No, sharing passwords in Germany violates multiple legal frameworks, including the German Criminal Code (§ 202c StGB) and the EU’s Digital Services Act (DSA), as of 2026. Unauthorized access to digital services is criminalized, with exceptions only for legitimate business operations under strict contractual controls.
Key Regulations for Sharing Passwords in Germany
- § 202c StGB (Preparation of Data Espionage): Prohibits the unauthorized provision of passwords or access credentials, punishable by up to three years imprisonment or fines. This includes sharing within organizations without explicit authorization.
- EU Digital Services Act (DSA, 2026 enforcement): Mandates service providers to implement measures preventing password sharing under “illegal access” provisions, with penalties up to 6% of global turnover for non-compliance.
- Telemedia Act (§ 13 TMG): Requires service providers to ensure user authentication integrity, restricting password sharing to prevent fraud or unauthorized access under data protection obligations.
German courts have consistently upheld these restrictions, even in employment contexts, unless governed by a formalized internal policy with documented consent. The Federal Office for Information Security (BSI) further advises against password sharing due to heightened cybersecurity risks, aligning with GDPR’s accountability principle. Exceptions exist for emergency access protocols, but these require pre-approved, auditable frameworks.