On 18 October 2024, the Critical Entities Resilience Directive (CER Directive) entered into application. This new legislation ensures the provision of vital services for our society and our economy, minimising the impact of natural and man-made disruptive incidents. It is therefore important that EU countries adapt their national legislation and implement these modernised rules as a matter of priority, to ensure the resilience of critical infrastructure and critical entities.
Strengthening the protection of critical infrastructure
Under the Critical Entities Resilience Directive, EU countries will have to carry out risk assessments on essential services and will have to identify critical entities by July 2026. Once identified as critical, these entities will have to carry out their own risk assessments and adopt resilience-enhancing measures to better prevent, respond to and mitigate incidents disrupting the provision of essential services.
The Directive also establishes rules for the identification of critical entities of particular European significance. A critical entity is considered of particular European significance if it provides an essential service to six or more EU countries.
The Critical Entities Resilience Directive
The new Directive replaces the European Critical Infrastructure Directive of 2008. The new rules it introduces will strengthen the resilience of critical infrastructure to a range of threats, including natural hazards, terrorist attacks, insider threats, or sabotage. It covers critical entities in 11 sectors, such as energy, transport, banking, financial market infrastructures, health, drinking water, wastewater, digital infrastructure, public administration, space and food.
Find out more
Critical infrastructure resilience at EU-level
A new way forward on internal security
Enhancing EU resilience: A step forward to identify critical entities for key sectors
Details
- Publication date
- 23 October 2024
- Author
- Directorate-General for Migration and Home Affairs