{
    "schema": "https://saferpage.de/schemas/regulatory-alert-routing.v1",
    "generated_at": "2026-07-01T02:25:25+00:00",
    "domain": "off.de",
    "available": true,
    "scan": {
        "id": "f109b7bc-300b-413a-883e-dd212831dbe1",
        "checked_at": "2026-06-30 15:10:22.488339+02"
    },
    "summary": "Alert-Routing für off.de: 12 regulatorische Alerts, 6 Watch-Abos, 6 Impact-Regeln.",
    "digest": {
        "alert_count": 12,
        "subscription_count": 6,
        "impact_rule_count": 6,
        "source_count": 8,
        "official_source_count": 4,
        "priority_counts": {
            "kritisch": 4,
            "hoch": 7,
            "mittel": 1,
            "niedrig": 0
        }
    },
    "subscriptions": [
        {
            "id": "dach_eprivacy_tracking",
            "name": "DACH ePrivacy und Tracking",
            "jurisdictions": [
                "DE",
                "AT",
                "CH",
                "EU"
            ],
            "topics": [
                "TDDDG",
                "ePrivacy",
                "Cookies",
                "Consent Mode",
                "GPC"
            ],
            "cadence": "täglich bei Alerts, monatlich als Review",
            "owner": "Marketing/IT/Datenschutz"
        },
        {
            "id": "eu_privacy_core",
            "name": "EU Datenschutz-Kernpflichten",
            "jurisdictions": [
                "EU"
            ],
            "topics": [
                "DSGVO",
                "EDPB",
                "EUR-Lex",
                "Betroffenenrechte",
                "DSFA"
            ],
            "cadence": "woechentlich bei Änderungen",
            "owner": "Datenschutz/Legal"
        },
        {
            "id": "security_tom",
            "name": "Websicherheit und TOM",
            "jurisdictions": [
                "DE",
                "EU"
            ],
            "topics": [
                "BSI",
                "TLS",
                "CSP",
                "Security Header",
                "Nachweise"
            ],
            "cadence": "quartalsweise plus Release-Gate",
            "owner": "IT/Security"
        },
        {
            "id": "vendor_transfer",
            "name": "Anbieter und Drittlandtransfer",
            "jurisdictions": [
                "EU",
                "Drittland"
            ],
            "topics": [
                "DPA/AVV",
                "SCC",
                "TIA",
                "Subprozessoren"
            ],
            "cadence": "monatlich und bei Anbieterwechsel",
            "owner": "Datenschutz/Einkauf/IT"
        },
        {
            "id": "accessibility_bfsg",
            "name": "Barrierefreiheit und BFSG",
            "jurisdictions": [
                "DE",
                "EU"
            ],
            "topics": [
                "BFSG",
                "WCAG",
                "Nutzerrechte"
            ],
            "cadence": "quartalsweise",
            "owner": "UX/IT/Datenschutz"
        },
        {
            "id": "ai_governance",
            "name": "KI und Profiling",
            "jurisdictions": [
                "EU"
            ],
            "topics": [
                "AI Act",
                "Profiling",
                "Chatbots",
                "Automatisierte Entscheidungen"
            ],
            "cadence": "monatlich und bei neuem Use Case",
            "owner": "Product/Datenschutz/Legal"
        }
    ],
    "impact_rules": [
        {
            "id": "eu_dsgvo_privacy_ops",
            "jurisdiction": "EU/DACH",
            "topic": "DSGVO, Betroffenenrechte, Notice, DSFA",
            "keywords": [
                "dsgvo",
                "gdpr",
                "edpb",
                "eur-lex",
                "notice",
                "betroffenenrechte",
                "dsar",
                "dsfa",
                "dpia"
            ],
            "impacted_centers": [
                "https://saferpage.de/datenschutz/off.de/entwurf",
                "https://saferpage.de/rechte/off.de",
                "https://saferpage.de/assessment/off.de/workflow-json",
                "https://saferpage.de/dsfa/off.de"
            ],
            "owner": "Datenschutz/Legal",
            "default_priority": "hoch",
            "next_step": "Pflichtänderung gegen Datenschutzhinweis, DSAR-Prozess und Assessment-Workflow prüfen.",
            "evidence_required": "Quelle, betroffene Textstelle, betroffene SaferPage-Befunde, Entscheidung und Re-Scan-ID."
        },
        {
            "id": "de_tdddg_eprivacy_tracking",
            "jurisdiction": "DE/EU",
            "topic": "TDDDG, ePrivacy, Cookies, Consent, GPC",
            "keywords": [
                "tdddg",
                "eprivacy",
                "cookie",
                "cookies",
                "consent",
                "tracking",
                "gpc",
                "cmp"
            ],
            "impacted_centers": [
                "https://saferpage.de/consent/off.de",
                "https://saferpage.de/cookies/off.de",
                "https://saferpage.de/consent-banner/off.de/blocking-json",
                "https://saferpage.de/consent/off.de/framework-json"
            ],
            "owner": "Marketing/IT/Datenschutz",
            "default_priority": "kritisch",
            "next_step": "Consent-Default, Auto-Blocking, Cookie-Katalog und GPC-Verhalten vor dem nächsten Release abgleichen.",
            "evidence_required": "Consent-Screenshot, Cookie-Diff, Script-Blocking-Nachweis, CMP-Version und Test-URL."
        },
        {
            "id": "security_tom_bsi",
            "jurisdiction": "DE/EU",
            "topic": "Security, TOM, TLS, BSI",
            "keywords": [
                "security",
                "tom",
                "bsi",
                "tls",
                "csp",
                "header",
                "sicherheit"
            ],
            "impacted_centers": [
                "https://saferpage.de/technik/off.de",
                "https://saferpage.de/nachweise/off.de",
                "https://saferpage.de/kontrollen/off.de"
            ],
            "owner": "IT/Security",
            "default_priority": "hoch",
            "next_step": "Technische Schutzmaßnahmen, Header, TLS und Evidence Pack gegen die neue Anforderung prüfen.",
            "evidence_required": "Header-/TLS-Auszug, Kontrolltest, Change-Ticket und Nachweislink."
        },
        {
            "id": "accessibility_bfsg",
            "jurisdiction": "DE/EU",
            "topic": "BFSG, WCAG, Barrierefreiheit",
            "keywords": [
                "bfsg",
                "wcag",
                "accessibility",
                "barrierefreiheit"
            ],
            "impacted_centers": [
                "https://saferpage.de/barrierefreiheit/off.de",
                "https://saferpage.de/datenschutz-hub/off.de"
            ],
            "owner": "UX/IT/Datenschutz",
            "default_priority": "mittel",
            "next_step": "Consent-, Datenschutz- und DSAR-Flows auf Bedienbarkeit, Kontrast, Tastatur und klare Sprache prüfen.",
            "evidence_required": "WCAG/BFSG-Testnotiz, betroffene URLs, Screenshot und Entscheidung."
        },
        {
            "id": "vendor_transfer_due_diligence",
            "jurisdiction": "EU/Drittland",
            "topic": "Anbieter, Drittlandtransfer, TIA, SCC",
            "keywords": [
                "vendor",
                "anbieter",
                "transfer",
                "drittland",
                "tia",
                "scc",
                "subprozessor"
            ],
            "impacted_centers": [
                "https://saferpage.de/anbieter/off.de/due-diligence",
                "https://saferpage.de/transfer/off.de",
                "https://saferpage.de/verarbeitungen/off.de"
            ],
            "owner": "Datenschutz/Einkauf/IT",
            "default_priority": "hoch",
            "next_step": "Anbieterinventar, AVV/DPA, Transfermechanismus und TIA-Entscheidung aktualisieren.",
            "evidence_required": "Anbieterkarte, DPA/AVV-Link, Transferbewertung, Subprozessoren und Restrisikoentscheidung."
        },
        {
            "id": "ai_governance",
            "jurisdiction": "EU",
            "topic": "KI, Profiling, Automatisierung",
            "keywords": [
                "ki",
                "ai",
                "profiling",
                "automatisierung",
                "chatbot"
            ],
            "impacted_centers": [
                "https://saferpage.de/ki/off.de",
                "https://saferpage.de/dsfa/off.de",
                "https://saferpage.de/assessment/off.de/workflow-json"
            ],
            "owner": "Product/Datenschutz/Legal",
            "default_priority": "hoch",
            "next_step": "KI-/Profiling-Use-Case, Transparenz, Rechtsgrundlage, DSFA-Schwelle und Vendor-Setup bewerten.",
            "evidence_required": "Use-Case-Beschreibung, Datenarten, Modell-/Vendor-Info, DSFA-Entscheidung und Nutzerhinweis."
        }
    ],
    "routing_rules": [
        {
            "when": "priority=kritisch",
            "route_to": [
                "Datenschutz/Legal",
                "IT/Marketing"
            ],
            "sla_hours": 48,
            "reminder_after_hours": 24,
            "escalate_after_hours": 72
        },
        {
            "when": "priority=hoch",
            "route_to": [
                "Datenschutz/Legal",
                "Website-Betrieb"
            ],
            "sla_hours": 120,
            "reminder_after_hours": 72,
            "escalate_after_hours": 168
        },
        {
            "when": "topic contains Vendor or Transfer",
            "route_to": [
                "Datenschutz",
                "Einkauf",
                "IT"
            ],
            "sla_hours": 168,
            "reminder_after_hours": 96,
            "escalate_after_hours": 240
        },
        {
            "when": "Release betrifft Cookies, CMP, Anbieter, Formular oder KI",
            "route_to": [
                "Release-Owner",
                "Datenschutz"
            ],
            "sla_hours": 24,
            "reminder_after_hours": 12,
            "escalate_after_hours": 36
        }
    ],
    "notification_channels": {
        "email": {
            "subject_template": "[SaferPage] {priority} Regulatory Alert für off.de",
            "recipient_group": "privacy-ops@betreiber.example",
            "body_fields": [
                "title",
                "topic",
                "source_url",
                "next_step",
                "impacted_centers"
            ]
        },
        "slack": {
            "channel": "#privacy-ops",
            "payload_template": {
                "text": "{title}",
                "blocks": [
                    "priority",
                    "topic",
                    "source_url",
                    "next_step"
                ]
            }
        },
        "teams": {
            "webhook_name": "Privacy Ops Alerts",
            "payload_template": {
                "title": "{title}",
                "summary": "{next_step}",
                "sections": [
                    "Evidence",
                    "Impacted Centers"
                ]
            }
        },
        "webhook": {
            "method": "POST",
            "content_type": "application/json",
            "signature_header": "X-SaferPage-Signature",
            "idempotency_header": "Idempotency-Key"
        },
        "rss": {
            "feed_url": "https://saferpage.de/regulatory-watch/off.de/alerts-json",
            "item_key": "dedupe_key"
        }
    },
    "alerts": [
        {
            "id": "reg-alert-01",
            "title": "DSK Orientierungshilfe digitale Dienste für off.de bewerten",
            "jurisdiction": "DE/EU",
            "topic": "TDDDG, ePrivacy, Cookies, Consent, GPC",
            "priority": "kritisch",
            "status": "routing-ready",
            "source_url": "https://www.datenschutzkonferenz-online.de/media/oh/OH_Digitale_Dienste.pdf",
            "source_name": "DSK Orientierungshilfe digitale Dienste",
            "impacted_centers": [
                "https://saferpage.de/consent/off.de",
                "https://saferpage.de/cookies/off.de",
                "https://saferpage.de/consent-banner/off.de/blocking-json",
                "https://saferpage.de/consent/off.de/framework-json"
            ],
            "owner": "Marketing/IT/Datenschutz",
            "due_in_days": 7,
            "next_step": "Consent-Default, Auto-Blocking, Cookie-Katalog und GPC-Verhalten vor dem nächsten Release abgleichen.",
            "evidence_required": "Consent-Screenshot, Cookie-Diff, Script-Blocking-Nachweis, CMP-Version und Test-URL.",
            "dedupe_key": "8a0f418e84a9b1cd586debe73238250952b96feebf10654094400b836758ec54"
        },
        {
            "id": "reg-alert-02",
            "title": "DSGVO Art. 6 für off.de bewerten",
            "jurisdiction": "EU/DACH",
            "topic": "DSGVO, Betroffenenrechte, Notice, DSFA",
            "priority": "hoch",
            "status": "routing-ready",
            "source_url": "https://eur-lex.europa.eu/eli/reg/2016/679/oj",
            "source_name": "DSGVO Art. 6",
            "impacted_centers": [
                "https://saferpage.de/datenschutz/off.de/entwurf",
                "https://saferpage.de/rechte/off.de",
                "https://saferpage.de/assessment/off.de/workflow-json",
                "https://saferpage.de/dsfa/off.de"
            ],
            "owner": "Datenschutz/Legal",
            "due_in_days": 14,
            "next_step": "Pflichtänderung gegen Datenschutzhinweis, DSAR-Prozess und Assessment-Workflow prüfen.",
            "evidence_required": "Quelle, betroffene Textstelle, betroffene SaferPage-Befunde, Entscheidung und Re-Scan-ID.",
            "dedupe_key": "56aff5b2e11493e60be4f11250c3797959fa5f657a01503b2f3f4d530d4bed22"
        },
        {
            "id": "reg-alert-03",
            "title": "BSI TLS-Mindeststandard und IT-Grundschutz Webserver/Webanwendungen für off.de bewerten",
            "jurisdiction": "DE/EU",
            "topic": "Security, TOM, TLS, BSI",
            "priority": "hoch",
            "status": "routing-ready",
            "source_url": "https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Mindeststandards/Mindeststandard_BSI_TLS_Version_2_3.pdf",
            "source_name": "BSI TLS-Mindeststandard und IT-Grundschutz Webserver/Webanwendungen",
            "impacted_centers": [
                "https://saferpage.de/technik/off.de",
                "https://saferpage.de/nachweise/off.de",
                "https://saferpage.de/kontrollen/off.de"
            ],
            "owner": "IT/Security",
            "due_in_days": 14,
            "next_step": "Technische Schutzmaßnahmen, Header, TLS und Evidence Pack gegen die neue Anforderung prüfen.",
            "evidence_required": "Header-/TLS-Auszug, Kontrolltest, Change-Ticket und Nachweislink.",
            "dedupe_key": "6d80053094363fcd7917c808e0aa164559ae353d7812b933766748682cb0ab31"
        },
        {
            "id": "reg-alert-04",
            "title": "WCAG 2.2 / BFIT / European Accessibility Act für off.de bewerten",
            "jurisdiction": "DE/EU",
            "topic": "TDDDG, ePrivacy, Cookies, Consent, GPC",
            "priority": "kritisch",
            "status": "routing-ready",
            "source_url": "https://www.w3.org/TR/WCAG22/",
            "source_name": "WCAG 2.2 / BFIT / European Accessibility Act",
            "impacted_centers": [
                "https://saferpage.de/consent/off.de",
                "https://saferpage.de/cookies/off.de",
                "https://saferpage.de/consent-banner/off.de/blocking-json",
                "https://saferpage.de/consent/off.de/framework-json"
            ],
            "owner": "Marketing/IT/Datenschutz",
            "due_in_days": 7,
            "next_step": "Consent-Default, Auto-Blocking, Cookie-Katalog und GPC-Verhalten vor dem nächsten Release abgleichen.",
            "evidence_required": "Consent-Screenshot, Cookie-Diff, Script-Blocking-Nachweis, CMP-Version und Test-URL.",
            "dedupe_key": "cb54bceec88bd2134617f425ac87a3d87205fd5cc4a468d0ffd3e41f2d05adfb"
        },
        {
            "id": "reg-alert-05",
            "title": "BFSG/WCAG für off.de bewerten",
            "jurisdiction": "DE/EU",
            "topic": "BFSG, WCAG, Barrierefreiheit",
            "priority": "mittel",
            "status": "routing-ready",
            "source_url": "/guides/barrierefreiheit-cookie-banner-formulare",
            "source_name": "BFSG/WCAG",
            "impacted_centers": [
                "https://saferpage.de/barrierefreiheit/off.de",
                "https://saferpage.de/datenschutz-hub/off.de"
            ],
            "owner": "UX/IT/Datenschutz",
            "due_in_days": 30,
            "next_step": "Consent-, Datenschutz- und DSAR-Flows auf Bedienbarkeit, Kontrast, Tastatur und klare Sprache prüfen.",
            "evidence_required": "WCAG/BFSG-Testnotiz, betroffene URLs, Screenshot und Entscheidung.",
            "dedupe_key": "82851720c8ec85daac303a77a8bb7c107c625a343cc13943cb742e37d424260a"
        },
        {
            "id": "reg-alert-06",
            "title": "BSI/Security für off.de bewerten",
            "jurisdiction": "DE/EU",
            "topic": "Security, TOM, TLS, BSI",
            "priority": "hoch",
            "status": "routing-ready",
            "source_url": "/guides/security-header-setzen",
            "source_name": "BSI/Security",
            "impacted_centers": [
                "https://saferpage.de/technik/off.de",
                "https://saferpage.de/nachweise/off.de",
                "https://saferpage.de/kontrollen/off.de"
            ],
            "owner": "IT/Security",
            "due_in_days": 14,
            "next_step": "Technische Schutzmaßnahmen, Header, TLS und Evidence Pack gegen die neue Anforderung prüfen.",
            "evidence_required": "Header-/TLS-Auszug, Kontrolltest, Change-Ticket und Nachweislink.",
            "dedupe_key": "d027e9bf61cb4be2742f579b83ba5bb9c3e04a6c7ff273c840eb3f1e2d98771c"
        },
        {
            "id": "reg-alert-07",
            "title": "DSGVO für off.de bewerten",
            "jurisdiction": "EU/DACH",
            "topic": "DSGVO, Betroffenenrechte, Notice, DSFA",
            "priority": "hoch",
            "status": "routing-ready",
            "source_url": "/guides/datenschutzerklaerung-verbessern",
            "source_name": "DSGVO",
            "impacted_centers": [
                "https://saferpage.de/datenschutz/off.de/entwurf",
                "https://saferpage.de/rechte/off.de",
                "https://saferpage.de/assessment/off.de/workflow-json",
                "https://saferpage.de/dsfa/off.de"
            ],
            "owner": "Datenschutz/Legal",
            "due_in_days": 14,
            "next_step": "Pflichtänderung gegen Datenschutzhinweis, DSAR-Prozess und Assessment-Workflow prüfen.",
            "evidence_required": "Quelle, betroffene Textstelle, betroffene SaferPage-Befunde, Entscheidung und Re-Scan-ID.",
            "dedupe_key": "209ce4a147c6e9940bc67d2ef0529e3e16075c033018be16450e25c189d16db5"
        },
        {
            "id": "reg-alert-08",
            "title": "TDDDG/ePrivacy für off.de bewerten",
            "jurisdiction": "DE/EU",
            "topic": "TDDDG, ePrivacy, Cookies, Consent, GPC",
            "priority": "kritisch",
            "status": "routing-ready",
            "source_url": "/guides/tracking-und-consent-reparieren",
            "source_name": "TDDDG/ePrivacy",
            "impacted_centers": [
                "https://saferpage.de/consent/off.de",
                "https://saferpage.de/cookies/off.de",
                "https://saferpage.de/consent-banner/off.de/blocking-json",
                "https://saferpage.de/consent/off.de/framework-json"
            ],
            "owner": "Marketing/IT/Datenschutz",
            "due_in_days": 7,
            "next_step": "Consent-Default, Auto-Blocking, Cookie-Katalog und GPC-Verhalten vor dem nächsten Release abgleichen.",
            "evidence_required": "Consent-Screenshot, Cookie-Diff, Script-Blocking-Nachweis, CMP-Version und Test-URL.",
            "dedupe_key": "be4f0a57b7e9da1da4489f9df1e7e7df856c6fbe42cd062003adf37c7c57f4f7"
        },
        {
            "id": "reg-gap-01",
            "title": "Wiederholungsscans und Change-Alerts angebunden schließen",
            "jurisdiction": "DE/EU",
            "topic": "TDDDG, ePrivacy, Cookies, Consent, GPC",
            "priority": "kritisch",
            "status": "operator-action-needed",
            "source_url": "https://saferpage.de/monitoring",
            "source_name": "SaferPage Gap",
            "impacted_centers": [
                "https://saferpage.de/consent/off.de",
                "https://saferpage.de/cookies/off.de",
                "https://saferpage.de/consent-banner/off.de/blocking-json",
                "https://saferpage.de/consent/off.de/framework-json"
            ],
            "owner": "Marketing/IT/Datenschutz",
            "due_in_days": 7,
            "next_step": "Regulatorische Prüfpunkte bei neuen Cookies, Anbietern, Formularen, AI-/Profiling-Use-Cases und Rechtsänderungen erneut bewerten.",
            "evidence_required": "Alerts 0.",
            "dedupe_key": "9236865e78cb6e85a74f354400aaa2ada4c497b77bcbdce83473cd257d388575"
        },
        {
            "id": "reg-gap-02",
            "title": "Owner und Review-Kadenz definiert schließen",
            "jurisdiction": "DE/EU",
            "topic": "Security, TOM, TLS, BSI",
            "priority": "hoch",
            "status": "operator-action-needed",
            "source_url": "https://saferpage.de/betreiber/off.de",
            "source_name": "SaferPage Gap",
            "impacted_centers": [
                "https://saferpage.de/technik/off.de",
                "https://saferpage.de/nachweise/off.de",
                "https://saferpage.de/kontrollen/off.de"
            ],
            "owner": "IT/Security",
            "due_in_days": 14,
            "next_step": "Legal/DSB, Website-Betrieb, Marketing, Security und Product als feste Owner für regulatorische Änderungen benennen.",
            "evidence_required": "Aus öffentlichem Scan nicht beweisbar.",
            "dedupe_key": "22fe6bdb2a5a6921a250e45bedcc01a436386f92442d631085586ceaf7c78662"
        },
        {
            "id": "reg-gap-03",
            "title": "Quellenstand und Auswirkungsbewertung versioniert schließen",
            "jurisdiction": "EU",
            "topic": "KI, Profiling, Automatisierung",
            "priority": "hoch",
            "status": "operator-action-needed",
            "source_url": "https://saferpage.de/nachweise/off.de",
            "source_name": "SaferPage Gap",
            "impacted_centers": [
                "https://saferpage.de/ki/off.de",
                "https://saferpage.de/dsfa/off.de",
                "https://saferpage.de/assessment/off.de/workflow-json"
            ],
            "owner": "Product/Datenschutz/Legal",
            "due_in_days": 14,
            "next_step": "Quelle, Abrufdatum, betroffene Domains, geänderte Pflicht und Umsetzungsticket versionieren.",
            "evidence_required": "Aus öffentlichem Scan nicht beweisbar.",
            "dedupe_key": "7c6d980dcb1b5f682ae19910dd7d8647c2c28b340027aad3f98c24987c76075c"
        },
        {
            "id": "reg-gap-04",
            "title": "Behörden-/Rechtsprechungs-Intake für DACH/EU schließen",
            "jurisdiction": "EU/DACH",
            "topic": "DSGVO, Betroffenenrechte, Notice, DSFA",
            "priority": "hoch",
            "status": "operator-action-needed",
            "source_url": "https://saferpage.de/regelwerke/off.de",
            "source_name": "SaferPage Gap",
            "impacted_centers": [
                "https://saferpage.de/datenschutz/off.de/entwurf",
                "https://saferpage.de/rechte/off.de",
                "https://saferpage.de/assessment/off.de/workflow-json",
                "https://saferpage.de/dsfa/off.de"
            ],
            "owner": "Datenschutz/Legal",
            "due_in_days": 14,
            "next_step": "DSK, BfDI/Landesbehoerden, EDPB, EUR-Lex, BSI und BFSG/WCAG-Quellen als Watchlist führen.",
            "evidence_required": "Offizielle Quellen 4.",
            "dedupe_key": "c5ef757789522bfda926399131c28702ea2e4e517ca524e2ea6f023b90880dfc"
        }
    ],
    "links": {
        "watch_center": "https://saferpage.de/regulatory-watch/off.de",
        "alerts_json": "https://saferpage.de/regulatory-watch/off.de/alerts-json",
        "alerts_csv": "https://saferpage.de/regulatory-watch/off.de/alerts-csv",
        "digest_md": "https://saferpage.de/regulatory-watch/off.de/digest-md",
        "assessment_workflow": "https://saferpage.de/assessment/off.de/workflow-json",
        "operator_board": "https://saferpage.de/betreiber/off.de",
        "monitoring": "https://saferpage.de/monitoring/domain/off.de",
        "regulatory_scorecard": "https://saferpage.de/regelwerke/off.de"
    },
    "disclaimer": "Automatisch erzeugtes Routing-Paket. Es sendet keine Nachrichten selbststaendig und ersetzt keine Rechtsberatung."
}
