skip to main content
European Commission Logo
en English
Newsroom
Overview    News

Political Agreement on new rules to enhance the Resilience of Critical Entities

The Commission welcomes the political agreement between the European Parliament and the Council on the Directive on the Resilience of Critical Entities (CER Directive).

Image from Pixabay

date:  03/07/2022

See alsoPress Release

As a key part of the EU's work to build a Security Union, the new rules will strengthen the resilience of critical infrastructure to a range of threats, including natural hazards, terrorist attacks, insider threats, or sabotage, as well as public health emergencies like the recent COVID-19 pandemic.

Against an ever more complex risk landscape, the new Directive replaces the European Critical Infrastructure Directive of 2008. A wider sectoral scope will allow Member States and critical entities to better address interdependencies and potential cascading effects of an incident. Eleven sectors will be covered: energy, transport, banking, financial market infrastructures, health, drinking water, wastewater, digital infrastructure, public administration, space, and food.

The proposal introduces new rules to strengthen the resilience of critical entities:

  • Member States will need to adopt a national strategy and carry out regular risk assessments to identify entities that are considered critical or vital for the society and the economy.
  • Critical entities will need to carry out risk assessments of their own, take technical and organisational measures to enhance their resilience and notify incidents. They will also be able to request background checks on personnel holding sensitive roles.
  • Critical entities in the EU, from the sectors covered, providing essential services in six Member States or more, will benefit from extra advice on how best to meet their obligations to assess risks and take resilience-enhancing measures.
  • A Critical Entities Resilience Group will facilitate cooperation among Member States and the exchange of information and good practices.
  • An enforcement mechanism will help ensure that the rules are followed: Member States will need to ensure that national authorities have the powers and means to conduct on-site inspections of critical entities. Member States will also introduce penalties in case of non-compliance.
  • Member States will need to provide support to critical entities in enhancing their resilience with, for instance, guidance material. The Commission will provide complementary support to Member States and critical entities, by developing a Union-level overview of cross-border and cross-sectoral risks, best practices, methodologies, cross-border training activities and exercises to test the resilience of critical entities, among others.