German spies could soon move from watching to hacking attackers
Germany is planning a major shift in how its intelligence services operate online.

Image by Shutterstock.
- Germany plans to expand spy powers to hack, disrupt, and deceive foreign attackers under a new draft law. The reform responds to rising cyber and hybrid threats, especially from Russia.
- Intelligence agencies would gain authority to infiltrate systems, disable infrastructure, delete data, and spread false information online. This marks a shift from monitoring to active cyber operations.
- The draft introduces stricter legal frameworks, expanded surveillance tools, and mandatory disclosure orders for telecoms and digital platforms. Companies could face fines and inspections for non-compliance.
- A new independent oversight body would pre-approve intrusive operations, while rules on informants and spyware use are tightened but expanded in scope.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.
Germany plans to give its spy agencies powers to hack, disrupt and deceive foreign attackers in a major overhaul of post-war intelligence limits, aiming to harden its response to growing cyber and hybrid threats, according to a draft law seen by Reuters.
German spy agencies are more tightly regulated than many foreign services and have mostly been limited to watching and reporting. After World War Two, lawmakers wanted to stop any security body from becoming too powerful inside the state.
The reform is a response to what Berlin sees as increased risks linked to Russia, with the services seeking the ability to act as well as observe.
The proposed overhaul would rewrite the legal basis for the domestic security agency and foreign intelligence service and create a single framework for covert operations, especially online.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
The interior ministry plan introduces new threat categories that unlock graduated powers, from basic monitoring to "particularly serious" surveillance.
For the first time, the services would be able to interfere with attackers' infrastructure or deliberately spread targeted false information.
In cyberspace, the services could, under strict thresholds, break into attackers' IT systems, copy or delete data, and disable tools used in campaigns by foreign states, including during specific threat situations such as large-scale cyber operations.
The draft also sets new rules for the use of state spyware for online searches and so-called source telecommunications surveillance.
Telecoms, digital platforms, transport operators and financial intermediaries would face binding, secret disclosure orders, backed by fines of up to €1 million and on-site inspections, the draft says.
Rules on the use of confidential informants are spelled out in more detail, with exceptions that could allow the deployment of people as young as 16 to help uncover the gravest threats.
A new top-level watchdog, the Independent Control Council, would replace the current fragmented oversight bodies. It would combine wiretap approval and data-protection control, and must pre-clear the most intrusive measures, including long-term undercover deployments and home surveillance.