Cybersecurity and Non-Compliance
Yes, non-compliance can get expensive
by Charles Parker
Every business has its mission statement and goals. These differ generally for the for-profit and non-
profit organizations. One aspect that is present with all organizations. One aspect that is present with all
organizations is for the staff to move the company forward to the goals. One area though that has been
misconstrued and misunderstood at times is also a bedrock for the organization’s success. Any company
depends on compliance to provide the solid base of operations. Without this firmly in place, the staff is
likely to run afoul of the law. Compliance has the direct and simple purpose of guiding the company so
the operations and staff work within the statutes, laws, and regulations.
This isn’t only for the cyber/information security industry. This mode of operation is applicable across
most industries. If the company is publicly traded there is the SEC, banking has the GLBA, medical has
HIPAA, and so on. These may also be national, such as the GDPR in the EU. What makes this topical is
Telegram recently had the opportunity to address this very issue.
Germane German Law
In 2017 German lawmakers enacted the Network Enforcement Act of 2017, which is focused on
removing hate speech on social media (e.g., Facebook, Google, or Twitter). With the law, the social
media platform has to remove the reported items after review. The business has to log the activity and
create a report every six months of the number of complaints and how the business dealt with it. As this
was processed through their legislative system, the fine points were debated thoroughly. One point of
contention was how the law could affect the online free speech. The law wasn’t only a strongly worded
requirement, but also included a section for fines. If the company continued to fail to comply, the fine
for this would be up to €50M or up to $56M USD. This also allows for fines up to €5M for the company
designee responsible for compliance if one is not noted. Within the law, there is also the potential for
criminal laws to be applied. In theory this could get very expensive very quickly.
Applied to Telegram
It appears Telegram did not comply with the German statute on two fronts. The German Justice Minister
announced Telegram would be receiving million dollar fines based on this violation of the statute. It
appears the company did not designate a person in Germany as the person to contact when the hate
speech was detected in their social media. Also, they did not create or apply a process for a person to
notify the social media platform of any of this unlawful content. To comply, this has to be easily
This probably won’t end up costing them millions and millions of Euros. There is the potential for some
fine to be assessed. The companies operating in Germany with social media platforms need to hire or
appoint competent people to read and understand applicable laws and apply these to the business
operation. Oddly enough, the published accounts have not noted why Telegram has refused to comply
with this. They were prior to the fine written to over these two points of non-compliance. In the future,
the fines assessed may be substantial.
Associated Press. (2021, June 14). Germany seeks to fine operators of telegram messenger app.
Cysecurity. (2022, January 11). German ministry of justice announced millions in fines for telegram in
case of non-compliance with laws. https://www.cysecurity.news/2022/01/german-ministry-of-justice-
IT Security News. (2022, January 12). German ministry of justice announced millions in fines for telegram
in case of non-compliance. https://www.itsecuritynews.info/german-ministry-of-justice-announced-
Jordans, F. (2017, June 30). Germany passes law against online hate speech.
The News Glory. (2022, January 20). Germany threatened telegram with large fines in case of non-
compliance with laws. https://thenewsglory.comgermany-threatened-telegram-with-large-fines-in-case-