Laws & Regulations

DIaLOGIKa has been working closely with the Federal Network Agency (BNetzA) for many years. The BNetzA supervises and implements the lawful disclosure and interception procedures defined in the Telecommunications Act (TKG) and publishes the corresponding technical guidelines.

On December 1, 2021, the revised Telecommunications Act (TKGentered into force. On June 16, 2022 the corresponding technical guideline TR TKÜV was published.

As a result, not only telephony providers are required to implement this technical guideline and use an electronic interface for lawful disclosure (ETSI-ESB or EMAIL-ESB), but also providers of number-independent interpersonal communication services (e.g., email services). After a transition period of one year (from December 1, 2022), these obligations also apply to messaging service providers and other OverTheTop providers (OTT).

The following sections of the TKG are relevant for authority disclosure:

• Section 170 – Lawful Interception
• Section 171 – Location
• Section 172 – Data retention
• Section 173 – Automated subscriber data disclosure
• Section 174 – Manual subscriber data disclosure

The Telecommunications and Digital Services Data Protection Act (TDDDG) regulates in Sections 9–13 which traffic and location data must be stored for operational purposes and disclosed under the Criminal Procedure Code.

The automated disclosure procedure (Section 173 TKG) operated by the Federal Network Agency enables investigation authorities, as well as emergency call centers—to retrieve subscriber data such as name, address, or telephone number in a highly secure and automated manner 24/7.

These requests may only be made if required for the performance of legal duties. The procedure is governed by the Subscriber Data Disclosure Regulation (KDAV) and the Technical Guideline TR AAV.

The Federal Network Agency does not maintain its own databases. Instead, it forwards requests automatically to obligated telecommunications providers, consolidates responses, and returns them to the requesting authority.

Obligated parties under TR AAV include all providers of number-based telecommunications services with more than 10,000 subscribers.

• Our solution for providers: InfBrok90
• Our solution for authorities: InfReq
• TR AAV 2.0 (in German)

Version 7.0 of TR TKÜV, which had to be implemented by June 14, 2018, already required providers with more than 100,000 customers to process traffic data requests, manual subscriber data requests, interception measures, and location requests via the ETSI-ESB interface. For providers with fewer than 100,000 customers, the EMAIL-ESB interface is an alternative. Providers with more than 100,000 customers must additionally support EMAIL-ESB as a fallback.

EMAIL-ESB is based on PGP-encrypted email communication and is operationally more complex due to bilateral key exchange. Therefore, even smaller providers often benefit from implementing ETSI-ESB directly.

ETSI-ESB is based on XML exchange over HTTP within a VPN managed by the Federal Network Agency, in accordance with ETSI TS 102 657. For OTT providers (including messaging and email services), TR TKÜV specifies ETSI TS 103 120. DIaLOGIKa’s InfBrok100 platform supports these and additional interfaces, as well as all associated TR TKÜV requirements, including lawful interception and mobile location data retrieval.

• Our solution for providers: InfBrok100 • Our solution for authorities: InfReq100 • TR TKÜV (in German)

Since March 23, 2020, DIaLOGIKa has been a member of the European Telecommunications Standards Institute (ETSI). ETSI defines, among other things, communication standards between investigation authorities and telecommunications providers in the context of lawful interception and lawful disclosure. ETSI specifications form the basis of the Federal Network Agency’s technical guidelines. Also the e-Evidence interface is based on ETSI TS 104 144. Through ETSI membership, we actively contribute to the standardization process and ensure that innovations are reflected early in InfReq100 and InfBrok100.

TS 102 657 defines the structure of requests and responses between telecommunications providers and authorities in the national procedure. Data exchange is performed via XML over HTTP(S). National extensions by the Federal Network Agency also enable efficient workflow support for order validation and interception extensions, including automation and OCR-based processing.

• Our solution for providers: InfBrok100
• Our solution for authorities: InfReq100
• TS 102 657

TS 103 120 defines the communication format for OTT providers (e.g., messaging and email services) under TR TKÜV (from version 8.2 onwards). It is used for transmitting requests and orders. Response formats are not strictly defined by this specification and may include TS 102 657, TS 103 707 (extensible format for traffic and content data), or TS 103 705 (self-describing format). These are based on TS 103 280, which defines terminology and format specifications for telecommunications.

• Our solution for providers: InfBrok100
• Our solution for authorities: InfReq100
• TS 103 120

Published in June 2025, TS 104 144 enables integration of existing systems with the e-Evidence framework. It is based on ETSI TS 103 120.

• Our solution for providers: InfBrok100
• Our solution for authorities: InfReq100
• TS 104 144

TS 103 976 is another standard based on TS 103 120, describing use in the context of vehicle data. Due to overlaps between vehicle and communication data, a pilot project is underway to integrate this standard into InfBrok100.

• Our solution for providers: InfBrok100
• Our solution for authorities: InfReq100
• TS 103 976

In August 2024, the EU Regulation on E-Evidence (European Production and Preservation Orders) was adopted and must be implemented by August 2026. It enables law enforcement authorities in EU member states to request subscriber, traffic, and stored content data directly from providers via a European Production Order Certificate (EPOC). Providers offering services in the EU must appoint a legal representative within the EU.

A preservation order in this context requires providers to retain requested data until a formal production order is issued.

Depending on the data type, confirmation by a German public prosecutor or expiration of a deadline is required before disclosure. In urgent cases, the response time is limited to eight hours.

DIaLOGIKa integrates these workflows into InfBrok100.

• Our solutions for providers: InfBrok100 and InfBrok100/E-Evidence

The EU Digital Services Act, in force since February 2024, regulates user rights protection and faster removal of illegal online content. Internet access providers are also required to provide identification data based on IP addresses and timestamps. InfBrok100 already supports this functionality. Additionally, statistical data must be collected for transparency reporting obligations.

It is expected that authorities in Germany will be allowed to issue preservation orders requiring providers to retain requested data without immediate disclosure until a court order is issued.

• Our solution for providers: InfBrok100

If data retention (particularly for IP addresses) is reintroduced, InfBrok100 provides an efficient solution for storing and querying large data volumes while ensuring full security compliance.

The following obligations apply under German and European law:

• TR AAV (if more than 10,000 subscribers)
• ETSI-ESB (if more than 100,000 subscribers)
• EMAIL-ESB
• Subscriber data requests
• Traffic data requests
• Lawful interception
• Mobile and IP location
• Fraud investigations
• E-Evidence (from August 2026)

• TR AAV (if more than 10,000 subscribers)
• ETSI-ESB (if more than 100,000 subscribers)
• EMAIL-ESB
• Subscriber data requests
• Traffic data requests
• Lawful interception
• IP location
• Fraud investigations
• E-Evidence (from August 2026)

• ETSI-ESB (if more than 100,000 subscribers)
• EMAIL-ESB
• Subscriber data requests (IP-based)
• Lawful interception
• IP location
• E-Evidence (from August 2026)

• TR AAV (if more than 10,000 subscribers)
• ETSI-ESB (if more than 100,000 subscribers)
• EMAIL-ESB
• Subscriber data requests
• E-Evidence (from August 2026)

• ETSI-ESB (if more than 100,000 subscribers)
• EMAIL-ESB
• Subscriber data requests
• Traffic data requests
• Lawful interception
• Mailbox content
• E-Evidence (from August 2026)

• ETSI TS 103 120
• Lawful interception
• Lawful disclosure
• E-Evidence (from August 2026)

• E-Evidence (from August 2026)