This document is an excerpt from the EUR-Lex website
European Programme for Critical Infrastructure Protection
The European Commission sets out the principles and instruments needed to implement the European Programme for Critical Infrastructure Protection (EPCIP), aimed at both European and national infrastructure.
Communication from the Commission of 12 December 2006 on a European Programme for Critical Infrastructure Protection [COM(2006) 786 final – Official Journal C 126 of 7.6.2007].
In December 2005, the Justice and Home Affairs Council called on the Commission to make a proposal for a European Programme for Critical Infrastructure Protection * (EPCIP). In response, the Commission adopted this communication and a proposal for a directive on the identification and designation of European critical infrastructure with a view to improving the protection of the latter.
The communication sets out the principles, processes and instruments proposed to implement EPCIP. The threats to which the programme aims to respond are not confined to terrorism, but also include criminal activities, natural hazards and other causes of accidents, using an all-hazards approach.
The general objective of EPCIP is to improve the protection of critical infrastructure in the European Union (EU). This will be achieved by implementing the European legislation set out in this communication.
The legislative framework for the EPCIP consists of the following:
EPCIP action plan
The ECPIP action plan has three main work streams:
The action plan is an ongoing process and regular reviews will be carried out.
Critical Infrastructure Warning Information Network (CIWIN)
A warning network (the CIWIN) will be set up by a specific Commission proposal for the purposes of exchanging best practices and providing an optional platform for the exchange of rapid alerts linked to the Commission's ARGUS system.
Where specific expertise is needed, the Commission may set up CIP expert groups at EU level to address clearly defined issues. Depending on the sector of critical infrastructure, the functions of experts may include:
Information sharing on Critical Infrastructure Protection (CIP)
Stakeholders must share information on CIP, particularly on measures concerning the security of critical infrastructure and protected systems, interdependency studies and CIP related vulnerability, threat and risk assessments. At the same time, there must be assurance that shared information of a proprietary, sensitive or personal nature is not publicly disclosed and that any personnel handling classified information will have an appropriate level of security vetting by their EU country.
Identification of interdependencies
To make a better assessment of the weak points, threats or risks relating to critical infrastructures, interdependencies of a geographic or sectoral nature must be identified and analysed.
CIP Contact Group
The Commission plans to set up a contact group for the protection of critical infrastructure. The contact points will be designated by each EU country and will be responsible for coordinating national CIP issues with other EU countries, the Council and the Commission.
Protection of National Critical Infrastructures (NCIs)
While recognising that the protection of NCIs is the responsibility of owners, operators and of EU countries themselves, the Commission does provide support in this area at the request of EU countries. Each EU country is encouraged to draw up a national protection programme including:
An important aspect of EPCIP is the external dimension of CIP. The interconnected and interdependent nature of modern economies means that disruption to or destruction of a particular infrastructure may have consequences for countries outside the Union and vice versa. It is therefore essential to strengthen international cooperation in this area through sectoral agreements.
Accompanying financial measures
The EPCIP will be co-financed by the Community Programme "Prevention, Preparedness and Consequence Management of Terrorism and other Security Related Risks" for the period 2007-13.
On 17 and 18 June 2004, the European Council asked the Commission to prepare an overall strategy to enhance the protection of critical infrastructure. In response, on 20 October 2004, the Commission published the communication "Critical infrastructure protection in the fight against terrorism".
The Commission's intention to propose a European Programme for Critical Infrastructure Protection (EPCIP) and a Critical Infrastructure Warning Information Network (CIWIN) was accepted by the European Council of 16 and 17 December 2004, both in its conclusions on prevention, preparedness and response to terrorist attacks and in the Solidarity Programme adopted by the Council on 2 December 2004.
Throughout 2005, intensive work was carried out on EPCIP. On 17 November 2005, the Commission adopted a Green Paper on a European Programme for Critical Infrastructure Protection.
On 15 September 2005, a decision on the financing of a pilot project containing a set of preparatory actions with a view to strengthening the fight against terrorism was adopted. This was followed by a second decision on 26 October 2006 on financing the EPCIP pilot project.
On 12 December 2006, the Commission presented a proposal for a directive on the identification and designation of European critical infrastructures and a common approach to assess the need to improve their protection. On the same day, the Commission also adopted this communication. These documents give a clear idea of how the Commission proposes to address the issue of critical infrastructure protection in the EU.
Finally, the proposed EU Programme on "Prevention, Preparedness and Consequence Management of Terrorism and other Security Related Risks" was adopted on 12 February 2007.
Key terms used in the act
Proposal for a Council Decision of 27 October 2008 on a Critical Infrastructure Warning Information Network (CIWIN) [COM(2008) 676 final – Not published in the Official Journal]. As foreseen in the communication above, this separate proposal aims to establish the Critical Infrastructure Warning Information Network (CIWIN). The CIWIN would provide EU countries with a secure information, communication and alert system for exchanging information relating to CIP. The system would facilitate cooperation between EU countries, allowing for exchanges on threats and vulnerabilities, as well as on strategies for improving the protection of critical infrastructure. EU countries’ participation in the network would remain voluntary. The CIWIN would consist of an electronic forum and a rapid alert system, the first for exchanging information and the latter for alerts on risks and threats. It would be a secure classified system, where access to information is regulated accordingly. The development of the technical aspects of the CIWIN is the responsibility of the Commission.
Consultation procedure (CNS/2008/0200)
Green Paper of 17 November 2005 on a European programme for critical infrastructure protection [COM(2005) 576 final – Not published in the Official Journal].
Communication from the Commission to the Council and the European Parliament of 20 October 2004 – Preparedness and consequence management in the fight against terrorism [COM(2004) 701 final – Official Journal C 52 of 2.3.2005].
Communication from the Commission to the Council and the European Parliament of 20 October 2004 – Prevention, preparedness and response to terrorist attacks [COM(2004) 698 final – Official Journal C 14 of 20.1.2005].
Last updated: 17.08.2010