With 595 votes in favour, 17 against, and 24 abstaining, MEPs voted to confirm an agreement from negotiations with the Council on boosting critical infrastructure protection in the EU. The new rules will harmonise the definition of critical infrastructure, so that it is consistent between the member states.
A broader scope of eleven important sectors
Covering the sectors of energy, transport, banking, financial market infrastructure, digital infrastructure, drinking and waste water, food (including production, processing and delivery), health, public administration and space, the legislation tightens the requirements for risk assessments and reporting for actors considered critical.
According to the new rules, member states should adopt national resilience strategies, and cross-border communication should happen through designated single points of contact in each member state. At the same time, they should avoid double reporting between this and other resilience-boosting initiatives, so that critical actors do not face an unnecessary administrative burden. To ensure transparency, critical actors should inform national authorities of any incidents or disturbances, and the authorities should inform the public when this is in the public interest.
Quote
After the vote, rapporteur Michal Šimečka (Renew, SK) said: “To deliver a Europe that protects, we must also bolster the collective resilience of the critical systems underpinning our way of life. With 11 crucial sectors covered, this legislation will respond to both the challenges of the climate crises and the increasing occurrence of sabotage in the European Union because of Russia’s war of aggression against Ukraine. The EU’s critical infrastructure must remain resilient against these threats.”
Background
In the previous directive on critical infrastructures, only energy and transport were within the scope of common rules. The European Parliament called for the revision of previous directive in a resolution on the findings of the Special Committee on Terrorism in 2018. The co-legislators have also ensured that the new legislation is consistent with the recently-adopted NIS2 directive on cybersecurity.