KRITIS (Critical Infrastructure) is the German designation for facilities and installations whose failure or impairment would have significant consequences for the public. Sectors include energy, water, food, IT and telecommunications, health, finance, and transport. Operators of critical infrastructure face special requirements under the BSI Act (BSIG) and the KRITIS Ordinance: mandatory incident reporting, evidence of adequate security measures, and regular audits. For your ISMS, it matters whether your organization qualifies as a KRITIS operator or is a supplier to one — both entail elevated requirements.