EUR-Lex Access to European Union law
This document is an excerpt from the EUR-Lex website
Document 32024H0779
Commission Recommendation (EU) 2024/779 of 26 February 2024 on Secure and Resilient Submarine Cable Infrastructures
Commission Recommendation (EU) 2024/779 of 26 February 2024 on Secure and Resilient Submarine Cable Infrastructures
Commission Recommendation (EU) 2024/779 of 26 February 2024 on Secure and Resilient Submarine Cable Infrastructures
C/2024/1181
OJ L, 2024/779, 8.3.2024, ELI: http://data.europa.eu/eli/reco/2024/779/oj (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
|
Official Journal |
EN Series L |
|
2024/779 |
8.3.2024 |
COMMISSION RECOMMENDATION (EU) 2024/779
of 26 February 2024
on Secure and Resilient Submarine Cable Infrastructures
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 292 thereof,
Whereas:
|
(1) |
Our economies and societies are increasingly reliant on the functioning of the internet and of international connectivity to achieve the competitive digitalisation of the Union and its economy. In this context, submarine cable infrastructure is a significant element in the broader internet ecosystem in achieving European digital sovereignty, given that the overwhelming majority of international data traffic is carried through submarine cables. Many islands in the Union, including the three island Member States, as well as the EU outermost regions and oversea countries and territories, are almost entirely dependent on such submarine cables for intra-Union communications. In the current context of heightened risk and antagonistic man-made security threats, given the interconnected and transnational nature of these infrastructures, governments in all world regions are paying particular attention to their potential reliance on critical cables, as systemic and widespread disruptions of submarine cable communications could lead to particularly serious consequences, in case of coordinated attacks. |
|
(2) |
The need for action at Union level has been confirmed by the Member States. The Nevers Call of 9 March 2022 (1) recognised the strategic importance of critical infrastructure such as telecommunications networks and digital services to many critical functions in our societies, and the fact that they are a prime target for cyberattacks. |
|
(3) |
To follow up on the Nevers Call, the NIS Cooperation Group, with the support of the Commission and the EU Agency for Cybersecurity (ENISA) and in consultation with the Body of European Regulators for Electronic Communications (BEREC), conducted a high-level risk assessment on communications infrastructures and networks, including submarine cables. This risk assessment identified physical attack/sabotage on submarine cables, and power cuts affecting submarine cables which rely on repeaters, as key threats. Based on these threats and a number of vulnerabilities identified, Member States developed a set of risk scenarios of strategic importance from an EU perspective. These include notably the risk of third country interference on a supplier, managed security service provider or submarine cables and the risk of coordinated physical attack/sabotage on digital infrastructure, including submarine cables. |
|
(4) |
The Council Recommendation of December 2022 on a Union-wide coordinated approach to strengthen the resilience of critical infrastructure (2) (‘the Critical Infrastructure Resilience Recommendation’) sets out targeted actions at Union and national level for enhanced preparedness, enhanced response and international cooperation. The actions focus specifically on critical infrastructure with significant cross-border relevance in identified key sectors, such as energy, transport, space, and digital infrastructure. |
|
(5) |
In the Recommendation, the Council invited the Commission to carry out a comprehensive study concerning the resilience of submarine communication cables and to consult relevant stakeholders and experts on appropriate measures in relation to possible significant incidents regarding submarine infrastructure. The Commission has carried out studies in this respect and will share their conclusions with Member States at the appropriate confidentiality level. The present Recommendation seeks to complement and support the implementation of the Critical Infrastructure Resilience Recommendation. |
|
(6) |
The June 2023 Joint Communication on a European Economic Security Strategy (3) proposed that risks to the physical and cybersecurity of critical infrastructure continue to be assessed in line with the Council Recommendation of 8 December 2022, and identified submarine cables as critical infrastructure in the context of those risks. In the Report on the state of the Digital Decade 2023, (4) the Commission recommended that Member States ‘boost their efforts, including through necessary investments, to ensure that European digital infrastructures are secure and resilient, especially backbone infrastructure and submarine cables.’ |
|
(7) |
The European Council conclusions of 27 October 2023 stressed ‘the need for effective measures to strengthen the resilience and ensure the security of critical infrastructure’, while underlining ‘the importance of a comprehensive and coordinated approach.’ Against this background, it is important that the Union addresses these issues swiftly. |
|
(8) |
Member States would, when taking measures pursuant to this Recommendation, where applicable and appropriate, have to act in accordance with the respective provisions, obligations and mechanisms set out in Directive (EU) 2018/1972 of the European Parliament and of the Council (5) (‘the EECC’), Directive (EU) 2022/2555 of the European Parliament and of the Council (6) (‘the NIS 2 Directive’), and Directive (EU) 2022/2557 of the European Parliament and of the Council (7) (‘the CER Directive’). |
|
(9) |
The NIS 2 Directive, which replaces the respective provisions under the EECC, on security of networks and services and their implementation and enforcement (Articles 40 and 41 EECC) mandates the Member States to adopt policies related to sustaining the general availability, integrity and confidentiality of the public core of the open internet, including, where relevant, the cybersecurity of submarine communications cables. Pursuant to Art. 23 of the NIS 2 Directive, incidents affecting submarine communication cables should be reported to the relevant Computer Security Incident Response Team (‘CSIRT’) or competent authority. The national cybersecurity strategy of Member States should, where relevant, take into account the cybersecurity of submarine communications cables and include a mapping of potential cybersecurity risks and mitigation measures to secure the highest level of their protection. |
|
(10) |
The CER Directive aims at ensuring that services essential for the maintenance of vital societal functions or economic activities are provided in an unobstructed manner in the internal market in the eleven sectors covered by the Directive. This includes enhancing the physical resilience of critical entities providing such services. The CER Directive covers the digital infrastructure sector in what concerns the identification of critical entities in this sector, the adoption of national strategies, Member States risk assessments and Member States support measures for entities identified by them as critical. |
|
(11) |
The EU Maritime Security Strategy (8) highlights the increased risk of attacks by malicious actors against critical maritime infrastructure, including submarine cables, and proposes actions to enhance the resilience and protection of such infrastructure. |
|
(12) |
As highlighted in the Sixth Progress Report on the implementation of the EU Security Union Strategy, the EU has delivered landmark legislation in everything from critical entities protection to enhancing cyber resilience. In the meantime, however, the security threat landscape in Europe and our neighbourhood continues to evolve, illustrating the need for continuous vigilance and a high level of preparedness to face new challenges to the security of critical infrastructure, both online and offline. |
|
(13) |
This Recommendation aims to promote synergies at EU level with the objective of increasing the security and resilience of submarine cables infrastructures. It recommends both specific actions to assess and improve coordination between the Union and its Member States as regards the security and resilience of existing and new submarine cable infrastructures and as regards the support for the joint deployment or significant upgrade of such infrastructures via Cable Projects of European Interest (‘CPEI’). |
|
(14) |
Submarine cable infrastructures include not only cables but also any infrastructure related to their construction, operation, maintenance and repair, such as landing stations and the terrestrial parts of the submarine cable connecting to them (e.g., land routes from beach manhole to landing station, data centre, or point of presence), repair centres, as well as the fleet of deployment, maintenance and repair vessels. |
|
(15) |
The Commission is setting up the Submarine Cable Infrastructure informal Expert Group, in the meaning of Commission Decision C(2016) 3301 of 30 May 2016, (9) composed of Member States’ authorities (‘the Expert Group’), to provide advice and expertise to the Commission in relation to the follow-up on this Recommendation, in particular on the following:
|
|
(16) |
The Expert Group will gather the necessary experts and serve as a secure platform for coordination between Member States and provide advice and assistance to the Commission complementing the roles and tasks conducted by the NIS Cooperation Group established by the NIS 2 Directive and the CER Group established by the CER Directive. The Expert Group should facilitate rapid and effective information exchange between the Member States and the Commission on matters that fall into the scope of this Recommendation. In order to maintain a close link between matters of security and resilience of submarine cable infrastructures as well as their funding and financing, Member States within the Expert Group should regularly consult, update and closely cooperate with, as appropriate, the NIS Cooperation Group and the CER Group, Member State Committees of Union funding programmes, authorities from third countries, public development and financial institutions, industry representatives, and other stakeholders. Such cooperation is to take place within the framework of the respective mandates of the groups, committees and authorities involved. The consultation of Committees of Union funding programmes as well as public development and financial institutions would be particularly aimed at reaping synergies as well as at pooling funding and financing. Information should be exchanged at the appropriate confidentiality level. |
|
(17) |
Given the importance of achieving a high level of cybersecurity and physical security of submarine cable infrastructures, irrespective of their owner, this Recommendation invites Member States to adopt measures to ensure that submarine cable infrastructure operators meet the highest security standards (including defence-level standards, where appropriate). |
|
(18) |
In order to achieve a high level of cybersecurity and physical security of submarine cable infrastructures, Member States should be encouraged to gather relevant information (10) from representative organisations of undertakings or, if necessary, from individual undertakings within their jurisdiction. This information should be used to establish, complete and update a national submarine cable infrastructure mapping for all concerned Member States. Any collection or exchange of information should preserve the confidentiality of that information and protect the security and commercial interests of entities concerned. |
|
(19) |
As an important step in developing a consolidated Union-wide assessment, an assessment of risks, vulnerabilities and dependencies affecting submarine cable infrastructures should be conducted and completed at national level. This should take into account, as a starting point, existing EU-wide risk assessments and evaluations, notably those carried out further to the ‘Nevers Call’, the Council Conclusions on the Development of the EU’s Cyber Posture and – for the cybersecurity of 5G networks – following Commission Recommendation (EU) 2019/534 (11). The national assessment should include a mapping of the existing and planned infrastructures. Member States should further reinforce national obligations on suppliers and operators of sensitive parts of the infrastructure when implementing the NIS 2 Directive. |
|
(20) |
In order to enhance preparedness and to provide input for future coordinated risk assessments at Union level, Member States should be encouraged to make entities operating submarine cable infrastructures subject to regular stress testing. Such stress tests would help assess entities’ resilience under different scenarios. |
|
(21) |
It should be considered as necessary that submarine cable infrastructures are established, upgraded, and maintained as quickly as possible, while keeping the administrative burden to a minimum. For this reason, Member States should be encouraged to process applications related to the planning, acquisition, construction, operation, maintenance and repair of such infrastructures online and as fast as possible. Member States should be made aware of the usefulness to appoint an authority to facilitate and coordinate the permit-granting processes. This authority could appoint a coordinator, serving as a single point of contact for the project. Moreover, where necessary for granting a derogation under Council Directive 92/43/EEC (12) and Directive 2000/60/EC of the European Parliament and Council (13), the planning, acquisition, construction, operation, maintenance and repair of those infrastructures should be considered to be of overriding public interest within the meaning of those Directives, provided that the other remaining conditions set out in those provisions are fulfilled. This is without prejudice to the applicability or implementation of other Union environmental laws. |
|
(22) |
Member States should be encouraged to cooperate to develop maintenance and repair capacities for submarine cable infrastructures. |
|
(23) |
It should be deemed necessary to complement ongoing and planned risk assessments concerning digital and physical infrastructure underpinning digital services with specific risk assessments and options for mitigating measures concerning submarine cable infrastructure. The Expert Group will be asked to assist the Commission, in close cooperation with the NIS Cooperation Group and the CER Group and supported by ENISA, in undertaking a consolidated Union-wide assessment of risks, vulnerabilities and dependencies covering both the cybersecurity and the physical security of submarine cables infrastructures and their supply chains. This consolidated assessment could build on the findings of the risk assessments carried out, notably national risk assessments on the cybersecurity and the physical security of submarine cables infrastructures and their supply chains, and those in the context of the ‘Nevers Call’ and the Council conclusions on the Development of the EU’s Cyber Posture and for 5G networks following Recommendation (EU) 2019/534. The consolidated assessment could lead to recommendations to be addressed at national and/or Union level, including proposed mitigation measures. |
|
(24) |
In a first step, the Expert Group could assist the Commission in reviewing the national risk assessments in order to identify missing information that would prevent a consolidated Union-wide assessment of risks, vulnerabilities and dependencies, in particular on high-risk suppliers, and review the mapping of existing and planned submarine cable infrastructures carried out at national level (including location, capacity, technical characteristics and ownership of cable infrastructure) as well as the interplay between physical and logical layers. The Expert Group could assist the Commission in mapping the existing submarine cable infrastructures at EU level, based on the national mapping exercise and keep it up to date, as a minimum on an annual basis. The review should account for interrelations with other critical infrastructures, in particular electricity cables, gas pipelines and offshore renewable energy installations, as well as other telecommunications infrastructures (14). Non-sensitive mapping information may be shared with relevant infrastructure information points, such as in the context of the Broadband Cost Reduction Directive 2014/61/EU of the European Parliament and of the Council (15) (Broadband Cost Reduction Directive) and of the future Gigabit Infrastructure Act. |
|
(25) |
In a second step, the Expert Group is encouraged to propose measures to complete the missing information and a methodology to consolidate the additional information with the existing assessments, establishing the baseline for a Union-wide assessment of risks, vulnerabilities and dependencies. |
|
(26) |
In a third step, the Expert Group is encouraged to use the methodology established in the previous step to conduct the actual consolidated Union-wide mapping of submarine cable infrastructures and assessments of risks, vulnerabilities and dependencies of submarine cable infrastructures, especially on high-risk suppliers. The assessment should include proposals for mitigating measures, including which risks, vulnerabilities and dependencies could be addressed through Cable Projects of European Interest in accordance with this Recommendation to fill strategic gaps and establish new connections that would increase resilience and minimise risk. This step would also include considerations on harmonising stress tests, for instance, as regards response and repair times as well as the organisation of incident response and repair capacities, across civil-military and national-regional boundaries. |
|
(27) |
The Expert Group should serve as a forum for Member States to exchange information between each other and with the Commission, working together to identify potential gaps in the existing legislative framework and creating synergies. This could include information on situational awareness, incidents and incident response, as well as best practices applied. Information should be exchanged in a regular and structured way and at the appropriate confidentiality level, including classified, where appropriate. It should be made possible for third countries to be involved on a case-by-case basis, for instance, in the context of bilateral international agreements. |
|
(28) |
This Recommendation aims to encourage the deployment or significant upgrade of submarine cable infrastructure via CPEIs in compliance with EU law, including State aid rules. In order to do so, it is important that Member States are encouraged to work together with the Commission through the Expert Group to assist the Commission in proposing a list of strategic CPEIs that meet a number of criteria included in this Recommendation. |
|
(29) |
Based on the consolidated Union-wide assessment mentioned above, the Expert Group is encouraged to propose a list of CPEIs and how they would address the identified strategic gaps, risks, vulnerabilities and dependencies from an EU-wide perspective. Subject to the respective underlying rules, the list could be considered under Union funding programmes under the scope of which such projects fall, notably under Regulation (EU) 2021/1153 of the European Parliament and of the Council (16) (‘the CEF Regulation’), Regulation (EU) 2021/1529 of the European Parliament and of the Council (17) (‘the IPA III Regulation’), Regulation (EU) 2021/241 of the European Parliament and of the Council (18) (‘the RRF Regulation’), and under the Structural Funds. When applicable, the list could be reflected in the basic acts, or their annexes, through the use of delegated acts, such as in the case of the CEF Regulation. Any consideration under Regulation (EU) 2021/947 of the European Parliament and of the Council (19) (‘the NDICI Global Europe Regulation’) should not lead to delaying projects already developed within the framework of the Global Gateway strategy. |
|
(30) |
The criteria for the identification of CPEIs could be based on the following: First, as a prerequisite, the mapping should provide evidence for a gap in submarine cable infrastructures, including the need to establish new or alternative secure routes, or to increase the capacity or resilience of existing submarine cable infrastructure. In addition, CPEIs should contribute to increasing supply chain security of submarine cable infrastructures significantly. Finally, CPEIs should have geostrategic importance, in view of the interests of the Union and its Member States, and fulfil connectivity needs that are too risky to be met by private investments alone. |
|
(31) |
Implementation criteria that could be taken into account for strategic projects include ensuring a significant new investment that brings significant new capabilities in terms of security, performance and resilience, supply chain security, and sustainability. Performance increases would relate notably to data throughput capacity and low latency. Security and resilience increases would include scoping of physical and logical redundancy in a project, high security standards and technology, such as sensor and monitoring systems, as well as the capacity of the deployment, maintenance and repair vessel fleet. |
|
(32) |
When implemented, strategic projects should increase the sustainability of submarine cable infrastructures by reducing their climate, energy and overall environmental impact. |
|
(33) |
Based on the significant cooperation with international strategic partners, notably through Trade and Technology Councils and Digital Partnerships, and in line with the Council conclusions on EU Digital Diplomacy of 26 June 2023, Member States, in coordination with the Union, should be encouraged to strengthen their efforts to develop secure, trusted and resilient submarine cable infrastructures in line with the approach laid out in this Recommendation. If created, CPEIs should contribute to ensuring that the EU has the means to connect securely to its strategic partners. This concerns notably strategic projects related to cooperation on arctic, transatlantic and transpacific connectivity. The Global Gateway Strategy provides the framework for the EU and its Member States to develop a close collaboration with relevant international partners to enable trustworthy, secure, and resilient digital connectivity between the EU and countries and regions targeted by Regulation the NDICI Global Europe Regulation and the IPA III Regulation, in Sub-Saharan Africa, Latin America and Caribbean, Asia-Pacific, and neighbourhood and enlargement countries. Having regard to the need to maintain a coherent approach towards secure, trusted and resilient submarine cable infrastructures and to provide for complementarity between internal and external actions, Member States should be encouraged to use the Expect Group to coordinate and keep each other, the Commission, and the External Action Service informed on matters that fall into the scope of this Recommendation, both in relation to bilateral exchanges with third countries and to multilateral cooperation. |
|
(34) |
Member States should be encouraged to work in a coordinated approach in multilateral and multistakeholder fora, including the G7, and the International Telecommunication Union (ITU) in line with the principles, objectives and tools of EU Digital Diplomacy. |
|
(35) |
The EU should endeavour to deepen cooperation further with NATO on resilience, including critical submarine cable infrastructures, in line with the third Joint Declaration on EU-NATO cooperation, (20) promoting complementarity of efforts and avoiding unnecessary duplications, in full respect of the principles of mutual openness and transparency, reciprocity and inclusiveness as well as the decision-making autonomy of each organisation. Building on the recommendations of the EU-NATO Task Force Final Assessment Report, (21) in the context of the Structured Dialogue on Resilience, EU staff should endeavour to, inter alia, further promote shared situational awareness with NATO staff. |
|
(36) |
In contributing to leveraging investments for a transformational impact, this Recommendation contributes to the objectives of the Global Gateway to strengthen global digital connectivity, in line with EU values and standards. In following this Recommendation, Member States should pursue a Team Europe approach and use the existing governance structures set up by the EU and its Member States to implement the Global Gateway strategy and the Economic Investment Plans. |
|
(37) |
Considering that submarine cable infrastructures are typically deployed by private stakeholders, and in view of the strategic interests of both the Union and its Member States, CPEIs, if established, should be funded by private financing, which may be supported where necessary by a combination of Union and national budget, in compliance with State aid rules. Union funding programmes may be used in combination with financing from the European Investment Bank, National Promotional Banks, other development and public financial institutions, as well as from private-sector financial institutions and private-sector investors, including through public private partnerships in accordance with the relevant provisions governing the use of the Union budget. |
|
(38) |
The CEF Regulation is currently funding submarine cables as backbone networks connecting EU territories and the Union with third countries. The significant oversubscription observed in the related calls indicates a growing demand for funding of secure, resilient and highly performant submarine cables. Considering the consistent costs and risks at stake, CEF financial support is paramount to de-risk and attract private investment and make projects bankable. |
|
(39) |
The European Commission may consider improving the use of financial instruments and blending facilities to support CPEIs, using budget from the CEF Regulation and other relevant instruments, in order to attract private capital and operate on market terms, to which Member States are encouraged to contribute, eventually through their National Promotional Banks and Institutions. InvestEU may constitute a means to finance CPEIs. |
|
(40) |
This Recommendation should be without prejudice to the competences of the Member States regarding activities concerning public security, defence, national security and the activities of the State in areas of criminal law, including the right of the Member States to exclude providers or suppliers from their markets for national security reasons. |
HAS ADOPTED THIS RECOMMENDATION:
1. SCOPE AND OBJECTIVES
|
(1) |
This Recommendation identifies a series of targeted actions that could be pursued by Member States at national and Union level with a view to:
|
2. DEFINITIONS
|
(2) |
For the purposes of this Recommendation, ‘submarine cable infrastructure’ means the submarine communications cable itself but also any infrastructure related to its construction, operation, maintenance and repair. |
|
(3) |
For the rest, the definitions of Directive (EU) 2022/2555 (‘the NIS 2 Directive’) apply. |
3. ACTIONS AT MEMBER STATE LEVEL
3.1. Security
|
(4) |
Member States are encouraged to promote a high level of security of the submarine cable infrastructure, irrespective of their owner, acting in accordance with, where applicable and appropriate, the requirements set out in Directive (EU) 2018/1972 (‘the EECC’), the NIS 2 Directive and Directive (EU) 2022/2557 (‘the CER Directive’), as well as the relevant actions in the EU Maritime Security Strategy. They are encouraged to ensure that the infrastructure is adequately managed and controlled in such a way as to protect it from external threats and preserve its security, including that of data exchanged through the infrastructure. In doing so, Member States are encouraged to take into account defence-level security standards where relevant, in order to facilitate cooperation with military actors. |
|
(5) |
Member States should envisage to request the necessary information from representative organisations of undertakings or, if necessary, from individual undertakings in order to monitor the security and resilience of submarine cable infrastructures. This information could be used to establish, complete and update a national submarine cable infrastructure mapping, filling in the missing information in existing data collection exercises. Any collection or exchange of information should preserve the confidentiality of that information and protect the security and commercial interests of entities concerned in line with applicable EU rules. |
|
(6) |
Member States are encouraged to carry out, taking into account relevant existing EU-level risk assessments and stress test results, national risk assessments on the cybersecurity and the physical security of submarine cables infrastructures and their supply chains. The national assessments would be more relevant if they include a mapping of the existing and planned infrastructures and if they take into account both technical and non-technical security risk criteria. |
|
(7) |
Member States are encouraged to reinforce obligations on suppliers and operators when implementing the NIS 2 Directive, taking into account actions at Union level under this Recommendation, to ensure the security of sensitive parts of the infrastructures as well as obligations, where appropriate, such as the provision of relevant information to competent national authorities concerning planned changes in submarine cable infrastructures and requirements to have specific information technology components and systems tested in advance for security and integrity purposes by national auditing/certification laboratories. |
3.2. Regular stress testing of entities
|
(8) |
It is recommended that Member States encourage and support operators of submarine cable infrastructures in regular stress testing based on common principles at Union level, and in particular the consolidated Union-wide assessments of risks, vulnerabilities and dependencies of submarine cable infrastructures in points (16) to (20). |
|
(9) |
Such testing actions could be supported financially by the Digital Europe Programme, Regulation (EU) 2021/694 of the European Parliament and of the Council (22) (‘the DEP Regulation’), in particular under the DEP cybersecurity work programme 2023-2024. |
3.3. National fast-tracking of permit granting procedures
|
(10) |
Member States are encouraged to ensure that administrative applications related to the planning, acquisition, construction, operation, maintenance and repair of submarine cable infrastructures are processed online and in an efficient and timely manner. To that end, all national authorities concerned are incited to ensure that the most rapid treatment legally possible is given to these applications. |
|
(11) |
Where such status exists in national law, Member States should be well advised to grant to submarine cable infrastructures the status of the highest possible national significance and treat them as such in permit granting processes, including those relating to environmental assessments and if national law so provides, in spatial planning. |
|
(12) |
Member States are encouraged to consider the security and resilience of submarine cable infrastructures as an imperative reason of overriding public interest within the meaning of Article 6(4) and Article 16(1)(c) of Directive 92/43/EEC and of overriding public interest within the meaning of Article 4(7) of Directive 2000/60/EC. Therefore, Member States are encouraged to consider the planning, acquisition, construction, operation, maintenance and repair of submarine cable infrastructures as of overriding public interest, provided that the remaining other conditions set out in these provisions are fulfilled. |
|
(13) |
Member States are incited to nominate an authority responsible for facilitating and coordinating administrative applications related to planning, acquisition, construction, operation, maintenance and repair of submarine cable infrastructures. The authority could in turn appoint a coordinator who would serve as single point of contact, and convene a working group where all authorities involved in the administrative applications would be represented in order to draw up a permit granting schedule and to monitor and coordinate its implementation. |
|
(14) |
If decisions to be taken require the involvement of two or more Member States, the respective authorities should be incited to take all necessary steps for efficient and effective cooperation and coordination among themselves and with the Commission. This could involve authorities from third countries, as appropriate. In particular, Member States should cooperate with each other to develop maintenance and repair capacity for submarine cables. They should collaborate with the Commission to map the current fleet and define the needs in a forward-looking manner. |
4. ACTIONS BY MEMBER STATES AT UNION LEVEL
|
(15) |
Member States’ actions and coordination spelled out in this section should be undertaken within the framework of an informal expert group. |
4.1. Towards a consolidated Union-wide assessment of risks, vulnerabilities and dependencies
|
(16) |
Member States are encouraged to assist the Commission in mapping the existing submarine cable infrastructures at EU level, based on the national mapping exercises and keep such mapping up to date, at a minimum on an annual basis. The mapping should include all relevant associated data such as available and potential capacity, technical characteristics, main security features, redundancy and/or peering arrangements, ownership and control information, and sustainability characteristics. |
|
(17) |
Member States are encouraged to assist the Commission in reviewing existing assessments and identifying missing information currently preventing a consolidated Union-wide assessment of risks, vulnerabilities and dependencies, in particular on high-risk suppliers, of submarine cable infrastructures, including their critical supply chains referred to in Article 22 of the NIS 2 Directive, and accounting for interrelations with other critical infrastructures, in particular electricity cables and gas pipelines. |
|
(18) |
Member States are incited to propose to the Commission measures to complete the missing information and a methodology that would allow such a consolidated Union-wide assessment to be conducted on a regular basis and to be operationalised for regular stress testing. |
|
(19) |
Member States are encouraged to assist the Commission in conducting regular consolidated Union-wide assessments of risks, vulnerabilities and dependencies of submarine cable infrastructures. |
|
(20) |
On the basis of this assessment, Member States are incited to assist the Commission in putting forward a ‘Cable Security Toolbox’, setting out mitigating measures that Member States are encouraged to adopt to reduce risks, vulnerabilities and dependencies, in particular on high-risk suppliers, identified in the consolidated Union-wide assessment. |
4.2. Information sharing and mutual assistance
|
(21) |
Member States should regularly exchange information on situational awareness, incidents and incident response, as well as best practices applied, maximising synergies with competent authorities under the NIS 2 Directive and the CER Directive. Member States should offer each other assistance, in particular to mitigate impacts on the Union as a whole. |
|
(22) |
Member States are incited to discuss the potential for uptake of innovative solutions for the detection and deterrence of threats against submarine cable infrastructures, notably taking into account the results of EU-funded projects. |
|
(23) |
In those information sharing and mutual assistance activities, Member States should be able to handle EU classified information (‘EUCI’) at different levels of classification. To that purpose, Member States are incited to make experts with the appropriate level of expertise and security clearance available in accordance with the principle of originator. Member States should also determine the appropriate classification level of the information they share and ensure that approved tools are available for an efficient exchange at different EUCI classification levels. |
4.3. Cable Projects of European Interest
|
(24) |
Member States should assist the Commission in proposing a draft list of strategic Cable Projects of European Interest (‘CPEIs’), including their urgency and timeline, that could be considered to be supported through Union programmes, complemented with national funds to fill strategic gaps and establish new connections. |
|
(25) |
By building on existing assessments, Member States should advise the Commission by identifying those risks, vulnerabilities and dependencies that could be addressed through CPEIs in accordance with this Recommendation. |
|
(26) |
Member States are encouraged to propose a list of strategic projects that would fulfil the following criteria, without prejudice to the rules of the relevant Union programmes considered for funding or to State aid rules:
|
|
(27) |
It is recommended that Member States assist the Commission in performing a yearly review of the list of strategic projects and an update based on the consolidated Union-wide assessments of risks, vulnerabilities and dependencies of submarine cable infrastructures in point (19). In addition, Member States are incited to advise the Commission on how strategic projects should address the risks, vulnerabilities and dependencies identified. To that purpose, Member States are encouraged to take into account the following criteria:
|
4.4. International cooperation
|
(28) |
Member States and the Union, working in a Team Europe approach (23) and building on existing international cooperation, should be encouraged to cooperate in promoting the development of secure, trusted and resilient submarine cable infrastructures with enlargement countries, third countries, strategic partners, and in multilateral and multistakeholder fora, in line with the approach set out in this Recommendation, particularly in view of promoting CPEIs. |
5. FUNDING CABLE PROJECTS OF EUROPEAN INTEREST
|
(29) |
CPEIs should be funded by private financing which may be supported where necessary and appropriate by Union programmes, in particular Regulation (EU) 2021/1153 (‘the CEF Regulation’), potentially complemented with national resources, in compliance, or where applicable, consistent with State aid rules. (24) Union funding could be implemented through grants, procurement, blending operations, including currently under InvestEU, or public private partnerships, according to the rules of the relevant programmes. |
|
(30) |
Member States are encouraged to consider contributing, where necessary and appropriate, to the financing of CPEIs inter-alia, through the participation, of their National Promotional Banks and Institutions or other Implementing Partners in blending facilities or operations at EU level (25) using budget from the CEF programme. This should maximise the impact of public funding contributions, leverage private financing and facilitate the design of the investments in compliance or, where applicable, consistent with State aid rules (26). The pipelines of CEF projects developed by the implementing partners may be informed by the work of the Expert Group. |
|
(31) |
In order to ensure that national investments comply with State aid rules, Member States co-investing in CPEIs selected for funding under the CEF Regulation or awarded a Seal of Excellence quality label under the CEF Regulation, are encouraged to explore the possibility of designing aid measures that fulfil all the conditions (27) laid down in Commission Regulation (EU) No 651/2014 (28) and its amendments. Member States are also encouraged to explore whether CPEIs can be supported through the purchase of capacity for public use. |
|
(32) |
In order to finance CPEIs, Member States may consider using the Member State Compartment under InvestEU to contribute to financial products deployed by the InvestEU Implementing Partners such as National Promotional Banks and Institutions, the European Investment Bank Group or other International Financial Institutions, in conformity with the rules of the funding programmes in question. |
|
(33) |
Funding of CPEIs could also take place through financial vehicles, for instance equity funds. Member States are encouraged to invest, including via their National Promotional Banks and Institutions, into national or EU-level financial vehicles for the support of submarine cable infrastructures. |
6. REVIEW
|
(34) |
Member States are encouraged to cooperate with the Commission to assess the effects of this Recommendation by December 2025, with a view to determine appropriate ways forward. This assessment should take into account the consolidated Union-wide assessment in points (16) to (20) and the progress on implementing the CPEIs. |
7. FINAL PROVISION
|
(35) |
This Recommendation is addressed to the Member States. |
Done at Brussels, 26 February 2024.
For the Commission
Thierry BRETON
Member of the Commission
(1) https://presse.economie.gouv.fr/08-03-2022-declaration-conjointe-des-ministres-de-lunion-europeenne-charges-du-numerique-et-des-communications-electroniques-adressee-au-secteur-numerique/
(2) Council Recommendation of 8 December 2022 on a Union-wide coordinated approach to strengthen the resilience of critical infrastructure 2023/C 20/01 (OJ C 20, 20.1.2023, p. 1).
(3) Joint Communication to the European Parliament, the European Council and the Council on ‘European Economic Security Strategy’, JOIN(2023) 20 final, 20.6.2023.
(4) Report on the State of the Digital Decade 2023, 27 September 2023, https://digital-strategy.ec.europa.eu/en/news-redirect/798346
(5) Directive (EU) 2018/1972 of the European Parliament and of the Council of 11 December 2018 establishing the European Electronic Communications Code (OJ L 321, 17.12.2018, p. 36).
(6) Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union (NIS 2 Directive) (OJ L 333, 27.12.2022, p. 80).
(7) Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC (OJ L 333, 27.12.2022, p. 164).
(8) Council conclusions on the Revised EU Maritime Security Strategy (EUMSS) and its Action Plan, 24 October 2023, https://www.consilium.europa.eu/media/67499/st14280-en23.pdf
(9) C(2016) 3301.
(10) For instance, the geolocation of the routes, the technical specifications of the cable, etc.
(11) Commission Recommendation (EU) 2019/534 of 26 March 2019 Cybersecurity of 5G networks (OJ L 88, 29.3.2019, p. 42).
(12) Council Directive 92/43/EEC of 21 May 1992 on the conservation of natural habitats and of wild fauna and flora (OJ L 206, 22.7.1992, p. 7).
(13) Directive 2000/60/EC of the European Parliament and of the Council of 23 October 2000 establishing a framework for Community action in the field of water policy (OJ L 327, 22.12.2000. p. 1).
(14) For instance, the results from stress tests in the energy sector conducted under the Critical Infrastructure Resilience Recommendation should be taken into account.
(15) Directive 2014/61/EU of the European Parliament and of the Council of 15 May 2014 on measures to reduce the cost of deploying high-speed electronic communications networks Text with EEA relevance (OJ L 155, 23.5.2014, p. 1).
(16) Regulation (EU) 2021/1153 of the European Parliament and of the Council of 7 July 2021 establishing the Connecting Europe Facility and repealing Regulations (EU) No 1316/2013 and (EU) No 283/2014 (OJ L 249, 14.7.2021, p. 38).
(17) Regulation (EU) 2021/1529 of the European Parliament and of the Council of 15 September 2021 establishing the Instrument for Pre-Accession assistance (IPA III) (OJ L 330, 20.9.2021, p. 1).
(18) Regulation (EU) 2021/241 of the European Parliament and of the Council of 12 February 2021 establishing the Recovery and Resilience Facility (OJ L 57, 18.2.2021, p. 17).
(19) Regulation (EU) 2021/947 of the European Parliament and of the Council of 9 June 2021 establishing the Neighbourhood, Development and International Cooperation Instrument – Global Europe, amending and repealing Decision No 466/2014/EU of the European Parliament and of the Council and repealing Regulation (EU) 2017/1601 of the European Parliament and of the Council and Council Regulation (EC, Euratom) No 480/2009 (OJ L 209, 14.6.2021, p. 1).
(20) Joint Declaration on EU-NATO cooperation, signed on 10 January 2023 by the Secretary-General of NATO, the President of the European Council and the President of the European Commission.
(21) EU-NATO Task Force on the resilience of critical infrastructure, Final Assessment Report, 29 June 2023.
(22) Regulation (EU) 2021/694 of the European Parliament and of the Council of 29 April 2021 establishing the Digital Europe Programme and repealing Decision (EU) 2015/2240 (OJ L 166, 11.5.2021, p. 1).
(23) Team Europe seeks to pool resources and expertise and consists of the Union, its Member States – including their implementing agencies and public development banks – as well as the European Investment Bank (EIB) and the European Bank for Reconstruction and Development (EBRD).
(24) Where appropriate, the Member States may design also for Cable Important Project(s) of Common European Interest (IPCEI(s)) in compliance with the criteria set in the IPCEI Communication (Communication on the criteria for the analysis of the compatibility with the internal market of State aid to promote the execution of IPCEIs (OJ C 528, 30.12.2021, p. 10))
(25) As defined in Article 2.(6) of Regulation 2018/1046 (Financial Regulation).
(26) According to the Market Economy Operator Principle, transactions carried out by Member States do not confer an advantage on undertakings, and therefore do not constitute State aid, if they are carried out under the same terms and conditions (and therefore with the same level of risk and rewards) by public bodies and private operators who are in a comparable situation (a ‘pari passu’ transaction). See section 4.2. of the Commission Notice on the notion of State aid as referred to in Article 107(1) of the Treaty on the Functioning of the European Union, OJ C 262, 19.7.2016.
(27) Aid for the deployment of a submarine cable fulfilling all the conditions in Chapter I and the specific conditions of article 52b of Regulation (EU) No 651/2014 is considered compatible with the internal market within the meaning of Article 107(2) or (3) of the Treaty and shall be exempted from the notification requirement of Article 108(3) of the Treaty.
(28) Commission Regulation (EU) No 651/2014 of 17 June 2014 declaring certain categories of aid compatible with the internal market in application of Articles 107 and 108 of the Treaty (OJ L 187, 26.6.2014, p. 1).
ELI: http://data.europa.eu/eli/reco/2024/779/oj
ISSN 1977-0677 (electronic edition)