Choose the experimental features you want to try

This document is an excerpt from the EUR-Lex website

Document 52021AR0570

    Opinion of the European Committee of the Regions on the resilience of critical entities

    COR 2021/00570

    OJ C 440, 29.10.2021, p. 99–104 (BG, ES, CS, DA, DE, ET, EL, EN, FR, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

    29.10.2021   

    EN

    Official Journal of the European Union

    C 440/99


    Opinion of the European Committee of the Regions on the resilience of critical entities

    (2021/C 440/14)

    Rapporteur:

    Mario GUARENTE (ECR/IT), Mayor of Potenza

    Reference document:

    Proposal for a Directive of the European Parliament and of the Council on the resilience of critical entities

    COM(2020) 829 final

    I.   RECOMMENDATIONS FOR AMENDMENTS

    Amendment 1

    Article 3(2)

    Text proposed by the European Commission

    CoR amendment

    The strategy shall contain at least the following elements:

    The strategy shall contain at least the following elements:

    a)

    strategic objectives and priorities for the purposes of enhancing the overall resilience of critical entities taking into account cross-border and cross-sectoral interdependencies;

    a)

    strategic objectives and priorities for the purposes of enhancing the overall resilience of critical entities taking into account cross-border and cross-sectoral interdependencies;

    b)

    a governance framework to achieve the strategic objectives and priorities, including a description of the roles and responsibilities of the different authorities, critical entities and other parties involved in the implementation of the strategy;

    b)

    a governance framework to achieve the strategic objectives and priorities, including a description of the roles and responsibilities of the different authorities, critical entities and other parties involved in the implementation of the strategy;

    c)

    a description of measures necessary to enhance the overall resilience of critical entities, including a national risk assessment, the identification of critical entities and of entities equivalent to critical entities, and the measures to support critical entities taken in accordance with this Chapter;

    c)

    a description of measures necessary to enhance the overall resilience of critical entities, including a national risk assessment, the identification of critical entities and of entities equivalent to critical entities, and the measures to support critical entities taken in accordance with this Chapter;

    d)

    a policy framework for enhanced coordination between the competent authorities designated pursuant to Article 8 of this Directive and pursuant to [the NIS 2 Directive] for the purposes of information sharing on incidents and cyber threats and the exercise of supervisory tasks.

    d)

    a policy framework for enhanced coordination between the competent authorities designated pursuant to Article 8 of this Directive and pursuant to [the NIS 2 Directive] for the purposes of information sharing on incidents and cyber threats and the exercise of supervisory tasks;

     

    e)

    communication guidelines that balance confidentiality requirements with the need to report on risk levels to regional and local authorities and the people living in the areas concerned.

    The strategy shall be updated where necessary and at least every four years.

    The strategy shall be updated where necessary and at least every four years.

    Reason

    Communication and reporting on the risks of disasters that may affect critical infrastructures in a given area, vis-à-vis both local administrations and the general public, constitute an important tool for increasing the resilience of critical entities, as also set out in Priority 1 of the Sendai Framework (1). This should be done with a particular focus on the confidentiality requirements applying to critical information.

    Amendment 2

    Article 4(1)

    Text proposed by the European Commission

    CoR amendment

    Competent authorities designated pursuant to Article 8 shall establish a list of essential services in the sectors referred to in the Annex. They shall carry out by [three years after entry into force of this Directive], and subsequently where necessary, and at least every four years, an assessment of all relevant risks that may affect the provision of those essential services, with a view to identifying critical entities in accordance with Article 5(1), and assisting those critical entities to take measures pursuant to Article 11.

    Competent authorities designated pursuant to Article 8 shall establish a list of essential services in the sectors referred to in the Annex. They shall carry out by [three years after entry into force of this Directive], and subsequently where necessary, and at least every four years, an assessment of all relevant risks that may affect the provision of those essential services, with a view to identifying critical entities in accordance with Article 5(1), and assisting those critical entities to take measures pursuant to Article 11.

    The risk assessment shall account for all relevant natural and man-made risks, including accidents, natural disasters, public health emergencies, antagonistic threats, including terrorist offences pursuant to Directive (EU) 2017/541 of the European Parliament and of the Council.

    The risk assessment shall account for all relevant natural and man-made risks, including accidents, natural disasters, public health emergencies, antagonistic threats, including terrorist offences pursuant to Directive (EU) 2017/541 of the European Parliament and of the Council, paying specific attention to the condition of existing physical infrastructure for the purposes of establishing suitable programmes for upgrading or constructing new buildings .

    Reason

    The condition of existing physical infrastructure is an important element of the current and future ability of critical entities to prevent and manage possible incidents, and should therefore be included in risk assessments and in assessing the consequent need for building upgrading or construction programmes.

    Amendment 3

    Article 6(1) points (c) and (e)

    Text proposed by the European Commission

    CoR amendment

    When determining the significance of a disruptive effect as referred to in point (c) of Article 5(2), Member States shall take into account the following criteria:

    When determining the significance of a disruptive effect as referred to in point (c) of Article 5(2), Member States shall take into account the following criteria:

    a)

    the number of users relying on the service provided by the entity;

    a)

    the number of users relying on the service provided by the entity;

    b)

    the dependency of other sectors referred to in the Annex on that service;

    b)

    the dependency of other sectors referred to in the Annex on that service;

    c)

    the impacts that incidents could have, in terms of degree and duration, on economic and societal activities, the environment and public safety;

    c)

    the impacts that incidents could have, in terms of degree and duration, on economic and societal activities, the environment and public safety, in consultation with local and regional authorities where relevant ;

    d)

    the market share of the entity in the market for such services;

    d)

    the market share of the entity in the market for such services;

    e)

    the geographic area that could be affected by an incident, including any cross-border impacts;

    e)

    the geographic area that could be affected by an incident, including any cross-border impacts, in consultation with local and regional authorities where relevant ;

    f)

    the importance of the entity in maintaining a sufficient level of the service, taking into account the availability of alternative means for the provision of that service.

    f)

    the importance of the entity in maintaining a sufficient level of the service, taking into account the availability of alternative means for the provision of that service.

    Reason

    The local and regional impact of incidents can be best assessed by local and regional authorities.

    Amendment 4

    Article 8(5)

    Text proposed by the European Commission

    CoR amendment

    Member States shall ensure that their competent authorities, whenever appropriate, and in accordance with Union and national law, consult and cooperate with other relevant national authorities, in particular those in charge of civil protection, law enforcement and protection of personal data, as well as with relevant interested parties, including critical entities.

    Member States shall ensure that their competent authorities, whenever appropriate, and in accordance with Union and national law, consult and cooperate with other relevant national – and, where appropriate, local and regional – authorities, in particular those in charge of civil protection, law enforcement and protection of personal data, as well as with relevant interested parties, including critical entities.

    Reason

    The division of powers varies from one Member State to the next.

    Amendment 5

    Article 9(1)

    Text proposed by the European Commission

    CoR amendment

    Member States shall support critical entities in enhancing their resilience. That support may include developing guidance materials and methodologies, supporting the organisation of exercises to test their resilience and providing training to personnel of critical entities.

    Member States shall support critical entities in enhancing their resilience. That support may include developing guidance materials and methodologies, supporting the organisation of exercises to test their resilience and providing training to personnel of critical entities, as well as promoting communication and reporting on relevant risks vis-à-vis local administrations and the people living in the areas potentially affected .

    Reason

    Communication has a key role to play in strengthening the resilience of communities.

    Amendment 6

    Article 16(2)

    Text proposed by the European Commission

    CoR amendment

    The Critical Entities Resilience Group shall be composed of representatives of the Member States and the Commission. Where relevant for the performance of its tasks, the Critical Entities Resilience Group may invite representatives of interested parties to participate in its work.

    The Critical Entities Resilience Group shall be composed of representatives of the Member States and the Commission , as well as a representative of the European Committee of the Regions as an observer . Where relevant for the performance of its tasks, the Critical Entities Resilience Group may invite representatives of interested parties to participate in its work.

    Reason

    The CoR could contribute to the work of the Critical Entities Resilience Group by representing the concerns of local and regional authorities and contributing with its own wealth of expertise and knowledge built up on the ground.

    Amendment 7

    Article 16(3)

    Text proposed by the European Commission

    CoR amendment

    The Critical Entities Resilience Group shall have the following tasks:

    The Critical Entities Resilience Group shall have the following tasks:

    a)

    supporting the Commission in assisting Member States in reinforcing their capacity to contribute to ensuring the resilience of critical entities in accordance with this Directive;

    a)

    supporting the Commission in assisting Member States in reinforcing their capacity to contribute to ensuring the resilience of critical entities in accordance with this Directive;

    b)

    evaluating the strategies on the resilience of critical entities referred to in Article 3 and identifying best practices in respect of those strategies;

    b)

    evaluating the strategies on the resilience of critical entities referred to in Article 3 and identifying best practices in respect of those strategies;

    c)

    facilitating the exchange of best practices with regard to the identification of critical entities by the Member States in accordance with Article 5, including in relation to cross-border dependencies and regarding risks and incidents;

    c)

    facilitating the exchange of best practices with regard to the identification of critical entities by the Member States in accordance with Article 5, including in relation to cross-border dependencies and regarding risks and incidents;

    d)

    contributing to the preparation of the guidelines referred to in Article 6(3) and any delegated and implementing acts under this Directive, upon request;

    d)

    contributing to the preparation of the guidelines referred to in Article 6(3) and any delegated and implementing acts under this Directive, upon request;

    e)

    examining, on an annual basis, the summary reports referred to in Article 8(3);

    e)

    examining, on an annual basis, the summary reports referred to in Article 8(3);

    f)

    exchanging best practices on the exchange of information related to the notification of incidents referred to in Article 13;

    f)

    exchanging best practices on the exchange of information related to the notification of incidents referred to in Article 13;

    g)

    analyse and provide advice on the reports of advisory missions in accordance with Article 15(3);

    g)

    analyse and provide advice on the reports of advisory missions in accordance with Article 15(3);

    h)

    exchanging information and best practices on research and development relating to the resilience of critical entities in accordance with this Directive;

    h)

    exchanging information and best practices on research and development relating to the resilience of critical entities in accordance with this Directive;

    i)

    where relevant, exchanging information on matters concerning the resilience of critical entities with relevant Union institutions, bodies, offices and agencies.

    i)

    where relevant, exchanging information on matters concerning the resilience of critical entities with relevant Union institutions, bodies, offices and agencies.

     

    j)

    exchanging regional expertise and data, which can be used to draw up resilience strategies, through the involvement of local and regional authorities .

    Reason

    Exchanging regional expertise and data would contribute significantly to the design and implementation of effective resilience strategies.

    II.   POLICY RECOMMENDATIONS

    THE EUROPEAN COMMITTEE OF THE REGIONS

    1.

    welcomes the fact that the scope of the proposed directive has been substantially extended to cover energy, transport, health, drinking water, waste water, digital infrastructure, public administration and space;

    2.

    urges the European Commission to consider further increasing the number of sectors to be covered by the directive to also include the distribution chains of essential items, and in particular the food production, processing and distribution sector;

    3.

    aware of the particular complexity of the distribution chain sector, stresses the need to further explore this issue by promoting specific studies to establish a reliable methodological framework for its assessment and protection;

    4.

    also in view of the dramatic experience linked to the COVID-19 pandemic, hopes that action will be taken to make the distribution chains of essential items more robust by diversifying the distribution network and increasing the number of possible suppliers in line with the importance of the goods to be distributed;

    5.

    points out that, although the bulk of legislation in this field is set at EU or national level, local and regional authorities do have major tasks and responsibilities with regard to protecting the area in which they are located. Accordingly, they must play a specific and significant role in contributing to the resilience of the critical infrastructures located in their area, bringing their own knowledge and experience to bear;

    6.

    welcomes the shift from protecting the infrastructure to strengthening the resilience of the entities operating it, but stresses that the protection of the structures or infrastructure should not be disregarded, taking into account possible physical damage in the event of natural or man-made disasters and their potentially serious consequences not only at national level but also at local and regional and cross-border levels;

    7.

    highlights the added value of local and regional authorities in cross-border situations, particularly when it comes to understanding risks and assessing the gravity and potential consequences of incidents, as well as both sectoral and territorial ramifications;

    8.

    agrees that in order to ensure a comprehensive approach to the resilience of critical entities, each Member State should have a strategy, prepared in cooperation with local and regional authorities, setting out objectives and policy measures to be implemented, based on an assessment of all relevant natural and man-made risks that may affect the provision of essential services, such as accidents, natural disasters, public health emergencies or terrorist attacks;

    9.

    emphasises that a shared understanding of what is meant by critical entities and how to protect them should be agreed upon between Member States so as to pinpoint the best ways to boost their resilience, given the significant impact on the functioning of the internal market;

    10.

    highlights the specific situation of the outermost regions, whose peculiarities make them particularly vulnerable and where there is an obvious need to ensure a resilient infrastructure;

    11.

    considers that it would be useful for the Commission to draw up guidelines to ensure the effective and uniform application of the directive in all Member States, and steer the assessment activities and possible subsequent action on the basis of a holistic approach that takes into account all cross-sectoral and cross-border interdependencies so as to increase resilience to a sufficient degree that covers protection, risk prevention, business continuity and recovery;

    12.

    emphasises that strengthening cooperation between regions, for instance through the INTERREG programmes or European Groupings for Territorial Cooperation (EGTC), aimed at building up the resilience of critical entities, including physical infrastructure, is of crucial importance in preventing disruption and damage to such infrastructure, which may have serious cross-border impacts;

    13.

    considers that when national risk assessments are being carried out, the sub-national level should be taken into account, as the physical location of the infrastructure of a critical entity can also determine the impact and potential consequences on the ground;

    14.

    agrees with the need to reinforce the resilience of the identified critical entities; is concerned, however, about the possibly quite substantial financial burden incurred by compliance with the obligations laid down in the proposed directive;

    15.

    stresses that the Commission should provide for specific support in already existing programmes, including financial support, for critical entities, and particularly public critical entities, where this is necessary to promote the adoption of effective and timely measures;

    16.

    maintains that the strategy for strengthening the resilience of critical entities should be drawn up at national level in consultation with local and regional levels;

    17.

    agrees that in the event of an incident, critical entities need to notify the competent authority without delay, and include ‘any available information necessary to enable the competent authority to understand the nature, cause and possible consequences of the incident’. Where national structures and cooperation mechanisms are not already in place to deal with crises, the Committee calls for the establishment at national level of networks and cooperation mechanisms between relevant authorities, including local and regional authorities, and relevant sectors, dedicated to the management of emergencies and having the possibility of rapid response;

    18.

    stresses that every Member State has the responsibility to protect essential infrastructure and ensure the resilience of critical entities located in their country; agrees that critical entities of particular European significance, i.e. entities providing essential services to or in more than a third of Member States, should be subject to specific oversight;

    19.

    highlights the need to bolster risk management governance by promoting cooperation across borders and between Member States;

    20.

    agrees that since various structures and tools already exist under the Union Civil Protection Mechanism and the European Reference Network for Critical Infrastructure Protection, they should also be considered for the purposes of the proposed directive;

    21.

    recognising the crucial role of communication in increasing the resilience of communities, recommends promoting and supporting, in line with the objectives set out in the Sendai Framework, communication and reporting initiatives on disaster risks that may affect critical infrastructures located in a given area, vis-à-vis both local administrations and the general public;

    22.

    believes that coordination, communication and exchange of best practices between the national, regional and local levels and between Member States can promote more efficient cooperation on resources, knowledge and synergies in the whole crisis management cycle.

    Brussels, 1 July 2021.

    The President of the European Committee of the Regions

    Apostolos TZITZIKOSTAS


    (1)  https://www.undrr.org/publication/sendai-framework-disaster-risk-reduction-2015-2030.


    Top