Introduction into the proposed EU-Directive on the resilience of critical entities

NEREUS together with Eurisy launched their new webinar series “Space for Critical Infrastructure”. The series has been created in the wake of the European Commission’s proposal of a new directive on the resilience of critical entities (COM(2020) 829 final/2020/0365/COD). This opening webinar provided an overview of the new scope of the directive, its perimeter as well as its major consequences and the potential of Earth observation data to increase the effectiveness of monitoring and maintenance operations.

Space for Critical Infrastructure

The series is structured around the European Commission proposal for a new EU-Directive to enhance the resilience of critical entities providing essential services for the functioning of our society and economy. It provides a platform for national authorities, regional stakeholders, researchers, and businesses to learn more about how satellite-based services can boost the safety and security of critical entities in different sectors.

After three introductory webinars presenting the state of play of the legislative process and the rationale behind the enlargement of the scope of the proposed EU, a set of thematic webinars will be organised to illustrate operational solutions and current use cases. Actual early adopters will tell us more about the benefits they are enjoying while experts will present major technological trends, funding opportunities and strategic priorities.

An overview of the proposed directive

The proposed Directive on the resilience for critical entities (CER) sets minimum standards for an all-hazards EU-framework that supports Member States in their national efforts to ensure that critical entities are able to prevent, resist, absorb and recover from disruptive incidents, no matter if they are caused by natural hazards, accidents, terrorism, insider threats, or public health emergencies.

The predecessor of the proposed directive, the European Critical Infrastructure (ECI) Directive, dates back to 2008 and only applies to the energy and transport sectors. Numerous political and technical developments, as well as the increasingly complex environment of risks and interdependencies, rendered the ECI Directive outdated for purpose. To adequately equip operators in Europe to address the variety of risks they face today, there was a clear need for new EU action.

The revision follows the logic of the EU Security Union Strategy which covers the period from 2020 to 2025 and focuses on priority areas where the EU can help Member States in fostering security for all those living in Europe

Max Brandt from the European Commission Counter Terrorism Unit (DG HOME), responsible for the critical infrastructure legislation, provided an overview of the proposed directive. The major novelty introduced by the new legislative text concerns the extension of the scope to ten sectors, namely energy, transport, banking, financial market, health, drinking water, wastewater, digital infrastructure, public administration, and space. It includes all natural and man-made risks that may affect the provision of essential services. As will be demonstrated throughout this series, satellite-based solutions can offer support in all these sectors. For cyber security related risks, the same level of protection will be ensured by the revised Network and Information Systems Directive (NIS2).

Apart from the extension of the scope to ten sectors, the new Directive comes with a shift in focus, from protection to resilience. In other words, the Directive reflects not only the ability to protect against possible incidents, but also to bounce back into full operation afterwards. Rather than being limited to the physical assets and infrastructure, the emphasis is on the entities making use of the infrastructure, as well as on its supply chains and processes. Additionally, as opposed to the preceding directive, Member States will identify critical entities at national level without the need for a cross-border physical connection.

At the level of the Member States, a national strategy for the resilience of their entities needs to be in place. Member States need to perform national risk assessments, and will be responsible for identifying critical entities according to certain criteria. The Directive also establishes rules on supervision and enforcement of critical entities to ensure that the competent authorities can conduct on-site inspections and order audits. The responsible entities in charge of critical entities also have a set of obligations they need to comply with, such as to perform their own risk assessments, take measures to increase their resilience, and notify incidents to the national authorities competent bodies.

The proposed Directive also foresees the possibility for advisory missions for critical entities with European significance, i.e. where a significant number of Member States depend on. This will entail teams of experts from different Member States to visit sites to give recommendations on how to increase resilience. Finally, the proposal introduces the Critical Entities Resilience Group, an expert group of Member State authorities to discuss the provisions of the directive and their direct and indirect impact, as well as all other matters related to resilience of critical infrastructure in a wider sense, including discussions on research and development, and international cooperation. The Commission will offer different forms of support to Member States and critical entities, from a Union-level risk overview to best practices, methodologies, cross-border training activities and exercises to test the resilience of critical entities.

Space technology trends and perspectives

With its enlarged scope, the proposed directive will directly apply to space, at least for what concerns the ground-based segment of space infrastructure. Nonetheless, space assets can also serve Member States to increase the resilience of their critical entities. Michela Corvino, from the European Space Agency (ESA) Earth Observation data application division, presented some examples of how Earth Observation can be exploited in the context of safety and security of critical infrastructure. At ESRIN, the European centre of excellence for exploitation of Earth Observation missions, ESA hosts the International Charter on Space and Natural Disasters. The Charter is a global effort between space agencies to place their satellite resources at the disposal of civil protection authorities to keep an eye on critical infrastructure in the event of a disaster.

From Earth science missions and the sentinel constellation to meteorology in cooperation with Eumetsat, different Earth Observation data sources can help to monitor the status of critical infrastructure such as energy grids, transportation, health infrastructures, etc. One recent example highlighted was the Rapid Action on Corona Virus and Earth Observation (RACE), an open platform measuring activities in industries, ports, commercial centres, and other areas to monitor the economic and environmental impact of the coronavirus crisis.

Other examples include regional initiatives (e.g. for the Alps, Atlantic, Black Sea/Sea Danube, Baltic) to enhance regional monitoring (e.g. landslide risk assessment) and environmental protection (e.g. real-time incident satellite imagery in oil and gas industry) in the event of natural or man-made disasters affecting the provision of essential services.

Use case of Port-la-Nouvelle

With environmental regulations on one hand and the continuous maintenance of critical infrastructure on the other, operators and authorities likewise face an increasingly difficult balancing test. A specific example of this was presented during the last part of the webinar. Aurelie Dehouck, founder of i-Sea, explained how the French Occitanie Region dealt with the risk of turbidity during expansion works in the harbour of Port-la-Nouvelle. The port authorities, strained by climate change and environmental risks, were able to rely on Copernicus satellite imagery to monitor water quality and to rapidly intervene in the event that a turbid plume would spread towards vulnerable areas. For more information find here the use case or watch the video.

Stay tuned

The second webinar Introductory webinar reflecting on the collapse of the Morandi bridge will take place on 26 April 2022.