How do Normen (standards) fit into the legal pyramid?
Normen sit below laws (Gesetze), ordinances (Verordnungen), and Verwaltungsvorschriften — they are voluntary by default but become binding when they're written into a contract or treated as the legal "Stand der Technik."
* The legal pyramid: Normen sit below laws and ordinances — voluntary by default, binding once contracted or treated as the recognised state of the art. *
The legal pyramid from most to least binding:
| Level | Examples |
|---|---|
| Gesetze (Laws) | DSG, ISG, OR |
| Verordnungen (Ordinances) | z.B. BetrSichV, VStättVO |
| Verwaltungsvorschriften | z.B. TA Lärm, FlBauR, DIN EN ISO etc. |
| Normen (Standards) | ISO/IEC 27001, IEEE 802.11 |
| Anerkannte Regeln der Technik | VDE, ITU-Standards (ISO/SQO), DGUV Schriften |
Note the diagonal arrows: Detaillierungsgrad / Flexibilität decreases as you go up; Verbindlichkeit / Gültigkeitsdauer increases.
Critical exception: Normen become rechtlich bindend (legally binding) when:
- They are written into a contract (Kauf- oder Werkvertragsrecht).
- They are treated by courts as the "Best Practice" benchmark (Produkthaftung).
Tip: Saying "we're ISO 27001 certified" sounds voluntary, but in court it can be used both as a shield ("we met the recognised standard") and as a sword ("the standard requires X — you didn't do X"). Standards are voluntary to adopt but binding once you claim them.
Go deeper:
Standardization — de jure vs voluntary standards (Wikipedia) — why a voluntary Norm can still bind you as the recognised state of the art.