On 29 January 2020, the European Commission’s new work programme was published. Under the fifth priority – ‘Promoting our European Way of Life’, the Commission announced its intention to issue a legislative proposal for additional measures on Critical Infrastructure Protection. According to the work programme, the proposal should be adopted in the fourth quarter of 2020 and include an impact assessment.
In 2019, the Commission conducted an evaluation of the Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures, concluding that the Directive is only of partial relevance today, in light of a range of factors including a very different security landscape, as compared to one Member States faced in 2008 when the Directive was adopted. The evaluation of the Directive was prompted by the findings of the 2017 Comprehensive Assessment of the European Union’s security policies, showing that one of the the main weaknesses of the existing directive was its limited scope, covering only sectors of transport and energy.
In its conclusions from December 2019, the Council estimated that protecting national and European critical infrastructures is a key priority, and invited the Commission to consult with Member States on a possible proposal for a revision of the Directive (2008/114/EC) for the identification and designation of European critical infrastructures (ECIs) early in the new legislative cycle, including potential additional measures to enhance the protection and resilience of critical infrastructure in the EU.
The European Parliament, in its resolution on findings and recommendations of the Special Committee on Terrorism from December 2018 estimated that current sectoral approach to European critical infrastructures (ECIs) is outdated and called for Directive 2008/114/EC to be revised, in order to ensure that designation of ECIs is carried out on the basis of an analysis of the systems supporting vital and cross-border services, rather than a sector-by-sector approach, taking due account of the importance of cybersecurity and of existing interdependencies, as well as to create an obligation for public and private operators of critical infrastructures to report incidents, among other things. In an earlier resolution on cybercrime adopted in 2017, the Parliament underlined the importance of enhancing critical infrastructures’ resilience to cyber-attacks and called on the Commission to continue identifying network and information security vulnerabilities of European critical infrastructure.
On 19 June 2020, the Commission issued an Inception Impact Assessment in view of its upcoming proposal for measures to enhance the protection and resilience of critical infrastructure. The stated objectives of the initiative are to ensure greater coherence of the EU critical infrastructure protection approach, to include all relevant sectors providing essential services, to help Member States to achieve resilience of national infrastructures and to improve information exchange and cooperation. Stakeholders are invited to provide their feedback to the roadmap before 7 August 2020.
In it’s new Security Union strategy 2020-2025 adopted on 24 July 2020, the Commission announced, under its first priority – a future-proof security environment, actions to adapt the EU framework to better protect critical infrastructures and to build new tools to support their resilience, and confirmed its intention to propose legislation in this sense.
References:
- European Commission, 2020 Commission Work Programme – A Union that strives for more, COM(2020) 37 final
- European Commission, Communication on the Security Union strategy, 24 July 2020
- European Commission, Protecting critical infrastructure in the EU – new rules, 19 June 2020
- Council of the EU, Conclusions on Complementary efforts to enhance resilience and counter hybrid threats, 10 December 2019
- European Commission, Evaluation of the Council Directive (2008/114) on the Identification and Designation of European Critical Infrastructures
- European Commission, Comprehensive Assessment of EU Security Policy, 2017
- European Parliament, Resolution on findings and recommendations of the Special Committee on Terrorism, 12 December 2018
- European Parliament, Resolution on the fight against cybercrime, 3 October 2017
For further information: Sofija Voronova, legislative-train@europarl.europa.eu
As of 20/11/2020.