Richtlinie über die Widerstandsfähigkeit kritischer Einrichtungen (CER)
Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC (CER Directive)
The CER Directive is structured to provide a comprehensive framework for enhancing the resilience of critical entities within the EU. It is organized into several key sections that outline the directive’s objectives, the scope of application, specific obligations for member states and critical entities, and mechanisms for cooperation and enforcement. The structure includes:
Aufbau und wichtige Abschnitte
- The CER Directive is structured to provide a comprehensive framework for enhancing the resilience of critical entities within the EU. It is organized into several key sections that outline the directive’s objectives, the scope of application, specific obligations for member states and critical entities, and the mechanisms for cooperation and enforcement.
- General Provisions and Objectives: This section defines the directive’s objectives, which include strengthening the resilience of critical entities against various risks, including natural disasters, terrorism, and cyberattacks. It also establishes the scope of the directive, identifying the sectors and types of entities covered.
- Obligations for Member States: The directive mandates that each EU member state is responsible for identifying critical entities within its jurisdiction. Member states are required to ensure that these entities implement robust resilience measures. This section also details the national frameworks that member states must establish, including the designation of competent authorities and the creation of national strategies for the protection of critical infrastructure.
- Obligations for Critical Entities: Critical entities identified by member states must comply with specific requirements under the CER Directive. These include conducting RisikoRisiko Bezeichnet das Potenzial für Verluste oder Störungen, die durch ein Ereignis verursacht werden, und wird als Kombination aus dem Ausmaß eines solchen Verlusts oder einer solchen Störung und der Wahrscheinlichkeit des Eintretens des Ereignisses ausgedrückt. Definition gemäß Artikel 6 der Richtlinie (EU) 2022/2555 (NIS2-Richtlinie) assessments, implementing security measures, and reporting incidents that could impact their operations. The directive also emphasizes the importance of resilience planning and preparedness, requiring entities to develop and maintain resilience plans.
- Cooperation and Information Sharing: The directive promotes cooperation between member states and critical entities. It outlines mechanisms for information sharing, both at the national and EU levels, to enhance collective resilience. This section also introduces the role of the European Commission in facilitating cooperation and ensuring consistency in the implementation of the directive across the EU.
- Beaufsichtigung und Durchsetzung: The CER Directive includes provisions for the supervision of critical entities and the enforcement of compliance. Member states are required to establish monitoring and enforcement mechanisms to ensure that critical entities adhere to the directive’s requirements. This section also outlines the penalties for non-compliance.
- Final Provisions: This section includes transitional measures, timelines for implementation, and provisions for the review and amendment of the directive.
- Key Sections of the CER Directive
Key Sections of the CER Directive
- Scope and Definitions: Defines the critical sectors covered, such as energy, transport, health, finance, and digital infrastructure.
- Risk Management and Resilience Requirements: Specifies that critical entities must conduct regular risk assessments and implement measures to ensure resilience.
- VorfallVorfall Bezeichnet ein Ereignis, das die Verfügbarkeit, Authentizität, Integrität oder Vertraulichkeit gespeicherter, übermittelter oder verarbeiteter Daten oder der von Netz- und Informationssystemen angebotenen oder über sie zugänglichen Dienste beeinträchtigt. Definition gemäß Artikel 6 der Richtlinie (EU) 2022/2555 (NIS2-Richtlinie) Reporting and Response: Outlines the requirements for critical entities to report incidents and maintain operations during disruptions.
- National Strategies and Competent Authorities: Mandates member states to develop national strategies and designate authorities responsible for overseeing the directive’s implementation.
- Cooperation and Coordination: Encourages cross-border collaboration and information sharing to enhance the overall resilience of critical infrastructure across the EU.
The CER Directive represents a significant step forward in the EU’s efforts to safeguard critical infrastructure from a wide range of threats. By establishing clear obligations for both member states and critical entities, the directive aims to create a more resilient and secure environment across the Union.
Holen Sie sich die NIS 2 Checkliste für Risiken in der Lieferkette
Download our free NIS2 Supply Chain Risk Checklist to ensure your organization meets the latest CybersicherheitCybersecurity "Cybersicherheit" ist die Cybersicherheit im Sinne von Artikel 2 Nummer 1 der Verordnung (EU) 2019/881; - Definition gemäß Artikel 6 der Richtlinie (EU) 2022/2555 (NIS2-Richtlinie)
"Cybersicherheit" bezeichnet die Tätigkeiten, die erforderlich sind, um Netz- und Informationssysteme, die Nutzer solcher Systeme und andere von Cyberbedrohungen betroffene Personen zu schützen; - Definition gemäß Artikel 2 Nummer 1 der Verordnung (EU) 2019/881; compliance standards effortlessly.