Critical Entities Resilience Directive

Page 1

POSITION | DIGITALISATION | CER DIRECTIVE

Critical Entities Resilience Directive German industry’s position on the EU Commission’s proposal for a Directive on the Resilience of Critical Entities COM(2020) 829, repealing Directive 2008/114/EC.

April 2021 Executive Summary As the voice of the German industry, BDI highly appreciates the opportunity to provide feedback on the European Commission’s proposal for a Directive on the Resilience of Critical Entities (COM(2020) 829) (hereafter Critical Entities Resilience – CER – Directive). German industry welcomes the European Commission’s aim to strengthen the resilience of critical entities in the Member States and to further level the playing field for critical entities across the European Union. While this legislative proposal is overall a successful step forward, German industry is proposing the following adjustments to the proposal for a Directive on the Resilience of Critical Entities: Strategy for reinforcing the resilience of critical entities (Article 3) German industry welcomes the EU Commission’s proposal that each Member State must adopt a strategy for reinforcing the resilience of critical entities. Before revising these strategies, Member States should be required to consult critical entities, as these companies provide vital services for the smooth running of daily life.

Identification of critical entities (Article 5) Given that the sectors concerned are the same in CER and NIS 2, the completely separate identification of critical entities and essential entities is inconclusive. The former are identified by the member states, the latter uniformly throughout Europe by NIS 2. While it may make sense in certain cases that a critical entity is not exposed to cyber risks, any essential entity must also take care of its physical protection. Therefore, physical protection of digital infrastructure must follow for any entity classified as essential under NIS 2 if the EU Commission is serious about protecting it. From the perspective of German industry, a closer interlocking of CER and NIS 2 makes sense at this point.

Competent authorities and single point of contact (Article 8) There are already numerous sets of regulations in Germany with corresponding reporting provisions in individual sectors. Examples include the Telecommunications Act (TKG) and the Energy Industry Act (EnWG). Under these laws, companies already report security Dominic Glock | Digitalisation and Innovation | T: +49 30 2028-1524 | D.Glock@bdi.eu | www.bdi.eu

Turn static files into dynamic content formats.

Create a flipbook

Articles inside

Entities Directive

14min
pages 7-12

Introduction

4min
pages 5-6

Executive Summary

5min
pages 1-4
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.
Critical Entities Resilience Directive by Bundesverband der Deutschen Industrie e.V. - Issuu