Information technology (IT) as a regulatory object is defined and viewed differently across various domains of European IT security law. However, common definitions and methods for the demarcation and separation of operational information technology can contribute to coherence in the historically grown body of regulation. This paper identifies three different general approaches for the treatment of information technology within the existing body of law: information technology as a means, as a service and as a product. Furthermore, we compile a general definition of information technology, which consists of three logical subentities: components, systems, and services. Additionally, steps for the practical identification of the operational information technology addressed by material law requirements are shown. First, all services that affect an articulated protected good must be identified. Within the identification of the systems used to realize those services, two dimensions must be considered. There is the functional dimension as well as the control and power of the disposal dimension. An identified weakness of the current state of IT security law is a lack of clearly formulated protected goods within the existing regulations, which contributes to the difficulties of addressing information technology in general. Furthermore, this paper discusses which actors are responsible for a demarcated piece of information technology and what responsibilities are assigned to them. This section also elaborates on the difficulty of appropriately addressing commercial and non-commercial actors.

信息技术(IT) 作为监管对象，在欧洲 IT 安全法的各个领域都有不同的定义和看法。然而，操作信息技术的划分和分离的通用定义和方法可以有助于历史上不断发展的监管体系的一致性。本文确定了在现有法律体系内处理信息技术的三种不同的一般方法：信息技术作为手段、作为服务和作为产品。此外，我们编制了信息技术的一般定义，它由三个逻辑子实体组成：组件、系统和服务。此外，还显示了物质法要求所涉及的操作信息技术的实际识别步骤。首先，必须确定影响明确受保护商品的所有服务。在识别用于实现这些服务的系统时，必须考虑两个方面。有功能维度，也有处置维度的控制和权力。当前 IT 安全法的一个明显弱点是现有法规中缺乏明确制定的受保护产品，这导致了解决一般信息技术问题的困难。此外，本文还讨论了哪些参与者负责划定的信息技术以及分配给他们的职责。本节还详细阐述了适当解决商业和非商业行为者的困难。