On April 9, 2025, the new coalition partners CDU, CSU, and SPD presented their coalition agreement for the legislative term from 2025 to 2029 in Berlin. This agreement is not a law but rather a political commitment that serves as a foundational framework for future legislation, administration, and political strategy by the incoming government.

The agreement spans 126 pages and awaits approval from party committees, yet it is already regarded as one of the most comprehensive digital reform platforms from a German government to date. Key initiatives aim at a fundamental restructuring of administrative law, data policy, data protection, and the regulatory framework for artificial intelligence (AI) and cybersecurity. Notably, it proposes the establishment of a dedicated Federal Ministry for Digital Affairs, tasked with coordinating cross-departmental digital projects, which holds significant implications for businesses, public authorities, and IT service providers.

Establishment of a Digital Ministry

The creation of the Federal Ministry for Digital Affairs marks a decisive response to the previous fragmentation in digital policy responsibilities. This ministry is intended to coordinate strategic digital initiatives and oversee the implementation of projects related to administrative digitalization, digital identities, data policy, and AI strategy. This means that all digital laws and regulations, ranging from administrative procedural law to IT security legislation, will be developed under a unified strategic leadership, aiming for increased consistency and expedited processes.

Data and AI Governance

The coalition agreement introduces a broad scope of data and AI governance, recognizing 'data law' as an independent legal area requiring structured regulations. The government intends to draft a comprehensive data code that organizes existing regulations and introduces new frameworks for data availability, processing, and usage, focusing on clear guidelines regarding who can utilize data and under what conditions.

Additionally, the proposed establishment of data trust models aims to create legally secure intermediaries between data owners, users, and third parties. The political objectives outlined by industry associations like Bitkom emphasize the need for a binding interoperable ecosystem for data exchange, necessitating novel civil and public law instruments, including sector-specific data access obligations.

Reform of Data Protection Policies

In the realm of data protection, the coalition seeks to reassess the existing supervisory framework. Plans include evolving the Federal Commissioner for Data Protection into a Commissioner for 'Data Use, Data Protection, and Information Freedom,' reflecting a shift toward facilitating data processing. The previously informal Data Protection Conference (DSK) is also set to gain formal status with coordination powers.

This initiative aims to enhance uniformity in the application of the General Data Protection Regulation (GDPR), particularly benefiting small and medium-sized enterprises and non-profit organizations. The coalition also intends to advocate for the compatibility of the GDPR with public interest data usage at the European level, which could potentially lead to amendments to the regulation itself.

Concerns Over Surveillance Measures

While the coalition agreement presents ambitious digital policy goals, it has faced criticism from civil society, particularly concerning fundamental rights and personal autonomy. Critics argue that the proposed expansion of state surveillance capabilities, including active cyber defense measures, poses a threat to the separation of police and intelligence services. Concerns also arise regarding the normalization of surveillance tools without adequate judicial checks or transparency mechanisms.

Cybersecurity and Digital Resilience

The agreement outlines a legal overhaul for cybersecurity, proposing to transform the Federal Office for Information Security (BSI) from an advisory body into an authoritative agency with new intervention rights over operators of critical infrastructures. This includes the introduction of new classifications and reporting obligations in line with the EU's NIS2 Directive.

Furthermore, the government aims to establish a 'sovereign administrative cloud' with defined national and European security standards, which may lead to regulatory conflicts regarding equal treatment principles within the EU.

Conclusion

If implemented, the new coalition agreement will initiate a significant legal restructuring of Germany's digital landscape. The introduction of a Digital Ministry, a planned data code, national implementation of the AI Act, reformed data protection oversight, and a strategically fortified cybersecurity framework are all components of a new governance structure designed to integrate technology, law, and political oversight more closely than ever before.