The Commission's directive proposal aims to enhance the resilience of critical entities providing essential services in the EU

The resilience of critical entities in EU countries will be improved by reforming the old European Critical Infrastructure Protection Directive. The proposed new directive is significantly more extensive, and it aims to improve the resilience of critical entities providing essential services in the EU. The Government informs Parliament on 28 January of the new proposal for a directive. 

The scope of the proposed directive covers ten sectors: energy, transport, banking, financial market infrastructure, health, drinking water, waste water, digital infrastructure, public administration, and space. Sector-specific measures aim to enhance the resilience of entities and to address, in a consistent and mutually complementary manner, risks and vulnerabilities arising from interconnected networks, for example.

EU countries must identify their own sector-specific vital functions

The changing security environment and the ongoing COVID-19 pandemic have demonstrated that the EU countries need to define and identify, through harmonised procedures, the entities critical to the functioning of societies and to improve their resilience. This will be achieved, among other things, by developing protective measures, by better identifying interdependencies between Member States and by preventing unforeseen effects of combining data. 

The proposed directive requires EU countries to designate the authorities responsible for the resilience of critical infrastructure, to assess their vital functions within the scope of the directive and to identify nationally critical infrastructure and service entities using common European criteria. Member States are also required to adopt a national strategy for reinforcing the resilience of critical entities.

The proposed Critical Entities Resilience Directive is part of a broad package that includes the new EU Cybersecurity Strategy and the revised Network and Information Systems Directive. The proposal is based on the Security Union Strategy 2020-2025 published by the Commission, which calls for a comprehensive approach that takes into account current and future risks and the interdependencies between physical and digital infrastructure. These measures also support the objectives of the EU Counter-Terrorism Agenda.

Inquiries:
Eero Kytömaa, Ministerial Adviser, tel. +358 295 488 280, [email protected]