On 12 May 2026, German Interior Minister Alexander Dobrindt announced that Berlin will adopt an active cyberdefence posture, with a draft law scheduled to go before cabinet this month. The proposed legislation would, for the first time, allow German security services to strike back at the infrastructure used to attack German targets — disrupting or destroying the servers, software, and facilities used by hostile actors to hit energy companies and other critical infrastructure from abroad. Dobrindt pointed specifically at Russian-linked activity, which has risen significantly since the full-scale invasion of Ukraine in 2022.
The numbers behind the policy shift are stark. The Interior Ministry reported around 334,000 cybercrime cases in Germany in 2025, roughly two-thirds originating abroad or from unknown locations, with many more incidents believed to go unreported. Serious attacks on companies, public agencies, and critical infrastructure caused more than €200 billion in economic damage last year alone. Ransomware reports rose 10% year-on-year to over 1,000 cases (with around €12 million in confirmed extortion payments), and denial-of-service attacks were up 25% to 36,706 incidents. The ministry attributes much of the acceleration to AI tools that let attackers operate faster, more precisely, and at a more professional standard.
The numbers behind the policy shift are stark. The Interior Ministry reported around 334,000 cybercrime cases in Germany in 2025, roughly two-thirds originating abroad or from unknown locations, with many more incidents believed to go unreported. Serious attacks on companies, public agencies, and critical infrastructure caused more than €200 billion in economic damage last year alone. Ransomware reports rose 10% year-on-year to over 1,000 cases (with around €12 million in confirmed extortion payments), and denial-of-service attacks were up 25% to 36,706 incidents. The ministry attributes much of the acceleration to AI tools that let attackers operate faster, more precisely, and at a more professional standard.
The financial-sector regulator BaFin echoed the warning on the same day. Its head, Mark Branson, said modern AI models can identify and exploit IT vulnerabilities at remarkable speed and called on companies to patch significantly faster, framing cybersecurity as an "urgent and essential investment." For European security teams — and especially for organisations operating under NIS2 in Germany and neighbouring states — the practical message is twofold: AI-augmented attacks are now the baseline rather than the exception, and member states are signalling a willingness to move from a purely defensive posture toward active countermeasures, which will change the legal and operational backdrop for incident response coordination across borders.