In December 2020, the European Commission adopted two legislative initiatives, the proposal for a directive on the resilience of critical entities (CER Directive proposal) and the proposal for a directive on measures for a high common level of cybersecurity across the Union (NIS-2 Directive proposal). Both directives together should upgrade the resilience of entities that are critical for the functioning of the internal market against non-cyber and cyber threats. The European Parliament and the EU Member States have scrutinized the proposals in the course of 2021 and have made important progress:

On 11 October, the Committee on Civil Liberties, Justice and Home Affairs (LIBE) of the European Parliament voted for the report of MEP Michal ŠIMEČKA on the CER-Directive proposal and equipped him with a mandate for inter-institutional negotiations, which was confirmed by the plenary of the European Parliament just a week later. MEP ŠIMEČKA underlined towards the press that he sees an obligation for legislators to act:

"We are expected to deliver on a Europe that protects and that means also bolstering the collective resilience of the critical systems underpinning our way of life”.

Just two weeks later, the European Parliament’s Committee on Industry, Research and Energy (ITRE) voted on its report on the NIS-2 Directive proposal, also granting a mandate to its rapporteur MEP Bart GROOTHUIS. MEP GROOTHUIS highlighted the high frequency of cyber incidents and stated that it was

"therefore essential that we strengthen our cybersecurity in the Union and create the tools to together handle cyber incidents when they occur".

Also on the side of the Member States, the discussions on both proposals have been progressing well. The Council agreed on its position (‘general approach’) on the NIS-2 Directive proposal on 3 December. It is also expected that the Council will agree on its position (‘general approach’) on the CER Directive proposal before the end of the year. Inter-institutional negotiations between the European Parliament and the Council on the two proposals could start then in early 2022. Both the Council and the European Parliament will need to agree on the final texts. 

The need to upgrade the overall resilience of the EU has been underlined by the governments of EU Member States recently. The conclusions of the European Council of 22 October, as well as of the General Affairs Council of 23 November on enhancing preparedness, response capability and resilience to future crises included a reference to the CER and NIS-2 proposals. Notably, the conclusions adopted in November recalled

"the need to advance work in the area of enhancing resilience of critical entities and the security of network and information systems".