EU agrees on new rules to strengthen the security and resilience of critical entities

The Council presidency and the European Parliament reached a political agreement on the directive on the resilience of critical entities. 

Work will now continue at technical level to finalise the provisional agreement on the full legal text. This agreement is subject to approval by the Council and the European Parliament before going through the formal adoption procedure.

This directive aims to reduce the vulnerabilities and strengthen the physical resilience of critical entities. These are entities providing vital services on which the livelihoods of EU citizens and the proper functioning of the internal market depend. They need to be able to prepare for, cope with, protect against, respond to and recover from natural disasters, terrorist threats, health emergencies or hybrid attacks.

The text covers critical entities in a number of sectors, such as energy, transport, health, drinking water, waste water and space. Central public administrations will also be covered by some of the provisions of the draft directive.

Council adopts regulation on gas storage

Member states will need to have a national strategy to enhance the resilience of critical entities, carry out a risk assessment at least every four years and identify the critical entities that provide essential services. Critical entities will need to identify the relevant risks that may significantly disrupt the provision of essential services, take appropriate measures to ensure their resilience and notify disruptive incidents to the competent authorities.

The proposal for a directive also establishes rules for the identification of critical entities of particular European significance. A critical entity is considered of particular European significance if it provides an essential service to six or more member states. In this case, the Commission may be requested by the member states to organise an advisory mission or it may itself propose, with the agreement of the member state concerned, to assess the measures the entity concerned has put in place to meet the obligations related to the directive.

Commission welcomes the political agreement on new rules to enhance the resilience of critical entities

The Commission welcomes today’s political agreement between the European Parliament and the Council on the Directive on the resilience of critical entities (CER Directive), proposed by the Commission in December 2020.

As a key part of the EU’s work to build a Security Union, the new rules will strengthen the resilience of critical infrastructure to a range of threats, including natural hazards, terrorist attacks, insider threats, or sabotage, as well as public health emergencies like the recent COVID-19 pandemic.

El Consejo y el Parlamento Europeo acuerdan reforzar la ciberseguridad en toda la UE

Against an ever more complex risk landscape, the new Directive replaces the European Critical Infrastructure Directive of 2008. A wider sectoral scope will allow Member States and critical entities to better address interdependencies and potential cascading effects of an incident. Eleven sectors will be covered: energy, transport, banking, financial market infrastructures, health, drinking water, wastewater, digital infrastructure, public administration, space, and food.

More information:

European Council – Press release

European Commission – Press release