EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

Document 52007AB0011

Opinion of the European Central Bank of 13 April 2007 on a proposal for Council directive on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection (CON/2007/11)

OJ C 116, 26.5.2007, p. 1–4 (BG, ES, CS, DA, DE, ET, EL, EN, FR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)



Official Journal of the European Union

C 116/1


of 13 April 2007

on a proposal for Council directive on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection


(2007/C 116/01)

Introduction and legal basis

On 23 January 2007 the European Central Bank (ECB) received a request from the Council of the European Union for an opinion on a proposal for a directive of the Council on the identification and designation of European Critical Infrastructures and the assessment of the need to improve their protection (1) (hereinafter the ‘proposed directive’). The proposed directive establishes a procedure for the identification and designation of European Critical Infrastructures (ECIs) whose disruption or destruction would significantly affect two or more Member States or a single Member State if the critical infrastructure is located in another Member State. The ECB's competence to deliver an opinion is based on the first indent of Article 105(4) of the Treaty establishing the European Community. In accordance with the first sentence of Article 17(5) of the Rules of Procedure of the European Central Bank, the Governing Council has adopted this opinion.

1.   General observations


The ECB fully supports the proposed directive's objective of enhancing coordination among the actions planned in different relevant European Union sectors for the prevention of, preparedness for and response to threats, particularly terrorist attacks involving critical infrastructures and cross-sector dependencies (2). In particular, the ECB considers it important to ensure that consistent and coordinated actions are taken in different sectors to properly respond to these threats.


The provisions of the proposed directive granting Member States certain responsibilities concerning the identification of the European Critical Infrastructures (hereinafter the ‘ECIs’), their notification to the Commission, and the establishment, updating, review and, in particular, regular supervision of the Operator Security Plans (‘OSPs’) of ECIs, as well as reporting the summary of risks for each sector to the Commission, must respect existing national and EU authorities' competencies. These include the exclusive tasks of central banks, required to be performed in an independent manner in accordance with the Treaty (3), as well as the tasks attributed to central banks under applicable national laws. In particular, it will be necessary to ensure that the national provisions implementing the proposed directive will be fully compatible with central banks' oversight powers or obligations with respect to payment, securities clearing and settlement systems and infrastructures, clearing houses and central counterparties (4). In this respect it is understood that the framework provided by this proposed directive will not prejudice central banks' powers and independence. A recital should be introduced in the proposed directive to reflect these considerations.


Moreover the ECB would like to stress that the Eurosystem and/or national central banks have already established measures ensuring business continuity in euro area payment systems, and the ECB considers that this work should be recognised with a view to avoiding duplication and ensuring consistency in the work done by several authorities.

2.   Specific comments


First, the financial sector identified in the proposed directive is sub-divided into (1) payment and securities clearing and settlement infrastructure and systems; and (2) regulated markets. The ECB proposes broader wording to cover trading, payment, clearing and settlement systems and infrastructures for financial instruments.


Second, the definition of ‘critical infrastructure ’expressly recognises cross-sector dependencies since the effectiveness of implementing measures for any one sector could be severely undermined by failure to properly address sectoral interdependencies. However, it is noted that this definition does not expressly refer only to assets located solely within the EU. Therefore, it is not clear how assets located partly outside the EU, whose disruption or destruction would affect European critical infrastructures, would be treated under the proposed directive. The ECB would welcome further clarification of this issue.


Third, the ‘severity test ’relevant to the identification of European critical infrastructures is quite broad and should be enhanced with clearer indications to ensure consistency of designation across countries and sectors. It would be helpful to further clarify this concept when establishing cross-cutting and sectoral criteria through the comitology procedure under the proposed directive. It is noted that the proposed directive is likely to bring additional administrative requirements which are likely to have associated costs for infrastructures and relevant authorities. Depending on the establishment of such thresholds, infrastructures not currently overseen may be caught and subject to additional costs.


Fourth, a separate Community act may be needed to establish procedures to identify and designate ECIs owned or operated by Community institutions, bodies or agencies. While under the proposed directive the Commission may propose a list of critical infrastructures to be designated as ECIs on the basis both of notifications made by Member States and ‘of any other information at the Commission's disposal’, it might not be practical for ECIs operated by Community bodies and having a pan-European dimension to be part of a system that would be administered by the Member States.


Fifth, according to the proposed directive, the list of critical infrastructures designated as ECIs is required to be adopted in accordance with the comitology procedure established by the proposed directive (5). The list of all ECIs would be adopted before the establishment and putting into operation of the OSPs containing relevant security solutions for the protection of the listed ECIs, since operators have a year following designation to draw up an OSP. In this context, publicity is undesirable for payment and securities clearing and settlement infrastructures and systems. In particular, as the purpose of the Directive includes the preparation for threats affecting financial markets, it would be unsound to publicly disclose the list of critical infrastructures materially relevant for the smooth functioning of financial markets. Today, no country in the world would publicly disclose such a list on the basis of similar considerations. The ECB therefore strongly recommends keeping the list of ECIs confidential.


Finally, the ECB strongly recommends giving adequate consideration to existing measures in defining implementing measures and focusing on those areas where no specific measures have been so far identified. In this context it seems therefore desirable not to start work on defining or implementing measures in the areas of payments and clearing, but rather to acknowledge the work already done by the competent authorities. On the one hand, additional regulation and related burdens will need to be justified through adequate impact analysis. On the other hand, it is important to keep standards and regulations in this area sufficiently flexible so that they can be easily and continuously adapted to the changing environment. The ECB would prefer no specific legally binding measures to be adopted. Should the Commission decide to adopt implementing measures, the ECB will have to be formally consulted under the Treaty on any such measures relating to payment and securities clearing and settlement infrastructures and systems, and other matters falling within the ECB's fields of competence (6).

3.   Drafting proposals

Where the above advice would lead to changes in the proposed directive, drafting proposals are set out in the Annex.

Done at Frankfurt am Main, 13 April 2007.

The Vice-President of the ECB


(1)  COM(2006) 787 final.

(2)  The ECB also supports the view that the European Programme for Critical Infrastructure Protection should be based on an all-hazards approach while countering threats from terrorism as a priority and that under this approach, manmade, technological threats and natural disasters should be taken into account in the European critical infrastructure protection process.

(3)  At the same time, in the context of the preparation of an overall, EU-wide strategy to protect critical infrastructures against terrorist attacks, recognition that the Eurosystem has such exclusive competence does not have the consequence of separating it entirely from the European Community and exempting it from every rule of Community law (paragraph 135 of Case C-11/00 Commission v European Central Bank [2003] ECR I-7147).

(4)  For example, the Eurosystem has established principles and procedures for the oversight of the payment and clearing systems and infrastructure, including preventive measures against operational problems, such as the business continuity oversight expectations for systemically important payment systems of June 2006.

(5)  Article 4(2) and Article 11 of the proposed directive.

(6)  First indent of Article 105(4) of the Treaty.


Drafting proposals

Text proposed by the Commission

Amendments proposed by the ECB  (1)

Amendment 1

New recital 17a


For the purposes of the financial sector, this Directive should be compatible with the tasks and duties conferred on the European System of Central Banks (ESCB) by the Treaty and the Statute of the European System of Central Banks and of the European Central Bank. Particular attention in this regard needs to be given to the operation and oversight of payment and securities clearing and settlement infrastructures and systems by the ESCB central banks, and to the contribution made by central banks to the stability of the financial system. To avoid unnecessary duplication of work, Member States should rely on the work and regular assessments conducted by the central banks within their fields of competence.

Justification — See paragraph 1.2 of the opinion

Annex 1 List of critical infrastructure sectors

VII   Financial

Payment and securities clearing and settlement infrastructures and systems

Regulated markets

VII   Financial

Trading, payment and securities clearing and settlement infrastructures and systems for financial instruments

Regulated markets

Justification — See paragraph 2.1 of the opinion

(1)  Bold in the body of the text indicates where the ECB proposes inserting new text. Strikethrough in the body of the text indicates where the ECB proposes deleting the text.