Direttiva sulla resilienza delle entità critiche (CER)
Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC (CER Directive)
The CER Directive is structured to provide a comprehensive framework for enhancing the resilience of critical entities within the EU. It is organized into several key sections that outline the directive’s objectives, the scope of application, specific obligations for member states and critical entities, and mechanisms for cooperation and enforcement. The structure includes:
Struttura e sezioni chiave
- The CER Directive is structured to provide a comprehensive framework for enhancing the resilience of critical entities within the EU. It is organized into several key sections that outline the directive’s objectives, the scope of application, specific obligations for member states and critical entities, and the mechanisms for cooperation and enforcement.
- General Provisions and Objectives: This section defines the directive’s objectives, which include strengthening the resilience of critical entities against various risks, including natural disasters, terrorism, and cyberattacks. It also establishes the scope of the directive, identifying the sectors and types of entities covered.
- Obligations for Member States: The directive mandates that each EU member state is responsible for identifying critical entities within its jurisdiction. Member states are required to ensure that these entities implement robust resilience measures. This section also details the national frameworks that member states must establish, including the designation of competent authorities and the creation of national strategies for the protection of critical infrastructure.
- Obligations for Critical Entities: Critical entities identified by member states must comply with specific requirements under the CER Directive. These include conducting rischioIl rischio Si intende il potenziale di perdita o di perturbazione causato da un incidente e deve essere espresso come una combinazione dell'entità di tale perdita o perturbazione e della probabilità che l'incidente si verifichi -. Definizione ai sensi dell'articolo 6 della direttiva (UE) 2022/2555 (direttiva NIS2) assessments, implementing security measures, and reporting incidents that could impact their operations. The directive also emphasizes the importance of resilience planning and preparedness, requiring entities to develop and maintain resilience plans.
- Cooperation and Information Sharing: The directive promotes cooperation between member states and critical entities. It outlines mechanisms for information sharing, both at the national and EU levels, to enhance collective resilience. This section also introduces the role of the European Commission in facilitating cooperation and ensuring consistency in the implementation of the directive across the EU.
- Vigilanza e applicazione: The CER Directive includes provisions for the supervision of critical entities and the enforcement of compliance. Member states are required to establish monitoring and enforcement mechanisms to ensure that critical entities adhere to the directive’s requirements. This section also outlines the penalties for non-compliance.
- Final Provisions: This section includes transitional measures, timelines for implementation, and provisions for the review and amendment of the directive.
- Key Sections of the CER Directive
Key Sections of the CER Directive
- Scope and Definitions: Defines the critical sectors covered, such as energy, transport, health, finance, and digital infrastructure.
- Risk Management and Resilience Requirements: Specifies that critical entities must conduct regular risk assessments and implement measures to ensure resilience.
- IncidenteIncidente Si intende un evento che compromette la disponibilità, l'autenticità, l'integrità o la riservatezza dei dati memorizzati, trasmessi o elaborati o dei servizi offerti o accessibili tramite i sistemi di rete e di informazione -. Definizione ai sensi dell'articolo 6 della direttiva (UE) 2022/2555 (direttiva NIS2) Reporting and Response: Outlines the requirements for critical entities to report incidents and maintain operations during disruptions.
- National Strategies and Competent Authorities: Mandates member states to develop national strategies and designate authorities responsible for overseeing the directive’s implementation.
- Cooperation and Coordination: Encourages cross-border collaboration and information sharing to enhance the overall resilience of critical infrastructure across the EU.
The CER Directive represents a significant step forward in the EU’s efforts to safeguard critical infrastructure from a wide range of threats. By establishing clear obligations for both member states and critical entities, the directive aims to create a more resilient and secure environment across the Union.
Ottenere la lista di controllo del rischio della catena di approvvigionamento NIS 2
Download our free NIS2 Supply Chain Risk Checklist to ensure your organization meets the latest sicurezza informaticaSicurezza informatica per "cibersicurezza" si intende la cibersicurezza quale definita all'articolo 2, punto 1, del regolamento (UE) 2019/881; - Definizione ai sensi dell'articolo 6 della direttiva (UE) 2022/2555 (direttiva NIS2)
per "sicurezza informatica" si intendono le attività necessarie per proteggere i sistemi di rete e di informazione, gli utenti di tali sistemi e le altre persone interessate dalle minacce informatiche; - definizione ai sensi dell'articolo 2, punto (1), del regolamento (UE) 2019/881; compliance standards effortlessly.