Today, the Commission has adopted a list of essential services in the eleven sectors covered by the Critical Entities Resilience Directive (CER), which entered into force on 16 January 2023. Critical entities provide essential services in upholding key societal functions, supporting the economy, ensuring public health and safety, and preserving the environment.
Member States will have to identify the critical entities for the sectors set out in the CER Directive by 17 July 2026. They will use this list of essential services to carry out risk assessments and to then identify the critical entities. Once identified, the critical entities will have to take measures to enhance their resilience.
List of essential services
The Commission has proposed a non-exhaustive list of services that are crucial for the maintenance of vital societal functions, economic activities, public health and safety, or the environment, for the eleven sectors and subsectors covered by the Directive, as follows:
Next steps
The delegated act adopted by the Commission will enter into force only if no objection has been expressed either by the European Parliament or by the Council within a period of two months of its notification or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period can be extended by two months at the initiative of the European Parliament or of the Council.
Background
In 2020 the Commission proposed a significant upgrade to the EU's rules on the resilience of critical entities and the security of network and information systems. On 16 January, two key directives on critical and digital infrastructure entered into force with the purpose of strengthening the EU's resilience against online and offline threats, from cyberattacks to crime, risks to public health or natural disasters – the Directive on the resilience of critical entities (CER Directive) and the Directive on measures for a high common level of cybersecurity across the Union (NIS 2 Directive), which entered into force on 16 January 2023.
For More Information