Critical Infrastructure: Commission accelerates work to build up European resilience

The Commission is proposing to strengthen the resilience of EU critical infrastructure. The proposal for a Council Recommendation builds on the 5-point plan for resilient critical infrastructure presented by President von der Leyen at the European Parliament on 5 October.

European critical entities are more interconnected and interdependent, which makes them stronger and more efficient but also more vulnerable in case of an incident. Russia’s war of aggression against Ukraine has brought new risks, physical and cyber-attacks, often combined as a hybrid threat. The sabotage of the Nord Stream gas pipelines and other recent incidents made it clear that the resilience of the EU critical infrastructure is under threat. Action is urgently needed to step up the EU’s capacity to protect itself against attacks on critical infrastructure, both in the EU and its direct neighbourhood.

As a key part of the EU’s work to build a Security Union, the Commission proposed already in 2020 updated rules to increase the resilience of critical entities. With the recently-agreed Directive on the resilience of critical infrastructure (CER Directive) and the Revised Directive on the security of network and information system (NIS2 Directive), the EU will soon have an updated and comprehensive legal framework to strengthen both the physical and cyber-resilience of critical infrastructure. However, in view of the fast-evolving threat landscape, the application of the new rules needs to be accelerated.

The draft Recommendation aims at maximising and accelerating the work to protect critical infrastructure in three priority areas: preparedness, response and international cooperation. For that purpose, it foresees a stronger support and coordination role by the Commission to enhance preparedness and response against the current threats as well as a strengthened cooperation among Member States, and with neighbouring third countries. Priority should be given to the key sectors of energy, digital infrastructure, transport and space.

The EU has a particular role to play in respect of infrastructure that crosses borders or that provides cross-border services and thus impacting the interests of several Member States. Clear identification of such infrastructure and entities operating them and collective commitment to protect them is in the interest of all Member States. The Commission encourages Member States to conduct stress tests of entities operating critical infrastructure, based on a common set of principles developed at Union level.

The stress test exercise will complemented by the production of a Blueprint on critical infrastructure incidents and crises. This will describe and set out the objectives and modes of cooperation between the Member States and EU institutions, bodies, offices and agencies in responding to incidents against critical infrastructure, in particular where these entail significant disruptions of the provision of essential services for the internal market. This Blueprint will be developed by the Commission in cooperation with the HRVP, in consultation with Member States and with the support of relevant agencies. It will make use of the existing Integrated Political Crisis Response (IPCR) arrangements for the coordination of the response.

The draft Recommendation aims to strengthen the capacity of early warning and response to disruptions of critical infrastructure through the Union Civil Protection Mechanism. The Commission will regularly review the adequacy and readiness of the existing response capacity and it will organise tests of cross-sectoral cooperation at EU level. The draft Recommendation also calls for strengthened cooperation with key partners and neighbouring countries on the resilience of critical infrastructure. The Commission and the High Representative will strengthen coordination with NATO through the EU-NATO structured dialogue on resilience and will set up a Task Force for this purpose.

Source: European Commission