22 Amendments of Caroline NAGTEGAAL related to 2020/0365(COD)
Amendment 10 #
Proposal for a directive
Recital 1
Recital 1
(1) Council Directive 2008/114/EC17 provides for a procedure for designating European critical infrastructures in the energy and transport sectors, the disruption or destruction of which would have significant cross-border impact on at least two Member States. That Directive focused exclusively on the protection of such infrastructures. However, the evaluation of Directive 2008/114/EC conducted in 201918 found that due to the increasingly interconnected and cross-border nature of operations using critical infrastructure such as high speed rail or air traffic management, protective measures relating to individual assets alone are insufficient to prevent all disruptions from taking place. Therefore, it is necessary to shift the approach towards ensuring the resilience of critical entities, that is, their ability to mitigate, absorb, accommodate to and recover from incidents that have the potential to disrupt the operations of the critical entity and the functioning of the internal market. _________________ 17Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection (OJ L 345, 23.12.2008, p.75). 18 SWD(2019) 308.
Amendment 13 #
Proposal for a directive
Recital 2
Recital 2
(2) Despite existing measures at 19 19 Union and national level aimed at supporting the protection of critical infrastructures in the Union, the entities operating those infrastructures are not adequately equipped to address current and anticipated future risks to their operations that may result in disruptions of the provision of services that are essential for the performance of vital societal functions or economic activities. This is due to a dynamic threat landscape with an evolving terrorist threat and growing interdependencies between infrastructures and sectors, as well as an increased physical risk due to natural disasters and climate change, which increases the frequency and scale of extreme weather events and brings long-term changes in average climate that can reduce the capacity and efficiency of certain infrastructure types if resilience or climate adaptation measures are not in place. Moreover, relevant sectors such as certain transport and tourism sectors, and types of entities are not recognised consistently as critical in all Member States. _________________ 19European Programme for Critical Infrastructure Protection (EPCIP).
Amendment 21 #
Proposal for a directive
Recital 3
Recital 3
(3) Those growing interdependencies are the result of an increasingly cross- border and interdependent network of service provision using key infrastructures across the Union in the sectors of energy, transport, banking, financial market infrastructure, digital infrastructure, drinking and waste water, health, certain aspects of public administration, as well as space in as far as the provision of certain services depending on ground-based infrastructures that are owned, managed and operated either by Member States or by private parties is concerned, therefore not covering infrastructures owned, managed or operated by or on behalf of the Union as part of its space programmes. These interdependencies mean that any disruption, even one initially confined to one entity or one sector, can have cascading effects more broadly, potentially resulting in far-reaching and long-lasting negative impacts in the delivery of services across the internal market. The COVID-19 pandemic has shown the vulnerability of our increasingly interdependent societies, particularly the transport and tourism sectors, in the face of low-probability risks.
Amendment 23 #
Proposal for a directive
Recital 4
Recital 4
(4) The entities involved in the provision of essential services are increasingly subject to diverging requirements imposed under the laws of the Member States. The fact that some Member States have less stringent security requirements on these entities not only risks impacting negatively on the maintenance of vital societal functions or economic activities across the Union, it also leads to obstacles to the proper functioning of the internal market. The resilience of critical entities gives investors and companies reliability and trust, which are cornerstones to a well- working internal market. Similar types of entities are considered as critical in some Member States but not in others, and those which are identified as critical are subject to divergent requirements in different Member States. This results in additional and unnecessary administrative burdens for companies operating across borders, notably for companies active in Member States with more stringent requirements.
Amendment 31 #
Proposal for a directive
Recital 10
Recital 10
(10) In view of ensuring a comprehensive approach to the resilience of critical entities, each Member State should have a strategy setting out objectives and policy measures to be implemented. To achieve this, and taking account of the hybrid nature of many threats, Member States should ensure that their cybersecurity strategies provide for a policy framework for enhanced coordination between the competent authority under this Directive and the NIS 2 Directive in the context of information sharing on incidents and cyber and non-cyber threats and the exercise of supervisory tasks.
Amendment 33 #
Proposal for a directive
Recital 11
Recital 11
(11) The actions of Member States to identify and help ensure the resilience of critical entities should follow a risk-based approach that targets efforts to the entities most relevant for the performance of vital societal functions or economic activities, for example multi-modal hubs for transport, rail infrastructure or air traffic management. In order to ensure such a targeted approach, each Member State should carry out, within a harmonised framework, an assessment of all relevant natural and man- made risks that may affect the provision of essential services, including accidents, natural disasters, public health emergencies such as pandemics, and antagonistic threats, including terrorist offences. When carrying out those risk assessments, Member States should take into account other general or sector-specific risk assessment carried out pursuant to other acts of Union law and should consider the dependencies between sectors, including from other Member States and third countries. The outcomes of the risk assessment should be used in the process of identification of critical entities and to assist those entities in meeting the resilience requirements of this Directive.
Amendment 53 #
Proposal for a directive
Article 1 – paragraph 1 – introductory part
Article 1 – paragraph 1 – introductory part
1. To that end, this Directive:
Amendment 55 #
Proposal for a directive
Article 1 a (new)
Article 1 a (new)
Article 1 a To be placed before Paragraph 1 1. This Directive lays down measures with a view to achieving a high level of resilience of critical entities in order to ensure the provision of essential services within the Union and improve the functioning of the internal market.
Amendment 58 #
Proposal for a directive
Article 3 – paragraph 1
Article 3 – paragraph 1
1. Each Member State shall, following consultation with critical entities, adopt by [threefour years after entry into force of this Directive] a strategy for reinforcing the resilience of critical entities. This strategy shall set out strategic objectives and policy measures with a view to achieving and maintaining a high level of resilience on the part of those critical entities and covering at least the sectors referred to in the Annex.
Amendment 67 #
Proposal for a directive
Article 4 – paragraph 1 – introductory part
Article 4 – paragraph 1 – introductory part
1. Competent authorities designated pursuant to Article 8 shall establish a list of essential services in the sectors referred to in the Annex. They shall carry out by [threefour years after entry into force of this Directive], and subsequently where necessary, and at least every four years, an assessment of all relevant risks that may affect the provision of those essential services, with a view to identifying critical entities in accordance with Article 5(1), and assisting those critical entities to take measures pursuant to Article 11.
Amendment 75 #
Proposal for a directive
Article 4 – paragraph 4
Article 4 – paragraph 4
4. Each Member State shall provide the Commission with data on the types of risks identified and the outcomes of the risk assessments, per sector and sub-sector referred to in the Annex, by [threefour years after entry into force of this Directive] and subsequently where necessary and at least every four years.
Amendment 79 #
Proposal for a directive
Article 5 – paragraph 1
Article 5 – paragraph 1
1. By [threefour years and three months after entry into force of this Directive] Member States shall identify for each sector and subsector referred to in the Annex, other than points 3, 4 and 8 thereof, the critical entities.
Amendment 82 #
Proposal for a directive
Article 5 – paragraph 3 – introductory part
Article 5 – paragraph 3 – introductory part
3. Each Member State shall establish a list of the critical entities identified and ensure that those critical entities are notified of their identification as critical entities within onetwo months of that identification, informing them of their obligations pursuant to Chapters II and III and the date from which the provisions of those Chapters apply to them.
Amendment 83 #
Proposal for a directive
Article 5 – paragraph 4
Article 5 – paragraph 4
4. Member States shall ensure that their competent authorities designated pursuant to Article 8 of this Directive notify the competent authorities that the Member States designated in accordance with Article 8 of [the NIS 2 Directive], of the identity of the critical entities that they identified under this Article within onetwo months of that identification.
Amendment 88 #
Proposal for a directive
Article 6 – paragraph 2 – introductory part
Article 6 – paragraph 2 – introductory part
2. Member States shall submit to the Commission by [threefour years and three months after the entry into force of this Directive] the following information:
Amendment 91 #
Proposal for a directive
Article 7 – paragraph 1
Article 7 – paragraph 1
1. As regards the sectors referred to in points 3, 4 and 8 of the Annex, Member States shall, by [threefour years and three months after entry into force of this Directive], identify the entities that shall be treated as equivalent to critical entities for the purposes of this Chapter. They shall apply the provisions of Articles 3, 4, 5(1) to (4) and (7), and 9 in respect of those entities.
Amendment 94 #
Proposal for a directive
Article 8 – paragraph 3
Article 8 – paragraph 3
3. By [threefour years and six months after entry into force of this Directive], and every year thereafter, the single points of contact shall submit a summary report to the Commission and to the Critical Entities Resilience Group on the notifications received, including the number of notifications, the nature of notified incidents and the actions taken in accordance with Article 13(3).
Amendment 120 #
Proposal for a directive
Article 16 – paragraph 7
Article 16 – paragraph 7
7. The Commission shall provide to the Critical Entities Resilience Group a summary report of the information provided by the Member States pursuant to Articles 3(3) and 4(4) by [threefour years and six months after entry into force of this Directive] and subsequently where necessary and at least every four years.
Amendment 124 #
Proposal for a directive
Article 22 – paragraph 1
Article 22 – paragraph 1
By [5466 months after the entry into force of this Directive], the Commission shall submit a report to the European Parliament and to the Council, assessing the extent to which the Member States have taken the necessary measures to comply with this Directive.
Amendment 128 #
Proposal for a directive
Article 22 – paragraph 2 a (new)
Article 22 – paragraph 2 a (new)
The Commission shall, by [6 years after the entry into force of this Directive] carry out a review of the application of this Directive and sector-specific legislation. The review shall focus on identifying duplications/overlapping in the respective legislation, regulatory requirements or procedures, with a view to improve coherence and legal certainty between this Directive and the relevant sector-specific legislation. To this end, the Commission shall prepare a report which it shall transmit to the European Parliament and the Council, accompanied where necessary by a legislative proposal.
Amendment 129 #
Proposal for a directive
Article 24 – paragraph 1 – introductory part
Article 24 – paragraph 1 – introductory part
1. Member States shall adopt and publish, by [1824 months after entry into force of this Directive] at the latest, the laws, regulations and administrative provisions necessary to comply with this Directive. They shall forthwith communicate to the Commission the text of those provisions.
Amendment 130 #
Proposal for a directive
Article 24 – paragraph 1 – subparagraph 1
Article 24 – paragraph 1 – subparagraph 1
They shall apply those provisions from [two year30 months after entry into force of this Directive + one day].