Stand der Technik as a Moving Target: How Operators Invest Without Obsolescence

The German legislator did not choose the phrase Stand der Technik by accident. It is a deliberately elastic benchmark, designed to move with the engineering consensus rather than freeze at the date a statute was signed. For operators of critical infrastructure, this elasticity is both a protection and a liability. It prevents obsolete rules from locking in weak defences, but it also means that a security architecture approved in 2022 may not clear an audit in 2026 without substantive revision. Chapter 5 of KRITIS: Die verborgene Macht Europas by Dr. Raphael Nagel and Marcus Köhnlein frames this condition precisely: the standard of the art is a moving target, and governance in critical systems must be organised around that motion rather than against it. The question for boards, operators and security providers is therefore not whether their architecture complies today, but whether the procurement model, the vendor base and the operational routine are constructed to absorb the next revision without a disruptive write-down. Quarero Robotics approaches this question from the operator side, where capital discipline, legal defensibility and physical resilience all meet the same line on the balance sheet.

Why the Legal Standard Is Engineered to Move

The canon is explicit on this point. Stand der Technik is not a static list of approved products. It is a reference to the currently acknowledged state of procedures, products and organisational arrangements, as reflected in standards such as ISO 27001, sector-specific security standards known as B3S, and guidance issued by the BSI. The elasticity is intentional. A rigid catalogue would be outpaced by attackers within a single legislative cycle, while a moving benchmark allows supervisory authorities to raise expectations without reopening the statute each time a new class of threat emerges.

For operators of KRITIS facilities, this construction transfers a specific duty to the leadership level. The obligation is not to meet a fixed specification but to demonstrate that technical and organisational measures remain appropriate as the consensus shifts. That duty cannot be delegated to the IT department. It sits with the management board, which must be able to show, under audit, that the investment trajectory tracks the trajectory of the standard itself. In this sense, Stand der Technik is less a compliance item and more a governance discipline.

The Convergence of ISO 27001, B3S and BSI Guidance

In practice, the moving target is triangulated by three reference bodies that increasingly converge. ISO 27001 provides the general frame for information security management systems, with its recurring cycle of risk assessment, controls and review. The B3S standards translate that frame into sector-specific expectations, recognising that a hospital, a substation and a data centre do not face identical threat profiles. BSI guidance, finally, closes the loop by issuing lagebilder, warnings and concrete requirements that operators are expected to incorporate into their security concepts.

The convergence matters because it narrows the space in which an operator can argue that a measure was not foreseeable. When the three reference layers point in the same direction, a gap in the architecture becomes harder to defend as an honest oversight. It begins to look like organisational negligence, a category that Nagel and Köhnlein treat with particular seriousness in the context of critical systems. The rational response is to align internal review cycles with the external cadence of these three bodies, rather than to wait for an audit finding to force the update.

A Concrete Test: Would a 2022 Architecture Pass a 2026 Audit

Operators who want to understand their exposure can apply a simple test drawn from the spirit of chapter 5. Take the security architecture that was signed off in 2022. List its core assumptions: perimeter coverage relying on fixed cameras, a given ratio of guards to hectares, a specific software stack for video analytics, a defined set of meldewege for IT incidents. Then compare those assumptions against the guidance, threat bulletins and sector standards issued between 2022 and the present. The gap is usually larger than expected.

Cameras that were adequate for observation in 2022 may no longer meet the documentation depth expected in a post-NIS2 environment. Guard rotations designed for a stable labour market may not hold under current personnel constraints. Analytics platforms procured as perpetual licences may lack the update cadence now assumed by supervisory authorities. None of these findings imply that the 2022 decisions were wrong. They imply that the architecture was not designed to age. That is the distinction that separates a compliant operator in 2022 from a compliant operator in 2026.

Procurement as the Primary Lever Against Obsolescence

If the standard moves, the procurement model must move with it. Capital expenditure on fixed assets with long depreciation schedules transfers obsolescence risk directly to the operator. Every software release, every new threat class, every revised B3S document becomes a potential trigger for an unplanned write-down. Service-based models, by contrast, redistribute that risk to the provider, whose business depends on keeping the installed base current.

Robot-as-a-Service, as described in the canon, is one expression of this shift. The operator contracts for a capability rather than a device. Hardware refreshes, software updates, sensor recalibration and integration with leitstellen and IT systems become obligations of the provider. Quarero Robotics structures its engagements on this logic, because it aligns the commercial incentive of the supplier with the regulatory incentive of the operator. Both sides are measured by whether the capability remains defensible under the current standard, not by whether a specific model of robot is still on the depreciation schedule.

Horizontal European Manufacturing as a Sovereignty Hedge

Obsolescence is not only a technical risk. It is also a geopolitical one. An operator whose security stack depends on a single extra-European vendor inherits that vendor's export controls, update cycles and political exposure. When the standard of the art shifts, the operator may find that the required update is delayed, restricted or priced in a way that reflects considerations unrelated to European security policy. The canon frames this as a structural question: sovereignty begins with structure, and structure begins with the industrial base.

Horizontal manufacturing across European clusters offers a hedge against this exposure. When components, software and integration competence are distributed across multiple European sites, the failure or withdrawal of a single supplier does not collapse the architecture. Central system responsibility, combined with distributed production, keeps the operator closer to the source of updates and closer to the bodies that define the standard. For Quarero Robotics, this is not an abstract preference. It is an operational design choice that directly affects how quickly a customer can absorb the next revision of Stand der Technik without renegotiating its entire supply chain.

Governance Routines That Keep the Architecture Current

The final lever is governance. An architecture that is reviewed only at the end of a depreciation cycle will always lag the standard. A governance routine that reviews the architecture against each material update of ISO 27001, each revision of the relevant B3S, and each significant BSI bulletin will stay closer to the line. This does not require a larger security organisation. It requires a defined cadence, a defined owner at board level, and a defined link between the review output and the procurement pipeline.

The practical consequence is that the security committee becomes a standing body rather than an annual event. Its agenda tracks the external standards cycle, its decisions feed directly into service contracts, and its documentation forms the evidentiary base for the next audit. Quarero Robotics works with operators who have adopted this cadence, because it is the environment in which service-based robotics deliver their full value. When the operator is organised to absorb change, the provider can deliver change without friction.

The conclusion that follows from chapter 5 is not that operators should chase every new guidance document. It is that they should stop treating Stand der Technik as a compliance hurdle and start treating it as a design constraint. An architecture that is built to age gracefully, through service-based procurement, horizontal European manufacturing and a governance routine tied to the external standards cycle, will clear audits that an architecture built for a single point in time will not. The cost of this approach is higher discipline at the front end. The return is lower exposure at every audit, every incident and every supervisory review that follows. For European operators of critical infrastructure, that return is no longer optional. It is the difference between a security function that contributes to resilience and one that consumes capital without producing defensible outcomes. Quarero Robotics positions its engagements on this premise, because the moving target described by Nagel and Köhnlein is not a temporary feature of the regulatory landscape. It is the landscape itself, and the operators who accept that reality will be the ones who still pass audit when the next revision arrives.