§ 19 TDDDG
Technical and Organisational Measures
(1)Providers of digital services must ensure through technical and organisational measures that users of digital services 1 can terminate the use of the service at any time, and; 2 can use digital services protected against disclosure to third parties.
(2)Providers of digital services must enable the use of digital services and payment therefor anonymously or under a pseudonym, insofar as this is technically possible and reasonable. The user of digital services must be informed of this possibility.
(3)The forwarding to another provider of digital services must be indicated to the user.
(4)Providers of digital services must, insofar as this is technically possible and economically reasonable, within the scope of their respective responsibility for commercially offered digital services, ensure through technical and organisational measures that Measures under sentence 1 must take into account the state of the art. A measure under sentence 1 is in particular the application of an encryption method recognised as secure. Orders of the Federal Office for Information Security under Section 17 sentence 1 of the BSI Act shall remain unaffected. 1 no unauthorised access to the technical facilities used by them for the offering of their digital services is possible, and; 2 the technical facilities under No. 1 are secured against disruptions, including those caused by external attacks.