The IT security law - SSL now mandatory!

SSL encryption - mandatory from now on!

German and European legislation is geared towards consumer protection. Operators of websites are constantly being burdened with new regulations. In 2015, among other things, the Cookie Directive and the law to change the value added tax for digital services and products came into force. In July 2015 a new IT security law was introduced - the Telemedia Act. This causes additional costs and requires more time and effort. A fundamental change is the obligation to use SSL encryption.

The Telemedia Act: Increasing IT security

The Internet is an insecure place. Bandwidth and transmitted data volume are constantly increasing. Data theft, security gaps and the number of websites contaminated with malware are increasing rapidly. Private individuals can protect themselves from basic dangers with antivirus software & Co. However, users are still helpless against data theft from hacked online shops. Therefore, the legislator wants to oblige all telecommunication companies to increase IT security. The same applies to operators of web shops. The security of web servers is guaranteed by various aspects. These include access protection, backups and encryption. SSL encryption ensures that the exchanged data can be accessed securely. Data between the online shop and the user are encrypted. The majority of online shops considered SSL encryption to be the standard in the past - this was underpinned by legislation.

SSL encryption for commercial websites?

With the introduction of the new German Telemedia Act (TMG), SSL certificates became mandatory for websites with online forms. Personal data such as name and e-mail address may only be transmitted in encrypted form. The advantage of the legal regulation is that Internet users are comprehensively protected. The regulation applies to all websites that use personal data. This includes blogs with advertising and niche websites. These have to purchase SSL licenses and bear an additional financial and time expenditure. The legal regulation has particularly affected self-employed persons. The benefit of the law is controversial. Critical voices warn that fraudsters will not be deterred by the mandatory SSL encryption. The legal regulations would not lead to a change of heart among criminals.

SSL encryption - desired by Google

Beginning in January 2017, Google Chrome will warn users about transmitting confidential data to unencrypted web sites. Previously, web pages without SSL encryption were only indicated in the address bar. There an icon in the form of a white sheet was displayed. This sheet was not a sufficient indication of security flaws. As soon as the transmission of confidential data is requested, the respective internet pages are marked as unsafe. In future, Google will mark web pages without encryption with a red warning triangle. Google regards HTTPS as a quality feature - unencrypted web pages will probably be disadvantaged very soon. This has a particular effect on the search results list, which can lead to economic losses for commercial websites. SSL encryption is recommended for this reason alone.

What are fundamental changes?

In the meantime, the data protection authorities of the federal states are taking action against websites that do not take adequate protective measures despite the electronic transmission of personal data. § Section 13 VII TMG stipulates that when using contact forms - in which personal data are transmitted - recognised encryption procedures must be implemented. This applies not only to websites with contact forms, but to all transfers of personal data - the regulation may also apply to job portals, blogs and similar websites. Recognised encryption methods are for example SSL and TLS. Operators of Internet sites that violate this obligation must expect a fine of up to 50,000 Euros according to § 16 III TMG.

Web hosting providers where free certificates are included:

Agency Ehrenwert UG

webhoster.de AG - 1GB memory limit in business tariff

Current articles