Security clearance law
|Title:||Law on the requirements and procedure for federal security reviews|
|Short title:||Security clearance law|
|Scope:||Federal Republic of Germany|
|Legal matter:||State law , state protection|
|Issued on:||April 20, 1994
( BGBl. I p. 867 )
|Entry into force on:||April 21, 1994|
|Last change by:||
Art. 20 VO of June 19, 2020
( Federal Law Gazette I p. 1328, 1330 )
|Effective date of the
|June 27, 2020
(Art. 361 of June 19, 2020)
|Please note the note on the applicable legal version.|
The Federal Security Review Act ( SÜG ) regulates the prerequisites and the procedure for the security review of persons who are to be entrusted with certain security-sensitive activities (security review) or have already been entrusted (update or repeat review). A security-sensitive activity is carried out, for example, by who
- Access to classified information is, or it can provide that as TOP SECRET, SECRET or CONFIDENTIAL classified or
- is employed in a security-sensitive position within an institution essential to life or defense ( (2) SÜG)
In addition, the obligation to undergo a security clearance can result from other laws. For example, SG provides for a simple security check in accordance with the Security Check Act for all persons whose initial appointment as a professional or temporary soldier is intended. The same applies to persons who are to work for the Federal Criminal Police Office ( BKAG ).(3)
The Federal Security Review Act is to be applied in particular if an authority or other public body of the federal government wants to assign a person to a security-sensitive activity or wants to pass on classified information to a non-public body.
The SÜG knows three levels of security reviews:
- The simple security check ("Ü1") according to SÜG is u. a. for persons who are to have access to classified information classified as CONFIDENTIAL or who are able to obtain it, as well as for persons who are to be employed in a position that has been declared a security area by the National Security Authority ( (2) No. 3 SÜG).
- The extended security check ("Ü2") according to sabotage ( (4) SÜG). SÜG is to be carried out for persons who are to have access to classified information classified as SECRET or a large number of classified information classified as CONFIDENTIAL or who can obtain it, as well as for persons who are in one place are to be employed who are subject to preventive personal protection against
- The extended security check with security investigations ("Ü3") according to federal intelligence services or an authority are to perform activities with a comparable security sensitivity. SÜG is to be carried out for persons who are to get access to classified information classified as TOP SECRET or a large number of classified information classified as SECRET or who can obtain it, as well as for persons who the
As a rule, the result of the security review is valid for five years. After the expiry, the security check must be updated. In the case of extended security reviews with security investigations (Ü3), a repeat review (carrying out a new initial review) must usually be initiated after ten years (, SÜG)
The security check can be completed without restrictions, with restrictions / requirements or with the determination of a security risk (SÜG).
According to the Security Review Act, there is a security risk if there are actual indications
- Justify doubts about the reliability of the person concerned when performing a security-sensitive activity or
- justify a particular risk from attempts at initiation and advertising by third-party intelligence services, in particular concerns about blackmail, or
- Justify doubts about the person's commitment to the free democratic basic order within the meaning of the Basic Law or about advocating its maintenance at any time ( (1) SÜG).
If a security risk is identified, the person concerned must not be entrusted with a security-sensitive activity.
Once a security risk has been identified, a new security review can usually be initiated again after five years. An important principle of the Security Review Act is: In case of doubt, for security ((3) SÜG). This principle means that when there are indications of a security risk, the review concludes with the detection of a security risk.
Measures for the individual types of inspection
The measures for the individual types of inspection are specified inSÜG. The three types of verification build on one another, i. H. the extended security check (Ü2) includes the measures of the simple security check (Ü1).
In the simple security check (Ü1) , the information in the security declaration (see below) of the person to be checked is first assessed , taking into account the findings of the federal and state authorities for the protection of the constitution . In the case of members of the Bundeswehr (soldiers as well as civilian personnel) the check is carried out by the military counterintelligence service . In addition, unlimited information is obtained from the Federal Central Register (BZR), and inquiries are sent to the Federal Criminal Police Office (BKA), the Federal Police Headquarters , the responsible public prosecutor's office and the federal intelligence services .
In the case of the extended security check (Ü2) , additional inquiries are made to the police stations of the person's residences (usually limited to the last five years), and his or her identity is also checked. The spouse or partner of the person concerned is generally included in the security clearance and should consent to this inclusion. However, the wording “shall” used in the law practically means a “must”, because the security clearance of the person concerned cannot be carried out without the consent of the person to be involved. If consent is not given, the start or - if it is later withdrawn - the progress of the review is inhibited. In justified exceptional cases, however, an application can be made to waive the inclusion of the person to be involved.
In the extended security check with security investigations (Ü3) , the reference persons specified by the person concerned in their security declaration and other suitable information persons are also interviewed in order to check whether the information provided by the person concerned is correct and whether there are actual indications that suggest a security risk. A new security check takes place after a period of 5 years has expired.
Persons to be checked who come from the GDR and were born before January 1, 1970, must submit a request for information to the Federal Commissioner for the Records of the State Security Service of the Former German Democratic Republic (BStU) about possible work for the State Security Service of the GDR ( para. 4 SÜG). In the case of Ü2 and Ü3, the person to be included (usually the partner, life partner or spouse) must also submit this application. The application is sent by the initiating authority, which is also informed of the result. This application will also be made again when the security check is regularly updated or repeated and sent to the Federal Commissioner.
In special cases, especially when certain suspicious cases are uncovered, the authority involved can question other suitable persons to provide information or other suitable bodies, in particular public prosecutors or courts, or carry out individual measures of the next higher type of security check ((5) SÜG).
The security statement
The person to be checked has to submit a security declaration. In it (depending on the type of check, some points may be omitted or expanded to include people who are related to the person):
- Names, also earlier, first names,
- Date and place of birth,
- Nationality, including previous and dual nationalities,
- Marital status,
- Residences and stays of longer than two months, in Germany in the past five years, abroad from the age of 18,
- regular occupation,
- Employer and his address,
- private and professional telephone or electronic availability,
- Number of Children,
- Persons living in the household over the age of 18 (names, also previous names, first names, date and place of birth and relationship to this person),
- Parents, step-parents or foster parents (names, including previous names, first names, date of birth, place of birth, nationality and residence),
- Complete training and employment periods, military or civil service periods with details of the training facilities, employment positions and their addresses, for periods of non-employment the place of residence, provided that the respective period covers more than three months without interruption,
- ID card or passport number, as well as the issuing authority and the date of issue,
- Current insolvency proceedings or those that have been completed in the past five years, foreclosure measures taken against them in the past five years and whether the financial obligations can currently be met,
- Contacts to foreign intelligence services or to intelligence services of the former German Democratic Republic, which may indicate an attempt at initiation and advertising,
- Relationships with anti-constitutional organizations,
- pending criminal and disciplinary proceedings,
- criminal convictions abroad,
- Information on places of residence, stays, trips, close relatives and other relationships in and to countries in which, according to the determination of the Federal Ministry of the Interior, as the national security authority, special security risks are to be feared for persons involved in security-sensitive activities,
- three reference persons (surname, first name, date of birth, place of birth, gender, occupation, professional and private address and telephone or electronic availability as well as the time at which the acquaintance began) only in the event of a security check according to § 10,
- Information on previous security and background checks.
- the addresses of one's own Internet pages and memberships in social networks on the Internet only in the event of a security check according to §§ 9, 10 and a security check according to § 8 for members of the division of the Federal Ministry of Defense.
- Number of children (only members of the division of the Federal Ministry of Defense and if they are to be employed by the federal intelligence services)
Persons who are to take up a professional activity with the federal intelligence services must provide additional information:
- the residences since birth,
- the children,
- the siblings,
- completed criminal proceedings including preliminary investigations and disciplinary proceedings,
- all contacts to foreign intelligence services or to intelligence services of the German Democratic Republic,
- two persons providing information (surname, first name, date of birth, place of birth, address, telephone or electronic availability and relationship to the person) to verify the identity of the person concerned,
- in the case of the presence of an affected person, two persons providing information (surname, first name, date of birth, place of birth, address, telephone or electronic availability and relationship to the person) to verify their identity.
States with special security risks
In accordance with Federal Ministry of the Interior, Building and Home Affairs (BMI) specifies the states in which there are special security risks for those involved in security-sensitive activities. Travel to these states must be stated in the security declaration. A person who carries out a security-sensitive activity for which a Ü2 ( confidentiality ) or Ü3 is required must notify travel to these states beforehand ( (1) SÜG). The trip can be prohibited for security reasons ( (2) SÜG). In particular, previous residences, stays and close relatives in these states, but also trips there, can endanger attempts at initiation and advertising, including through blackmail.(1) No. 17 SÜG, the
The current list of states was published on April 29, 1994 and is regularly updated. The predecessor was the “Order of the Federal Government on Travel by Federal Employees to and through the Communist Sphere of Power (Travel Order)” of June 6, 1973 or the list of states of the revised travel order of December 20, 1989 in the currently applicable version. The basis for determining the states is the knowledge of the Federal Foreign Office (AA) on the political situation and the legal system in the states as well as in particular the knowledge and assessments of the federal intelligence services ( Federal Intelligence Service (BND), Federal Office for the Protection of the Constitution (BfV), Military Counter-Intelligence Service (MAD)) ) z. B. on the threats to the intelligence service of employees at German diplomatic missions abroad , the working methods of the intelligence services of these states and the intelligence activities against Germany as well as the activities of terrorist and criminal organizations in these states.
With the involvement of the Federal Chancellery (BKAmt), the Federal Foreign Office, the Federal Ministry of Defense (BMVg) and the BfV , the Federal Ministry of the Interior regularly reviews whether a state can be removed from the list of states or in the list of states, if necessary on an ad hoc basis or at the request of one of the aforementioned parties must be re-recorded. The BKAmt and the BMVg also involve the BND and the MAD.
The list of states currently contains the following countries (unless otherwise stated, since April 29, 1994):
- Algeria (since June 6, 1997)
- China (including Hong Kong since July 1, 1997 and Macau since December 20, 1999)
- Korea, Democratic People's Republic
- Lebanon (since June 6, 1997)
- Pakistan (since July 15, 2014)
- Sudan (since June 6, 1997)
|Albania||April 29, 1994||April 1, 2009|
|Bosnia and Herzegovina||June 6, 1997||January 24, 2020|
|Bulgaria||April 29, 1994||December 20, 2000|
|Yugoslavia||June 6, 1997||1June 15, 2004|
|Cambodia||April 29, 1994||October 15, 2010|
|Kosovo||2April 10, 2008||January 24, 2020|
|Mongolia||April 29, 1994||June 15, 2004|
|Montenegro||3June 15, 2004||October 15, 2010|
|Romania||April 29, 1994||March 1, 2000|
|Serbia||3June 15, 2004||January 8, 2019|
Outline of the law
First section: General regulations
- § 1 Purpose and scope of the law
- § 2 Affected group of people
- § 3 jurisdiction
- § 4 classified information
- § 5 Security Risks, Security-Relevant Findings
- § 6 rights of the data subject
Second section: types of checks and implementing measures
- § 7 Types of Security Checks
- § 8 Simple security check
- § 9 Extended Security Review
- § 10 Extended security review with security investigations
- § 11 data collection
- § 12 Measures for the individual types of inspection
Section three: procedure
- § 13 Security Declaration
- § 14 Completion of the security review
- § 15 Provisional assignment of a security-sensitive activity
- § 16 Security-relevant findings after completion of the security review
- § 17 Supplement to the security declaration and repeat inspection
Fourth section: files on the security clearance; Data processing
- § 18 Security File and Security Review File
- § 19 Storage and destruction of documents
- § 20 Saving, changing and using personal data in files
- § 21 Transmission and earmarking
- § 22 Correction, deletion and blocking of personal data
- § 23 information about stored personal data
Fifth section: Special regulations for security checks for non-public bodies
- § 24 scope
- § 25 Competence
- Section 26 Security Declaration
- § 27 Completion of the security review, disclosure of security-relevant information
- § 28 Update of the security declaration
- § 29 Transmission of information about personal and employment law relationships
- § 30 Security file of the non-public body
- § 31 data processing, use and correction in automated files
Sixth section: Travel restrictions, security checks at the request of foreign authorities and final regulations
- Section 32 Travel Restrictions
- Section 33 Security check at the request of foreign agencies
- Section 34 Authorization to issue statutory instruments
- Section 35 General Administrative Regulations
- Section 36 Application of the Federal Data Protection Act , Federal Constitutional Protection Act , MAD Act and BND Act
- Section 37 Penal Provisions
- Section 38 Amendment of Laws
- Section 39 Entry into force
In cases of suspected violation of federal data protection legal provisions relating to security checks you can to the Federal Commissioner for Data Protection and Freedom of Information (BfDI) contact.
From 2008 to 2009, the Federal Office for the Protection of the Constitution carried out a security check on a well-known right-wing extremist and alleged supporter of the National Socialist Underground and did not encounter any complaints.
- Wolf-Rüdiger Schenke , Kurt Graulich , Josef Ruthig : Federal Security Law - BPolG, BKAG, ATDG, BVerfSchG, BNDG, VereinsG . 2nd Edition. CH Beck, Munich 2019, ISBN 978-3-406-71602-7 , pp. 1789-1948 .
- The Federal Government's answer to the minor question from MPs Jan Korte, Christine Buchholz, Annette Groth, other MPs and the DIE LINKE parliamentary group. - Printed matter 18/3645 - List of states in the Security Review Act. In: German Bundestag . 19th January 2015.
- Security review - Projekt SicherheitsWiki
- states within the meaning of Section 13 Paragraph 1 No. 17 SÜG. In: https://www.bmi.bund.de/ . January 24, 2020, accessed January 28, 2020 .
- Right-wing extremism: V-Mann gave five references to NSU whereabouts , Zeit Online from September 16, 2012.