Germany’s workplace safety framework has been fundamentally reshaped with requirements that now compel companies to treat cybersecurity as a core component of hazard assessments. Since January 15, 2026, the updated technical rule TRBS 1115 Part 1 mandates that cyber risks be factored into the legally required risk evaluations under the Betriebssicherheitsverordnung (BetrSichV). The move follows stark damage figures: according to a 2025 Bitkom study, cyberattacks caused €289.2 billion in total losses, hitting 73 percent of German firms. The BSI’s 2025 situation report recorded an average of 119 new vulnerabilities daily.
The change embeds digital security into the same regulatory framework that governs ladders, presses, and electrical panels. That integration deepens with the updated DIN EN 60204-1 (VDE 0113-1), effective since June 2026, which sharpens testing requirements for electrical machine equipment. Chapter 18 of the standard spells out extensive verification steps due before first commissioning and after any substantial modification. While the norm sets no fixed testing intervals, the scope of checks must be determined through the Gefährdungsbeurteilung (hazard assessment) required by the BetrSichV. Key updates include adjusted demands for control systems, electromagnetic compatibility, and technical documentation. These tests must be carried out by a befähigte Person (competent person) defined by the technical rules TRBS 1203.
As German regulations now require cybersecurity to be integrated into traditional hazard assessments, the same principle applies to risk management anywhere—keeping thorough, compliant documentation is essential. But you don’t have to start from scratch. The free Risk Assessment Toolkit from Health & Safety Adviser gives you 41 ready-to-use templates and checklists covering fire protection, manual handling, first aid, and lone working, all aligned with current legal expectations. Download the free Risk Assessment Toolkit
Industry is also bracing for the EU Machinery Regulation (2023/1230), which will fully replace the current Machinery Directive on January 20, 2027. That regulation sharpens requirements across the board, including digital interfaces and software updates. To meet the new cybersecurity obligations, some companies are turning to specialized providers offering “Security Champion” training aligned with ISO 27001 to embed secure coding processes.
Recent court rulings have tightened liability risks for negligent installation and maintenance. On June 2, 2026, the Oberlandesgericht Koblenz decided that planning and commissioning photovoltaic systems are core activities of the roofing or electrical craft trades, requiring formal registration in the Handwerksrolle (crafts roll). Separately, the Landgericht Köln confirmed in May 2025 a €75,000 damages claim against an installer whose PV system was damaged in a storm due to inadequate ballasting. On labor law, the Bundesarbeitsgericht (BAG) ruled in June 2026 that minor discrepancies in the number of dismissals in a mass layoff notification may be harmless, but failures in the consultation procedure or missing the required prior notice render the dismissals void — and subsequent correction is impossible.
Several sector-specific deadlines are approaching. For dental practices, June 30, 2026 marks the final day for RSA certificates on the electronic health professional card (eHBA); from July 1, ECC encryption becomes mandatory. This requirement stems from the tightened IT security directive under § 390 SGB V. On the general safety front, basic equipment such as ladders and steps must undergo visual and functional inspections at least annually in line with DGUV guidelines. In the waste management industry, companies are increasingly adopting digital container management to automate compliance monitoring. Violations of occupational safety regulations (UVV) can trigger fines of up to €25,000.
For smaller enterprises, the Berufsgenossenschaft Holz und Metall (BGHM) is offering a free foundational seminar on July 1, 2026 in Saarbrücken. Aimed at business owners with up to 50 employees, the session covers statutory obligations for hazard assessments under the updated rules.
