Skip to content
logo The magazine for digital lifestyle and entertainment
A brand of Bild
Internet News Security All topics
New Investigation

German Agencies’ Domain Jungle Poses Security Risk

Someone types on a laptop
There are too many German government domains on the internet. Photo: Getty Images
Share article

December 30, 2025, 3:27 pm | Read time: 4 minutes

There are countless websites on the internet where consumers can accomplish all sorts of tasks. However, for certain inquiries and processes, it’s best to rely on an official government website. Unfortunately, finding such a site can be more challenging than one might think. Moreover, this issue poses risks for IT security in Germany.

Federal Domains Risk for Germany’s IT Security

Anyone searching for an official German government website expects a reliable and trustworthy source for their needs. However, distinguishing these from unofficial or even fake web addresses is not easy. As reported by the platform “Frag den Staat,” there is a veritable domain jungle that can even threaten IT security in Germany.

The discussion involves “lack of transparency” and “poor management of federal domains.” This leads to misunderstandings and confusion. A clear, unified approach like in other countries does not exist. In the U.S., the UK, or Austria, there are clear web addresses with endings such as .gov, gov.uk, or gv.at.

Too Many Domains at the Federal Level

In Germany, however, there are not only .de domains with sometimes contradictory naming patterns but also bund.de, which sees little cross-border use. Additionally, domains for specific projects, initiatives, temporary programs, or subordinate agencies add to the confusion, as their affiliation with a higher federal authority is often not immediately apparent.

Most federal ministries also largely forgo bund.de or gov.de addresses. As a result, they are not easily recognizable as state entities. Over the years, the renaming of agencies has further complicated matters, leading to a proliferation of their own domains.

Which Ministry of Transport Is It?

As an extreme example, “Frag den Staat” cites the Federal Ministry of Transport. Since the 1990s, it has been renamed several times:

  • Federal Ministry of Transport, Building and Housing
  • Federal Ministry of Transport, Building and Urban Development
  • Federal Ministry of Transport and Digital Infrastructure
  • Federal Ministry for Digital and Transport
  • Federal Ministry of Transport

The associated list of domains, some of which still exist today, is long and opaque:

bmvbs.de, bmvi.de, bmvi.eu, bmvi.info, bmvi.net, bmvi.org, bundesbauministerium.com, bundesbauministerium.de, bundesbauministerium.net, bundesbauministerium.org, bundesinfrastrukturministerium.de, bundesverkehrsministerium.com, bundesverkehrsministerium.de, bundesverkehrsministerium.net, bundesverkehrsministerium.org, verkehrsministerium.de.

According to the report, there are also individual minister domains:

bundesbauminister.de, bundesbauminister.net, bundesbauminister.org, bundesverkehrsminister.com, bundesverkehrsminister.de, bundesverkehrsminister.net, bundesverkehrsminister.org, verkehrsminister.de.

In March 2024, the IT Planning Council decided that there should be a unified digital brand with gov.de addresses. However, implementation is progressing slowly.

More on the topic

Federal Government Keeps Mum

Which and how many different domains exist at the federal level is unknown. According to the report, the government generally does not want to disclose domains, likely to maintain security through secrecy.

Efforts to create more transparency have thus yielded mixed results. For instance, the Cologne Administrative Court once ruled that the Federal Ministry of Health does not have to disclose its domains.

Also of interest: Germany Suffers More Hacker Attacks Than Any Other EU Country

Secrecy as a Risk

This approach is dangerous for IT security in Germany. In the past, there have been cases of counterfeit government websites used for fraud, such as with the Corona emergency aid during the pandemic. Expired domains have also fallen into the hands of third parties.

In the modern internet landscape, secrecy alone is not enough to ensure security. Search engines, automated DNS scans, or simply leaks can quickly reveal domains, making them vulnerable to cybercriminals. If only minimal security measures accompany secrecy, the situation can quickly become critical.

Openness would therefore force site operators to enhance security. At the same time, the public could more easily distinguish official government websites from fakes. This could reduce risks such as phishing or disinformation campaigns. For this reason, “Frag den Staat” has published more than 2,000 federal domains discovered through search engines and scraping. The sheer volume of information alone underscores the problem.

This article is a machine translation of the original German version of TECHBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@techbook.de.

You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.