Kaspersky Lab has announced it will file a lawsuit against Germany’s Federal Office for Information Security (BSI) unless the agency revokes its 2022 advisory warning about Kaspersky products. The company claims the warning caused massive sales losses and is seeking a multi‑million‑euro compensation, marking a major escalation in the long‑running dispute.
Background: 2022 BSI Advisory on Kaspersky Products
In 2022 the BSI issued an advisory cautioning German public‑sector bodies and critical‑infrastructure operators about potential security risks when using Kaspersky’s endpoint protection and antivirus solutions. The warning cited concerns that the firm’s Russian ownership could expose users to state‑influenced espionage or sabotage, influencing procurement decisions across ministries, municipalities and large corporations.
The Current Standoff
Kaspersky’s latest communication demands that the BSI withdraw the advisory within a set deadline, threatening legal action if the demand is not met. The company alleges that the warning has led to a collapse of sales to large enterprises and public‑sector customers by roughly four‑fifths, resulting in losses estimated in the three‑digit‑million‑euro range.
Legal Threat Details
- Deadline for BSI to retract the warning.
- Potential lawsuit seeking multi‑million‑euro damages.
- Claim amount implied to be in the low‑hundreds‑of‑millions of euros.
Implications for the German Cybersecurity Landscape
A successful challenge could force the BSI to adopt a more evidence‑based, transparent process for issuing security warnings, reshaping how German authorities communicate risk to public‑sector buyers. Conversely, a ruling in favor of the BSI would reinforce its prerogative to issue precautionary advisories based on national‑security considerations, potentially encouraging other EU states to maintain similar warnings against vendors with perceived geopolitical risks.
Practitioners’ Perspective
Security experts note that the dispute highlights a broader tension between supply‑chain risk management and market competition. Organizations are urged to adopt a defense‑in‑depth strategy that does not rely on a single vendor, emphasizing diversified endpoint protection, strict access controls and continuous monitoring to mitigate regulatory or geopolitical challenges.
Outlook
The next weeks will reveal whether the BSI will amend its advisory, engage in dialogue with Kaspersky, or prepare to defend its position in court. German public‑sector bodies and large enterprises must navigate a complex risk landscape, balancing operational security needs against an increasingly politicized cybersecurity market.
