News item | 22-07-2022 | 16:18
The member states of the European Union (EU), the European Commission and the European Parliament have reached an agreement on a European directive for Critical Entities Resilience (CER). This guideline will protect providers of vital processes by increasing their resilience and resilience. This ensures better continuity of these processes. The directive focuses on the physical safety and security of vital processes such as the drinking water supply and energy.
This new directive covers more sectors than just energy and transport, as was the case with the old directive. New sectors are food supply, healthcare, financial market infrastructure, drinking water, digital infrastructure, wastewater, government services, banking and space services. The directive also means an extension of the rights and obligations of vital providers. Think, for example, of a duty to report certain incidents, comparable to the current reporting obligation for cyber incidents. Vital providers can currently call on government support in the event of digital incidents, for example through the National Cyber Security Center (NCSC). A certain form of support will also be set up for the physical side as a result of the new CER directive. Existing structures will be used as much as possible and a link will be sought with what is already working well.
The CER directive, together with the Network and Information Security 2 Directive (NIS2) a framework for digital and physical resilience of vital providers. In doing so, the guidelines strengthen the foundation of physical and digital security and thus ensure a resilient economy and society in both the Netherlands and the rest of the European Union.
After a vote in the European Parliament, the directive is expected to be published in the autumn of this year and can then be transposed into national law before mid-2024.