News feeds

Energy infrastructure

Critical Infrastructure Protection

The European economy and the welfare of its citizens require that the European energy infrastructure functions properly.

National authorities are responsible for policies regarding the protection of energy facilities and infrastructures in their territories, involving measures oriented to prevent disruptions, mitigate damages and restore supply under the best conditions.

In the last few years, however, new international threats have emerged, necessitating increased capability in awareness raising, prevention and response. On top of this, the development of the energy networks in the context of European internal market results in more cross-border infrastructures, which integrity and functionality affects several member States.

A European dimension is necessary to properly manage all the risks affecting energy infrastructures in such changing scenario.

Since 2004, the EU has taken the initiative on this issue, by working towards a common European approach to the protection of energy infrastructure as defined in the European Programme for Critical Infrastructure Protection. A number of sectors other than energy (i.e. Transport, ICT, Finance …) are also addressed by this programme.

Key tasks are:

  • Establishing legal instruments for implementation of EPCIP, with a sectoral dimension
  • Identification of European Critical Infrastructures in the different energy sub-sectors: oil, gas, electricity
  • Recommendations and technical assistance to Member States
  • Follow-up of national critical infrastructure programs
  • Fostering networking among the EU, Member States, security technology companies and energy infrastructure owners and operators
  • Coordination with relevant international organisations

New approach to EPCIP, as from 2013

The Commission services have taken stock of the experience gained on the European Programme for Critical Infrastructure Protection, operational since 2006. Particular attention has been paid to understand the effects of Directive 2008/114. Consequent to this exercise, a new approach to EPCIP is explained in a Commission Staff Working Document.

The Energy Sector remains at the core of EPCIP, while both the Gas and Electricity Transmission Networks are highlighted as priorities for specific projects under the future EPCIP.

European Legal framework

The Directive 2008/114/EC represents the first legal instrument of EU dimension on the subject of critical infrastructure protection. It is focused on the Energy and Transport sectors only. Complementary to the Directive, the Council has also adopted a set of "Non-binding Guidelines" for its application, which is classified documentation. A simplified, non-classified version of these Guidelines can be obtained upon request.

Thematic Network on Critical Energy Infrastructure Protection (TNCEIP) 

The European energy sector gives higher attention to the protection of its large scale energy infrastructure and facilities. Therefore the European Commission (EC) has established a network of critical energy infrastructure operators from electricity, gas, and oil sectors to exchange their experience at European level on security related issues.

Initiating the TNCEIP Network, the EC promotes a partnership to facilitate common understanding and co-operation among the operators with the ultimate goal of a high level of protection against external threats. The Network will address topics such as "Threat Assessment", "Risk Management", "Cyber Security", and others.

The TNCEIP Network will meet on a quarterly basis and is open for Membership to European companies operating energy facilities and infrastructures. Launching meeting took place on 20th December 2010 in Brussels.

TNCEIP has also discussed about the future of the EU policy on Critical Infrastructure Protection (EPCIP) from the energy viewpoint. As a result f his, TNCEIP adopted a position paper on the subject:

Mr José Antonio Hoyos Pérez at European Commission 




This guidebook has been an initiative of the Organization for Security and Co-operation in Europe (OSCE) Antiterrorist Unit and has been developed by a number of experts from the public and private sector of OSCE participating States as well as the European Commission and the North Atlantic Treaty Organization.

The Guide raises awareness of the significance of non-nuclear critical energy infrastructure and the extent to which it is threatened by cyber-related terrorist attacks and other types of potential threats. It identifies key policy issues and challenges and presents good practices as possible solutions, in the context of international cooperation an information exchange among public and private stakeholders in the energy sector.

This study has explored in a comprehensive manner the financial implications that decisions regarding the implementation of protection measures have on the operators. The result includes guidelines for the potential users to better understand the relevant factors playing in the management of both the financial and the external "security" risks.

For further information on these "Guidelines" please contact :    

Critical Energy Infrastructure Operators are confronted to put in place security measures for ensuring the integrity of the assets and the good functioning of the operations, and must do this in the context of national or international legal and technical frameworks. This Reference Security Management Plan for Energy Infrastructure (RSMP), is a non-binding guidebook addressed to operators of energy infrastructure. The RSMP explains the process, its architecture and key concepts, while accompanying the security manager in establishing its specific Security Management Plan.

Complementary forms to help operators in implementing a concrete Security Management Plant for Energy Infrastructure can be obtained by just signalling your interest to

The Commission funded the study "Definition of Critical Infrastructures at EU level in the Energy Sector". It analysed the criticality of European energy infrastructures in the oil, electricity and gas sectors, based on the effects of the disruption of the service and its implications both at country and cross-border level. It continued by the assessment of vulnerabilities on those infrastructures found most critical. A number of technical issues regarding security measures and reliability aspects, mainly of networked infrastructures, were also addressed.

The study was classified and cannot be released to the general public, but information on it can be obtained on a need-to-know basis by concerned public bodies and private stakeholders.

Funding of Projects

Seventh Framework Programme for research and technological development (FP7)

Projects on critical infrastructure protection

  • Descriptive List of CIPs projects (2007-2012) excel8book - 182 KB [182 KB]
  • Prevention, Preparedness and Consequence Management of Terrorism and other Security Related Risks Programme 
  • SEMPOC pdf - The aim of SEMPOC (Simulation Exercise to Manage Power Cut crisis) is to assess the European power production and distribution system ability to deliver service and mitigate damage in the face of a major power cut
  • APENCOT - Analysis of the Protection of Energy Networks’ Crucial Objects against Terrorism and Proposal of Security Standards
  • OCTAVIO - Comprehensive approach definition to improve the security of energy control centers.
  • MIA pdf  - Definition of a methodology for the assessment of mutual dependencies between ICT and electricity generation / transmission infrastructures.Finished in  September 2010.The project is continued in some aspects by MOTHA (interdependencies within ICT) and AFTER (FP-VII)
  • DOMINO (In progress) - The DOMINO (Domino effects modeling infrastructures collapse) project has the goals to study and quantify the modes of propagation and consequences of failures and to develop a model of failures occurring to economic and social infrastructures that operate in our society. The system identifies 14 subsectors of the impact analysis. The methodology is transferable to any country and sectors.
  • SECURESPACE  [Università Campus Bio-Medico di Roma] - The SECURESPACE project is investigating the effective criticality of the satellite system for the well-fare of EU countries in order to set-up adequate protection strategies and investments GNSS services in what respect time related application, are of particular value by electrical grid operators, as in  synchronization, phase-follow purposes.

The EC December 2006 package on European Programme for Critical Infarstructure Protection (EPCIP)

A Communication on Protecting Europe’s Critical Energy and Transport Infrastructure

The EPCIP is intended to provide an overall framework for action, much of which will be on a sector by sector basis. DG Energy has therefore looked closely at the areas for which it is responsible. This resulted in the adoption, on 2 February 2007, of the Communication on Protecting Europe's Critical Energy and Transport Infrastructure, the first sector-level initiative in the framework of the EPCIP programme.

The main content of the communication are proposed criteria that can be used for identifying what is European critical infrastructure in each transport and energy sector.

  • Note: This document is restricted (RESTREINT UE), meaning that it is not available to the general public