2026 will not be a year of quiet modernization for IT managers in German government agencies. The Deutschland Stack from the IT Planning Council requires government agencies to adopt DevSecOps, the NIS 2 Implementation Act makes security testing a regulatory requirement, and the Accessibility Enhancement Act (BFSG) has threatened fines of up to 100,000 euros for violations of accessibility standards since mid-2025.
Anyone who develops or procures software for the public sector bears more responsibility for quality today than ever before. At the same time, according to a McKinsey study, Germany already faces a shortage of 39,000 IT professionals in the public sector.
The requirements for software quality in German government IT have skyrocketed over the past year. Section 30 of the new BSIG requires government agencies to conduct security tests, penetration tests, and static and dynamic code analysis (SAST/DAST for short). The BFSG makes accessibility testing a mandatory component of every acceptance process. And the Deutschland-Stack establishes Continuous Integration and Continuous Delivery (CI/CD) with automated testing processes as an architectural standard for the entire public administration.
At the same time, this combination of testing depth and breadth can hardly be covered by internal teams alone. Only 3 percent of IT professionals subject to social insurance contributions work in the public sector. The salary range of the Collective Bargaining Agreement for the Public Sector (TVöD) is structurally at a disadvantage compared to private-sector offers, which pay significantly more for experienced test specialists. As a result, open QA positions remain unfilled for months in many German government agencies.
Inadequate quality assurance is not an operational risk in regulated environments that can be ignored.
IT managers are aware of these risks. The real problem is often a different one: they need solid arguments to justify externally contracted quality assurance both internally and to the contracting authority.
External quality assurance is a strategically sound response to a structural problem. In the medium term, the public sector in Germany will not win the competition for specialized QA professionals against the private sector, and this very argument can be substantiated both economically and under public procurement law. It also protects IT managers from the accusation of initiating external contracts without sufficient factual basis.
The key is to correctly bundle the scope of services in the tender. A combination of three components has proven effective:
Bundling these three service components into a single lot reduces interface issues and establishes clear responsibilities across the entire QA chain. Just as important as the scope of services is choosing the right service provider. A testing service provider with government experience understands the specifics of the public procurement framework: EVB-IT-compliant contract templates, documentation aligned with BSI IT-Grundschutz, and the specific acceptance processes of specialized authorities. Generic providers often deliver solid test results but incomplete supporting documentation. This is a critical weak point in procurement and audit scenarios.
sepp.med has been active in the public sector for a long time and supports government IT projects with functional tests, security audits, load and performance tests, as well as accessibility tests. Contact us if you wish to award external QA services or optimize an existing tender.
A formal tender is mandatory for contracts with a net value of 50,000 euros or more. The Procurement Acceleration Act 2025 raised this threshold. Below this threshold, direct awards are permitted provided that budgetary requirements are met.
Test management, test automation, and acceptance testing support can be effectively awarded as a single lot. This reduces coordination efforts and establishes clear responsibilities across the entire QA chain.
A provider with government experience understands EVB-IT contexts, provides documentation aligned with BSI IT-Grundschutz, and is familiar with the specific acceptance processes of specialized authorities. During the procurement process, specifically request reference projects from the public sector.
As of now, automated tools cover 30 to 40 percent of the accessibility requirements under WCAG 2.2. Manual testing and user testing with affected individuals are essential for a comprehensive assessment.
Point to the structural shortage of skilled workers in the public sector, the increased regulatory testing requirements under NIS-2 and BFSG, and the lack of competitiveness of public sector salary scales for specialized QA profiles. This argument is factually verifiable and legally sound under public procurement law.
Firstname:
Lastname:
E-Mail Address:
Phone:
Subject:
Your message:
Yes, I consent to my personal data being collected and stored electronically. My data will only be used for the purpose of responding to my inquiry. I have taken note of the privacy policy.
You are currently viewing a placeholder content from OpenStreetMap. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
You need to load content from hCaptcha to submit the form. Please note that doing so will share data with third-party providers.
You are currently viewing a placeholder content from HubSpot. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
You are currently viewing a placeholder content from Hubspot Meetings. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
You are currently viewing a placeholder content from Google Maps. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.