Christian Dierks‘ contribution to the volume "Cybersecurity at the hospital", the article „Legal framework for IT-security at the hospital“, explains the background of the Act on the Federal Office for Information Security (BSI Act – BSIG) and regulations defining infrastructures as critical for the healthcare system. It focuses on rights and obligations for hospitals, drug and medical devices manufacturers resulting from this framework and describes measures that are to be taken to fulfill existing legal requirements. The work gives hospital managers and other players of the healthcare system an overview of issues that have to be considered to act legally compliant regarding cybersecurity.