Choose the experimental features you want to try

This document is an excerpt from the EUR-Lex website

Document 52006DC0786

    European Programme for Critical Infrastructure Protection

    Legal status of the document This summary has been archived and will not be updated, because the summarised document is no longer in force or does not reflect the current situation.

    European Programme for Critical Infrastructure Protection

    The European Commission sets out the principles and instruments needed to implement the European Programme for Critical Infrastructure Protection (EPCIP), aimed at both European and national infrastructure.

    ACT

    Communication from the Commission of 12 December 2006 on a European Programme for Critical Infrastructure Protection [COM(2006) 786 final – Official Journal C 126 of 7.6.2007].

    SUMMARY

    In December 2005, the Justice and Home Affairs Council called on the Commission to make a proposal for a European Programme for Critical Infrastructure Protection * (EPCIP). In response, the Commission adopted this communication and a proposal for a directive on the identification and designation of European critical infrastructure with a view to improving the protection of the latter.

    The communication sets out the principles, processes and instruments proposed to implement EPCIP. The threats to which the programme aims to respond are not confined to terrorism, but also include criminal activities, natural hazards and other causes of accidents, using an all-hazards approach.

    The general objective of EPCIP is to improve the protection of critical infrastructure in the European Union (EU). This will be achieved by implementing the European legislation set out in this communication.

    The legislative framework for the EPCIP consists of the following:

    • a procedure for identifying and designating European critical infrastructure and a common approach to assessing the need to improve the protection of such infrastructure. This will be implemented by means of a directive;
    • measures designed to facilitate the implementation of EPCIP, including an EPCIP action plan, the Critical Infrastructure Warning Information Network (CIWIN), the setting up of Critical Infrastructure Protection (CIP) expert groups at EU level, CIP information sharing processes, and the identification and analysis of interdependencies;
    • support for EU countries regarding National Critical Infrastructures (NCIs) that may optionally be used by a particular EU country, and contingency planning;
    • an external dimension;
    • accompanying financial measures, and in particular the Specific EU Programme on "Prevention, Preparedness and Consequence Management of Terrorism and other Security Related Risks" for the period 2007-13, which will provide funding opportunities for CIP related measures.

    EPCIP action plan

    The ECPIP action plan has three main work streams:

    • the first relates to the strategic aspects of EPCIP and the development of measures horizontally applicable to all CIP work;
    • the second concerns the protection of European critical infrastructures and aims to reduce their vulnerability;
    • the third is a national framework to assist EU countries in the protection of their NCIs.

    The action plan is an ongoing process and regular reviews will be carried out.

    Critical Infrastructure Warning Information Network (CIWIN)

    A warning network (the CIWIN) will be set up by a specific Commission proposal for the purposes of exchanging best practices and providing an optional platform for the exchange of rapid alerts linked to the Commission's ARGUS system.

    Expert groups

    Where specific expertise is needed, the Commission may set up CIP expert groups at EU level to address clearly defined issues. Depending on the sector of critical infrastructure, the functions of experts may include:

    • assistance in identifying vulnerabilities, interdependencies and sectoral best practices;
    • development of measures to reduce vulnerabilities and of performance metrics;
    • formulation of case studies.

    Information sharing on Critical Infrastructure Protection (CIP)

    Stakeholders must share information on CIP, particularly on measures concerning the security of critical infrastructure and protected systems, interdependency studies and CIP related vulnerability, threat and risk assessments. At the same time, there must be assurance that shared information of a proprietary, sensitive or personal nature is not publicly disclosed and that any personnel handling classified information will have an appropriate level of security vetting by their EU country.

    Identification of interdependencies

    To make a better assessment of the weak points, threats or risks relating to critical infrastructures, interdependencies of a geographic or sectoral nature must be identified and analysed.

    CIP Contact Group

    The Commission plans to set up a contact group for the protection of critical infrastructure. The contact points will be designated by each EU country and will be responsible for coordinating national CIP issues with other EU countries, the Council and the Commission.

    Protection of National Critical Infrastructures (NCIs)

    While recognising that the protection of NCIs is the responsibility of owners, operators and of EU countries themselves, the Commission does provide support in this area at the request of EU countries. Each EU country is encouraged to draw up a national protection programme including:

    • classification of NCIs, taking account of the effects of disruption or destruction of a particular infrastructure (geographic extent of the damage and seriousness of the consequences);
    • identification of geographic and sectoral interdependencies;
    • contingency planning.

    External dimension

    An important aspect of EPCIP is the external dimension of CIP. The interconnected and interdependent nature of modern economies means that disruption to or destruction of a particular infrastructure may have consequences for countries outside the Union and vice versa. It is therefore essential to strengthen international cooperation in this area through sectoral agreements.

    Accompanying financial measures

    The EPCIP will be co-financed by the Community Programme "Prevention, Preparedness and Consequence Management of Terrorism and other Security Related Risks" for the period 2007-13.

    Historical background

    On 17 and 18 June 2004, the European Council asked the Commission to prepare an overall strategy to enhance the protection of critical infrastructure. In response, on 20 October 2004, the Commission published the communication "Critical infrastructure protection in the fight against terrorism".

    The Commission's intention to propose a European Programme for Critical Infrastructure Protection (EPCIP) and a Critical Infrastructure Warning Information Network (CIWIN) was accepted by the European Council of 16 and 17 December 2004, both in its conclusions on prevention, preparedness and response to terrorist attacks and in the Solidarity Programme adopted by the Council on 2 December 2004.

    Throughout 2005, intensive work was carried out on EPCIP. On 17 November 2005, the Commission adopted a Green Paper on a European Programme for Critical Infrastructure Protection.

    On 15 September 2005, a decision on the financing of a pilot project containing a set of preparatory actions with a view to strengthening the fight against terrorism was adopted. This was followed by a second decision on 26 October 2006 on financing the EPCIP pilot project.

    On 12 December 2006, the Commission presented a proposal for a directive on the identification and designation of European critical infrastructures and a common approach to assess the need to improve their protection. On the same day, the Commission also adopted this communication. These documents give a clear idea of how the Commission proposes to address the issue of critical infrastructure protection in the EU.

    Finally, the proposed EU Programme on "Prevention, Preparedness and Consequence Management of Terrorism and other Security Related Risks" was adopted on 12 February 2007.

    Key terms used in the act

    • Critical infrastructure: the physical and information technology facilities, networks, services and assets that, if disrupted or destroyed, would have a serious impact on the health, safety, security or economic well-being of citizens or the effective functioning of governments in EU countries.

    RELATED ACTS

    Proposal for a Council Decision of 27 October 2008 on a Critical Infrastructure Warning Information Network (CIWIN) [COM(2008) 676 final – Not published in the Official Journal]. As foreseen in the communication above, this separate proposal aims to establish the Critical Infrastructure Warning Information Network (CIWIN). The CIWIN would provide EU countries with a secure information, communication and alert system for exchanging information relating to CIP. The system would facilitate cooperation between EU countries, allowing for exchanges on threats and vulnerabilities, as well as on strategies for improving the protection of critical infrastructure. EU countries’ participation in the network would remain voluntary. The CIWIN would consist of an electronic forum and a rapid alert system, the first for exchanging information and the latter for alerts on risks and threats. It would be a secure classified system, where access to information is regulated accordingly. The development of the technical aspects of the CIWIN is the responsibility of the Commission.

    Consultation procedure (CNS/2008/0200)

    Green Paper of 17 November 2005 on a European programme for critical infrastructure protection [COM(2005) 576 final – Not published in the Official Journal].

    Communication from the Commission to the Council and the European Parliament of 20 October 2004 – Preparedness and consequence management in the fight against terrorism [COM(2004) 701 final – Official Journal C 52 of 2.3.2005].

    Communication from the Commission to the Council and the European Parliament of 20 October 2004 – Prevention, preparedness and response to terrorist attacks [COM(2004) 698 final – Official Journal C 14 of 20.1.2005].

    Last updated: 17.08.2010

    Top