The Council today approved a general approach on the draft directive on the resilience of critical entities. This draft instrument aims to reduce the vulnerabilities and strengthen the resilience of critical entities. These entities, which comprise physical infrastructures, provide vital services on which the livelihoods of EU citizens and the proper functioning of the internal market depend.
The approval of the Council’s general approach allows the presidency to launch discussions with the European Parliament with a view to agreeing on a final text.
“A number of crises in recent years, including terrorist attacks, COVID-19 and extreme weather events have challenged the preparedness of our systems and infrastructure. They have shown us there is still more we can do to be collectively prepared for the crises of the future, whatever their nature. Today’s agreement in the Council provides a solid basis for achieving this. Strengthening Europe’s resilience has been the topmost priority of the Slovenian presidency of the Council.”
Aleš Hojs, Slovenian Minister for the Interior
The Council negotiating mandate covers critical entities in nine sectors: energy, transport, banking, financial market infrastructures, health, drinking water, waste water, digital infrastructure and space. These entities need to be able to prevent, protect against, respond to, resist and recover from natural disasters, terrorism or health emergencies such as COVID-19.
Member states will need to have a strategy to enhance the resilience of critical entities, carry out a risk assessment at least every 4 years and identify the critical entities that provide essential services. Critical entities will need to identify the relevant risks that may significantly disrupt the provision of essential services, take appropriate measures to ensure their resilience and notify disruptive incidents to the competent authorities.
The proposal for a directive also establishes rules for the identification of critical entities of particular European significance. A critical entity will be considered of particular European significance when it provides an essential service to or in more than one third of member states. In these cases, the Commission may be requested to organise an advisory mission to assess the measures the entity concerned has put in place to meet its obligations.
Together with the proposed directive on critical entities, the Commission also presented a proposal for a directive on measures for a high common level of cybersecurity across the EU (NIS2), which aims to respond to the same concerns for the cyber dimension. During discussions on the critical entities proposal, member states stressed the need for alignment between the two. To achieve this, the general approach adopted today aligns their scope by ensuring that all sectors included in the draft directive on the resilience of critical entities are, as a minimum, also present in NIS2, which also includes further sectors.