The German Bundestag has approved an amendment to its IT security law permitting the government to fine critical infrastructure providers for inadequate cybersecurity policies.  The IT Security Act will require service providers in the financial services, telecommunications, transportation, health, water, utilities, and insurance sectors to implement stricter, state-of-the-art security standards within the next two years or face fines of up to €100,000.  Companies must also notify the Federal Office of Information Security of any actual or suspected breaches, though the law does not specify how severe the breach has to be to require reporting.  The law establishes special requirements for telecommunications providers, which must protect their systems to the extent that this is "technically and economically feasible” and inform users of security breaches.