Richtlijn inzake de veerkracht van kritieke entiteiten (CER)
Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC (CER Directive)
The CER Directive is structured to provide a comprehensive framework for enhancing the resilience of critical entities within the EU. It is organized into several key sections that outline the directive’s objectives, the scope of application, specific obligations for member states and critical entities, and mechanisms for cooperation and enforcement. The structure includes:
Structuur en hoofdstukken
- The CER Directive is structured to provide a comprehensive framework for enhancing the resilience of critical entities within the EU. It is organized into several key sections that outline the directive’s objectives, the scope of application, specific obligations for member states and critical entities, and the mechanisms for cooperation and enforcement.
- General Provisions and Objectives: This section defines the directive’s objectives, which include strengthening the resilience of critical entities against various risks, including natural disasters, terrorism, and cyberattacks. It also establishes the scope of the directive, identifying the sectors and types of entities covered.
- Obligations for Member States: The directive mandates that each EU member state is responsible for identifying critical entities within its jurisdiction. Member states are required to ensure that these entities implement robust resilience measures. This section also details the national frameworks that member states must establish, including the designation of competent authorities and the creation of national strategies for the protection of critical infrastructure.
- Obligations for Critical Entities: Critical entities identified by member states must comply with specific requirements under the CER Directive. These include conducting risicoRisico Betekent de kans op verlies of verstoring veroorzaakt door een incident en moet worden uitgedrukt als een combinatie van de omvang van een dergelijk verlies of verstoring en de waarschijnlijkheid dat het incident zich voordoet. Definitie volgens artikel 6 van Richtlijn (EU) 2022/2555 (NIS2-richtlijn) assessments, implementing security measures, and reporting incidents that could impact their operations. The directive also emphasizes the importance of resilience planning and preparedness, requiring entities to develop and maintain resilience plans.
- Cooperation and Information Sharing: The directive promotes cooperation between member states and critical entities. It outlines mechanisms for information sharing, both at the national and EU levels, to enhance collective resilience. This section also introduces the role of the European Commission in facilitating cooperation and ensuring consistency in the implementation of the directive across the EU.
- Toezicht en handhaving: The CER Directive includes provisions for the supervision of critical entities and the enforcement of compliance. Member states are required to establish monitoring and enforcement mechanisms to ensure that critical entities adhere to the directive’s requirements. This section also outlines the penalties for non-compliance.
- Final Provisions: This section includes transitional measures, timelines for implementation, and provisions for the review and amendment of the directive.
- Key Sections of the CER Directive
Key Sections of the CER Directive
- Scope and Definitions: Defines the critical sectors covered, such as energy, transport, health, finance, and digital infrastructure.
- Risk Management and Resilience Requirements: Specifies that critical entities must conduct regular risk assessments and implement measures to ensure resilience.
- IncidentIncident Een gebeurtenis die de beschikbaarheid, authenticiteit, integriteit of vertrouwelijkheid in gevaar brengt van opgeslagen, verzonden of verwerkte gegevens of van de diensten die worden aangeboden door of toegankelijk zijn via netwerk- en informatiesystemen. Definitie volgens artikel 6 van Richtlijn (EU) 2022/2555 (NIS2-richtlijn) Reporting and Response: Outlines the requirements for critical entities to report incidents and maintain operations during disruptions.
- National Strategies and Competent Authorities: Mandates member states to develop national strategies and designate authorities responsible for overseeing the directive’s implementation.
- Cooperation and Coordination: Encourages cross-border collaboration and information sharing to enhance the overall resilience of critical infrastructure across the EU.
The CER Directive represents a significant step forward in the EU’s efforts to safeguard critical infrastructure from a wide range of threats. By establishing clear obligations for both member states and critical entities, the directive aims to create a more resilient and secure environment across the Union.
Ontvang de NIS 2 Checklist voor risico's in de toeleveringsketen
Download our free NIS2 Supply Chain Risk Checklist to ensure your organization meets the latest cyberbeveiligingCyberbeveiliging "cyberbeveiliging": cyberbeveiliging als gedefinieerd in artikel 2, punt 1, van Verordening (EU) 2019/881; - "cyberbeveiliging": cyberbeveiliging als gedefinieerd in artikel 2, punt 1, van Verordening (EU) 2019/881. Definitie volgens artikel 6 van Richtlijn (EU) 2022/2555 (NIS2-richtlijn)
"cyberbeveiliging": de activiteiten die nodig zijn om netwerk- en informatiesystemen, de gebruikers van dergelijke systemen en andere personen die te maken hebben met cyberdreigingen, te beschermen; - Definitie overeenkomstig artikel 2, punt 1, van Verordening (EU) 2019/881; compliance standards effortlessly.