Live · DACH ops
03:47 · QR-2 · Sektor B · 0 anomalies04:03 · QR-7 · Gate 4 · handover ack04:11 · QR-2 · Sektor B · patrol complete · 4.2 km04:14 · Filderstadt · ops ack · all green04:22 · QR-12 · Stuttgart-W · charge cycle 84%04:30 · QR-3 · Karlsruhe · perimeter sweep · pass 3/404:38 · QR-9 · Wien-N · weather check · IP65 nominal04:45 · QR-2 · Sektor B · thermal hit reviewed · benign04:52 · QR-15 · Zürich-O · escalation queue · empty05:00 · all units · shift turnover · zero incidents03:47 · QR-2 · Sektor B · 0 anomalies04:03 · QR-7 · Gate 4 · handover ack04:11 · QR-2 · Sektor B · patrol complete · 4.2 km04:14 · Filderstadt · ops ack · all green04:22 · QR-12 · Stuttgart-W · charge cycle 84%04:30 · QR-3 · Karlsruhe · perimeter sweep · pass 3/404:38 · QR-9 · Wien-N · weather check · IP65 nominal04:45 · QR-2 · Sektor B · thermal hit reviewed · benign04:52 · QR-15 · Zürich-O · escalation queue · empty05:00 · all units · shift turnover · zero incidents
← All articles
KRITIS · Umbrella Act · NIS-2

KRITIS Pipelines: Duty to Protect from 40 km Route

KRITIS pipelines under the Umbrella Act: protection concept, TCO for twenty stations, evidence to BBK in fourteen weeks.

Dr. Raphael Nagel (LL.M.) & Marcus Köhnlein
Investor & Author · Founding Partner
Follow on LinkedIn

A gas transmission pipeline of 180 km length with twenty above-ground stations is KRITIS. The plant manager is personally liable as soon as the supervisory authority identifies an insufficient risk analysis or missing physical protection. This text works through the duties, the threats and the costs concretely.

KRITIS Pipelines: What the Umbrella Act Requires

KritisV defines pipelines sector-specifically in §§ 2 to 7. Long-distance pipelines from 40 km length fall within scope, as do pressure stations, compressors, pumping stations and transfer points (gesetze-im-internet.de). The energy sectors (gas, oil, district heating) and water are affected once the defined transport volume per year or the threshold of 500,000 supplied persons is exceeded.

The KRITIS Umbrella Act (KRITIS-Dachgesetz) obliges operators to perform a risk analysis every four years (Bundestag-Drucksache 20/9262) and to implement physical resilience measures documented to the Bundesamt für Bevölkerungsschutz (Bundestag-Drucksache 20/9262). Physical protection ranks equal to cyber protection. Sabotage, drilling and drone attack are named scenarios. Securing only the IT does not fulfil the duty.

A classification of the cascade of duties is provided by the KRITIS-Dachgesetz overview.

Threat Landscape: Routes Are the Weakest Link

Pipeline routes run hundreds of kilometres through forest, field, industrial sites and municipal areas. Continuous guarding is physically impossible. Nodes are protected: above-ground stations, compressors, valves, transfer points.

Four threats are documented:

  1. State actors target pipeline infrastructure directly. Nord Stream in September 2022 is the reference.
  2. Drilling for fuel theft is in the single-digit annual range in Germany. [insert source] A single drilling causes leak consequences of several million euros, plus environmental remediation and production downtime. [insert source]
  3. Drone overflights at compressor stations have been documented multiple times in the situation reports of the Bundesamt für Sicherheit in der Informationstechnik since 2022.
  4. Vegetation fires along routes endanger pressure stations and are detectable earlier via thermal imaging than via visual inspection.

The threat matrix is not theoretical. It is part of the situation assessment which the plant manager must reflect in the resilience plan.

Requirements for the Protection Concept

The protection concept for pipelines follows five operational requirements:

  • Perimeter monitoring at all above-ground stations: compressors, pumps, valves and transfer points.
  • Detection starting 50 m before the fence line. Verification within 90 seconds. Escalation to the control room without manual intermediate steps.
  • Complete audit trail. Every patrol, every alarm and every acknowledgement is logged with timestamp and stored tamper-proof.
  • Redundancy at sensor level. A second detection modality (thermal plus LiDAR) is required, because a single sensor type fails through glare, occlusion or weather.
  • The interface to the control room and the local police must be documented by name in the escalation plan, with response times and connection protocol.

The specifications per station are documented in the resilience plan with reference to the operator requirements.

Why Stationary Guarding Fails on Pipeline Routes

A 24/7 guard post at a single station costs between 15,000 and 25,000 euros per month under the German Manteltarifvertrag of the security industry, depending on federal state and hardship supplements. With twenty stations along a route, this option is not economically viable.

Four further reasons weaken stationary guarding:

  • Personnel shortage. The Bundesverband der Sicherheitswirtschaft reports turnover above 30 percent; shortages are the rule in rural regions (BDSW Zahlen-Daten-Fakten).
  • Detection limits. A patrolling guard does not recognise an approaching drone, does not identify a thermal signature in the bushes and does not produce a forensically usable trace.
  • Stationary cameras generate false alarms from wildlife, vegetation and weather. Verification happens from the alarm receiving centre without a situation picture on site.
  • Alarm receiving centres respond by alarm image and telephone chain. The average response time exceeds 20 minutes until an intervention vehicle reaches the station. [insert source] A drilling is completed by then.

The difference between alarm receiving centre (alarm image, phone, dispatch) and on-site verification (situation picture, sensors, documented trace) decides legal robustness. The alarm receiving centre does not meet the Umbrella Act requirement of verification within 90 seconds.

A comparison of monthly costs is in the guard service cost comparison.

Robotic Patrol as the Operational Answer

An autonomous patrol closes the gap between stationary camera and mobile guard post. The QR-3 for KRITIS perimeters patrols with LiDAR, thermal imaging and drone detection along the station perimeter, 24 hours a day, without breaks and without tariff limits.

Operational figures:

  • Thermal imaging detects human signature up to 200 m, vegetation fire up to 400 m.
  • LiDAR provides distance measurement and 3D situation mapping independent of lighting conditions.
  • Drone detection via RF signature analysis, range 300 to 800 m depending on station.
  • Patrol routes are parametrised by risk map: hotspots more frequently, low-risk zones less often. The route parameters are recorded in the audit log.
  • Video and sensor data are transmitted encrypted to German data centres. The configuration follows the BSI minimum standards for KRITIS telemetry.
  • Escalation to the control room occurs with live stream and situation picture within 30 seconds. The audit trail is tamper-proof and exportable to BBK audit tools.

This reflects the requirement for detection, verification and escalation in one sensor chain that relieves human dispatch, not replaces it.

Economics: TCO Across Twenty Stations

The calculation is open. Assumptions: twenty above-ground stations along a 180 km route, 24/7 protection, comparison of guard post against robotics in a rental model.

Variant A: Stationary guarding. 20 stations × 18,000 euros per station per month × 12 months = 4,320,000 euros per year. This figure assumes an average hourly rate. The range of 15,000 to 25,000 euros monthly per post is determined by tariff and region.

Variant B: QR-3 in the rental model (Robotics-as-a-Service). 20 robots × 3,800 euros per unit per month × 12 months = 912,000 euros per year. No capital expenditure, no activation in fixed assets, no maintenance budget.

Difference: 3,408,000 euros saved per year. With higher detection quality (thermal, LiDAR, drone RF) and complete audit trail. Contract term 24 months, delivery time 48 hours after site clearance.

Hybrid model. A central control room with human dispatchers remains necessary, the field operates fully robotically. This reduces the personnel load to one or two shifts of control room plus a mobile intervention team for escalations. Hybrid costs range between 1.2 and 1.5 million euros annually.

The TCO logic applies not only to pipelines. It holds wherever the perimeter exceeds the staffing level. The duties follow from the 12 duties checklist 2026.

Implementation in Fourteen Weeks

Implementation follows a fixed phase plan. The phase plan is part of the contract and therefore binding, not indicative.

Weeks 1 to 2: Risk analysis. Site survey per station. Definition of patrol routes. Escalation matrix with named recipients in control room and police. Result: draft resilience plan per § 9 Dachgesetz.

Weeks 3 to 6: Provisioning. Hardware provision and build-out of radio cells (LTE/5G with redundant backhaul). Charging stations with backup power connection. Connection of the control room software via VPN and API.

Weeks 7 to 10: Pilot operation. Two pilot stations enter full operation. Tuning of detection thresholds, reduction of false alarms from wildlife and vegetation, audit test against the internal audit procedure.

Weeks 11 to 14: Rollout. Scaling to the remaining eighteen stations. Documentation of patrol logs as annex to the self-audit report. Acceptance by the plant manager.

A monthly resilience report to the executive board and supervisory authority is included in the service package. The report covers detection events, response times and availability metrics.

Evidence to BBK and Supervisory Authority

The Bundesamt für Bevölkerungsschutz coordinates KRITIS registration and receives resilience evidence. The plant manager maintains five documents:

  1. Resilience plan per Dachgesetz § 9. It documents the physical protection measures per station, the sensor equipment and the escalation chain.
  2. Patrol logs as annex to the self-audit report. The self-audit is due every two years. The logs are exportable in original format and cryptographically signed.
  3. Drone detection reports to the BSI, as soon as the defined threshold is exceeded. The report is generated from the audit trail without manual double entry.
  4. Response time metrics. The chain from detection to verification to escalation is documented in an auditable manner. Mean values and 95-percentiles are reported monthly.
  5. Evidence of executive liability. NIS-2 establishes personal liability of management bodies for insufficient security measures (Directive (EU) 2022/2555). Documented diligence is the line of defence. A deeper treatment is given in the article on executive liability under NIS-2.

What works: robotics delivers detection, verification, audit trail and scalability across twenty stations without personnel bottlenecks. What does not work: robotics does not replace human dispatch in the control room, nor police intervention, nor the strategic risk analysis by the plant manager. When each applies: robotics patrols and documents continuously. Personnel decides in the escalation case.

Anyone who must secure twenty stations along a gas transmission pipeline dimensions the protection concept now for the deadline of the next BBK audit. A site assessment with concrete TCO calculation per route is provided by the KRITIS perimeter consultation.

Translations

More from this cluster

Call now+49 711 656 267 63Free quote · 24 hCalculate price →