Critical infrastructures are essential for the proper functioning of any society and political and economic systems. Nowadays, such entities face increasingly complex challenges, and are threatened by a growing range of natural and man-made risks.
A critical entity must ensure adequate physical protection to prevent accidents from occurring. Security management must also be incorporated into employees training initiatives.
Critical entities are included in a number of sectors, such as energy, transport, health, drinking water, wastewater and space.
To reduce vulnerabilities and strengthen the resilience of critical entities, in January 2023 the EU CER Directive entered into force.
Until October 2024, it invites Member States to:
This requires defining joint strategic objectives and priorities, as well as a common governance framework – especially for the critical infrastructure with significant cross-border relevance.
Once an entity is identified as critical, it has the obligation to ensure continuity of service under any circumstances.
Member States shall ensure that critical entities carry out a first risk assessment within 9 months of their identification, and at least every 4 years afterwards, to detect anything that could compromise the provision of essential services.
Due to the large number of authorities and stakeholders involved, public and private sector need to cooperate in sharing information and coordinate their efforts in implementing the strategy.