STAY UP TO DATE: The Effects of the US Foreign Aid Freeze on Freedom House
Expanding Freedom and Democracy
Freedom on the Net 2024

Germany

Free
77
100
A Obstacles to Access 23 25
B Limits on Content 28 35
C Violations of User Rights 26 40
Last Year's Score & Status
77 100 Free
Scores are based on a scale of 0 (least free) to 100 (most free). See the methodology and report acknowledgements.
Germany_hero

header1 Key Developments, June 1, 2023 - May 31, 2024

Internet freedom in Germany remains strong due in part to high internet access, a robust online media ecosystem, and courts that have made decisions that protect rights online. However, certain surveillance laws give law enforcement and intelligence agencies expansive powers, and the country is targeted by disinformation and cyberattacks that largely originate from Russian actors.

  • After the Digital Services Act (DSA), which introduces a notice-and-action regime, transparency obligations, and risk assessment measures for platforms and intermediaries across the European Union (EU), came into full effect in February 2024, the Digitale-Dienste-Gesetz (DDG), the German law transposing the measure, took force in May 2024 (see A5, B2, and B3).
  • A March 2024 investigation conducted by the Czech Republic’s Security Information Service (BIS) revealed a Russia-linked campaign that had allegedly approached and paid European politicians, including members of parliament belonging to the far-right populist party Alternative for Germany (AfD), to question the “territorial integrity, sovereignty, and freedom of Ukraine” on the allegedly Russian-aligned news site Voice of Europe, which was blocked across the EU in May 2024 (See B1 and B5).
  • Following the October 2023 attack by Palestinian militant group Hamas in Israel and the beginning of the Israel-Hamas war, rights groups noted that both antisemitic and anti-Muslim online harassment had increased. Certain jurisdictions in Germany have also since criminalized phrases deemed to be antisemitic or anti-Israel, including “from the river to the sea” (see B4, B8, and C3).
  • In January 2024, after the news outlet CORRECTIV reported on a meeting between far-right extremists and high-ranking AfD officials, the AfD threatened CORRECTIV via social media channels and published identifying information about the journalists behind the report, all of which helped spark a series of large protests across the country (see B8 and C7).

header2 Political Overview

Germany is a representative democracy with a vibrant political culture and civil society. Political rights and civil liberties are largely assured both in law and practice. Germany’s totalitarian past is continuously being reappraised, constitutional safeguards are designed to prevent a new authoritarian rule. Although Germany has generally been stable since the mid-20th century, political tensions have grown in recent years at least in part due to the rising popularity of right-wing populist movements, the Kremlin’s full-scale invasion of Ukraine, debates about sustainability and the climate, and the ongoing Israel-Hamas war.

A Obstacles to Access

A1 1.00-6.00 pts0-6 pts
Do infrastructural limitations restrict access to the internet or the speed and quality of internet connections? 6.006 6.006

Germany’s internet infrastructure is well developed. According to June 2023 data from the Organisation for Economic Co-operation and Development (OECD), the fixed broadband penetration rate was 45.4 percent while the mobile broadband penetration rate was 95.3 percent.1

According to January 2024 data from Ookla’s Speedtest, the median download speed for a fixed-line broadband connection in Germany was 92.84 Megabits per second (Mbps), while the median download speed for a mobile broadband connection was 57.91 Mbps.2

According to the 2023 report from the Federal Network Agency (BNetzA), the telecommunications regulator, the most widely used mode of fixed-line internet access is still DSL (digital subscriber line), with 24.5 million connections, accounting for 64 percent of all fixed-line connections in 2023.3

For years, the government struggled to make significant progress toward providing high-speed internet access to every household.4 In November 2021, the coalition of the Social Democratic Party (SPD), Alliance 90/the Greens (Bündnis 90/Die Grünen), and the Free Democratic Party (FDP) announced their plan to offer widespread fiber-optic connections by focusing on regional “white spots” and reducing bureaucratic barriers.5 In March 2022, the Federal Ministry of Digital Affairs and Transport (BMDV) promised to triple connections by 2025 and provide countrywide to-the-home connections by 2030.6 After significant international investments,7 access to fiber-optic connections reached a new high of 35.6 percent in 2023.8 However, this figure only represents households passed by a fiber-optic cable. There has been little progress in terms of connected households. The European Commission's 2024 report on the State of the Digital Decade, which measures EU countries progress towards goals established under the Digital Decade Policy Program, found shortcomings in Germany's coverage. According to the report, Germany's Fiber to the Premises (FTTP) coverage of 29.8 percent is far below the EU average of 54.2 percent.9

The recent investment boom has led to inefficiencies in the roll-out of fiber optics. The formerly state-owned Deutsche Telekom competes with regional providers and repeatedly lays its own fiber-optic cable in particularly lucrative areas, despite existing agreements concerning the mutual lease of the cables.10 A study commissioned by the BMDV in June 2023 confirms double fiber-optic construction presents a barrier to competition and wastes scarce construction resources.11 To record double fiber-optic construction projects, a monitoring center has been set up. As of the end of the coverage period, 306 cases have been reported.12

In August 2019, Drillisch Netz AG (a subsidiary of 1&1 Drillisch) joined Deutsche Telekom, Vodafone, and Telefónica Deutschland in securing fifth-generation (5G) technology spectrum frequency blocks, diversifying the mobile market.13 In its 2023 annual report, BNetzA disclosed that 22 percent of transmission stations were 5G–ready.14 According to the European Commission’s 2024 State of the Digital Decade report, 98.1 percent of Germany was covered by 5G in 2024, above the EU average of 89.3 percent.15

Germany’s overall internet penetration rate is slightly above the EU average; in 2023, 93.4 percent of German residents used the internet, according to Eurostat.16

A2 1.00-3.00 pts0-3 pts
Is access to the internet prohibitively expensive or beyond the reach of certain segments of the population for geographical, social, or other reasons? 3.003 3.003

Internet access remains affordable. Telecommunications services prices stagnated with only minor fluctuations between 2021 and the beginning of 2024, according to the latest official statistics.1 In 2022, expenses for these services amounted to 2.3 percent of available household income.2 According to 2023 data from the International Telecommunication Union (ITU), a 2 gigabyte (GB) mobile broadband subscription amounted to 0.33 percent of gross national income (GNI) per capita, while a 5 GB fixed broadband basket amounted to 0.96 percent of GNI per capita.3

Persistent differences in internet usage based on income demonstrate that prices remain a barrier for people with low incomes and the unemployed.4

The gender and age gap in internet usage has converged in recent years. The difference between men and women remained at 2 percent in 2023, with 96 percent of men and 94 percent of women using the internet.5 In the 16-to-44-year age group, daily internet usage remained stable at 98 percent, while frequent usage increased slightly from 83 percent to 85 percent among those aged 65 to 74 in 2023.6

Internet usage in the eastern regions of Germany, the former German Democratic Republic (DDR), is still lower than in the western regions. However, the gap continues to narrow.7 The differences can partly be explained by the urban-rural comparison, as the lower population density in the eastern regions.8

The internet is accessed in different manners by different social groups: while only 6 percent of those aged 16 to 74 have never used the internet, whereas 17 percent of those aged 65 to 74 report never having used the internet.9

A3 1.00-6.00 pts0-6 pts
Does the government exercise technical or legal control over internet infrastructure for the purposes of restricting connectivity? 6.006 6.006

The German government does not impose restrictions on internet and communications technology (ICT) connectivity. Germany’s telecommunications infrastructure is largely decentralized and the variety of regional providers is unique. There are more than 100 internet-backbone providers in the country.1

Privatized in 1995, Deutsche Telekom remains the only company that acts as both a backbone provider and an internet service provider (ISP). However, the German state owns less than a third of its shares, which crucially limits government control.2 There are several connections in and out of Germany, the most important being the DE–CIX (German Commercial Internet Exchange), located in Frankfurt. It is privately operated by Eco, the professional association of the German internet industry.3

According to the BNetzA, there was no legal basis for internet shutdowns or connectivity restrictions on the federal level as of 2016.4 However, some state-level legislation on police powers grants limited restriction measures (see C5).

A4 1.00-6.00 pts0-6 pts
Are there legal, regulatory, or economic obstacles that restrict the diversity of service providers? 5.005 6.006

The telecommunications sector was liberalized in the 1990s with the aim of fostering competition. Commercial service providers must notify the BNetzA before launching services, but do not need licenses.1

Deutsche Telekom’s share of the fixed-line broadband market increased slightly in 2023, to 40.3 percent, while Vodafone’s decreased slightly, to 28.5 percent. Other internet service providers (ISPs) with significant market share include 1&1, with 11.1 percent, and O2-Telefónica, with 6.5 percent.2 Public subsidies for increasing broadband connectivity have been criticized for favoring Deutsche Telekom.3

German residents seeking mobile services can choose from three major service providers: Vodafone, with a 4.8 percent market share; Telefónica Deutschland, with 24.7 percent; and T-Mobile (Deutsche Telekom), with 32.5 percent, as of November 2023.4

A5 1.00-4.00 pts0-4 pts
Do national regulatory bodies that oversee service providers and digital technology fail to operate in a free, fair, and independent manner? 3.003 4.004

Internet access, both fixed-line and mobile, is regulated by BNetzA, which has operated since early 2014 under the Federal Ministry for Economic Affairs and Climate Action, or BMWK (previously known as the Federal Ministry for Economic Affairs and Energy).1 The president and vice president of the agency are appointed to five-year terms by the federal government following recommendations from an advisory council consisting of 16 members from the Bundestag (Federal Parliament) and 16 representatives from the Bundesrat (Federal Council).2 The German Monopolies Commission and the European Commission (EC) have both criticized this highly political structure and the concentration of important regulatory decisions in the presidential chamber of the BNetzA.3

The Digitale-Dienste-Gesetz, which transposes the DSA, tasks the Bundesnetzagentur (BNetzA) with implementing the DSA in Germany.4 The agency will be supported by the Federal Agency for the Protection of Children and Young Persons in the Media (BzKJ) and the Federal Commissioner for Data Protection and Freedom of Information (BfDI). As Digital Service Coordinator, the BNetzA will also be the central complaints office for citizens and the point of contact for the appointment and coordination of trusted flaggers, or organizations and individuals who are selected to reliably identify content that requires actions.5

In September 2021, the European Court of Justice (ECJ)—the EU’s supreme court and a part of the Court of Justice of the European Union (CJEU)—upheld a complaint by the EC, ruling that the BNetzA would need to become more independent.6 In the winter of 2023, the federal government responded to the complaint by strengthening the authority's independence and increasing its powers. The BNetzA is now responsible for determining the conditions and modalities for access to the electricity and gas grids nationwide.7 The agency's new autonomy, however, has been criticized by the opposition, who argue that it is a “super regulator” without adequate checks and balances.8

B Limits on Content

B1 1.00-6.00 pts0-6 pts
Does the state block or filter, or compel service providers to block or filter, internet content, particularly material that is protected by international human rights standards? 4.004 6.006

The government blocks websites or other online content occasionally. All major social media platforms and international blog-hosting services are freely available.

Following the Russian military’s full-scale invasion of Ukraine in February 2022, Germany blocked the websites of Russian state-owned media outlets in response to the EU’s European Council–issued Regulation 2022/350, ordering member states to“urgently suspend the broadcasting activities” of Russian-state owned websites, including RT, Sputnik, RT France, RT Germany, RT Spanish, and RT UK, and to block their websites because they “engaged in continuous and concerted propaganda actions targeted at civil society.”1 The order applied to ISPs and mobile operators in Germany.2 In June 2022, the EU adopted a sixth package of sanctions, which also included directives to block Russian state-owned broadcasters Rossiya RTR/RTR Planeta, Rossiya 24/Russia 24, and TV Centre International.3

After the ninth package of sanctions in December 2022, which again tackled Russian media spreading disinformation, the Germany-based production company behind RT Germany announced it would cease its journalistic activities.4 The Russian state media channel routinely set up mirror sites in Germany and Spain; however, the BNetzA only irregularly updates the lists of mirror sites that are online, which the providers use as a basis for blocking.5 In May 2024, the European Commission sanctioned four additional media outlets that are “under the permanent direct or indirect control of the leadership of the Russian Federation”: Voice of Europe, RIA Novosti, Izvestia, and Rossiyskaya Gazeta.6

Websites are also blocked because of copyright concerns. Rights holders were entitled to take injunctive action against websites with structurally copyright-infringing content following a ruling by the Federal Court of Justice (BGH) in 2015 (see B3).7 The first court-ordered blocking of a pirate website in Germany took place in February 2018.8 In 2021, the Clearing House for Copyright on the Internet (CUII), which includes all major German ISPs and rights holders,9 was established under existing legislation to enable blocking of infringing websites without judicial proceedings (see B3).10 Upon request, three former judges of the BGH review a blocking request at the CUII. The BNetzA then examines the blocking in regard to the European regulation on net neutrality (see B3). If net neutrality is respected, the CUII publishes a recommendation on domain name system (DNS) blocking, which is then implemented by the ISPs.11 Since its creation, the CUII has issued 15 blocking recommendations. In January 2024, CUII recommended blocking SCI-HUB.ST,12 an online platform making papers and other research information easily accessible and available free of charge; the block was upheld in April 2024.13

B2 1.00-4.00 pts0-4 pts
Do state or nonstate actors employ legal, administrative, or other means to force publishers, content hosts, or digital platforms to delete content, particularly material that is protected by international human rights standards? 2.002 4.004

The German government and courts issue content removal requests under German law, including laws transposing EU law.

Since 2017, social media platforms had been required to remove illegal content under the Network Enforcement Act (NetzDG) (see B3), which established criteria for an effective and transparent complaints management on specific social networks, but most aspects of the law were superseded by the EU’s Digital Services Act (DSA) during the coverage period. Under NetzDG, social media platforms with more than two million registered users in the country were obliged to set up a mechanism for reporting illegal content and to investigate and delete flagged content shortly after it was reported.1 If the flagged content was “obviously illegal,” the company had to block or remove it within 24 hours; if not obviously illegal, the content had to be investigated and blocked or removed within seven days. Companies that failed to do so faced fines. Illegality was defined in relation to 22 articles in Germany’s criminal code (see C2).2 Under this law, social media companies that received over 100 content-related complaints each year had to disclose how they handled those complaints biannually. Though civil society groups raised concerns about the chilling effects of NetzDG,3 research has not demonstrated a clear correlation (see B4).4

The DSA initially came into effect across the EU in August 2023 for very large online platforms (VLOPS) and very large online search engines (VLOSE), which have over 45 million monthly users in the EU, and then in February 2024 for all online platforms, intermediaries, or providers (see A5 and B3). Since then, content removal in Germany is primarily regulated by the DSA, which aims to protect the fundamental rights of internet users and facilitates the removal of illegal content.5 The DSA has replaced NetzDG in most aspects (see B3).6

Existing engagements between German supervisory authorities and online platforms, social networks, and search engines will now also continue under the DSA, supervised and enforced by the European Commission. For example, in a November 2023 ruling, the ECJ established that national-level authorities in the EU, including in Germany, do not have jurisdiction over X because the company is registered in Ireland,7 and according to the e-commerce directive,8 only the EU member state in which the company is based would be responsible for supervising its service.9 Although the Federal Office of Justice (BfJ) initiated fines against X under NetzDG in April 2023,10 it was ultimately not able to impose the fines due to the ECJ ruling.11 However, in December 2023, the European Commission initiated proceedings under the DSA,12 including against X for its failure to remove illegal content.13

In February 2024, state leaders and state-level ministers of justice demanded that proceedings also be initiated under the DSA against the encrypted messaging app Telegram, because it allegedly provided a safe space for “terrorist activities.”14 Since 2021, officials have called for content to be removed from Telegram. In January 2022, the minister of the interior threatened to request that Apple and Google remove Telegram from app stores, but shortly after stated that her threat was only meant to pressure Telegram. In October 2022, the BfJ imposed two fines totaling €5.125 million ($5.022 million) on Telegram for noncompliance with NetzDG obligations (see C6). Telegram objected, arguing that it is not a social network, and brought the issue to court in January 2023. The case had not been settled and the court’s decision remained pending as of the end of the coverage period.15 The European Commission has not yet listed Telegram as a VLOP, which would expose it to more obligations under the DSA.16

Under Article 9 of the DSA, Germany issued 1,562 orders to act against illegal content to Facebook between October 2023 and March 2024.17 During the same period, TikTok received five orders from Germany’s official bodies under the article.18 Similarly, X reported receiving no removal orders from October 2023 to March 2024.19

The government issues content removal requests towards social networks and hosts. According to Google’s Transparency Report, the company received 395 takedown requests covering 1,804 items from government agencies and courts in the first half of 2023 and removed 68.9 percent of the requested content. During the second half of 2023, Google received 349 requests covering 1,521 items and removed 59.3 percent of the requested content.20 The most common reasons for requests were related to defamation and “privacy and security.”

From January 2023 to June 2023, Meta restricted 5,318 items based on requests from courts and government agencies that concerned EU sanctions on Russian media outlets; Youth Protection Laws; and violations of local laws concerning hate speech and terrorist symbols, defamation, and insult. In the second half of the year, the company removed 3,912 items based on requests for similar reasons, though the company also noted that some of these requests concerned “hate speech and graphic content.”21

According to TikTok’s transparency reports, the company received 222 official takedown requests between January and June 2023 relating to 63 pieces of content and 277 accounts, and deleted 66.2 percent of the content and accounts in question.22 In the second half of 2023,23 the company received 55 requests covering 105 pieces of content and 149 accounts, ultimately removing 87 percent of the items covered in the requests.24

From January to June 2023, X received 969,422 user complaints and 132,034 complaints from official bodies, removing 24.3 percent of the requested content.25

Platforms and search engines have also delisted content under the “right to be forgotten” (RTBF),26 which was established by a 2014 CJEU decision and the 2018 General Data Protection Regulation (GDPR). Google and other search engines are required to remove certain search results if they infringe on the privacy rights of a person and that person formally requests their delisting (see B3). From the date of the ruling to May 2024, Google had assessed 257,626 requests to delist search results, with 993,031 requested URLs coming from Germany alone. Google has delisted 50.3 percent of the URLs requested by individuals in Germany.27 Between January and December 2023, Microsoft received 957 RTBF delisting requests from Germany, covering 3,391 URLs. The company delisted 52 percent of those URLs.28

German copyright law has been criticized repeatedly for its use to hinder the publishing of sensitive information on topics of public interest, especially as many online platforms automatically remove content that reportedly breaches copyright law to avoid lawsuits. In May 2021, the Cologne Higher Regional Court ruled that nonprofit platform FragDenStaat (Ask the State), which was sued in December 2019 by the Federal Institute for Risk Assessment (BfR) for publishing a government-issued report on health risks caused by the herbicide glyphosate, had lawfully published the report under the freedom to quote and freedom to report.29 In June 2021, the EU Copyright Directive was transposed into German law.

The German authorities do not focus exclusively on social networks and platforms: German police conducted raids on the homes of individuals who had posted hateful messages aimed at politicians during the 2021 federal elections and forced them to delete those messages.30 In December 2021, a court sentenced eight defendants, who stood trial for running the CyberBunker data center—a “bulletproof hosting” operation that was housed in a Cold War–era military bunker—to prison time ranging from two years and four months to five years and nine months.31 Under a February 2021 amendment to the criminal law, providers of online marketplaces looking to promote criminal activities can face several years in jail (see C2).32

B3 1.00-4.00 pts0-4 pts
Do restrictions on the internet and digital content lack transparency, proportionality to the stated aims, or an independent appeals process? 3.003 4.004

The legal restrictions on online content in Germany are governed by German regulations, including those that originate from EU regulations. They generally meet minimum requirements in terms of transparency, proportionality, and independent legal remedies.

In 2023 and 2024, the Digital Services Act (DSA) came into force across the European Union (see A5 and B2). Except for formal obligations, the DSA supersedes NetzDG, which previously established a regime for the removal of online content in Germany (see B2).1 The German Digitale-Dienste-Gesetz, which transposes the DSA into German law, came into force in May 2024,2 missing the implementation deadline stipulated in the DSA by several months.3 The delay in designating BNetzA as the competent authority and transposing the law led to criticism from the civil society and the private sector. Smaller providers of digital services and social networks noted that the delay impacted their ability to understand uncertainties about the scope of their obligations under the law.4 Organizations like HateAid, which have experience in anti–hate speech work, could not register as a Trusted Flagger for a long time, because neither the competent authority nor a corresponding registration protocol or procedure was established.5

Other groups have criticized the DSA and the Digitale-Dienste-Gesetz for including a less detailed definition of illegal content compared to NetzDG. Certain politicians and children’s rights groups first advocated for the continued enforcement of the stricter NetzDG definitions6 and then argued for more precise definitions in the new law.7 Consumer protection groups argue that designated companies have not yet implemented many of the DSA's obligations.8 Despite superseding the majority of NetzDG, platforms are still obliged to appoint an authorized agent for service of process in Germany and to make this public,9 as was the case under NetzDG.

The new law also supersedes the German Telemedia Act (TMG). Under the TMG, companies could be held liable for illegal content, distinguishing between full liability for one’s own content and limited “breach of duty of care” (störerhaftung) for service providers and host providers of third-party content.10 This limited liability is intended to promote public internet access.11 Courts have held that if the business model of a service aims to facilitate copyright infringement, the company is considered less worthy of immunity from intermediary liability.12 As a consequence, hosting providers are required to monitor their own servers and search for copyright-protected content as soon as they have been notified of a possible violation.13 After some debate in the legislative process, these rules were adopted unchanged in the Digitale-Dienste-Gesetz.14

According to the German government, the rules of the DSA are to be supplemented by a law against digital violence (“Gesetz gegen digitale Gewalt”).15 The proposed law, which only existed in draft form at the end of the coverage period,16 would compel platforms to block users who engage in online harassment and, in some cases, provide law enforcement and victims with the users’ internet protocol (IP) addresses. According to the announcement, courts could order platforms to block users who repeatedly perpetrate such harassment (see C2).17 The proposal was often criticized as being too cumbersome18 and broad.19 There are also doubts about its feasibility under European law: the decision of the ECJ, which had already withdrawn the legal basis for fines under the NetzDG (see B2), could also stand in the way of the provisions of the law against digital violence.20

German and European copyright law can also facilitate restriction on online content. While ISPs are not required to proactively monitor the information of third parties on their servers, they become legally responsible as soon as they gain knowledge of copyright violations or violate due diligence requirements.21 In 2015, the BGH ruled that the blocking of a website may be ordered as a last resort if it is the only means for a copyright holder to effectively end rights infringement on that website.22 In such cases, the owner of the copyright may ask an ISP to block the website in question. If the provider refuses, a court can intervene.

In May 2021, the federal and state parliaments passed laws amending the Copyright Act and the Collecting Societies Act to align with the new EU directive (see B2). The amendments require companies with large amounts of user-generated content to use “upload filters,”23 which will preemptively block copyright-infringing online content.24 The law came into effect in June 2021, but the implementation of the upload filters was narrowed by an ECJ judgment in April 2022, which stipulated that states must build in safeguards that protect fundamental rights so legal uploads are not blocked.25 Upload filters cannot reliably make this distinction.

In March 2021, major internet providers operating in Germany and associations of companies in the entertainment industry formed the Clearing House for Copyright on the Internet (CUII), a joint initiative to initiate DNS blocks against “structurally copyright-infringing” websites (see B1).26 While blocking requests were previously considered by judges, the BNetzA now assesses CUII recommendations and determines whether the blocking violates the principle of net neutrality. Critics question the BNetzA’s suitability for this role,27 since the agency has primarily been responsible for regulating telecommunications networks to ensure fair competition and net neutrality rather than assessing fundamental rights regarding copyright.28 There have also been concerns about normalizing this type of instrument and the initialization of the DNS4EU project, which will also operate with filter lists and network blocks across the EU, demonstrates that similar measures could take effect at the European level.29

The EU Directive on Copyright in the Digital Single Market, which the Council of the EU approved in April 201930 and Germany enacted in June 2021 (see B2), imposes a so-called link tax, which grants online publishers the right to charge aggregators like Google News for excerpting proprietary content, such as news articles (see B6).31 On the other hand, the European Copyright Directive and the German Copyright Act allow the free use of copyright protected work for Text and Data Mining if no machine-readable reservation of use has been declared.32 This rule has led to heated discussions among creators and authors, particularly in regard to its applicability to the training of artificial intelligence (AI) systems and the possibility of compensation for AI training, particularly within the context of the EU AI Act.33

The protection of minors serves as another legal basis for regulation of online content.34 Beyond the Media Treaty (MStV), which regulates general program principles for public broadcasting, including the interests of children and young people (see B6), youth protection on the internet is principally addressed at the state level through the Interstate Treaty on the Protection of Human Dignity and the Protection of Minors in Broadcasting and Telemedia (JMStV), which bans content, including the glorification of violence and sedition, and provides a framework for age restrictions on content without specifying measures to implement them.35 A controversial provision of the JMStV reflects the regulation of broadcast media: adult-only content on the internet, including pornography, may only be made available after verifying the age of the user.36 The JMStV enables the blocking of content if other actions against offenders fail and if such blocking is expected to be effective.

In late 2021, the Commission for Youth Media Protection ordered five internet providers to block popular pornography website xHamster.com, as it failed to provide an age verification process. All providers have announced they plan to challenge this decision or have it examined in court.37 The media regulators labeled the effort a “failure” because the porn site was moved to similar URLs. Unlike copyright law in Germany, youth protection law requires individual URLs to be blocked separately, even if they contain identical content to URLs that are already blocked.38

Laws targeting terrorism are also used to justify the restriction of online content. In April 2021, the European Parliament (EP) adopted a regulation aimed at “tackling the dissemination of terrorist content online” which, among other things, would require platforms to delete content within one hour of receiving a removal order from authorities.39 Platforms that routinely fail to do so could be fined 4 percent of their overall annual revenue (see B6). Critics have voiced concerns that ambiguity surrounding the definition of “terrorist content” and the short timeline for removing such content will lead companies to “remove speech first and ask questions later,” possibly through automatic filters.40 The resolution entered into force in June 2021 and became applicable as of June 2022;41 since then, two transparency reports have been published by BNetzA.42 According to the reports, a considerable amount of terrorist online content had to be taken down in cooperation with providers. Administrative proceedings had to be initiated against a hosting provider in only one case.

B4 1.00-4.00 pts0-4 pts
Do online journalists, commentators, and ordinary users practice self-censorship? 4.004 4.004

To date, online self-censorship in fear of illegal or illegitimate constraints by the government has not been a significant problem in Germany. However, a December 2023 survey by the Allensbach Institute for Democracy and Media found that only 40 percent of respondents reported believing that they could “freely express” their opinion, the lowest figure in the survey since 1953.1 There are some rules reflected in the publishing principles of the German press that may confine some journalists’ online speech. This self-binding code of ethics forms the basis for the evaluation of possible complaints from the public. It includes 16 provisions and is centered on the protection of human dignity.2 In May 2020, the Interstate Media Treaty (MStV) introduced an obligation for self-regulatory institutions to penalize the repeated publication of disinformation (see B6), which could lead to self-censorship to avoid sanctions in some cases.3

NetzDG has also been criticized for leading to a potential chilling effect on content posted online (see B3).4 However, there is a lack of evidence that these restrictions have led to significant self-censorship. A March 2024 study on Facebook posts and comments did not find evidence for such chilling effects, while also noting that it is difficult it is to measure the precise effects of a law.5

Since the Hamas-led attack on Israel in October 2023, physical attacks and threats against mosques and synagogues have risen across Germany,6 and the spread of antisemitic and anti-Muslim posts on social media platforms increased significantly, which could contribute to self-censorship (see C7). There have also been debates and ongoing litigation around the legality of certain phrases under German criminal law (see C2 and C3),7 including “child murderer Israel” and “from the river to the sea, Palestine will be free,”8 or more broadly questioning Israel’s right to exist.9 As of the end of the coverage period, an upper court had not yet made a ruling on the legality of the phrase “from the river to the sea,” though prosecutor’s offices in certain cities had issued bans on its use.10 People have also faced professional repercussions for criticizing Israel; for instance, in October 2023, the state secretary for social affairs in Schleswig-Holstein was forced to step down after she took to social media to condemn both Israel and Hamas.11 Across the cultural sector, a number of people who expressed perceived or actual anti-Semitic criticisms of Israel or published pro-Palestinian content have faced professional repercussions and institutions have experienced public pressure, sparking debates in the field.12

B5 1.00-4.00 pts0-4 pts
Are online sources of information controlled or manipulated by the government or other powerful actors to advance a particular political interest? 3.003 4.004

Germany’s online information landscape has witnessed content manipulation, which in some cases has been linked to the far right or to foreign interference campaigns, primarily originating in Russia.

Far-right actors have spread false and misleading information online. Members of parliament for the right-wing populist AfD party have used AI image-generation tools to spread xenophobic messages.1 In March 2021, German news outlet Netzpolitik.org reported that the Poland-based website Our Central Europe, which disseminated conspiracies about climate change, COVID-19, and refugees in Germany, had links to the Mecklenburg–Western Pomerania wing of the AfD. The site is formally operated by London-based New Network Communications, an apparent front company, and has connections with a former employee of the Freedom Party of Austria (FPÖ), a right-wing Austrian political party.2

Other disinformation campaigns from Russian actors also continue to target Germany,3 and some have involved German politicians. A March 2024 investigation conducted by the Czech Republic’s Security Information Service (BIS) reported on a Russian campaign that had allegedly approached and paid European politicians, including members of the German parliament, to question the “territorial integrity, sovereignty, and freedom of Ukraine” on the pro-Kremlin news site Voice of Europe.4 In April 2024, Der Spiegel and Deník N, a Czech news outlet, reported that Petr Bystron, an AfD member of the German parliament, had accepted money from Voice of Europe, which was sanctioned by the European Union in May 2024.5 The same month, the office of Maximilian Krah, an AfD member of European Parliament (MEP), was searched in relation to the investigation.6

In January 2024, the country’s foreign office uncovered 50,000 fake accounts on X that posted in German and spread messages critical of Germany’s support for Ukraine and the current German government.7

A May 2023 joint investigation conducted by a group of European news outlets, including Süddeutsche Zeitung, North German Radio (NDR), and West German Radio (WDR) in Germany, revealed that Russian government agents had attended protests in Germany and other European cities, holding signs in support of the Kremlin’s full-scale invasion of Ukraine, even though the protests were unrelated. The report also noted that the Kremlin had these “agents” pose as Ukrainians, and organized smaller protests against Turkish president Recep Tayyip Erdoğan. These photos were then shared on social media; the news outlets linked content shared from these protests to three social media accounts based in St. Petersburg.8

A September 2022 report by Meta found that a Russia-based influence operation known as Doppelganger used “false media sites” mimicking those of prominent publications in the EU, including the German publications Der Spiegel, T-Online, and Die Welt, to target readers in the EU with pro-Russian propaganda.9 The campaign spent around $100,000 on advertisements and sponsored pages that spread narratives about a potential energy crisis in Europe and claimed that war crimes committed by the Russian military in Ukraine did not happen. In some cases, the German-language pages were clearly not run by German users.10 Additionally, Meta’s Adversarial Threat Report for the second quarter of 2023, published that August, noted that this operation continued to target audiences across Europe, churning out relatively low-quality content at a high volume.11 Likewise, the same report covering the second quarter of 2024 removed another Russia-linked network that attempted to undercut support for Ukraine. In some cases, individuals were directed to the network’s Telegram accounts through QR codes.12

In February 2024, the German government announced that it would install a specialized early detection unit to effectively and specifically identify relevant content and have it removed if necessary (see B1).13

B6 1.00-3.00 pts0-3 pts
Are there economic or regulatory constraints that negatively affect users’ ability to publish content online? 2.002 3.003

While individual internet users face few economic or regulatory obstacles to publishing content online, German and European law exposes companies such as social media platforms or hosting providers to financial penalties. The DSA and the EU regulation regarding dissemination of terrorist content online (see B2 and B3) could pose obstacles for new platforms to enter the German market because they impose fines on social media companies that fail to comply with content-removal and reporting requirements.

Under the MStV, which came into effect in November 2020, media outlets that are not part of any self-regulatory bodies are now subject to direct supervision by state media institutions and can face penalties for refusing to comply with the measure or for the repeated distribution of disinformation. The MStV also introduced a license requirement for those who create online video content that consistently reaches at least 20,000 viewers. The MStV expands the scope of such obligations to almost any commercial form of publication. Observers have criticized the unequal treatment of new self-regulatory bodies compared to the established German Press Council, as well as the involvement of media institutions as supervisory authorities. The MStV also imposes disclosure of underlying criteria of algorithms and requirements to ensure media and information diversity on major online platforms that aggregate third-party content, such as those operated by Google, Facebook, and Apple.1

In May 2024, the European Media Freedom Act (EMFA), which requires transparency around the ownership structures and financing of media outlets, entered into force in the EU (see C1).2 In order to strengthen protections of journalistic content compared to other online content, the law establishes a mechanism to protect online platforms from arbitrary deletions, however it requires platforms to differentiate between independent media and non-independent sources and notify the providers if they intend to delete or restrict their content. The media then have 24 hours to react.3 Publishers have criticized the law due to new supervisory structures it creates.4

In April 2017, the federal parliament incorporated EU rules on net neutrality into domestic law.5 Fines for violating net neutrality laws can reach a maximum of €500,000 ($518,100), which is relatively low compared to other European states.6

The governing federal coalition has reiterated its support for ancillary copyright for publishers (Leistungsschutzrecht für Presseverleger), in force since 2013.7 The regulation allows publishers to monetize excerpts that search engines display as part of their search results.8 Some fear this infringes upon constitutionally protected rights to freedom of expression and information.9 In order to limit monetization, search engines began excluding results leading to the websites of publishers that monetized their links or displayed links without the corresponding excerpts.10 The EU Copyright Directive, which was implemented into national law in June 2021, includes ancillary copyright for publishers (see B3).11

B7 1.00-4.00 pts0-4 pts
Does the online information landscape lack diversity and reliability? 4.004 4.004

Germany is home to a vibrant internet community. Local and international media outlets and news sources are accessible and represent a diverse range of opinions. Freedom of the press and freedom of speech are guaranteed under constitutional law. The press code of conduct includes commitments by media professionals and journalists to ensure quality and reliability of journalism.1

A study published in April 2024 by a professor at the University of Mainz found that 25 percent of individuals surveyed felt that the topics they cared about were either “completely” or “somewhat” “not taken seriously at all” in the media.2 The same study found that only 40 percent of people surveyed trusted the media in 2023, down from 49 percent the year prior.3 Researchers have linked this mistrust to a lack of media literacy.4 During the COVID-19 pandemic in particular, the media, especially public broadcasters, had achieved comparatively high levels of trust.5

Misinformation also spreads on social media and messengers. Fact-checking organizations have reported an increase in misinformation in Telegram channels that attempt to make anti–AfD demonstrations appear smaller than they are.

EU sanctions have led to a sharp decline in visits to RT and Sputnik websites, according to a February 2024 study by the Institute of Strategic Dialogue (ISD). Nevertheless, pro-Kremlin voices have continued to reach audiences in the EU through coordinated networks of social media accounts or by mimicking legitimate media outlets (see B5).6

Additionally, there are different blocking and filtering systems to protect minors and limit access to certain websites. The official German filtering system for protection of minors, “JusPro,” which is intended to be used by parents to block websites with questionable content, also blocks sites that provide information on sensitive topics, including suicide, mental health, sex education, contraception, AIDS, and LGBT+ issues like coming out. Adults will also encounter this filter on the state-subsidized public WLAN in Bavaria, BayernWLAN, which is available at more than 44,000 hotspots at libraries, bus stops, and government offices.7

B8 1.00-6.00 pts0-6 pts
Do conditions impede users’ ability to mobilize, form communities, and campaign, particularly on political and social issues? 6.006 6.006

During the coverage period, several civil society initiatives used the internet to conduct advocacy campaigns related to political and social issues in Germany.

Social media and digital coordination played an important role in civil society organizations’ efforts to organize prodemocracy demonstrations in winter and spring 2024.1 These demonstrations came about in response to a January 2024 report by CORRECTIV on a meeting between far-right groups, including neo-Nazis, and AfD officials, in which the participants apparently discussed deporting millions of German citizens who had immigrated to the country (see C7).2 Germans also used social media platforms and Telegram groups to organize and pool efforts for refugees and people residing in Ukraine following the full-scale Russian military invasion of Ukraine in 2022.3 In previous years, social media and messaging apps, such as Signal and Telegram,4 also played a crucial role in the growth of the climate protection movement, including that of groups like Fridays for Future, Letzte Generation (Last Generation), and Extinction Rebellion.5 Germany has also witnessed protests against COVID-19-related restrictions and legislation. A group of deniers under the Querdenken (Lateral Thinking) banner formed during the pandemic, largely communicating and mobilizing against pandemic restrictions online.6

Protests in support of both Israel and Palestinians have been organized online since the start of the Israel-Hamas war in October 2023. While Germany placed restrictions on physical pro-Palestinian protests during 2023, there have been no blanket bans on online organizing. In April 2024, Berlin police shut down the Palestine National Congress as Salman Abu Sitta, the director of the London-based Palestinian Land society, joined a video call at the conference. He had previously been banned from entering the country to join the conference in person because of a blog in which he stated that he “could have been one of those who broke the blockade on October 7,” referring to the Hamas-led attack on Israel in October 2023. Ghassan Abu-Sittah, his nephew and a prominent surgeon who has worked in Gaza, and Yanis Varoufakis, Greece’s former finance minister, were also denied entry into the country to attend the conference.7

C Violations of User Rights

C1 1.00-6.00 pts0-6 pts
Do the constitution or other laws fail to protect rights such as freedom of expression, access to information, and press freedom, including on the internet, and are they enforced by a judiciary that lacks independence? 5.005 6.006

Article 5 of the Basic Law guarantees freedom of expression and freedom of the media. Judicial bodies operate independently and generally support the protection of basic rights.

Since 2016, the Office of the Federal Commissioner for Data Protection and Freedom of Information (BfDI) has been an independent supreme federal authority.1 Since its founding, the agency has tripled its capacities and enlarged its staff to strengthen the supervision of security authorities.2 Commissioners are appointed by the government for five-year terms. During the coverage period, critics expressed concern about a lack of transparency in the selection process and how that could affect the authority's independence.”

The controversial Federal Intelligence Service (BND) Law (see C5), which expands the legal justification for surveillance, has been criticized by journalists demanding improvements, including better protection for reporters abroad as well as their sources. In May 2020, the Federal Constitutional Court (BVerfG) found the law to be unconstitutional, forcing the government to revise it. Reporters Without Borders (RSF) launched a campaign against the new draft law under the hashtag #NotYourSource, arguing that the vague wording of the revised paragraphs still poses risks to journalists. The amendment was approved by the Bundestag and Bundesrat in March 2021 and went into effect in January 2022.3 In January 2023, Reporters Without Borders (RSF) filed a new complaint to the Federal Constitutional Court, saying protections for journalists remained too weak.4 The complaint was rejected in February 2024 due to insufficient reasoning.5

Civil society groups have also criticized measures in the EMFA (see B6) that permits authorities to target journalists with spyware,6 though the act does place safeguards on those cases.

C2 1.00-4.00 pts0-4 pts
Are there laws that assign criminal penalties or civil liability for online activities, particularly those that are protected under international human rights standards? 2.002 4.004

The German criminal code includes numerous prohibitions that apply to the online realm, such as Section 130, which penalizes calls for violent measures against minority groups and assaults on human dignity.1 This provision is seen as legitimate in the eyes of many Germans, particularly because it is generally applied in the context of Holocaust denial.2

In order to define its scope, NetzDG referred to 22 provisions in the German criminal code, including Section 130 and the prohibitions of defamation, forming a criminal or terrorist organization, and “using symbols of unconstitutional organizations.”3 In the context of NetzDG, many activists, politicians, and officials had expressed concern that these provisions are too broad. In addition to facilitating content removals and data transfers to prosecuting authorities, these provisions carry penalties in the form of fines and, in some cases, jail time.4 The Digital Services Act (see B2 and B3) applies to all illegal content, whether the illegality arises from EU law or from national law that is consistent with EU law.5

In April 2021, an amendment to the criminal code concerning hate speech and threats online came into effect. The law includes a broader definition of threats and longer prison sentences for insults against other people, which can lead to a sentence of up to two years instead of one year. Additionally, it explicitly criminalizes defamation, insult, and slander against politicians and expanded the scope of the law to include politicians on the municipal level.6 In June 2021, the parliament passed a new amendment to the criminal code, criminalizing “operating criminal platforms on the internet” (see B2). Individuals operating these platforms for noncommercial purposes can be sentenced to up to 5 years, while individuals who operate them commercially can be punished with up to 10 years in prison.7

The Ministry of Justice released “key” points that should be included in a potential draft law combatting online violence, a broad term that encompasses activities ranging from insult to doxing, in April 2023. The law would enable users of online platforms to be prosecuted for harassing other users (see B3).8

C3 1.00-6.00 pts0-6 pts
Are individuals penalized for online activities, particularly those that are protected under international human rights standards? 5.005 6.006

Users are rarely imprisoned for their online activity, but are sometimes fined. In 2023, the Federal Criminal Police Office (BKA) documented 8,011 posts under the criminal code definition of hate speech, 45.2 percent of which were categorized as politically right-wing.1 This represents a 232.2 percent increase compared to the past two years. While posting hate speech online accounted for 4.4 percent of politically motivated crimes in 2021, this figure had risen to 13.3 percent by 2023.2

In 2016, the authorities introduced a National Action Day to combat online hate speech.3 These actions include raids, interrogations, and the confiscation of evidence such as smartphones and laptops against those accused of spreading hate speech. The raids are carried out by state police authorities and coordinated by the BKA. A total of ten such National Action Days have taken place since 2016, most recently in in June 2024, after the coverage period, when more than 70 homes were raided.4 In 2024, for the first time, nationwide raids were specifically carried out to combat misogyny on the internet. During the raids, which took place the day before International Women’s Day, 45 suspects who had been identified in a search for misogynistic hate posts were interrogated.5 Additionally, in November 2023, Bavarian law enforcement authorities conducted raids on 17 suspects accused of making antisemitic statements and "incitement, condoning criminal acts, and using anticonstitutional symbols,” criminal offenses in Germany. The posts widely concerned the Hamas-led attack on Israel in October.6

In March 2024, the police searched the home of a woman in Berlin and detained her. The police claimed the woman had posted social media content related to Hamas and the Israel-Hamas war that incited violence. The police cited the slogan “from the river to the sea” as an example.7 As of the end of the coverage period, the criminality of the phrase varied between different federal states (see B4).8 The Federal Ministry of the Interior has been criticized for defining this slogan as one possible symbol of Hamas, which was banned in November 2023.

In December 2021, eight defendants in the CyberBunker case (see B2), which concerned an online hosting platform that provided hosting services to criminal websites, were sentenced to between two years and four months to five years and nine months in prison. However, most cases only involve fines.

In the 2021 Pimmelgate (Penisgate) case, which drove national debate about such raids, police searched the home of a man who tweeted that city senator Andy Grote was “such a penis.” Another man had his house raided after he posted a picture of a mural that activists had painted containing the phrase in response to a post from a far-right politician that criticized Muslims.9

C4 1.00-4.00 pts0-4 pts
Does the government place restrictions on anonymous communication or encryption? 3.003 4.004

User anonymity is compromised by SIM card registration rules under the Telecommunications Act (TKG) of 2004, which requires purchasers to submit their full name, address, international mobile subscriber identity (IMSI) number, and international mobile station equipment identity (IMEI) number.1 Nonetheless, the principle of anonymity on the internet is largely upheld as a basic right. A 2014 decision by the BGH, confirming that an online ratings portal was under no obligation to disclose the data of anonymous users, further strengthened that right.2

Website owners and bloggers are not required to register with the government, but most websites and blogs need to have an imprint naming the person in charge and providing a contact address, which could expose bloggers to unnecessary risk.3 The anonymous use of email services, online platforms, and wireless internet access points is legal.

The interior ministers of the federal states have repeatedly called for mandatory backdoors for encrypted messaging services.4 Nevertheless, the 2021 coalition agreement of the government included a “right to encryption.”5 Accordingly, in February 2024, the German Federal Ministry of Digital Affairs and Transport (BMDV) presented a draft bill to amend the Telecommunications and Digital Services Data Protection Act (TDDDG, formerly TTDSG). The bill would require email, messaging, chat, and even cloud services to provide end-to-end encryption.6

In May 2022, the European Commission proposed legislation concerning the fight against child sexual abuse.7 The proposal includes a provision for a client-side scanner (CSS), which would require messenger services, like Signal and WhatsApp, to install technology that can scan users’ messages before they send them. After an increasing number of EU member states opposed the plan,8 these mandatory chat controls did not come to fruition under the European Parliament during the coverage period.9 Following the June 2024 European Parliament elections, voluntary controls by messenger services will continue for longer than previously agreed. Providers and platforms, including Microsoft and Meta, will continue to scan their users' messages in search of evidence of sexualized violence against children.10

C5 1.00-6.00 pts0-6 pts
Does state surveillance of internet activities infringe on users’ right to privacy? 2.002 6.006

Article 10 of the Basic Law guarantees the privacy of letters, posts, and telecommunications. Furthermore, a groundbreaking 2008 BVerfG ruling established a new fundamental right regarding the “confidentiality and integrity of information technology systems” as part of the general right of personality under Article 2 of the Basic Law.1 These articles generally safeguard offline as well as online communication.

The 2008 BVerfG ruling permits covert online searches only in exigent circumstances.2 Based on that ruling, the federal parliament passed a law in 2009 authorizing the BKA to conduct—with a warrant—covert online searches to prevent terrorist attacks and to employ other methods of covert data collection, including the installation of software on a suspect’s computer that intercepts their communications at the source.3

German legislation generally distinguishes between two surveillance mechanisms referred to as remote forensic software (Staatstrojaner): source telecommunication surveillance (Quellen–TKÜ) and online searches (Online-Durchsuchung). Using source telecommunication surveillance, ongoing communications can be accessed before or after they are encrypted. On the other hand, online searches provide intelligence agencies with the authority to secretly access all files, programs, and messages on a device, including by exploiting security vulnerabilities.4 Among other tools, German law enforcement and intelligence agencies have deployed Pegasus spyware, which is developed by the Israeli company NSO Group, since 2020.5

The use of surveillance technologies by authorities is permitted only in relation to certain criminal offenses, with different rules applying to law enforcement and intelligence agencies. Law enforcement agencies have access to both source telecommunication surveillance and online searches, provided that a judicial warrant is obtained. In contrast, intelligence services are generally only allowed to use source telecommunication surveillance, although they are not directly subject to direct oversight. In June 2021, legislative amendments permitted all 19 German intelligence services to utilize an “extended Quellen–TKÜ.”6 This allows for the monitoring of nonactive communications, including chats and text messages, following the authorization of a surveillance order and it is subject to the rules of source telecommunication surveillance. Consequently, this amendment—developed largely in response to right-wing extremism—has been criticized for blurring the regulatory line between source telecommunication surveillance and online searches.7

Article 10 of the Basic Law stipulates that limiting the secrecy of letters, posts, and telecommunications may only be ordered on grounds specified in law. These limitations are defined and regulated by the Act for Limiting the Secrecy of Letters, Posts, and Telecommunications (G-10 Act), which was originally enacted in 1968 and has since undergone several amendments. In accordance with the legislation, the Federal Office for the Protection of the Constitution (BfV), the constitutional protection authorities of the federal states, the Military Counterintelligence Service (MAD), and the Federal Intelligence Service (BND) are legally permitted to deviate from Article 10 of the Basic Law under specified circumstances. However, targeted surveillance of individuals is only allowed if there is suspicion of specifically defined criminal offenses, such as treason. The G-10 Commission is tasked with determining whether the implementation of specific surveillance measures is permissible and necessary. Additionally, the commission decides whether the individuals affected must be informed following the termination of the surveillance. The Bundestag is responsible for monitoring the commission’s activities through an elected parliamentary oversight body. At the state level, the respective federal state commissions and parliaments are responsible for decision-making and control. The parliamentary oversight body reports annually on the implementation, type, and scale of the surveillance measures.8

Surveillance conducted by intelligence services under the Act for Limiting the Secrecy of Letters, Posts, and Telecommunications (G-10 Act) has increased slightly. The most recent parliamentary oversight body report, published in 2024, presents data on surveillance under the G-10 Act conducted in 2021. Since 2016, 1,460 surveillance measures on individuals have been authorized, with 243 of these taking place in 2021. A total of 18,849 were targeted under these measures in 2021 compared to 6,897 individuals affected in 2020 and only 1,180 in 2019. The sharp increase is explained by a single BND measure, ongoing since 2018, targeting “Islamist” terrorism.9

BND surveillance measures and their legal basis have been under criticism for several years. A 2016 law explicitly granted the BND permission to monitor domestic internet traffic so long as it targets non–German citizens.10 Nevertheless, the law has been scrutinized for its impact on the privacy of German internet users.11 While the BND is mainly tasked with foreign intelligence collection, the law permits monitoring of all network traffic channeled through the Frankfurt-located DE–CIX—the world’s largest internet exchange point (IXP)—which would at least unintentionally affect communications by German citizens as well. Furthermore, press freedom groups argued that the law threatens the constitutionally protected work of foreign journalists reporting in Germany and outside the country12 and, in January 2018, several nongovernmental organizations (NGOs) and foreign journalists filed a constitutional complaint.13 In May 2020, the Federal Constitutional Court (BVerfG) declared that the law was unconstitutional in response to the complaint. The BVerfG ruled that the law violated fundamental rights, and the German government's obligation to respect fundamental rights is not limited to German territory. Therefore, the government had to revise the law.14

In January 2022, an amended version of the BND Law took effect.15 The law expands the scope of BND activities and allows the interception of up to 30 percent of the transmission capacity of all global telecommunications networks.16 Moreover, the legislation permits the BND to conduct online searches of foreigners abroad in addition to the previously permitted source telecommunication surveillance. While the law protects “individual communications of natural persons,” it allows the BND to collect and process various kinds of information, including inventory, traffic, and content data, enabling the monitoring of communications behavior, financial transaction data, and movement of individuals in Germany and abroad. The insufficient protection of journalists, criticized by the BVerfG, is regulated in an added paragraph. However, the Federal Data Protection Commissioner, opposition politicians, and legal observers have criticized vague exceptions in the protection clause.17 In January 2023, RSF filed a new complaint to the BVerfG, saying protections for journalists remained too weak.18 However, this constitutional complaint was rejected in February 2024, due to insufficient reasoning.19

Telecommunications interception by state authorities for criminal prosecutions is regulated by the criminal code and may only be employed for the prosecution of serious crimes for which specific evidence exists and when other, less intrusive investigative methods are likely to fail. In August 2017, the federal parliament enacted the “Law for More Effective and More Practical Criminal Proceedings.” An extensive list of criminal offenses allows police and investigative authorities to intercept phone calls. The law expands the scope of the list to allow the use of remote forensic software on suspects’ mobile phones, tablets, and computers to enable monitoring of written and spoken text and the copying of data.20 Moreover, the legislation delineates specific criminal offenses that permit the use of source telecommunication surveillance and online searches. The use of remote forensic software for criminal prosecution is regulated by this law, while the law allows the states to regulate preventive hacking in their respective police laws.21 In line with legislation, several state laws have been enacted that grant police vastly expanded powers to access communications.22

Critics consider the 2017 legislation unconstitutional due to its expansive scope and long list of applicable offenses, claiming it contradicts the 2008 BVerfG ruling on Article 2 of the Basic Law.23 At the national level, the Society for Civil Rights (GFF) filed a constitutional complaint against the law in 2018.24 In April 2023, GFF was given the opportunity to make representations in the proceedings.25 Nevertheless, the BVerfG had not reached a verdict as of the end of the coverage period.26 The constitutional complaint against the police law in Baden-Württemberg was rejected in 2021; in its reasoning, the BVerfG derived a state duty to protect the information technology (IT) security of all Germans. Therefore, the state must weigh the exploitation of security flaws in its deployment of remote forensic software against the information security interests of the public.27

In 2022, 4,981 telecommunication interceptions were ordered, most frequently for drug crimes.28 In addition, the surveillance of IT devices by means of the remote forensic software and source telecommunications surveillance, was ordered in 94 proceedings and carried out in 49 cases.29 Finally, six online searches were ordered, of which four were actually carried out.30 In comparison, in 2021, 5,174 telecommunication interceptions, 23 instances of source telecommunications surveillance and 9 online searches were conducted.31

In July 2023, the Ministry of Justice presented a bill to place some restrictions on the use of remote forensic software for police authorities. Currently, 44 different crimes permit the use of source telecommunication surveillance and 33 particularly serious crimes permit the use of online searches. With the amendment, the 33 crimes will apply to both the use of source telecommunication surveillance and online searches. In addition, the secret activation of cameras and microphones will be explicitly prohibited in the amendment.32

In Hesse in 2018, legislation establishing law enforcement’s right to use remote forensic software also allowed agencies to conduct automated analysis of personal data. Hesse uses Gotham, a predictive policing tool produced by the US–based company Palantir to analyze different data sources, including internal police databases and Facebook data.33 North Rhine–Westphalia purchased similar software in 2020, Bavaria in 2022, and Hamburg reportedly planned to implement it in 2019.34 These tools have been criticized for using discriminatory data bases and producing mass errors.35 In February 2023, the BVerfG ruled that bills in Hesse and Hamburg that legalized data mining and predictive policing were unconstitutional.36 Following the ruling, most federal states’ ministries have declared their intention to refrain from utilizing Gotham or analogous software in the future. Nevertheless, Bavaria, North Rhine–Westphalia, and Hesse have indicated that they intend to continue using the software, while Berlin, Hamburg, and Thuringia were evaluating its potential deployment as of the end of the coverage period.37

The Bundestag passed a law in December 2019 expanding the powers of customs authorities to conduct communications surveillance, including through monitoring software and device searches.38 The law also provides a legal basis to obtain user data from telecommunications providers without the user’s knowledge (see C6), and it permits customs authorities to use IMSI catchers, which mimic cell phone towers in order to collect data from proximate devices.39 The law’s phrasing vaguely describes the circumstances justifying the application of spyware, providing only that customs authorities may use technical means, if necessary, to intervene in information technology systems. Although statistics concerning the confiscation of smartphones are not recorded in all federal states, in Schleswig-Holstein the number of smartphone confiscations was 73 percent higher in 2022 than in 2018.40

Newly arrived migrants and refugees are also targeted by measures that infringe on their privacy rights. According to 2017 amendments to the asylum law, an arriving refugee’s electronic device data, including location data and other personal information, may be copied and analyzed in order to determine the person’s place of origin if they do not provide identity documents.41 These measures will be extended to cloud services in accordance with a draft law from the Ministry of the Interior (BMI) in August 2023.42 With the support of the GFF, several refugees affected by this practice have taken legal action against the Federal Office for Migration and Refugees and filed a complaint with Kelber.43 In June 2021, the Berlin Administrative Court declared the practice could only be used if there were no available “milder measures,” such as asking for more documents or getting speech analysis.44 The practice is still continuing, although the majority of searches do not lead to the identification of nationality. Since 2020, the Berlin Foreigner’s Registration Office has been using a software by Cellebrite that previously had been used only by security authorities.45

C6 1.00-6.00 pts0-6 pts
Does monitoring and collection of user data by service providers and other technology companies infringe on users’ right to privacy? 3.003 6.006

The German government established a legal framework to protect personal data in 1990, though several laws require companies to provide user data to authorities. Since 2018, German privacy law is dominated by the European General Data Protection regulation. German and European law require the localization of some telecommunication data.1

Since 2016, the Office of the Federal Commissioner for Data Protection and Freedom of Information (BfDI) has been an independent supreme federal authority.2 The BfDI is the data protection supervisory authority for all federal public institutions. The federal commissioner can issue warnings, cautions, and prohibitions to the supervised authorities.3 The commissioner is elected every five years by the government and confirmed by the Bundestag. During 2024, critics expressed concern about both a lack of transparency in the selection process and the authority's ability to act independently from the government. A new BfDI commissioner, Louisa Specht-Riemenschneider, was appointed in September 2024, after the coverage period; the previous data protection commissioner, Ulrich Kelber, was not reelected despite strong support from various data protection groups and opposition.4

In December 2021,5 amendments to the Telecommunications Act (TKG) of 2004 that compel email and messenger services to provide any user identification information to law enforcement came into force. The law also stipulates that messenger services based outside of Germany are subject to the law.6

In April 2021, amendments to NetzDG that require companies to report to the BKA the personal data of users who post certain types of illegal content (see B3), including far-right nationalist and extremist content, went into effect. The amendments state that personal data includes usernames, IP addresses, port numbers and—with a judicial order—passwords.7 Digital rights associations criticized the amendments, saying that the public prosecutor’s offices would have difficulty processing the expected masses of user data flowing to the BKA.8 Google and Meta issued urgent motions against the amendments, resulting in a March 2022 ruling by the Cologne Administrative Court that the amendments contradict EU law in regard to home state regulations. Therefore, Google and Meta will not have to comply.

In February 2022, the BKA opened a central reporting office with 200 public servants for the anticipated reports. While the government expected 250,000 reports per year, the BKA had only received and worked on a total of 23,000 reports by June 2024. Of these reports, 84 percent have been assessed as chargeable.9 Facebook, Google, TikTok, and X continued to refuse to send “suspicious content” to the office during the coverage period.10

While platforms such as Facebook, Instagram, and TikTok have cooperated with the state prosecution departments, Telegram has not increased cooperation and at times failed to assist with direct requests. In October 2022, the BfJ fined Telegram a total of €5.125 million ($5.022 million) for failing to take action to curb illegal content on the platform. In January 2023, Telegram appealed the fine; the appeal is under review by the agency and had not been decided as of the end of the coverage period (see B2).11

After data retention was introduced by law in 2007 and declared unconstitutional by the Federal Constitutional Court in 2010, the practice was reintroduced into German law in 2017. However, it has not been implemented since, as the BNetzA has opposed it in light of various court rulings.12 After several ECJ verdicts against data retention, the ECJ also ruled against the German data retention legislation in September 2022.13 Consequently, the government discussed alternatives to data retention.14 In October 2022, Minister of Justice Marco Buschmann presented a bill that includes a “quick freeze process.” Instead of mass data retention, telecommunication companies would be obligated to save traffic data—including IP addresses, location data, and metadata—for one month. During that period, authorities would be able to get a court order for the desired data.15 After long debates between the minister of justice and Minister of the Interior Nancy Faeser,16 the governing coalition accepted the plan to introduce a “quick freeze process” in April 2024.17

A 2019 law establishes a legal basis for customs authorities to obtain user data from telecommunications providers without the knowledge of the person concerned (see C5).18 The amended Telecommunications Act of 2013 regulates “stored data inquiry” requirements.19 Under this law, approximately 250 registered public agencies, among them the police and customs authorities, are authorized to request both contractual user data and sensitive data from ISPs. Several studies have shown that the required judicial review does not actually take place in a majority of cases.20

Separately, antiterrorism legislation that was first passed after the September 11, 2001, terrorist attacks in the United States—legislation that, among other provisions, obliges banks or telecommunications operators to disclose customer information to authorities—was once again extended in 2015 until 2021.21 This was followed by an indefinite extension in November 2020. Expert witnesses criticized the lack of evaluation of the legislation.22

C7 1.00-5.00 pts0-5 pts
Are individuals subject to extralegal intimidation or physical violence by state authorities or any other actor in relation to their online activities? 4.004 5.005

There were few reported cases of direct physical intimidation or violence against online journalists or individuals in retaliation for their activities during the coverage period. In 2021, Germany declined from “good” to “satisfactory” in RSF’s annual Press Freedom Index due to increasing incidents of reporters being attacked by conspiracy theorists at anti-lockdown protests. Though Germany sits at 10th place in the 2024 index, it still qualifies as “satisfactory.”1

According to a February 2024 survey from the Germany-based Competence Network Against Hate Online, 89 percent of respondents agreed that hate on the internet has increased. According to the respondents, hate is most often directed at politicians (60 percent). More than half of respondents said they were less likely to participate in political discussions or express their opinions online. Additionally, higher rates of people who identify with marginalized groups reported they were exposed to hate online, including 36 percent of respondents who identify as bisexual, 28 percent who identify as homosexual, 30 percent who come from a visible immigrant background, and 30 percent of young women2

In January 2024, journalists from the research network CORRECTIV were threatened after uncovering a secret meeting of right-wing extremists, neo-Nazis, and members of the AfD, where participants discussed deporting German citizens who had immigrated to the country (see B8).3 The AfD condemned the publication of the report on its official social media channels and threatened the journalists, stating that they “should be put in their place”4 and publishing their names and photographs.5 This revelation sparked protests across Germany (see B8).

Antisemitic and anti-Muslim speech increased online following the Hamas-led attack on Israel in October 2023 and the beginning of the Israel-Hamas war. According to a February 2024 statement from the Ministry of the Interior, posts containing antisemitic hate speech on social media platforms increased significantly following the events of October 2023.6 According to the Federal Association of Research and Information Centers on Antisemitism (RIAS), there were 320 percent more antisemitic incidents in the time between October 7 and November 9 than the annual average for 2022.7 Additionally, a June 2024 study by the Alliance Against Islamophobia and Anti-Muslim Hate (CLAIM) recorded 1,926 anti-Muslim assaults and threats in 2023, representing a 140 percent increase from 2022.8

C8 1.00-3.00 pts0-3 pts
Are websites, governmental and private entities, service providers, or individual users subject to widespread hacking and other forms of cyberattack? 2.002 3.003

Human rights activists and NGOs are rarely victims of cyberattacks or other forms of technical violence that are aimed at stifling freedom of expression. However, government institutions and the business sector have been targeted by cyberattacks.1

In June 2024, after the coverage period, the Christian Democratic Party (CDU) experienced a cyberattack ahead of the European Parliament elections. The Ministry of the Interior said it was likely launched by a serious actor.2

In March 2022, after the start of the Kremlin’s full-scale invasion of Ukraine, the Federal Office for Information Security (BSI) noted that cybersecurity threats had intensified, especially in terms of ransomware and blackmailing.3 The German domestic intelligence services have warned about attacks by Russian hacktivists, who have gained access to data belonging to some members of the federal states’ parliaments through phishing attacks.4 In its May 2024 report on cybercrime, the Ministry of the Interior stated that the threat level remained high, explicitly citing Russian actors as one of the main reasons.5

Several cyberattacks by pro-Russian groups occurred between 2022 and 2024, including an attack on a satellite provider in March 2022 that caused a brief outage of German wind turbines.6 Russian cyberattacks consisted mainly of distributed denial-of-service (DDoS) attacks with limited damage aimed at undermining public trust in the state's ability to protect its citizens.7 For instance, in March 2024, a recording of an internal meeting of Bundeswehr officers on arms supplies to Ukraine was broadcast on Russian state television.8 In addition, in January 2023, several email accounts belonging to board members of the Social Democratic Party (SPD) were hacked, which in May 2024 the German government attributed to a Russian military intelligence unit.9

In January 2023, the government published key points for a new law for the Central Office for Information Technology in the Security Sector (ZITiS), which provides cybersecurity support to federal agencies. The law does not explicitly prevent ZITiS from helping security agencies conduct surveillance. The opposition Left Party also criticized the lack of parliamentary oversight of ZITiS in the draft.10

On Germany

See all data, scores & information on this country or territory.

See More

Country Facts

  • Population

    83,800,000

  • Global Freedom Score

    95 100 free

  • Internet Freedom Score

    74 100 free

  • Freedom in the World Status

    Free

  • Networks Restricted

    No

  • Websites Blocked

    Yes

  • Pro-government Commentators

    No

  • Users Arrested

    Yes