After several rounds of discussion, on 28 June, the European Council and the European Parliament reached political agreement on the Directive on the resilience of critical entities (CER Directive).
The European Commission proposed the Directive in December 2020. As a key part of the EU's work to build a Security Union, the new rules will strengthen the resilience of critical infrastructure against a range of non-cyber threats, including natural hazards, terrorist attacks, insider threats, or sabotage, as well as public health emergencies like the recent COVID-19 pandemic.
The new rules cover eleven sectors:
- energy
- transport
- banking
- financial market infrastructures
- health
- drinking water
- waste water
- digital infrastructure
- public administration
- space
- food
Next steps
After the adoption of the Directive is formally approved by the co-legislators, it will be published in the Official Journal of the EU and enter into force 20 days after publication. Member States will then need to transpose the elements of the Directive into national law within 21 months.
More Information
- Security Union: Commission welcomes today's political agreement on new rules to enhance the resilience of critical entities
- Directive on the resilience of critical entities (CER Directive)
- New EU Cybersecurity Strategy and new rules to make physical and digital critical entities more resilient (see also the Impact assessment and its Executive summary)
- European Security Union
Details
- Publication date
- 30 June 2022
- Author
- Directorate-General for Migration and Home Affairs