Live · DACH ops
03:47 · QR-2 · Sektor B · 0 anomalies04:03 · QR-7 · Gate 4 · handover ack04:11 · QR-2 · Sektor B · patrol complete · 4.2 km04:14 · Filderstadt · ops ack · all green04:22 · QR-12 · Stuttgart-W · charge cycle 84%04:30 · QR-3 · Karlsruhe · perimeter sweep · pass 3/404:38 · QR-9 · Wien-N · weather check · IP65 nominal04:45 · QR-2 · Sektor B · thermal hit reviewed · benign04:52 · QR-15 · Zürich-O · escalation queue · empty05:00 · all units · shift turnover · zero incidents03:47 · QR-2 · Sektor B · 0 anomalies04:03 · QR-7 · Gate 4 · handover ack04:11 · QR-2 · Sektor B · patrol complete · 4.2 km04:14 · Filderstadt · ops ack · all green04:22 · QR-12 · Stuttgart-W · charge cycle 84%04:30 · QR-3 · Karlsruhe · perimeter sweep · pass 3/404:38 · QR-9 · Wien-N · weather check · IP65 nominal04:45 · QR-2 · Sektor B · thermal hit reviewed · benign04:52 · QR-15 · Zürich-O · escalation queue · empty05:00 · all units · shift turnover · zero incidents
← All articles
perimeterschutz

State of the Art Perimeter Security: 2026 Duty

State of the art perimeter security under KRITIS Umbrella Act: five sensor layers, response times under 30 seconds, autonomous patrol replacing guard posts.

Dr. Raphael Nagel (LL.M.) & Marcus Köhnlein
Investor & Author · Founding Partner
Follow on LinkedIn

State of the Art Perimeter Security: 2026 Duty

In 2026, "state of the art" is no longer a marketing claim. It is the audit benchmark used by the BBK and by insurers. Plant managers and security managers in KRITIS sectors must prove it, not assert it. The five sensor layers, response times, documentation requirements and the procurement model for that proof are set out below.

State of the Art Perimeter Security: 2026 Definition

"Stand der Technik" originates in § 8a BSIG and reappears in the draft KRITIS Umbrella Act (KRITIS-Dachgesetz). The term denotes measurable, generally recognised procedures that are proven in practice. It sits between "generally accepted rules of the art" (older, broadly established) and "the state of science and research" (research frontier, not yet field-ready).

For operators, this means the burden of proof is not about investment volume but about audit readiness. A company that spends EUR 400,000 on fence sensors but cannot document a response chain does not meet the state of the art. A company that leases three robots and logs every patrol does.

Static fences and pure foot patrols are no longer sufficient in 2026. The draft KRITIS-Dachgesetz in Bundestag-Drucksache 20/9262 defines physical resilience duties and proof requirements. Sensor depth, response time and documentation are anchored as three audit dimensions. Gaps in any one dimension cause audit failure.

Next step: review the KRITIS requirements overview before you invest.

Sensor Layers in Current Perimeter Security

The 2026 state of the art requires five layers. Each on its own is insufficient. The combination carries the proof.

Layer 1: Mechanical barrier. Fencing per DIN EN 1627 resistance class RC 3 or higher, gates with turnstiles, supplemented by vibration sensors (fibre optic or MEMS) with detection rates above 95 percent. [Source to be inserted] Without vibration sensors, the fence is only a visual barrier.

Layer 2: Optical detection. RGB cameras with AI-based person and vehicle classification. Minimum resolution 4 MP, classification accuracy above 92 percent. [Source to be inserted] Pure motion detectors produce 80 percent false alarms [Source to be inserted] and are no longer considered sufficient in 2026.

Layer 3: Thermal imaging. Mandatory for 24/7 operation. Microbolometers with 384x288 pixels or more, NETD below 50 mK. Works in darkness, fog, backlight and smoke. Without a thermal camera, the industrial site is effectively unprotected between 22:00 and 06:00.

Layer 4: LiDAR and radar. Spatial detection with point clouds up to 200 metres range. Radar identifies drones in the airspace above the site, LiDAR delivers centimetre-accurate localisation at ground level. Drone incidents against industrial sites have grown by a factor of 6 since 2022. [Source to be inserted]

Layer 5: Audio forensics. Microphone arrays at building boundaries identify glass breakage, gunshots and aggression patterns. Detection rates between 88 and 96 percent depending on classifier. [Source to be inserted] Still rare in German industrial parks, but already standard in the KRITIS energy sector.

Integration via a video management system and connection to the SIEM are mandatory. Islands of stand-alone systems do not meet the state of the art because the response chain cannot be documented.

Autonomous Patrol as an Operational Layer

Stationary sensors cover lines. Mobile robotics covers surfaces. Together they yield gap-free proof.

The QR-2 for 24/7 outdoor operation patrols outside with thermal imaging and person detection, delivered within 48 hours of contract signature. The QR-3 with LiDAR and drone detection adds spatial coverage and detects drones up to 150 metres in altitude. Both platforms patrol on randomised routes, which makes pattern recognition harder for attackers.

Every patrol is fully logged: timestamp, route, sensor events, escalations. The logs are formatted to meet the audit requirements of the BBK as registration and reporting body.

The human-robot interface complies with EN ISO 13482 for personal care robots, which defines safety requirements for mobile service robots operating around humans. This matters when employees, hauliers or visitors are on the premises.

Economically, one robot typically substitutes 1.5 to 2.2 stationary guard posts per 24-hour shift. [Source to be inserted] Personnel costs per monitored area drop by 70 to 85 percent. [Source to be inserted] The BDSW documents hourly rates and personnel availability that support this calculation.

Response Time as an Audit Criterion

Detection without response does not meet the state of the art. In 2026, auditors ask first about the documented response chain, not about the sensor list.

The target values are:

  • Alarm to verification: under 30 seconds.
  • Verification to intervention: under 10 minutes.
  • Escalation to police or works fire brigade: under 15 minutes.

Autonomous robots verify alarms physically on site before human guards are dispatched. This reduces the false alarm rate by a factor of 5 to 10 compared with purely video-based verification from the control room. [Source to be inserted] On a typical 12 hectare industrial site this means a drop from around 380 false alarms per month to under 50. [Source to be inserted]

Documentation of the response chain is a mandatory component of the KRITIS proofs, which must be produced every two years. Without complete logs the proof cannot be delivered.

For operational preparation: Perimeter security in industrial parks describes the response time matrix in detail.

KRITIS-Dachgesetz: What Changes in 2026

Physical protection will be regulated at federal level for the first time under the KRITIS-Dachgesetz, no longer split by sector. To date, different requirements have applied for energy, water, health and transport. From 2026, a uniform all-hazards approach applies, including sabotage, drones and hybrid threats.

The core duties:

  • Registration with the BBK within the prescribed deadline after entry into force.
  • Reporting duty for security incidents within 24 hours.
  • Resilience plan with documented protective measures according to the state of the art.
  • Proof every two years through independent audit.

Boards and managing directors are personally liable for implementation failures. Fines reach up to EUR 10 million or 2 percent of worldwide annual turnover, depending on severity. [Source: KRITIS-DachG draft to be inserted]

The NIS-2 Directive (Directive 2022/2555) obliges essential and important entities to apply cyber and physical protective measures according to the state of the art in parallel. NIS-2 covers the digital layer, the KRITIS-Dachgesetz the physical layer. Both regimes are binding in 2026 and overlap on access control, video surveillance and incident management.

Operationally: the KRITIS-Dachgesetz checklist 2026 walks through the registration duties.

Robotics-as-a-Service as a Procurement Model

Classical CapEx procurement fails in practice on two points: investment approvals take 6 to 18 months [Source to be inserted], and hardware ages faster than the depreciation period.

The Robotics-as-a-Service model resolves both. Monthly OpEx ranges from EUR 3,200 to EUR 3,800 per robot unit, depending on configuration. Minimum term is 24 months. Hardware replacement and software updates are included.

For comparison: a 24/7 staffed guard post costs between EUR 15,000 and EUR 25,000 per month in the DACH region, depending on tariff, shift model and surcharges under the Manteltarifvertrag. [Source: BDSW to be inserted] Substituting two posts per site yields savings of around EUR 240,000 to EUR 380,000 per year per site. [Source to be inserted]

Scaling per site happens without new investment approval. Delivery within 48 hours of contract signature. Three-year TCO modelling shows break-even after four to six months, depending on the personnel structure replaced. [Source to be inserted]

Reliable figures are provided in the TCO comparison guard service vs robotics.

Audit Readiness and Documentation

Audit readiness is the hardest test point in 2026. Sensors can be procured, documentation has to be built.

Every robot patrol automatically generates:

  • Timestamp with millisecond precision.
  • Route log with GPS and LiDAR position data.
  • Sensor log with thermal, RGB and audio events.
  • Escalation log with human intervention and decision.

The data are stored GDPR-compliant in German data centres. Retention periods are defined per data category: route logs 90 days, incident videos 30 days, audit exports per statutory retention duty.

Export for BBK audits, internal audit and insurers happens without additional effort via standardised interfaces. Response chains are fully traceable, including every human escalation and its rationale.

Protection concepts under the KRITIS-Dachgesetz can be derived directly from the logs. In practice this saves 40 to 60 consultant hours per audit cycle because the documentation is already closed at the cut-off date. [Source to be inserted]

Implementation Path for Plant and Security Managers

The operational sequence is proven and avoids misallocated investment.

Step 1: Gap analysis. Using the five sensor layers and the three response time thresholds, identify where the current estate fails to meet the 2026 state of the art. Typical gaps: no thermal imaging, no LiDAR drone detection, no documented response chain.

Step 2: Economic prioritisation. Identify stationary guard posts with low added value. Gate posts without access control authority, night shifts without intervention authority and weekend posts are the first candidates for substitution.

Step 3: Pilot operation. 90 days with one QR-2 or QR-3 at a representative site. Key metrics: false alarm rate, average response time, patrol density, substitution rate.

Step 4: TCO comparison and rollout decision. Based on pilot data, not on datasheets. Numbers from the own site are more reliable than any vendor modelling.

Step 5: Integration into protection concept and KRITIS registration with the BBK. Embed robotics logs, sensor integration and response chains into the resilience plan. This makes the 2026 state of the art provable.

To work this through for a specific site, use the contact form. The site analysis with pilot proposal and TCO model is delivered within two working days.

Translations

More from this cluster

Call now+49 711 656 267 63Free quote · 24 hCalculate price →