Skip to main content
European Commission logo
Migration and Home Affairs

Critical infrastructure resilience

Critical infrastructure is vital for the functioning of modern societies. Without reliable supplies of energy or predictable transportation, our current way of life would not be possible. For this reason, the Commission has long been engaged in supporting the resilience of critical infrastructure from all manner of natural and man-made risks.

European Programme for Critical Infrastructure Protection (EPCIP)

EU’s main vehicle for securing resilience of critical infrastructure is the European Programme for Critical Infrastructure Protection (EPCIP). The programme was established in 2006 based on the Commission Communication on Critical Infrastructure Protection in the Fight against Terrorism.

The EPCIP facilitates information-sharing among EU Member States and other stakeholders via the Critical Infrastructure Protection (CIP) Pointsof Contact group. The group consists of:

  • representatives of competent authorities in Member States
  • the Critical Infrastructure Warning Information Network (CIWIN)

Through the Programme, the Commission is able to:

  • foster cooperation with EU Member States
  • foster cooperation with external partners (United States, Canada, Neighbouring Countries, including ones in the Western Balkans and Eastern Europe)
  • support Member States in enhancing the resilience of their critical infrastructure
  • provide funding for relevant research, studies and projects, many of which are associated with the European Reference Network for Critical Infrastructure Protection (ERNCIP)

European Critical Infrastructure Directive

  1. 2020
    Proposal for a Directive on the resilience of critical entities
    • Proposal for a Directive on the resilience of critical entities - the Critical Entities Resilience (CER) Directive
      With this proposal, the Commission intends to create a framework to support Member States in ensuring that critical entities are able to prevent, resist, absorb and recover from disruptive incidents, including those caused by natural hazards, accidents, terrorism, insider threats, or public health emergencies.

      The CER Directive proposal will now be considered in the Council and in the Parliament, both of which must agree on the text before it becomes EU law.

      According to the proposal’s annex, the directive would cover ten sectors:

      • energy
      • transport
      • banking
      • financial market infrastructures
      • health,
      • drinking water
      • waste water
      • digital infrastructure
      • public administration and
      • space
    • Proposal for a revised Network and Information Systems Directive (NIS2)
      Aims to ensure robust cyber resilience on the part of a large number of “essential entities” and “important entities”. All critical entities identified under the Critical Entities Resilience Directive would be subject to cyber resilience obligations under the Network and Information Systems Directive.
  2. 2018
    Commission Staff Working Document: Evaluation of ECI Directive

    Commission Staff Working Document: Evaluation of ECI Directive

    Based on the evaluation’s findings, the Commission foresaw in its adjusted work programme for 2020 a new legislative initiative on critical infrastructure resilience.

  3. 2008
    European Critical Infrastructure (ECI) Directive

    European Critical Infrastructure (ECI) Directive

    A key pillar of the EPCIP, the European Critical Infrastructure Directive establishes a procedure for identifying and designating ECIs and a common approach for assessing the need to improve their protection.

    The Directive applies only to the energy and transport sectors. Among other things, the Directive requires owners and operators of designated ECIs to prepare Operator Security Plans and to nominate Security Liaison Officers, thereby linking the owner and operator with the national authority responsible for critical infrastructure protection.