- Legal Basis
- § 202a StGB
- Sentencing Range
- Imprisonment up to three years or a fine; in especially serious cases imprisonment from three months to five years
- Summary
- Unlawfully obtaining data that is not intended for the offender and is specially protected against unauthorised access
Data Espionage (Section 202a StGB)
Data espionage protects the formal right to control data that is specially secured against unauthorised access. In practice, this offence primarily concerns the unauthorised intrusion into other people’s computer systems — commonly known as “hacking.” With increasing digitalisation, this provision has gained considerable importance and is frequently applied in cybercrime investigations. Expats working in Germany’s tech sector or managing digital infrastructure should be aware of the broad scope of this offence.
Legal Basis
Section 202a of the German Criminal Code (StGB) provides:
“(1) Anyone who unlawfully obtains access to data that is not intended for them and is specially protected against unauthorised access, by overcoming the access protection, shall be punished with imprisonment of up to three years or a fine.
(2) Data within the meaning of subsection (1) means only data that is stored or transmitted electronically, magnetically, or otherwise in a form not directly perceptible.”
Elements of the Offence
Data: Only data that is stored or transmitted electronically, magnetically, or in a form not directly perceptible is covered. Paper documents do not fall within the scope of protection.
Not intended for the offender: The data must not be intended for the person accessing it. The decisive factor is the right of disposal of the person who stored the data. Even one’s own data on another person’s system can be “not intended” if the authorised person has restricted access.
Specially secured against unauthorised access: The data must be specially secured against unauthorised access. This includes password protection, encryption, firewalls, biometric security measures, and comparable technical measures. Merely organisational access restrictions (e.g., a locked door to a server room) are generally considered insufficient.
Overcoming the access protection: The offender must actually overcome the security measure. Simply exploiting an accidentally left-open access point (e.g., an unlocked computer) does not satisfy the offence. The overcoming can occur through technical means (brute-force attacks, exploits, keyloggers) or through social engineering (phishing).
Obtaining access for oneself or another: The offender must actually obtain access to the data. Merely acquiring the ability to access suffices; actual knowledge of the data content is not required.
Typical Methods of Commission
Common methods include cracking passwords through brute-force or dictionary attacks, exploiting software vulnerabilities, phishing attacks to obtain login credentials, deploying keyloggers or spyware, breaking into Wi-Fi networks by circumventing encryption, and accessing cloud accounts using stolen credentials.
Sentencing Range
Data espionage carries a penalty of up to three years’ imprisonment or a fine. In particularly serious cases, such as commercial-scale activity or where the data is subject to special confidentiality protection, a higher sentence within the sentencing range may be imposed. Where the offence coincides with other crimes (computer fraud, data alteration, computer sabotage), an aggregate sentence is formed.
Typical Defence Strategies
A central defence approach concerns whether special access protection actually existed and whether it was overcome. If the security was defective or access was open, the element of “overcoming” is absent. Furthermore, it is examined whether the data was truly “not intended for the offender” — in cases of authorised access (e.g., as an administrator or in the context of a penetration test), criminal liability is excluded. The reliable attribution of the act to the accused is also frequently problematic: IP addresses alone do not prove who actually acted. Finally, exclusionary rules may apply if law enforcement violated procedural rules when securing digital evidence.
Frequently Asked Questions
Was droht bei einer Anklage wegen Data Espionage?
Bei Data Espionage drohen je nach Schwere des Vorwurfs Geldstrafe oder Freiheitsstrafe. Ein erfahrener Strafverteidiger kann die Verteidigungsstrategie optimieren und häufig eine Einstellung des Verfahrens oder einen Freispruch erreichen. Rechtsanwalt Philip Bafteh in Bonn berät Sie kostenfrei zu Ihren Chancen.
Brauche ich einen Anwalt bei Data Espionage?
Ja, bei dem Vorwurf der Data Espionage ist anwaltliche Vertretung dringend zu empfehlen. Bereits im Ermittlungsverfahren können entscheidende Weichen gestellt werden. Schweigen Sie gegenüber der Polizei und kontaktieren Sie umgehend einen Strafverteidiger. Unter 0228 504 463 36 ist die Kanzlei BAFTEH Strafverteidigung rund um die Uhr erreichbar.
Was kostet ein Strafverteidiger bei Data Espionage?
Die Kosten richten sich nach Umfang und Komplexität des Verfahrens. Eine erste Einschätzung Ihres Falls ist bei Rechtsanwalt Philip Bafteh kostenfrei. Rufen Sie an unter 0228 504 463 36 oder schreiben Sie an bafteh@kanzlei-bsvh.de.
Muss ich zur Polizei, wenn ich als Beschuldigter vorgeladen werde?
Einer rein polizeilichen Police Summons müssen Sie als Beschuldigter nicht folgen, und Sie sind nie verpflichtet, sich zur Sache zu äußern. Einer Ladung der Staatsanwaltschaft oder des Gerichts sollten Sie folgen – schweigen dürfen Sie aber auch dort.
Sollte ich vor der Akteneinsicht aussagen?
In aller Regel nein. Ohne Kenntnis der Ermittlungsakte lässt sich nicht beurteilen, welche Beweise vorliegen. Eine Einlassung sollte erst nach Akteneinsicht und in Abstimmung mit dem Verteidiger erfolgen.
Kann ein Strafverfahren eingestellt werden?
Ja. Je nach Beweislage kommen eine Einstellung mangels hinreichenden Tatverdachts (§ 170 II StPO), wegen Geringfügigkeit (§ 153 StPO) oder gegen Auflagen (§ 153a StPO) in Betracht. Nach Akteneinsicht prüfen wir die Möglichkeiten.
Summons or accusation of Data Espionage? What matters now
Make no statement to the police at first
As an accused person you are never obliged to comment on the allegation. Anything said to the police can be used against you. Provide statements only through your defense attorney and only after reviewing the case file.
File inspection comes first
A sound defense against the allegation of Data Espionage requires knowledge of the investigation file. Only once the available evidence is clear can we decide whether a statement is advisable or whether remaining silent is the better strategy.
Possible discontinuation of proceedings
Not every case ends in a main hearing. Depending on the evidence and any prior record, the proceedings may be discontinued for lack of sufficient suspicion (§ 170 II StPO), for triviality (§ 153 StPO) or subject to conditions (§ 153a StPO). Often a penalty order without a public trial can be achieved.
Victim-offender mediation and restitution
In many cases, victim-offender mediation or making good the damage (§ 46a StGB) can significantly reduce the sentence or enable a discontinuation. Whether this is advisable in your case is something we assess based on the file.
What we do after reviewing the file
We examine the evidence for reliability and admissibility, look for procedural errors, develop the defense strategy, negotiate with the public prosecutor on a discontinuation and represent you, if necessary, in the main hearing before the District Court or Regional Court of Bonn.
Available 24/7: +49 228 504 463 36
This information does not replace a review of the individual case. In criminal proceedings, the defence strategy depends substantially on the case file, the specific allegation and the evidence.
Why BAFTEH Strafverteidigung?
- Direct contact with your defense attorney – no intermediaries
- Available around the clock, including nights and weekends
- Fast file inspection and a clear defense strategy
- Focused exclusively on criminal law
- Defense in Bonn, Cologne and the entire region
Written by attorney Philip Bafteh, criminal defense lawyer in Bonn. Philip Bafteh publishes regularly on criminal and commercial law and defends accused persons in investigative and trial proceedings.
More about the attorney →Last updated: Juni 2026
Free Initial Assessment
Have you received a summons or are you under investigation? Call us – the initial assessment by phone is free for up to 10 minutes.
+49 228 504 463 36