In accordance with § 109(6) of the Telecommunications Act (TKG), the catalogue of requirements must be drawn up by the Federal Network Agency in agreement with the Federal Office for Information Security and the Federal Commissioner for Data Protection and Freedom of Information in order to ensure necessary technical precautions and other measures to safeguard data protection and telecommunications confidentiality (§ 109(1) TKG) and guarantee adequate technical measures and other measures to protect against interference with significant adverse effects or to manage risks to the security of telecommunications services and networks (§ 109(2) TKG).

The catalogue of requirements describes technical precautions and other measures to guarantee a high standard of data security and data protection, to guarantee telecommunications confidentiality and to ensure a sufficiently high availability of public telecommunications networks and publicly accessible telecommunications services. Additional security requirements are defined and additional protective measures are described, in particular for network components with an increased risk potential. Here, the network components with an increased risk potential stem from the ‘List of critical functions for public telecommunications networks and services with an increased risk potential (supplement to Annex 2 to the catalogue of security requirements)’ published jointly by the Federal Office for Information Security and the Federal Network Agency. In this regards, a particularly essential component is the ‘security certification’ through a recognised body. For this purpose, the Federal Office for Information Security will issue a Technical Guideline with the title ‘Certification of telecommunication components’.