakes in their use of digital media. The conclusion: With the help of artificial intelligence and multimedia forensics, many offenses can be detected or even prevented.
The study examines and evaluates technical solutions that can warn minors against carelessly sending nude photos (so-called “sexting”) and that can identify adults who pose as minors in online forums or chat portals.
The study was completed in 2018 on behalf of the Hessian Ministry of the Interior and Sports and is now being made available to the public.

Link to the study (in german) 

ATHENE Director Prof. Michael Waidner is a member of the Scientific Working Group on National Cyber­security, which has been supporting the National Cyber­security Council in its work since October 2018. In this role, he serves as a strategic advisor to the federal government and brings together high-ranking representatives from the federal and state governments as well as the private sector. At regular intervals, the Scientific Working Group produces position papers that examine selected cybersecurity topics from a research perspective. The position papers published by the group to date are available for download below.

Generative Artificial Intelligence and Its Impact on Cyber­security (June 2025)

Download (in German) (PDF, 900 KB)

Cryptoagility (November 2024)

Download (in german) (PDF, 1,7 MB)

Quantum Computers and Their Impact on Cyber­security (March 2024)
Download (PDF, 271 KB)

Active Cyber Defense (March 2023)
Download (in German) (PDF, 447 KB)

Secure digital Identities (June 2022)
Download (in German) (PDF, 348 KB)

Technological Sovereignty: A Prerequisite for Greater Cyber­security - Update to the December 2019 Policy Paper (June 2022)
Download (in german) (PDF, 438 KB)

The Impact of Foreign Legislation on German Cyber­security (November 2021)
DownLoad (In german) (PDF, 312 KB)

Areas of Focus in IoT Security (December 2020)
Download (in german) (PDF, 1,2, MB)

Security from and by Machine Learning (December 2020)
Download (In german) (PDF, 1,5 MB)

Technological sovereignty: A prerequisite for cybersecurity (December 2019)
Download (In german) (PDF, 1,7 MB)

The Threat to Democratic Decision-Making Posed by Disinformation (December 2019)
Download (in german) (PDF 800 KB)

During the COVID-19 pandemic, many companies have been using web-based communication services for online seminars, video conferences, and matchmaking services to enable communication and knowledge sharing among their employees working from home. In the white paper “Selection and Use of Web-Based Communication Services in the Age of COVID-19,” data protection experts from Fraunhofer SIT describe key data protection and data security requirements for these online tools.

Download (in german) (PDF, 508 KB)

© Fraunhofer SIT

Analysing large amounts of data enables numerous improvements - in the fight against climate change as well as in medicine. At the same time, today's big data analysis options create entirely new risks for people's privacy. If data volumes from different sources are combined during analysis, supposedly anonymised data can often be merged into personal profiles, sometimes with unforeseeable consequences for the individuals concerned. The study therefore shows how big data technologies can be used without harming the privacy of individuals.

Download (in German) (PDF, 1,71 MB)

© Fraunhofer SIT

Despite numerous opportunities for innovation, many companies and authorities are still hesitant to use artificial intelligence (AI) in the areas of cyber security. One of the main reasons for this is that the performance of systems is often difficult to assess. This report summarises recommendations developed by experts from science and industry on how obstacles to the use of AI can be overcome. These include specific quality criteria and testing options.

Download (in German)  (PDF, 741 KB)

© Fraunhofer SIT

This technical guideline provides recommendations for the secure operation of an emobility charging infrastructure. The focus is on system security of the Electric Vehicle (EV) and Charge Point (CP) / Electric Vehicle Supply Equipment (EVSE), with their respective communication control units, the Electric Vehicle Communication Controller (EVCC) and the Supply Equipment Communication Controller (SECC), as well as the secure usage of their communication protocols. Both systems are required to be equipped with a Hardware Security Module (HSM), providing a hardware trust anchor for secure storage and usage of their corresponding private credentials. The trust anchor is also used to provide more advanced security features like software integrity validation or secure firmware updates. Additional recommendations are given, aiming to increase the security of the communication between EVCC and SECC using ISO 15118 [10] as well as the backend communication of the SECC.

Download (PDF, 472KB)

© Fraunhofer SIT

In the field of eMobility, Electric Vehicles (EVs) are charged using a Charge Point (CP). To enable a trustworthy and reliable charging and billing process for the transferred electrical energy, data is exchanged between the vehicle and the CP through the charge cable and specific protocols are applied. Further, the CP is part of an infrastructure that connects the point on the one hand to the energy grid and to an energy provider, billing system, and other valueadded service providers on the other hand. The inter­national standardisation system has created a basis for communication between an electric vehicle and the charging infrastructure in the form of inter­national standard ISO/IEC15118, which is already in place. ISO/IEC15118 defines the communication between the electric vehicle and the CP. However, some protocols that are required for the value-added services are extensions of ISO/IEC15118.

Download (PDF 742 KB)

© Fraunhofer SIT

Whether it’s online banking or blockchain, most IT security mechanisms for data and digital communication rely on cryptography. Quantum computers and new attack vectors threaten many of these IT security mechanisms. Experts from business, research, and politics discussed how the business community and society can protect the cyber world from such major threats in the future at the Eberbach Dialogue “Next Generation Cryptography.” The experts’ conclusion: Cryptography urgently needs to become more flexible in order to respond quickly to technical changes.

Download (PDF, 2,4 MB)

How can so-called “social media firestorms” be managed? How can interactive applications reduce or even resolve conflicts? How can those affected use IT to contribute to crisis management themselves? How can cooperative systems support the police and fire departments? How can IT be both secure and user-friendly? A new textbook in German addresses these practical questions. It was conceived by CRISP researcher Prof. Christian Reuter, head of the “Science and Technology for Peace and Security” (PEASEC) department at the Technical University of Darmstadt and mentor of the BMBF KontiKat working group at the University of Siegen.

1st ed. 2018, 645 pp., 147 figs., e-book (ISBN 978-3-658-19523-6, €29.99), softcover (ISBN 978-3-658-19522-9; €39.99)

More information (in german)

What challenges do human-computer interaction and the use of social media in safety-critical systems pose for us now and in the future? Against this backdrop, CRISP researchers Prof. Christian Reuter (Technical University of Darmstadt) and Prof. Dr. Tilo Mentler (University of Lübeck) edited a 198-page special issue of the *Journal of Contingencies and Crisis Management*.

The special issue is available here: https://onlinelibrary.wiley.com/toc/14685973/26/1

More information

The author of the chapter “Privacy and Data Protection in the Domain Name System” is CRISP researcher Hervais Simo Fhom of Fraunhofer SIT (pages 253–302).

The book is published by Springer and is available for purchase in German.

Link to the book

© Foto Fraunhofer

Prof. Michael Waidner, deputy spokesperson for CRISP, is the author of the chapter on cybersecurity and privacy protection in the second volume of the series “Fraunhofer Research Focus – Key Technologies for Business & Society.” The volume focuses on digitalization. Researchers from the Fraunhofer Society provide an overview of key technologies and central research areas. The experts not only highlight the current state of research and development but also address specific challenges and provide an outlook on future developments. The publication is the second volume of the series “Fraunhofer Research Focus – Key Technologies for Business & Society” and will be available in bookstores starting January 1, 2018. (the book is written in German)