BETA


2006/0276(CNS) Identification and designation of European critical infrastructures and assessment of the need to improve their protection

Progress: Procedure completed

RoleCommitteeRapporteurShadows
Lead LIBE HENNIS-PLASSCHAERT Jeanine (icon: ALDE ALDE)
Committee Opinion ENVI
Committee Opinion ITRE GLANTE Norbert (icon: PSE PSE)
Committee Opinion TRAN SOMMER Renate (icon: PPE-DE PPE-DE)
Committee Opinion IMCO
Committee Opinion ECON ETTL Harald (icon: PSE PSE)
Lead committee dossier:
Legal Basis:
EC Treaty (after Amsterdam) EC 308, Euratom Treaty A 203

Events

2013/08/28
   EC - Follow-up document
Details

This Commission staff working document sets out a new approach to the European Programme for Critical Infrastructure Protection (EPCIP) with a view to making them more secure. It builds on a comprehensive review of the 2006 European Programme for Critical Infrastructure Protection and the Council Directive 2008/114/EC, conducted in close cooperation with EU Member States and stakeholders.

The review process of the current EPCIP revealed that there has not been enough consideration of the links between critical infrastructures in different sectors, nor indeed across national boundaries .

In order to properly protect Europe’s critical infrastructures, and in order to build their resilience, a new approach to tackle this gap is needed. To pilot the new approach, the Commission will start by working with four critical infrastructures of European dimension: Eurocontrol, Galileo, the electricity transmission grid and the gas transmission network (the Four). It is expected that other relevant infrastructures could then benefit from the processes and tools developed when carrying out the work with the Four. Through work with the Four and developing the new approach, the EU can both play a supporting role for Member States in their own CI protection and resilience work and facilitate better cooperation on CI protection and resilience within the EU. Given that many critical infrastructures are privately owned, better cooperation includes supporting the development of private-public structured dialogues.

The first stage will be to work with the Four to ensure a comprehensive understanding of their CIP measures to date in each of the prevention , preparedness and response work streams , including looking at how interdependencies and cascading effects feed into their CIP planning. The next step will be to identify common factors and consider ways in which their CI protection and resilience measures can be improved.

2012/06/25
   EC - Follow-up document
Details

This document presents the main preliminary findings of the review of the European Programme for Critical Infrastructure Protection (EPCIP) and in particular Directive 2008/114/EC on the identification and designation of European Critical Infrastructures.

It provides a general analysis of the elements of the critical infrastructure protection programme and describes the on-going development of risk assessment methodology in this field.

In addition, it contains the required annual reporting on EPCIP’s external dimension.

The report states that the review of the different EPCIP elements so far implemented has already led to a number of important findings for the preparation of a reshaped CIP policy package. All Member States have legally implemented Directive 2008/114/EC by establishing a process to identify and designate European Critical Infrastructures, which has contributed to raising CIP awareness in the EU and in the Member States. Furthermore, although there is evidence that the Directive has also helped in assessing the need to improve the protection of European critical infrastructures in the transport and energy sectors, there is no indication that it has actually improved security in these sectors .

2008/12/23
   Final act published in Official Journal
Details

PURPOSE: to create a horizontal framework for the identification of European Critical Infrastructures.

LEGISLATIVE ACT: Council Directive 2008/114/EC on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.

CONTENT: the Council adopted this Directive following political agreement reached in June 2008. The Directive establishes a procedure for the identification and designation of European critical infrastructures (‘ECIs’), and a common approach to the assessment of the need to improve the protection of such infrastructures in order to contribute to the protection of people. It focuses on the energy and transport sectors.

‘European critical infrastructure’ or ‘ECI’ is defined as critical infrastructure located in Member States the disruption or destruction of which would have a significant impact on at least 2 Member States . The significance of the impact will be assessed in terms of cross-cutting criteria. This includes effects resulting from cross-sector dependencies on other types of infrastructure.

In the Annex, the Directive details the types of infrastructures concerned:

Energy

electricity Infrastructures and facilities for generation and transmission of electricity in respect of supply electricity; oil production, refining, treatment, storage and transmission by pipelines; gas production, refining, treatment, storage and transmission by pipelines, LNG terminals.

Transport

road transport rail transport air transport inland waterways transport ocean and short-sea shipping and ports.

Evaluation method : ECIs should be identified and designated by means of a common procedure. The evaluation of security requirements for such infrastructures should be done under a common minimum approach. Each Member State must identify potential ECIs which both satisfy cross-cutting and sectoral criteria. The Directive requires each Member State to identify the critical infrastructures which may be designated as an ECI. This procedure shall be implemented by each Member State through the following series of consecutive steps (Annex III).

Step 1: each Member State shall apply the sectoral criteria in order to make a first selection of critical infrastructures within a sector. Step 2: each Member State shall apply the definition of critical infrastructure to the potential ECI identified under step 1. Step 3: each Member State shall apply the transboundary element of the definition of ECI to the potential ECI. Step 4: each Member State shall apply the cross-cutting criteria to the remaining potential ECIs.

The cross-cutting criteria shall take into account: the severity of impact; and, for infrastructure providing an essential service, the availability of alternatives; and the duration of disruption/recovery. A potential ECI which does not satisfy the cross-cutting criteria will not be considered to be an ECI. A potential ECI which has passed through this procedure shall only be communicated to the Member States which may be significantly affected by the potential ECI.

The cross-cutting criteria shall comprise the following:

casualties criterion (assessed in terms of the potential number of fatalities or injuries); economic effects criterion (assessed in terms of the significance of economic loss and/or degradation of products or services; including potential environmental effects); public effects criterion (assessed in terms of the impact on public confidence, physical suffering and disruption of daily life; including the loss of essential services).

The sectoral criteria shall take into account the characteristics of individual ECI sectors.

Identification: the process of identifying and designating must be completed by 12 January 2011 and reviewed on a regular basis.

The Member State on whose territory a designated ECI is located shall inform the Commission on an annual basis of the number of designated ECIs per sector and of the number of Member States dependent on each designated ECI. Only those Member States that may be significantly affected by an ECI shall know its identity. The Member States on whose territory an ECI is located shall inform the owner/operator of the infrastructure concerning its designation as an ECI. Information concerning the designation of an infrastructure as an ECI shall be classified at an appropriate level.

Operator security plans : the operator security plan (‘OSP’) procedure must identify the critical infrastructure assets of the ECI and which security solutions exist or are being implemented for their protection. The minimum content to be addressed by an ECI OSP procedure is set out in Annex II, and includes conducting a risk analysis based on major threat scenarios, vulnerability of each asset, and potential impact.

Security Liaison Officers : the Security Liaison Officer functions as the point of contact for security related issues between the owner/operator of the ECI and the relevant Member State authority.

Commission support for ECIs: the Commission will support the owners/operators of designated ECIs by providing access to available best practices and methodologies as well as support training and the exchange of information on new technical developments related to critical infrastructure protection.

Sensitive European critical infrastructure protection-related information : the act provides that any person handling classified information pursuant to this Directive on behalf of a Member State or the Commission must have an appropriate level of security vetting. Member States, the Commission and relevant supervisory bodies shall ensure that sensitive European critical infrastructure protection-related information submitted to the Member States or to the Commission is not used for any purpose other than the protection of critical infrastructures.

Review: a review of this Directive shall begin on 12 January 2012. If deemed appropriate and in conjunction with the review, subsequent sectors to be used for the purpose of implementing this Directive may be identified. Priority shall be given to the ICT sector.

Implementation: 12/01/2011.

ENTRY INTO FORCE: 12/01/2009.

2008/12/08
   EP/CSL - Act adopted by Council after consultation of Parliament
2008/12/08
   EP - End of procedure in Parliament
2008/12/08
   CSL - Council Meeting
2008/06/05
   CSL - Council Meeting
2007/12/06
   CSL - Debate in Council
Documents
2007/12/06
   CSL - Council Meeting
2007/08/29
   EC - Commission response to text adopted in plenary
Documents
2007/07/10
   EP - Results of vote in Parliament
2007/07/10
   EP - Decision by Parliament
Details

The European Parliament adopted the resolution by Jeanine HENNIS-PLASSCHAERT (ALDE, NL) amending the proposal for a Council Directive on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection. The Parliament stressed that responsibility for protecting critical infrastructure still rests primarily with Member States and private stakeholders.

The Parliament endorsed the amendments tabled by the competent committee.

The main amendments are as follows:

the title of the proposal is amended to underline that it concerns “priority sectors” as opposed to “all” sectors; structurally conditioned threats should also be identified, but the threat of terrorism should be given priority; reinforce the principle according to which the directive strengthens public safety through a consistent and efficient system that is not at cross-purposes with itself; there are a number of critical infrastructures in the Community, the disruption of which would affect three or more Member States or at least two other Member States other than that in which the critical infrastructure is located. This may include transboundary cross-sector effects resulting from interdependencies between interconnected infrastructure. Such European critical infrastructure should be identified by means of a common procedure. On the basis of common criteria a list of priority sectors with European critical infrastructure should be drawn up. A common action framework should be laid down for the protection of such European critical infrastructures that puts Member States in a position to reduce the potential danger to critical infrastructure on their territory by taking appropriate measures. Bilateral schemes for cooperation between Member States in the field of critical infrastructure protection constitute a well established and efficient means of dealing with transboundary critical infrastructure. EPCIP should build on such cooperation; a series of measures governing the identification, designation and protection of critical infrastructures already exists for some sectors. Any future Community-wide regulation should not result in duplicate regulation in these sectors in the absence of added security; each owner/operator of European critical infrastructure should establish an Operator Security Plan identifying critical assets and laying down relevant security solutions for their protection. It should take into account vulnerability, threat and risk assessments, as well as other relevant information provided by Member State authorities; these Operator Security Plans should be forwarded to the CIP Contact Point in the Member States. Compliance with existing sector-based protection measures could satisfy the requirement to establish and update an Operator Security Plan as well as designate a Security Liaison Officer ; this Directive complements existing sectoral measures at Community level and in the Member States. Where Community mechanisms and legislation are already in place, they should be implemented and applied so as to contribute to the improvement of public safety. In so doing, overlaps and contradictions with this Directive and the imposition of additional costs without an additional gain in security are to be avoided; as regards proportionality, particular attention should be paid to financial acceptability for owners or operators and for the Member States; “European Critical Infrastructure” means critical infrastructures the disruption or destruction of which would significantly affect three or more Member States, or at least two Member States if the critical infrastructure is located in another Member State. This includes effects resulting from cross-sector dependencies on other types of infrastructure; the cross-cutting and sectoral criteria to be used to identify European Critical Infrastructures shall be built on existing protection criteria and be adopted and amended in accordance with Article 308 of the EC Treaty and Article 203 of the Euratom Treaty; where Community mechanisms are already in place, they shall continue to be used. Duplications of, or contradictions between, different acts or provisions shall be avoided at all costs; each Member State shall notify the Commission of the priority sectors thus identified at the latest one year after the adoption of the relevant criteria and thereafter on an on-going basis; each Member State shall report to the Commission on a summary basis on the types of structural vulnerabilities, threats and risks encountered in European Critical Infrastructures within 12 months (as opposed to 18 months) following the adoption of the list and thereafter on an ongoing basis every 2 years; a common template for these reports shall be developed by the Commission and approved by the Council; extension of the transposition deadline from December 2007 to December 2008.

Lastly, MEPs have decided to make a list of “possible” critical infrastructure sectors to be taken into account when setting up the definitive list. Radio communication and navigation Radio communication, navigation and radio-frequency identification (RFID) spectres; Payment and securities clearing and settlement infrastructures and systems and their service providers and banking and insurance .

Documents
2007/07/09
   EP - Debate in Parliament
2007/07/02
   EP - Committee report tabled for plenary, 1st reading/single reading
Documents
2007/07/02
   EP - Committee report tabled for plenary, 1st reading/single reading
Documents
2007/06/27
   EP - Vote in committee
Details

The Committee on Civil Liberties, Justice and Home Affairs adopted by a large majority the report by Jeanine HENNIS-PLASSCHAERT (ALDE, NL) amending, under the consultation procedure, the proposal for a Council Directive on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection.

The main amendments are as follows:

- the title of the proposal is amended to underline that it concerns “priority sectors” as opposed to “all” sectors;

- structurally conditioned threats should also be identified, but the threat of terrorism should be given priority;

- reinforce the principle according to which the directive strengthens public safety through a consistent and efficient system that is not at cross-purposes with itself;

- there are a number of critical infrastructures in the Community, the disruption of which would affect three or more Member States or at least two other Member States other than that in which the critical infrastructure is located. This may include transboundary cross-sector effects resulting from interdependencies between interconnected infrastructure. Such European critical infrastructure should be identified by means of a common procedure. On the basis of common criteria a list of priority sectors with European critical infrastructure should be drawn up. A common action framework should be laid down for the protection of such European critical infrastructures that puts Member States in a position to reduce the potential danger to critical infrastructure on their territory by taking appropriate measures. Bilateral schemes for cooperation between Member States in the field of critical infrastructure protection constitute a well established and efficient means of dealing with transboundary critical infrastructure. EPCIP should build on such cooperation;

- a series of measures governing the identification, designation and protection of critical infrastructures already exists for some sectors. Any future Community-wide regulation should not result in duplicate regulation in these sectors in the absence of added security;

- Critical infrastructure should be designed in a way that minimises any links with and localisation in third countries. The localisation of elements of critical infrastructures outside the European Union increases the risk of terrorist attacks with spill-over effects on the whole infrastructure, access by terrorists to data stored outside the European Union, as well as risks of non-compliance with Community legislation, thus rendering the entire infrastructure more vulnerable . T he recent SWIFT case showed that critical data needs to be protected against illegal use by foreign authorities or private actors;

- e ach owner/operator of European critical infrastructure should establish an Operator Security Plan identifying critical assets and laying down relevant security solutions for their protection. It should take into account vulnerability, threat and risk assessments, as well as other relevant information provided by Member State authorities;

- these Operator Security Plans should be forwarded to the CIP Contact Point in the Member States. Compliance with existing sector-based protection measures could satisfy the requirement to establish and update an Operator Security Plan as well as designate a Security Liaison Officer ;

- this Directive complements existing sectoral measures at Community level and in the Member States. Where Community mechanisms and legislation are already in place, they should be implemented and applied so as to contribute to the improvement of public safety. In so doing, overlaps and contradictions with this Directive and the imposition of additional costs without an additional gain in security are to be avoided;

- as regards proportionality, particular attention should be paid to financial acceptability for owners or operators and for the Member States;

- “European Critical Infrastructure” means critical infrastructures the disruption or destruction of which would significantly affect three or more Member States , or at least two Member States if the critical infrastructure is located in another Member State. This includes effects resulting from cross-sector dependencies on other types of infrastructure;

- the cross-cutting and sectoral criteria to be used to identify European Critical Infrastructures shall be built on existing protection criteria and be adopted and amended in accordance with Article 308 of the EC Treaty and Article 203 of the Euratom Treaty;

- where Community mechanisms are already in place, they shall continue to be used. Duplications of, or contradictions between, different acts or provisions shall be avoided at all costs;

- each Member State shall identify the priority sectors within its territory, as well as those outside its territory that may have an impact on it;

- each Member State shall notify the Commission of the priority sectors thus identified at the latest one year after the adoption of the relevant criteria and thereafter on an on-going basis;

- t he list of priority sectors with critical infrastructure shall be adopted and amended by the Council;

- Data protection: the processing of personal data carried out directly or through an intermediary by, and necessary for the activities of, European Critical Infrastructures shall be carried out in accordance with the provisions of Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and of the applicable principles with regard to data protection. The data processing shall be carried out within the EU and any mirroring of data shall not be allowed in third countries for reasons of security;

- the Commission and the Council shall adopt a list of existing protection measures applicable to specific sectors listed in Annex I. Compliance with one or more of the listed protection measures satisfies the requirement to establish and update an Operator Security Plan;

- each Member State shall report to the Commission on a summary basis on the types of structural vulnerabilities, threats and risks encountered in European Critical Infrastructures within 12 months (as opposed to 18 months) following the adoption of the list and thereafter on an ongoing basis every 2 years;

- a common template for these reports shall be developed by the Commission and approved by the Council;

- extension of the transposition deadline is essential since transposition by the end of 2007 is unrealistic therefore Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with this Directive by 31 December 2008 at the latest. They shall forthwith communicate to the Commission the text of those provisions and a correlation table between those provisions and this Directive.

Lastly, MEPs have decided to make a list of “possible” critical infrastructure sectors to be taken into account when setting up the definitive list. Radio communication and navigation Radio communication, navigation and radio-frequency identification (RFID) spectres; Payment and securities clearing and settlement infrastructures and systems and their service providers and banking and insurance.

2007/06/12
   EP - Committee opinion
Documents
2007/06/06
   EP - Committee opinion
Documents
2007/05/15
   EP - Amendments tabled in committee
Documents
2007/05/08
   EP - Committee draft report
Documents
2007/04/19
   CSL - Resolution/conclusions adopted by Council
Details

The Council adopted conclusions emphasising that the ultimate responsibility of the Member States for managing arrangements for the protection of critical infrastructures within their national borders. At the same time, the Council reiterates that action at European Community level will add value by supporting and complementing Member States' activities, while respecting the principle of subsidiarity and taking due account of available budgetary resources as defined in the Financial Framework 2007 - 2013. Member States’ responsibility includes, with due regard for existing Community competences, risk analysis and threat assessment in relation to European critical infrastructure situated in their territory, interfacing with its owners/operators, and exchanging information with the Commission on a summary basis.

The Council welcomes the efforts of the Commission to develop a European procedure for the identification and designation of European Critical Infrastructure and the assessment of the need to improve its protection. This procedure should be based on adequate definitions and take into account cross-cutting as well as sectoral criteria, with a view to focusing its actions on those infrastructures damage to or destruction of which would have critical consequences. The Council considers in particular that such a procedure, established with due regard for the competences of the Member States and of the Community, could be of added value.

Owners/operators of European Critical Infrastructure, including the private sector, must be actively involved. They should - by a variety of means and arrangements including voluntary measures - take proper measures to protect their infrastructures. Such measures could be security plans and security liaison officers. The costs to owners and operators of taking these measures should be proportionate and reasonable.

The Council stresses that the greatest possible use should be made of recommendations, information sharing and exchange of best practice at EC level in order to promote voluntary protection measures by the owners/operators of European Critical Infrastructures. The Council will examine the added value of further measures with a view to ensuring security standards in the European Union and comparable competition conditions throughout the European Union. The Council stresses the need for any framework to be clear and consistent; duplications of or contradictions between different measures, acts or provisions must be avoided.

Where the exchange of sensitive or classified information in any group or body is indispensable for the implementation of a European Programme for Critical Infrastructure Protection, the provisions set up in the appropriate security procedures and regulations must be strictly observed.

The Council encourages Member States to launch any appropriate action for the protection of critical infrastructures. The Council recognises that existing actions by Member States are conducted through a variety of means and will pay particular attention to the question of how future measures for protecting European Critical Infrastructures can enable this approach to continue under a common framework. Member States may decide to take up the Commission's offer to provide critical infrastructure protection relevant support and research results generated at EC level or by Member States.

The Council intends to continue its discussion about the Commission communication including the Action plan and the Commission proposal for a Directive in the spirit of the abovementioned conclusions.

2007/04/19
   CSL - Council Meeting
2007/04/13
   ECB - European Central Bank: opinion, guideline, report
Details

OPINION OF THE EUROPEAN CENTRAL BANK

The European Central Bank (ECB) received a request from the Council of the European Union for an opinion on a proposal for a directive of the Council on the identification and designation of European Critical Infrastructures and the assessment of the need to improve their protection. It supports the proposed directive. In particular, the ECB considers it important to ensure that consistent and coordinated actions are taken in different sectors to properly respond to these threats.

The provisions of the proposed directive such as reporting the summary of risks for each sector to the Commission, must respect existing national and EU authorities' competencies. In particular, it will be necessary to ensure that the national provisions implementing the proposed directive will be fully compatible with central banks' oversight powers or obligations with respect to payment, securities clearing and settlement systems and infrastructures, clearing houses and central counterparties. In this respect it is understood that the framework provided by this proposed directive will not prejudice central banks' powers and independence. A recital should be introduced in the proposed directive to reflect these considerations.

Moreover, the ECB stresses that the Eurosystem and/or national central banks have already established measures ensuring business continuity in euro area payment systems, and the ECB considers that this work should be recognised with a view to avoiding duplication and ensuring consistency in the work done by several authorities.

The ECB also made the following comments :

the financial sector identified in the proposed directive is sub-divided into (1) payment and securities clearing and settlement infrastructure and systems; and (2) regulated markets. The ECB proposes broader wording to cover trading, payment, clearing and settlement systems and infrastructures for financial instruments; the definition of ‘critical infrastructure’ expressly recognises cross-sector dependencies since the effectiveness of implementing measures for any one sector could be severely undermined by failure to properly address sectoral interdependencies. However, it is noted that this definition does not expressly refer only to assets located solely within the EU. Therefore, it is not clear how assets located partly outside the EU, whose disruption or destruction would affect European critical infrastructures, would be treated under the proposed directive. The ECB would welcome further clarification of this issue; the ‘severity test’ relevant to the identification of European critical infrastructures is quite broad and should be enhanced with clearer indications to ensure consistency of designation across countries and sectors. It would be helpful to further clarify this concept when establishing cross-cutting and sectoral criteria through the comitology procedure under the proposed directive. It is noted that the proposed directive is likely to bring additional administrative requirements which are likely to have associated costs for infrastructures and relevant authorities. Depending on the establishment of such thresholds, infrastructures not currently overseen may be caught and subject to additional costs; a separate Community act may be needed to establish procedures to identify and designate ECIs owned or operated by Community institutions, bodies or agencies. While under the proposed directive the Commission may propose a list of critical infrastructures to be designated as ECIs on the basis both of notifications made by Member States and ‘of any other information at the Commission's disposal’, it might not be practical for ECIs operated by Community bodies and having a pan-European dimension to be part of a system that would be administered by the Member States; the list of critical infrastructures designated as ECIs is required to be adopted in accordance with the comitology procedure established by the proposed directive. The list of all ECIs would be adopted before the establishment and putting into operation of the OSPs containing relevant security solutions for the protection of the listed ECIs, since operators have a year following designation to draw up an OSP. In this context, publicity is undesirable for payment and securities clearing and settlement infrastructures and systems. In particular, as the purpose of the Directive includes the preparation for threats affecting financial markets, it would be unsound to publicly disclose the list of critical infrastructures materially relevant for the smooth functioning of financial markets. Today, no country in the world would publicly disclose such a list on the basis of similar considerations. The ECB therefore strongly recommends keeping the list of ECIs confidential; lastly, the ECB strongly recommends giving adequate consideration to existing measures in defining implementing measures and focusing on those areas where no specific measures have been so far identified. The ECB would prefer no specific legally binding measures to be adopted. Should the Commission decide to adopt implementing measures, the ECB will have to be formally consulted under the Treaty on any such measures relating to payment and securities clearing and settlement infrastructures and systems, and other matters falling within the ECB's fields of competence

Where the above advice would lead to changes in the proposed directive, the ECB has set out drafting proposals.

In particular, it proposes:

- to include a new recital 17a aiming to take account of the work and regular assessments conducted by the central banks within their fields of competence;

- to make a slight change to Annex 1 on the list of critical infrastructure sectors (VII Financial). The ECB suggests changing the title to “Trading, payment clearing and settlement infrastructures and systems for financial instruments”. The reference to “regulated markets” has been deleted.

2007/02/27
   EP - GLANTE Norbert (PSE) appointed as rapporteur in ITRE
2007/02/01
   EP - Committee referral announced in Parliament
2007/01/31
   EP - SOMMER Renate (PPE-DE) appointed as rapporteur in TRAN
2007/01/25
   EP - HENNIS-PLASSCHAERT Jeanine (ALDE) appointed as rapporteur in LIBE
2007/01/24
   EP - ETTL Harald (PSE) appointed as rapporteur in ECON
2006/12/12
   EC - Legislative proposal
Details

PURPOSE: to create a horizontal framework for the identification and designation of European Critical Infrastructures and for the assessment of needs to improve their protection.

PROPOSED ACT: Council Directive.

BACKGROUND: the security and economy of the European Union as well as the well-being of its citizens depends on certain infrastructure and the services they provide. The destruction or disruption of infrastructure providing key services could entail the loss of lives, the loss of property, a collapse of public confidence and moral in the EU. Any such disruptions or manipulations of critical infrastructure (energy, communication, water, food provisioning, health, transport, etc) should, to the extent possible, be brief, infrequent, manageable, geographically isolated and minimally detrimental to the welfare of the Member States, their citizens and the European Union.

In order to counteract these potential vulnerabilities the European Council requested in 2004 the development of a European Programme for Critical Infrastructure Protection. Since then, a comprehensive preparatory work has been undertaken, which has included the organisation of relevant seminars, the publication of a Green Paper and discussions with both public and private stakeholders.

With this in mind, an EPCIP Communication has been developed establishing a horizontal framework concerning the protection of critical infrastructures in Europe.

CONTENT: as part of the EPCIP framework dealing specifically with European Critical Infrastructures, it is necessary to include a proposal for a Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection. The proposed Directive establishes the necessary procedure for the identification and designation of European Critical Infrastructure (ECI), and a common approach to the assessment of the needs to improve the protection of such infrastructure.

The ECI Directive lays down the procedure on how to identify and designate ECI:

§ The Commission together with the Member States and relevant stakeholders develop cross-cutting and sectoral criteria for the identification of ECI, which are then adopted through the comitology procedure.

§ The cross-cutting criteria are developed on the basis of the severity of the disruption or destruction of the CI. The severity of the consequences of the disruption or destruction of a particular infrastructure should be assessed on the basis, where possible, of: public effect (number of population affected); economic effect (significance of economic loss and/or degradation of products or services); environmental effect; political effects; psychological effects.

§ Each Member State then identifies those infrastructures which satisfy the criteria.

§ Each Member State then notifies the Commission of the critical infrastructures which satisfy the established criteria.

§ Following the identification procedure the Commission prepares a draft list of ECI . The draft list is based on the notifications received from the Member States and other relevant information from the Commission. The list is then adopted through comitology.

Furthermore, the proposed Directive only imposes two obligations on the owners/operators of those critical infrastructures, which are designated as European Critical Infrastructures. These include:

1. The establishment of an Operator Security Plan which would identify the ECI owners' and operators' assets and establish relevant security solutions for their protection. Annex 2 of the ECI Directive provides the minimum contents of such OSPs including:

- identification of important assets;

- a risk analysis based on major threat scenarios, vulnerability of each asset, and potential impact shall be conducted;

identification, selection and prioritisation of counter-measures and procedures with a distinction between:

§ Permanent security measures , which identify indispensable security investments and means which cannot be installed by the owner/operator at short notice. This heading will include information concerning general measures; technical measures (including installation of detection, access control, protection and prevention means); organizational measures (including procedures for alerts and crisis management); control and verification measures; communication; awareness raising and training; and security of information systems.

§ Graduated security measures , which are activated according to varying risk and threat levels. Once an OSP has been created, each ECI owner/operator should submit it to the relevant Member State authority. Each Member State will setup a supervisory system concerning OSPs which will ensure that sufficient feedback is given to the ECI owner/operator concerning the quality of the OSP and in particular the adequacy of the risk and threat assessment.

2. The designation of a Security Liaison Officer (SLO). Article 6 of the ECI Directive requires all CI owners/operators designated as ECI to appoint an SLO. The SLO would function as the point of contact for security issues between the ECI and the relevant CIP authorities in the Member States. The SLO would therefore receive all relevant CIP related information from the Member State authorities and would be responsible for providing relevant information from the ECI to the Member State.

Lastly, the Commission shall take appropriate measures to protect information subject to the requirement of confidentiality to which it has access or which is communicated to it by Member States.

For more details concerning the financial implications of this measure, please refer to the financial statement.

2006/12/12
   EC - Document attached to the procedure
2006/12/12
   EC - Document attached to the procedure
2006/12/11
   EC - Legislative proposal published
Details

PURPOSE: to create a horizontal framework for the identification and designation of European Critical Infrastructures and for the assessment of needs to improve their protection.

PROPOSED ACT: Council Directive.

BACKGROUND: the security and economy of the European Union as well as the well-being of its citizens depends on certain infrastructure and the services they provide. The destruction or disruption of infrastructure providing key services could entail the loss of lives, the loss of property, a collapse of public confidence and moral in the EU. Any such disruptions or manipulations of critical infrastructure (energy, communication, water, food provisioning, health, transport, etc) should, to the extent possible, be brief, infrequent, manageable, geographically isolated and minimally detrimental to the welfare of the Member States, their citizens and the European Union.

In order to counteract these potential vulnerabilities the European Council requested in 2004 the development of a European Programme for Critical Infrastructure Protection. Since then, a comprehensive preparatory work has been undertaken, which has included the organisation of relevant seminars, the publication of a Green Paper and discussions with both public and private stakeholders.

With this in mind, an EPCIP Communication has been developed establishing a horizontal framework concerning the protection of critical infrastructures in Europe.

CONTENT: as part of the EPCIP framework dealing specifically with European Critical Infrastructures, it is necessary to include a proposal for a Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection. The proposed Directive establishes the necessary procedure for the identification and designation of European Critical Infrastructure (ECI), and a common approach to the assessment of the needs to improve the protection of such infrastructure.

The ECI Directive lays down the procedure on how to identify and designate ECI:

§ The Commission together with the Member States and relevant stakeholders develop cross-cutting and sectoral criteria for the identification of ECI, which are then adopted through the comitology procedure.

§ The cross-cutting criteria are developed on the basis of the severity of the disruption or destruction of the CI. The severity of the consequences of the disruption or destruction of a particular infrastructure should be assessed on the basis, where possible, of: public effect (number of population affected); economic effect (significance of economic loss and/or degradation of products or services); environmental effect; political effects; psychological effects.

§ Each Member State then identifies those infrastructures which satisfy the criteria.

§ Each Member State then notifies the Commission of the critical infrastructures which satisfy the established criteria.

§ Following the identification procedure the Commission prepares a draft list of ECI . The draft list is based on the notifications received from the Member States and other relevant information from the Commission. The list is then adopted through comitology.

Furthermore, the proposed Directive only imposes two obligations on the owners/operators of those critical infrastructures, which are designated as European Critical Infrastructures. These include:

1. The establishment of an Operator Security Plan which would identify the ECI owners' and operators' assets and establish relevant security solutions for their protection. Annex 2 of the ECI Directive provides the minimum contents of such OSPs including:

- identification of important assets;

- a risk analysis based on major threat scenarios, vulnerability of each asset, and potential impact shall be conducted;

identification, selection and prioritisation of counter-measures and procedures with a distinction between:

§ Permanent security measures , which identify indispensable security investments and means which cannot be installed by the owner/operator at short notice. This heading will include information concerning general measures; technical measures (including installation of detection, access control, protection and prevention means); organizational measures (including procedures for alerts and crisis management); control and verification measures; communication; awareness raising and training; and security of information systems.

§ Graduated security measures , which are activated according to varying risk and threat levels. Once an OSP has been created, each ECI owner/operator should submit it to the relevant Member State authority. Each Member State will setup a supervisory system concerning OSPs which will ensure that sufficient feedback is given to the ECI owner/operator concerning the quality of the OSP and in particular the adequacy of the risk and threat assessment.

2. The designation of a Security Liaison Officer (SLO). Article 6 of the ECI Directive requires all CI owners/operators designated as ECI to appoint an SLO. The SLO would function as the point of contact for security issues between the ECI and the relevant CIP authorities in the Member States. The SLO would therefore receive all relevant CIP related information from the Member State authorities and would be responsible for providing relevant information from the ECI to the Member State.

Lastly, the Commission shall take appropriate measures to protect information subject to the requirement of confidentiality to which it has access or which is communicated to it by Member States.

For more details concerning the financial implications of this measure, please refer to the financial statement.

Documents

History

(these mark the time of scraping, not the official date of the change)

docs/0
date
2006-12-12T00:00:00
docs
type
Document attached to the procedure
body
EC
docs/0
date
2006-12-12T00:00:00
docs
summary
type
Legislative proposal
body
EC
docs/1
date
2006-12-12T00:00:00
docs
type
Document attached to the procedure
body
EC
docs/1/docs/0/url
Old
http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/sec/2006/1648/COM_SEC(2006)1648_EN.pdf
New
http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/sec/2006/1648/COM_SEC(2006)1648_EN.pdf
docs/5
date
2007-06-06T00:00:00
docs
title: PE386.361
committee
ECON
type
Committee opinion
body
EP
docs/6
date
2007-06-06T00:00:00
docs
title: PE386.361
committee
ECON
type
Committee opinion
body
EP
docs/6
date
2007-06-12T00:00:00
docs
title: PE386.561
committee
ITRE
type
Committee opinion
body
EP
docs/6/docs/0/url
https://www.europarl.europa.eu/doceo/document/ECON-AD-386361_EN.html
docs/7
date
2007-06-12T00:00:00
docs
title: PE386.561
committee
ITRE
type
Committee opinion
body
EP
docs/7/docs/0/url
https://www.europarl.europa.eu/doceo/document/ITRE-AD-386561_EN.html
events/0
date
2006-12-11T00:00:00
type
Legislative proposal published
body
EC
docs
summary
events/0
date
2006-12-12T00:00:00
type
Legislative proposal published
body
EC
docs
summary
links/National parliaments/url
Old
http://www.ipex.eu/IPEXL-WEB/dossier/dossier.do?code=CNS&year=2006&number=0276&appLng=EN
New
https://ipexl.europarl.europa.eu/IPEXL-WEB/dossier/code=CNS&year=2006&number=0276&appLng=EN
docs/0/docs/0/url
Old
http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/sec/2006/1648/COM_SEC(2006)1648_EN.pdf
New
http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/sec/2006/1648/COM_SEC(2006)1648_EN.pdf
docs/2/docs/1/url
Old
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:2007:116:TOC
New
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:C:2007:116:SOM:EN:HTML
docs/3/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE384.638
New
https://www.europarl.europa.eu/doceo/document/EN&reference=PE384.638
docs/4/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE388.725
New
https://www.europarl.europa.eu/doceo/document/EN&reference=PE388.725
docs/5/docs/0/url
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE386.361&secondRef=02
docs/6/docs/0/url
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE386.561
docs/7/docs/0/url
Old
http://www.europarl.europa.eu/doceo/document/A-6-2007-0270_EN.html
New
https://www.europarl.europa.eu/doceo/document/A-6-2007-0270_EN.html
docs/10/docs/0
url
https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=SWD:2013:0318:FIN:EN:PDF
title
EUR-Lex
events/0/docs/0/url
Old
http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2006/0787/COM_COM(2006)0787_EN.pdf
New
http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/com/2006/0787/COM_COM(2006)0787_EN.pdf
events/1/type
Old
Committee referral announced in Parliament, 1st reading/single reading
New
Committee referral announced in Parliament
events/3/type
Old
Vote in committee, 1st reading/single reading
New
Vote in committee
events/4/docs/0/url
Old
http://www.europarl.europa.eu/doceo/document/A-6-2007-0270_EN.html
New
https://www.europarl.europa.eu/doceo/document/A-6-2007-0270_EN.html
events/5/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?secondRef=TOC&language=EN&reference=20070709&type=CRE
New
https://www.europarl.europa.eu/doceo/document/EN&reference=20070709&type=CRE
events/7
date
2007-07-10T00:00:00
type
Decision by Parliament
body
EP
docs
url: https://www.europarl.europa.eu/doceo/document/TA-6-2007-0325_EN.html title: T6-0325/2007
summary
events/7
date
2007-07-10T00:00:00
type
Decision by Parliament, 1st reading/single reading
body
EP
docs
url: http://www.europarl.europa.eu/doceo/document/TA-6-2007-0325_EN.html title: T6-0325/2007
summary
events/11/docs/1/url
Old
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:L:2008:345:SOM:EN:HTML
New
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2008:345:TOC
committees/0
type
Responsible Committee
body
EP
associated
False
committee_full
Civil Liberties, Justice and Home Affairs
committee
LIBE
rapporteur
name: HENNIS-PLASSCHAERT Jeanine date: 2007-01-25T00:00:00 group: Alliance of Liberals and Democrats for Europe abbr: ALDE
committees/0
type
Responsible Committee
body
EP
associated
False
committee_full
Civil Liberties, Justice and Home Affairs
committee
LIBE
date
2007-01-25T00:00:00
rapporteur
name: HENNIS-PLASSCHAERT Jeanine group: Alliance of Liberals and Democrats for Europe abbr: ALDE
committees/1
type
Committee Opinion
body
EP
associated
False
committee_full
Economic and Monetary Affairs
committee
ECON
rapporteur
name: ETTL Harald date: 2007-01-24T00:00:00 group: Socialist Group in the European Parliament abbr: PSE
committees/1
type
Committee Opinion
body
EP
associated
False
committee_full
Economic and Monetary Affairs
committee
ECON
date
2007-01-24T00:00:00
rapporteur
name: ETTL Harald group: Socialist Group in the European Parliament abbr: PSE
committees/3
type
Committee Opinion
body
EP
associated
False
committee_full
Industry, Research and Energy
committee
ITRE
rapporteur
name: GLANTE Norbert date: 2007-02-27T00:00:00 group: Socialist Group in the European Parliament abbr: PSE
committees/3
type
Committee Opinion
body
EP
associated
False
committee_full
Industry, Research and Energy
committee
ITRE
date
2007-02-27T00:00:00
rapporteur
name: GLANTE Norbert group: Socialist Group in the European Parliament abbr: PSE
committees/5
type
Committee Opinion
body
EP
associated
False
committee_full
Transport and Tourism
committee
TRAN
rapporteur
name: SOMMER Renate date: 2007-01-31T00:00:00 group: European People's Party (Christian Democrats) and European Democrats abbr: PPE-DE
committees/5
type
Committee Opinion
body
EP
associated
False
committee_full
Transport and Tourism
committee
TRAN
date
2007-01-31T00:00:00
rapporteur
name: SOMMER Renate group: European People's Party (Christian Democrats) and European Democrats abbr: PPE-DE
docs/0/docs/0/url
Old
http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/sec/2006/1648/COM_SEC(2006)1648_EN.pdf
New
http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/sec/2006/1648/COM_SEC(2006)1648_EN.pdf
docs/6/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE386.561&secondRef=03
New
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE386.561
docs/7/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A6-2007-270&language=EN
New
http://www.europarl.europa.eu/doceo/document/A-6-2007-0270_EN.html
docs/8/body
EC
events/0/docs/0/url
Old
http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/com/2006/0787/COM_COM(2006)0787_EN.pdf
New
http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2006/0787/COM_COM(2006)0787_EN.pdf
events/4/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A6-2007-270&language=EN
New
http://www.europarl.europa.eu/doceo/document/A-6-2007-0270_EN.html
events/7/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P6-TA-2007-325
New
http://www.europarl.europa.eu/doceo/document/TA-6-2007-0325_EN.html
activities
  • date: 2006-12-12T00:00:00 docs: url: http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2006/0787/COM_COM(2006)0787_EN.pdf title: COM(2006)0787 type: Legislative proposal published celexid: CELEX:52006PC0787:EN body: EC commission: DG: url: http://ec.europa.eu/justice/ title: Justice Commissioner: FRATTINI Franco type: Legislative proposal published
  • date: 2007-02-01T00:00:00 body: EP type: Committee referral announced in Parliament, 1st reading/single reading committees: body: EP responsible: False committee: ECON date: 2007-01-24T00:00:00 committee_full: Economic and Monetary Affairs rapporteur: group: PSE name: ETTL Harald body: EP responsible: False committee_full: Environment, Public Health and Food Safety committee: ENVI body: EP responsible: False committee_full: Internal Market and Consumer Protection committee: IMCO body: EP responsible: False committee: ITRE date: 2007-02-27T00:00:00 committee_full: Industry, Research and Energy rapporteur: group: PSE name: GLANTE Norbert body: EP responsible: True committee: LIBE date: 2007-01-25T00:00:00 committee_full: Civil Liberties, Justice and Home Affairs rapporteur: group: ALDE name: HENNIS-PLASSCHAERT Jeanine body: EP responsible: False committee: TRAN date: 2007-01-31T00:00:00 committee_full: Transport and Tourism rapporteur: group: PPE-DE name: SOMMER Renate
  • body: CSL meeting_id: 2794 council: Justice and Home Affairs (JHA) date: 2007-04-19T00:00:00 type: Council Meeting
  • date: 2007-06-27T00:00:00 body: EP committees: body: EP responsible: False committee: ECON date: 2007-01-24T00:00:00 committee_full: Economic and Monetary Affairs rapporteur: group: PSE name: ETTL Harald body: EP responsible: False committee_full: Environment, Public Health and Food Safety committee: ENVI body: EP responsible: False committee_full: Internal Market and Consumer Protection committee: IMCO body: EP responsible: False committee: ITRE date: 2007-02-27T00:00:00 committee_full: Industry, Research and Energy rapporteur: group: PSE name: GLANTE Norbert body: EP responsible: True committee: LIBE date: 2007-01-25T00:00:00 committee_full: Civil Liberties, Justice and Home Affairs rapporteur: group: ALDE name: HENNIS-PLASSCHAERT Jeanine body: EP responsible: False committee: TRAN date: 2007-01-31T00:00:00 committee_full: Transport and Tourism rapporteur: group: PPE-DE name: SOMMER Renate type: Vote in committee, 1st reading/single reading
  • date: 2007-07-02T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A6-2007-270&language=EN type: Committee report tabled for plenary, 1st reading/single reading title: A6-0270/2007 body: EP committees: body: EP responsible: False committee: ECON date: 2007-01-24T00:00:00 committee_full: Economic and Monetary Affairs rapporteur: group: PSE name: ETTL Harald body: EP responsible: False committee_full: Environment, Public Health and Food Safety committee: ENVI body: EP responsible: False committee_full: Internal Market and Consumer Protection committee: IMCO body: EP responsible: False committee: ITRE date: 2007-02-27T00:00:00 committee_full: Industry, Research and Energy rapporteur: group: PSE name: GLANTE Norbert body: EP responsible: True committee: LIBE date: 2007-01-25T00:00:00 committee_full: Civil Liberties, Justice and Home Affairs rapporteur: group: ALDE name: HENNIS-PLASSCHAERT Jeanine body: EP responsible: False committee: TRAN date: 2007-01-31T00:00:00 committee_full: Transport and Tourism rapporteur: group: PPE-DE name: SOMMER Renate type: Committee report tabled for plenary, 1st reading/single reading
  • date: 2007-07-09T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?secondRef=TOC&language=EN&reference=20070709&type=CRE type: Debate in Parliament title: Debate in Parliament body: EP type: Debate in Parliament
  • date: 2007-07-10T00:00:00 docs: url: http://www.europarl.europa.eu/oeil/popups/sda.do?id=13821&l=en type: Results of vote in Parliament title: Results of vote in Parliament url: http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P6-TA-2007-325 type: Decision by Parliament, 1st reading/single reading title: T6-0325/2007 body: EP type: Results of vote in Parliament
  • body: CSL meeting_id: 2838 docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=2838*&MEET_DATE=06/12/2007 type: Debate in Council title: 2838 council: Justice and Home Affairs (JHA) date: 2007-12-06T00:00:00 type: Council Meeting
  • date: 2008-06-05T00:00:00 body: CSL type: Council Meeting council: Justice and Home Affairs (JHA) meeting_id: 2783
  • date: 2008-12-08T00:00:00 body: CSL type: Council Meeting council: General Affairs meeting_id: 2914
  • date: 2008-12-08T00:00:00 body: EP type: End of procedure in Parliament
  • date: 2008-12-08T00:00:00 body: EP/CSL type: Act adopted by Council after consultation of Parliament
  • date: 2008-12-23T00:00:00 type: Final act published in Official Journal docs: url: http://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!CELEXnumdoc&lg=EN&numdoc=32008L0114 title: Directive 2008/114 url: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2008:345:TOC title: OJ L 345 23.12.2008, p. 0075
commission
  • body: EC dg: Justice and Consumers commissioner: FRATTINI Franco
committees/0
type
Responsible Committee
body
EP
associated
False
committee_full
Civil Liberties, Justice and Home Affairs
committee
LIBE
date
2007-01-25T00:00:00
rapporteur
name: HENNIS-PLASSCHAERT Jeanine group: Alliance of Liberals and Democrats for Europe abbr: ALDE
committees/0
body
EP
responsible
False
committee
ECON
date
2007-01-24T00:00:00
committee_full
Economic and Monetary Affairs
rapporteur
group: PSE name: ETTL Harald
committees/1
type
Committee Opinion
body
EP
associated
False
committee_full
Economic and Monetary Affairs
committee
ECON
date
2007-01-24T00:00:00
rapporteur
name: ETTL Harald group: Socialist Group in the European Parliament abbr: PSE
committees/1
body
EP
responsible
False
committee_full
Environment, Public Health and Food Safety
committee
ENVI
committees/2
type
Committee Opinion
body
EP
associated
False
committee_full
Environment, Public Health and Food Safety
committee
ENVI
opinion
False
committees/2
body
EP
responsible
False
committee_full
Internal Market and Consumer Protection
committee
IMCO
committees/3
type
Committee Opinion
body
EP
associated
False
committee_full
Industry, Research and Energy
committee
ITRE
date
2007-02-27T00:00:00
rapporteur
name: GLANTE Norbert group: Socialist Group in the European Parliament abbr: PSE
committees/3
body
EP
responsible
False
committee
ITRE
date
2007-02-27T00:00:00
committee_full
Industry, Research and Energy
rapporteur
group: PSE name: GLANTE Norbert
committees/4
type
Committee Opinion
body
EP
associated
False
committee_full
Internal Market and Consumer Protection
committee
IMCO
opinion
False
committees/4
body
EP
responsible
True
committee
LIBE
date
2007-01-25T00:00:00
committee_full
Civil Liberties, Justice and Home Affairs
rapporteur
group: ALDE name: HENNIS-PLASSCHAERT Jeanine
committees/5
type
Committee Opinion
body
EP
associated
False
committee_full
Transport and Tourism
committee
TRAN
date
2007-01-31T00:00:00
rapporteur
name: SOMMER Renate group: European People's Party (Christian Democrats) and European Democrats abbr: PPE-DE
committees/5
body
EP
responsible
False
committee
TRAN
date
2007-01-31T00:00:00
committee_full
Transport and Tourism
rapporteur
group: PPE-DE name: SOMMER Renate
council
  • body: CSL type: Council Meeting council: General Affairs meeting_id: 2914 url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=2914*&MEET_DATE=08/12/2008 date: 2008-12-08T00:00:00
  • body: CSL type: Council Meeting council: Justice and Home Affairs (JHA) meeting_id: 2783 url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=2783*&MEET_DATE=05/06/2008 date: 2008-06-05T00:00:00
  • body: CSL type: Council Meeting council: Justice and Home Affairs (JHA) meeting_id: 2838 url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=2838*&MEET_DATE=06/12/2007 date: 2007-12-06T00:00:00
  • body: CSL type: Council Meeting council: Justice and Home Affairs (JHA) meeting_id: 2794 url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=2794*&MEET_DATE=19/04/2007 date: 2007-04-19T00:00:00
docs
  • date: 2006-12-12T00:00:00 docs: url: http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/sec/2006/1648/COM_SEC(2006)1648_EN.pdf title: SEC(2006)1648 url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=SECfinal&an_doc=2006&nu_doc=1648 title: EUR-Lex type: Document attached to the procedure body: EC
  • date: 2006-12-12T00:00:00 docs: url: http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/sec/2006/1654/COM_SEC(2006)1654_EN.pdf title: SEC(2006)1654 url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=SECfinal&an_doc=2006&nu_doc=1654 title: EUR-Lex type: Document attached to the procedure body: EC
  • date: 2007-04-13T00:00:00 docs: url: https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52007AB0011:EN:NOT title: CON/2007/0011 url: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:2007:116:TOC title: OJ C 116 26.05.2007, p. 0001 summary: OPINION OF THE EUROPEAN CENTRAL BANK The European Central Bank (ECB) received a request from the Council of the European Union for an opinion on a proposal for a directive of the Council on the identification and designation of European Critical Infrastructures and the assessment of the need to improve their protection. It supports the proposed directive. In particular, the ECB considers it important to ensure that consistent and coordinated actions are taken in different sectors to properly respond to these threats. The provisions of the proposed directive such as reporting the summary of risks for each sector to the Commission, must respect existing national and EU authorities' competencies. In particular, it will be necessary to ensure that the national provisions implementing the proposed directive will be fully compatible with central banks' oversight powers or obligations with respect to payment, securities clearing and settlement systems and infrastructures, clearing houses and central counterparties. In this respect it is understood that the framework provided by this proposed directive will not prejudice central banks' powers and independence. A recital should be introduced in the proposed directive to reflect these considerations. Moreover, the ECB stresses that the Eurosystem and/or national central banks have already established measures ensuring business continuity in euro area payment systems, and the ECB considers that this work should be recognised with a view to avoiding duplication and ensuring consistency in the work done by several authorities. The ECB also made the following comments : the financial sector identified in the proposed directive is sub-divided into (1) payment and securities clearing and settlement infrastructure and systems; and (2) regulated markets. The ECB proposes broader wording to cover trading, payment, clearing and settlement systems and infrastructures for financial instruments; the definition of ‘critical infrastructure’ expressly recognises cross-sector dependencies since the effectiveness of implementing measures for any one sector could be severely undermined by failure to properly address sectoral interdependencies. However, it is noted that this definition does not expressly refer only to assets located solely within the EU. Therefore, it is not clear how assets located partly outside the EU, whose disruption or destruction would affect European critical infrastructures, would be treated under the proposed directive. The ECB would welcome further clarification of this issue; the ‘severity test’ relevant to the identification of European critical infrastructures is quite broad and should be enhanced with clearer indications to ensure consistency of designation across countries and sectors. It would be helpful to further clarify this concept when establishing cross-cutting and sectoral criteria through the comitology procedure under the proposed directive. It is noted that the proposed directive is likely to bring additional administrative requirements which are likely to have associated costs for infrastructures and relevant authorities. Depending on the establishment of such thresholds, infrastructures not currently overseen may be caught and subject to additional costs; a separate Community act may be needed to establish procedures to identify and designate ECIs owned or operated by Community institutions, bodies or agencies. While under the proposed directive the Commission may propose a list of critical infrastructures to be designated as ECIs on the basis both of notifications made by Member States and ‘of any other information at the Commission's disposal’, it might not be practical for ECIs operated by Community bodies and having a pan-European dimension to be part of a system that would be administered by the Member States; the list of critical infrastructures designated as ECIs is required to be adopted in accordance with the comitology procedure established by the proposed directive. The list of all ECIs would be adopted before the establishment and putting into operation of the OSPs containing relevant security solutions for the protection of the listed ECIs, since operators have a year following designation to draw up an OSP. In this context, publicity is undesirable for payment and securities clearing and settlement infrastructures and systems. In particular, as the purpose of the Directive includes the preparation for threats affecting financial markets, it would be unsound to publicly disclose the list of critical infrastructures materially relevant for the smooth functioning of financial markets. Today, no country in the world would publicly disclose such a list on the basis of similar considerations. The ECB therefore strongly recommends keeping the list of ECIs confidential; lastly, the ECB strongly recommends giving adequate consideration to existing measures in defining implementing measures and focusing on those areas where no specific measures have been so far identified. The ECB would prefer no specific legally binding measures to be adopted. Should the Commission decide to adopt implementing measures, the ECB will have to be formally consulted under the Treaty on any such measures relating to payment and securities clearing and settlement infrastructures and systems, and other matters falling within the ECB's fields of competence Where the above advice would lead to changes in the proposed directive, the ECB has set out drafting proposals. In particular, it proposes: - to include a new recital 17a aiming to take account of the work and regular assessments conducted by the central banks within their fields of competence; - to make a slight change to Annex 1 on the list of critical infrastructure sectors (VII Financial). The ECB suggests changing the title to “Trading, payment clearing and settlement infrastructures and systems for financial instruments”. The reference to “regulated markets” has been deleted. type: European Central Bank: opinion, guideline, report body: ECB
  • date: 2007-05-08T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE384.638 title: PE384.638 type: Committee draft report body: EP
  • date: 2007-05-15T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE388.725 title: PE388.725 type: Amendments tabled in committee body: EP
  • date: 2007-06-06T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE386.361&secondRef=02 title: PE386.361 committee: ECON type: Committee opinion body: EP
  • date: 2007-06-12T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE386.561&secondRef=03 title: PE386.561 committee: ITRE type: Committee opinion body: EP
  • date: 2007-07-02T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A6-2007-270&language=EN title: A6-0270/2007 type: Committee report tabled for plenary, 1st reading/single reading body: EP
  • date: 2007-08-29T00:00:00 docs: url: /oeil/spdoc.do?i=13821&j=0&l=en title: SP(2007)4170 type: Commission response to text adopted in plenary
  • date: 2012-06-25T00:00:00 docs: url: https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=SWD:2012:0190:FIN:EN:PDF title: EUR-Lex title: SWD(2012)0190 summary: This document presents the main preliminary findings of the review of the European Programme for Critical Infrastructure Protection (EPCIP) and in particular Directive 2008/114/EC on the identification and designation of European Critical Infrastructures. It provides a general analysis of the elements of the critical infrastructure protection programme and describes the on-going development of risk assessment methodology in this field. In addition, it contains the required annual reporting on EPCIP’s external dimension. The report states that the review of the different EPCIP elements so far implemented has already led to a number of important findings for the preparation of a reshaped CIP policy package. All Member States have legally implemented Directive 2008/114/EC by establishing a process to identify and designate European Critical Infrastructures, which has contributed to raising CIP awareness in the EU and in the Member States. Furthermore, although there is evidence that the Directive has also helped in assessing the need to improve the protection of European critical infrastructures in the transport and energy sectors, there is no indication that it has actually improved security in these sectors . type: Follow-up document body: EC
  • date: 2013-08-28T00:00:00 docs: title: SWD(2013)0318 summary: This Commission staff working document sets out a new approach to the European Programme for Critical Infrastructure Protection (EPCIP) with a view to making them more secure. It builds on a comprehensive review of the 2006 European Programme for Critical Infrastructure Protection and the Council Directive 2008/114/EC, conducted in close cooperation with EU Member States and stakeholders. The review process of the current EPCIP revealed that there has not been enough consideration of the links between critical infrastructures in different sectors, nor indeed across national boundaries . In order to properly protect Europe’s critical infrastructures, and in order to build their resilience, a new approach to tackle this gap is needed. To pilot the new approach, the Commission will start by working with four critical infrastructures of European dimension: Eurocontrol, Galileo, the electricity transmission grid and the gas transmission network (the Four). It is expected that other relevant infrastructures could then benefit from the processes and tools developed when carrying out the work with the Four. Through work with the Four and developing the new approach, the EU can both play a supporting role for Member States in their own CI protection and resilience work and facilitate better cooperation on CI protection and resilience within the EU. Given that many critical infrastructures are privately owned, better cooperation includes supporting the development of private-public structured dialogues. The first stage will be to work with the Four to ensure a comprehensive understanding of their CIP measures to date in each of the prevention , preparedness and response work streams , including looking at how interdependencies and cascading effects feed into their CIP planning. The next step will be to identify common factors and consider ways in which their CI protection and resilience measures can be improved. type: Follow-up document body: EC
events
  • date: 2006-12-12T00:00:00 type: Legislative proposal published body: EC docs: url: http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/com/2006/0787/COM_COM(2006)0787_EN.pdf title: COM(2006)0787 url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=2006&nu_doc=787 title: EUR-Lex summary: PURPOSE: to create a horizontal framework for the identification and designation of European Critical Infrastructures and for the assessment of needs to improve their protection. PROPOSED ACT: Council Directive. BACKGROUND: the security and economy of the European Union as well as the well-being of its citizens depends on certain infrastructure and the services they provide. The destruction or disruption of infrastructure providing key services could entail the loss of lives, the loss of property, a collapse of public confidence and moral in the EU. Any such disruptions or manipulations of critical infrastructure (energy, communication, water, food provisioning, health, transport, etc) should, to the extent possible, be brief, infrequent, manageable, geographically isolated and minimally detrimental to the welfare of the Member States, their citizens and the European Union. In order to counteract these potential vulnerabilities the European Council requested in 2004 the development of a European Programme for Critical Infrastructure Protection. Since then, a comprehensive preparatory work has been undertaken, which has included the organisation of relevant seminars, the publication of a Green Paper and discussions with both public and private stakeholders. With this in mind, an EPCIP Communication has been developed establishing a horizontal framework concerning the protection of critical infrastructures in Europe. CONTENT: as part of the EPCIP framework dealing specifically with European Critical Infrastructures, it is necessary to include a proposal for a Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection. The proposed Directive establishes the necessary procedure for the identification and designation of European Critical Infrastructure (ECI), and a common approach to the assessment of the needs to improve the protection of such infrastructure. The ECI Directive lays down the procedure on how to identify and designate ECI: § The Commission together with the Member States and relevant stakeholders develop cross-cutting and sectoral criteria for the identification of ECI, which are then adopted through the comitology procedure. § The cross-cutting criteria are developed on the basis of the severity of the disruption or destruction of the CI. The severity of the consequences of the disruption or destruction of a particular infrastructure should be assessed on the basis, where possible, of: public effect (number of population affected); economic effect (significance of economic loss and/or degradation of products or services); environmental effect; political effects; psychological effects. § Each Member State then identifies those infrastructures which satisfy the criteria. § Each Member State then notifies the Commission of the critical infrastructures which satisfy the established criteria. § Following the identification procedure the Commission prepares a draft list of ECI . The draft list is based on the notifications received from the Member States and other relevant information from the Commission. The list is then adopted through comitology. Furthermore, the proposed Directive only imposes two obligations on the owners/operators of those critical infrastructures, which are designated as European Critical Infrastructures. These include: 1. The establishment of an Operator Security Plan which would identify the ECI owners' and operators' assets and establish relevant security solutions for their protection. Annex 2 of the ECI Directive provides the minimum contents of such OSPs including: - identification of important assets; - a risk analysis based on major threat scenarios, vulnerability of each asset, and potential impact shall be conducted; identification, selection and prioritisation of counter-measures and procedures with a distinction between: § Permanent security measures , which identify indispensable security investments and means which cannot be installed by the owner/operator at short notice. This heading will include information concerning general measures; technical measures (including installation of detection, access control, protection and prevention means); organizational measures (including procedures for alerts and crisis management); control and verification measures; communication; awareness raising and training; and security of information systems. § Graduated security measures , which are activated according to varying risk and threat levels. Once an OSP has been created, each ECI owner/operator should submit it to the relevant Member State authority. Each Member State will setup a supervisory system concerning OSPs which will ensure that sufficient feedback is given to the ECI owner/operator concerning the quality of the OSP and in particular the adequacy of the risk and threat assessment. 2. The designation of a Security Liaison Officer (SLO). Article 6 of the ECI Directive requires all CI owners/operators designated as ECI to appoint an SLO. The SLO would function as the point of contact for security issues between the ECI and the relevant CIP authorities in the Member States. The SLO would therefore receive all relevant CIP related information from the Member State authorities and would be responsible for providing relevant information from the ECI to the Member State. Lastly, the Commission shall take appropriate measures to protect information subject to the requirement of confidentiality to which it has access or which is communicated to it by Member States. For more details concerning the financial implications of this measure, please refer to the financial statement.
  • date: 2007-02-01T00:00:00 type: Committee referral announced in Parliament, 1st reading/single reading body: EP
  • date: 2007-04-19T00:00:00 type: Resolution/conclusions adopted by Council body: CSL summary: The Council adopted conclusions emphasising that the ultimate responsibility of the Member States for managing arrangements for the protection of critical infrastructures within their national borders. At the same time, the Council reiterates that action at European Community level will add value by supporting and complementing Member States' activities, while respecting the principle of subsidiarity and taking due account of available budgetary resources as defined in the Financial Framework 2007 - 2013. Member States’ responsibility includes, with due regard for existing Community competences, risk analysis and threat assessment in relation to European critical infrastructure situated in their territory, interfacing with its owners/operators, and exchanging information with the Commission on a summary basis. The Council welcomes the efforts of the Commission to develop a European procedure for the identification and designation of European Critical Infrastructure and the assessment of the need to improve its protection. This procedure should be based on adequate definitions and take into account cross-cutting as well as sectoral criteria, with a view to focusing its actions on those infrastructures damage to or destruction of which would have critical consequences. The Council considers in particular that such a procedure, established with due regard for the competences of the Member States and of the Community, could be of added value. Owners/operators of European Critical Infrastructure, including the private sector, must be actively involved. They should - by a variety of means and arrangements including voluntary measures - take proper measures to protect their infrastructures. Such measures could be security plans and security liaison officers. The costs to owners and operators of taking these measures should be proportionate and reasonable. The Council stresses that the greatest possible use should be made of recommendations, information sharing and exchange of best practice at EC level in order to promote voluntary protection measures by the owners/operators of European Critical Infrastructures. The Council will examine the added value of further measures with a view to ensuring security standards in the European Union and comparable competition conditions throughout the European Union. The Council stresses the need for any framework to be clear and consistent; duplications of or contradictions between different measures, acts or provisions must be avoided. Where the exchange of sensitive or classified information in any group or body is indispensable for the implementation of a European Programme for Critical Infrastructure Protection, the provisions set up in the appropriate security procedures and regulations must be strictly observed. The Council encourages Member States to launch any appropriate action for the protection of critical infrastructures. The Council recognises that existing actions by Member States are conducted through a variety of means and will pay particular attention to the question of how future measures for protecting European Critical Infrastructures can enable this approach to continue under a common framework. Member States may decide to take up the Commission's offer to provide critical infrastructure protection relevant support and research results generated at EC level or by Member States. The Council intends to continue its discussion about the Commission communication including the Action plan and the Commission proposal for a Directive in the spirit of the abovementioned conclusions.
  • date: 2007-06-27T00:00:00 type: Vote in committee, 1st reading/single reading body: EP summary: The Committee on Civil Liberties, Justice and Home Affairs adopted by a large majority the report by Jeanine HENNIS-PLASSCHAERT (ALDE, NL) amending, under the consultation procedure, the proposal for a Council Directive on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection. The main amendments are as follows: - the title of the proposal is amended to underline that it concerns “priority sectors” as opposed to “all” sectors; - structurally conditioned threats should also be identified, but the threat of terrorism should be given priority; - reinforce the principle according to which the directive strengthens public safety through a consistent and efficient system that is not at cross-purposes with itself; - there are a number of critical infrastructures in the Community, the disruption of which would affect three or more Member States or at least two other Member States other than that in which the critical infrastructure is located. This may include transboundary cross-sector effects resulting from interdependencies between interconnected infrastructure. Such European critical infrastructure should be identified by means of a common procedure. On the basis of common criteria a list of priority sectors with European critical infrastructure should be drawn up. A common action framework should be laid down for the protection of such European critical infrastructures that puts Member States in a position to reduce the potential danger to critical infrastructure on their territory by taking appropriate measures. Bilateral schemes for cooperation between Member States in the field of critical infrastructure protection constitute a well established and efficient means of dealing with transboundary critical infrastructure. EPCIP should build on such cooperation; - a series of measures governing the identification, designation and protection of critical infrastructures already exists for some sectors. Any future Community-wide regulation should not result in duplicate regulation in these sectors in the absence of added security; - Critical infrastructure should be designed in a way that minimises any links with and localisation in third countries. The localisation of elements of critical infrastructures outside the European Union increases the risk of terrorist attacks with spill-over effects on the whole infrastructure, access by terrorists to data stored outside the European Union, as well as risks of non-compliance with Community legislation, thus rendering the entire infrastructure more vulnerable . T he recent SWIFT case showed that critical data needs to be protected against illegal use by foreign authorities or private actors; - e ach owner/operator of European critical infrastructure should establish an Operator Security Plan identifying critical assets and laying down relevant security solutions for their protection. It should take into account vulnerability, threat and risk assessments, as well as other relevant information provided by Member State authorities; - these Operator Security Plans should be forwarded to the CIP Contact Point in the Member States. Compliance with existing sector-based protection measures could satisfy the requirement to establish and update an Operator Security Plan as well as designate a Security Liaison Officer ; - this Directive complements existing sectoral measures at Community level and in the Member States. Where Community mechanisms and legislation are already in place, they should be implemented and applied so as to contribute to the improvement of public safety. In so doing, overlaps and contradictions with this Directive and the imposition of additional costs without an additional gain in security are to be avoided; - as regards proportionality, particular attention should be paid to financial acceptability for owners or operators and for the Member States; - “European Critical Infrastructure” means critical infrastructures the disruption or destruction of which would significantly affect three or more Member States , or at least two Member States if the critical infrastructure is located in another Member State. This includes effects resulting from cross-sector dependencies on other types of infrastructure; - the cross-cutting and sectoral criteria to be used to identify European Critical Infrastructures shall be built on existing protection criteria and be adopted and amended in accordance with Article 308 of the EC Treaty and Article 203 of the Euratom Treaty; - where Community mechanisms are already in place, they shall continue to be used. Duplications of, or contradictions between, different acts or provisions shall be avoided at all costs; - each Member State shall identify the priority sectors within its territory, as well as those outside its territory that may have an impact on it; - each Member State shall notify the Commission of the priority sectors thus identified at the latest one year after the adoption of the relevant criteria and thereafter on an on-going basis; - t he list of priority sectors with critical infrastructure shall be adopted and amended by the Council; - Data protection: the processing of personal data carried out directly or through an intermediary by, and necessary for the activities of, European Critical Infrastructures shall be carried out in accordance with the provisions of Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and of the applicable principles with regard to data protection. The data processing shall be carried out within the EU and any mirroring of data shall not be allowed in third countries for reasons of security; - the Commission and the Council shall adopt a list of existing protection measures applicable to specific sectors listed in Annex I. Compliance with one or more of the listed protection measures satisfies the requirement to establish and update an Operator Security Plan; - each Member State shall report to the Commission on a summary basis on the types of structural vulnerabilities, threats and risks encountered in European Critical Infrastructures within 12 months (as opposed to 18 months) following the adoption of the list and thereafter on an ongoing basis every 2 years; - a common template for these reports shall be developed by the Commission and approved by the Council; - extension of the transposition deadline is essential since transposition by the end of 2007 is unrealistic therefore Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with this Directive by 31 December 2008 at the latest. They shall forthwith communicate to the Commission the text of those provisions and a correlation table between those provisions and this Directive. Lastly, MEPs have decided to make a list of “possible” critical infrastructure sectors to be taken into account when setting up the definitive list. Radio communication and navigation Radio communication, navigation and radio-frequency identification (RFID) spectres; Payment and securities clearing and settlement infrastructures and systems and their service providers and banking and insurance.
  • date: 2007-07-02T00:00:00 type: Committee report tabled for plenary, 1st reading/single reading body: EP docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A6-2007-270&language=EN title: A6-0270/2007
  • date: 2007-07-09T00:00:00 type: Debate in Parliament body: EP docs: url: http://www.europarl.europa.eu/sides/getDoc.do?secondRef=TOC&language=EN&reference=20070709&type=CRE title: Debate in Parliament
  • date: 2007-07-10T00:00:00 type: Results of vote in Parliament body: EP docs: url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=13821&l=en title: Results of vote in Parliament
  • date: 2007-07-10T00:00:00 type: Decision by Parliament, 1st reading/single reading body: EP docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P6-TA-2007-325 title: T6-0325/2007 summary: The European Parliament adopted the resolution by Jeanine HENNIS-PLASSCHAERT (ALDE, NL) amending the proposal for a Council Directive on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection. The Parliament stressed that responsibility for protecting critical infrastructure still rests primarily with Member States and private stakeholders. The Parliament endorsed the amendments tabled by the competent committee. The main amendments are as follows: the title of the proposal is amended to underline that it concerns “priority sectors” as opposed to “all” sectors; structurally conditioned threats should also be identified, but the threat of terrorism should be given priority; reinforce the principle according to which the directive strengthens public safety through a consistent and efficient system that is not at cross-purposes with itself; there are a number of critical infrastructures in the Community, the disruption of which would affect three or more Member States or at least two other Member States other than that in which the critical infrastructure is located. This may include transboundary cross-sector effects resulting from interdependencies between interconnected infrastructure. Such European critical infrastructure should be identified by means of a common procedure. On the basis of common criteria a list of priority sectors with European critical infrastructure should be drawn up. A common action framework should be laid down for the protection of such European critical infrastructures that puts Member States in a position to reduce the potential danger to critical infrastructure on their territory by taking appropriate measures. Bilateral schemes for cooperation between Member States in the field of critical infrastructure protection constitute a well established and efficient means of dealing with transboundary critical infrastructure. EPCIP should build on such cooperation; a series of measures governing the identification, designation and protection of critical infrastructures already exists for some sectors. Any future Community-wide regulation should not result in duplicate regulation in these sectors in the absence of added security; each owner/operator of European critical infrastructure should establish an Operator Security Plan identifying critical assets and laying down relevant security solutions for their protection. It should take into account vulnerability, threat and risk assessments, as well as other relevant information provided by Member State authorities; these Operator Security Plans should be forwarded to the CIP Contact Point in the Member States. Compliance with existing sector-based protection measures could satisfy the requirement to establish and update an Operator Security Plan as well as designate a Security Liaison Officer ; this Directive complements existing sectoral measures at Community level and in the Member States. Where Community mechanisms and legislation are already in place, they should be implemented and applied so as to contribute to the improvement of public safety. In so doing, overlaps and contradictions with this Directive and the imposition of additional costs without an additional gain in security are to be avoided; as regards proportionality, particular attention should be paid to financial acceptability for owners or operators and for the Member States; “European Critical Infrastructure” means critical infrastructures the disruption or destruction of which would significantly affect three or more Member States, or at least two Member States if the critical infrastructure is located in another Member State. This includes effects resulting from cross-sector dependencies on other types of infrastructure; the cross-cutting and sectoral criteria to be used to identify European Critical Infrastructures shall be built on existing protection criteria and be adopted and amended in accordance with Article 308 of the EC Treaty and Article 203 of the Euratom Treaty; where Community mechanisms are already in place, they shall continue to be used. Duplications of, or contradictions between, different acts or provisions shall be avoided at all costs; each Member State shall notify the Commission of the priority sectors thus identified at the latest one year after the adoption of the relevant criteria and thereafter on an on-going basis; each Member State shall report to the Commission on a summary basis on the types of structural vulnerabilities, threats and risks encountered in European Critical Infrastructures within 12 months (as opposed to 18 months) following the adoption of the list and thereafter on an ongoing basis every 2 years; a common template for these reports shall be developed by the Commission and approved by the Council; extension of the transposition deadline from December 2007 to December 2008. Lastly, MEPs have decided to make a list of “possible” critical infrastructure sectors to be taken into account when setting up the definitive list. Radio communication and navigation Radio communication, navigation and radio-frequency identification (RFID) spectres; Payment and securities clearing and settlement infrastructures and systems and their service providers and banking and insurance .
  • date: 2007-12-06T00:00:00 type: Debate in Council body: CSL docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=2838*&MEET_DATE=06/12/2007 title: 2838
  • date: 2008-12-08T00:00:00 type: Act adopted by Council after consultation of Parliament body: EP/CSL
  • date: 2008-12-08T00:00:00 type: End of procedure in Parliament body: EP
  • date: 2008-12-23T00:00:00 type: Final act published in Official Journal summary: PURPOSE: to create a horizontal framework for the identification of European Critical Infrastructures. LEGISLATIVE ACT: Council Directive 2008/114/EC on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection. CONTENT: the Council adopted this Directive following political agreement reached in June 2008. The Directive establishes a procedure for the identification and designation of European critical infrastructures (‘ECIs’), and a common approach to the assessment of the need to improve the protection of such infrastructures in order to contribute to the protection of people. It focuses on the energy and transport sectors. ‘European critical infrastructure’ or ‘ECI’ is defined as critical infrastructure located in Member States the disruption or destruction of which would have a significant impact on at least 2 Member States . The significance of the impact will be assessed in terms of cross-cutting criteria. This includes effects resulting from cross-sector dependencies on other types of infrastructure. In the Annex, the Directive details the types of infrastructures concerned: Energy electricity Infrastructures and facilities for generation and transmission of electricity in respect of supply electricity; oil production, refining, treatment, storage and transmission by pipelines; gas production, refining, treatment, storage and transmission by pipelines, LNG terminals. Transport road transport rail transport air transport inland waterways transport ocean and short-sea shipping and ports. Evaluation method : ECIs should be identified and designated by means of a common procedure. The evaluation of security requirements for such infrastructures should be done under a common minimum approach. Each Member State must identify potential ECIs which both satisfy cross-cutting and sectoral criteria. The Directive requires each Member State to identify the critical infrastructures which may be designated as an ECI. This procedure shall be implemented by each Member State through the following series of consecutive steps (Annex III). Step 1: each Member State shall apply the sectoral criteria in order to make a first selection of critical infrastructures within a sector. Step 2: each Member State shall apply the definition of critical infrastructure to the potential ECI identified under step 1. Step 3: each Member State shall apply the transboundary element of the definition of ECI to the potential ECI. Step 4: each Member State shall apply the cross-cutting criteria to the remaining potential ECIs. The cross-cutting criteria shall take into account: the severity of impact; and, for infrastructure providing an essential service, the availability of alternatives; and the duration of disruption/recovery. A potential ECI which does not satisfy the cross-cutting criteria will not be considered to be an ECI. A potential ECI which has passed through this procedure shall only be communicated to the Member States which may be significantly affected by the potential ECI. The cross-cutting criteria shall comprise the following: casualties criterion (assessed in terms of the potential number of fatalities or injuries); economic effects criterion (assessed in terms of the significance of economic loss and/or degradation of products or services; including potential environmental effects); public effects criterion (assessed in terms of the impact on public confidence, physical suffering and disruption of daily life; including the loss of essential services). The sectoral criteria shall take into account the characteristics of individual ECI sectors. Identification: the process of identifying and designating must be completed by 12 January 2011 and reviewed on a regular basis. The Member State on whose territory a designated ECI is located shall inform the Commission on an annual basis of the number of designated ECIs per sector and of the number of Member States dependent on each designated ECI. Only those Member States that may be significantly affected by an ECI shall know its identity. The Member States on whose territory an ECI is located shall inform the owner/operator of the infrastructure concerning its designation as an ECI. Information concerning the designation of an infrastructure as an ECI shall be classified at an appropriate level. Operator security plans : the operator security plan (‘OSP’) procedure must identify the critical infrastructure assets of the ECI and which security solutions exist or are being implemented for their protection. The minimum content to be addressed by an ECI OSP procedure is set out in Annex II, and includes conducting a risk analysis based on major threat scenarios, vulnerability of each asset, and potential impact. Security Liaison Officers : the Security Liaison Officer functions as the point of contact for security related issues between the owner/operator of the ECI and the relevant Member State authority. Commission support for ECIs: the Commission will support the owners/operators of designated ECIs by providing access to available best practices and methodologies as well as support training and the exchange of information on new technical developments related to critical infrastructure protection. Sensitive European critical infrastructure protection-related information : the act provides that any person handling classified information pursuant to this Directive on behalf of a Member State or the Commission must have an appropriate level of security vetting. Member States, the Commission and relevant supervisory bodies shall ensure that sensitive European critical infrastructure protection-related information submitted to the Member States or to the Commission is not used for any purpose other than the protection of critical infrastructures. Review: a review of this Directive shall begin on 12 January 2012. If deemed appropriate and in conjunction with the review, subsequent sectors to be used for the purpose of implementing this Directive may be identified. Priority shall be given to the ICT sector. Implementation: 12/01/2011. ENTRY INTO FORCE: 12/01/2009. docs: title: Directive 2008/114 url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!CELEXnumdoc&lg=EN&numdoc=32008L0114 title: OJ L 345 23.12.2008, p. 0075 url: https://eur-lex.europa.eu/JOHtml.do?uri=OJ:L:2008:345:SOM:EN:HTML
other
  • body: CSL type: Council Meeting council: Former Council configuration
  • body: EC dg: url: http://ec.europa.eu/justice/ title: Justice commissioner: FRATTINI Franco
procedure/dossier_of_the_committee
Old
LIBE/6/44115
New
  • LIBE/6/44115
procedure/final/url
Old
http://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!CELEXnumdoc&lg=EN&numdoc=32008L0114
New
https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!CELEXnumdoc&lg=EN&numdoc=32008L0114
procedure/subject
Old
  • 7.30.09 Public security
  • 7.30.20 Action to combat terrorism
New
7.30.09
Public security
7.30.20
Action to combat terrorism
activities/0/docs/0/url
Old
http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/com/2006/0787/COM_COM(2006)0787_EN.pdf
New
http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2006/0787/COM_COM(2006)0787_EN.pdf
activities/12/docs/1/url
Old
http://eur-lex.europa.eu/JOHtml.do?uri=OJ:L:2008:345:SOM:EN:HTML
New
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2008:345:TOC
links/European Commission/title
Old
PreLex
New
EUR-Lex
activities
  • date: 2006-12-12T00:00:00 docs: url: http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/com/2006/0787/COM_COM(2006)0787_EN.pdf celexid: CELEX:52006PC0787:EN type: Legislative proposal published title: COM(2006)0787 type: Legislative proposal published body: EC commission: DG: url: http://ec.europa.eu/justice/ title: Justice Commissioner: FRATTINI Franco
  • date: 2007-02-01T00:00:00 body: EP type: Committee referral announced in Parliament, 1st reading/single reading committees: body: EP responsible: False committee: ECON date: 2007-01-24T00:00:00 committee_full: Economic and Monetary Affairs rapporteur: group: PSE name: ETTL Harald body: EP responsible: False committee_full: Environment, Public Health and Food Safety committee: ENVI body: EP responsible: False committee_full: Internal Market and Consumer Protection committee: IMCO body: EP responsible: False committee: ITRE date: 2007-02-27T00:00:00 committee_full: Industry, Research and Energy rapporteur: group: PSE name: GLANTE Norbert body: EP responsible: True committee: LIBE date: 2007-01-25T00:00:00 committee_full: Civil Liberties, Justice and Home Affairs rapporteur: group: ALDE name: HENNIS-PLASSCHAERT Jeanine body: EP responsible: False committee: TRAN date: 2007-01-31T00:00:00 committee_full: Transport and Tourism rapporteur: group: PPE-DE name: SOMMER Renate
  • body: CSL meeting_id: 2794 council: Justice and Home Affairs (JHA) date: 2007-04-19T00:00:00 type: Council Meeting
  • date: 2007-06-27T00:00:00 body: EP committees: body: EP responsible: False committee: ECON date: 2007-01-24T00:00:00 committee_full: Economic and Monetary Affairs rapporteur: group: PSE name: ETTL Harald body: EP responsible: False committee_full: Environment, Public Health and Food Safety committee: ENVI body: EP responsible: False committee_full: Internal Market and Consumer Protection committee: IMCO body: EP responsible: False committee: ITRE date: 2007-02-27T00:00:00 committee_full: Industry, Research and Energy rapporteur: group: PSE name: GLANTE Norbert body: EP responsible: True committee: LIBE date: 2007-01-25T00:00:00 committee_full: Civil Liberties, Justice and Home Affairs rapporteur: group: ALDE name: HENNIS-PLASSCHAERT Jeanine body: EP responsible: False committee: TRAN date: 2007-01-31T00:00:00 committee_full: Transport and Tourism rapporteur: group: PPE-DE name: SOMMER Renate type: Vote in committee, 1st reading/single reading
  • date: 2007-07-02T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A6-2007-270&language=EN type: Committee report tabled for plenary, 1st reading/single reading title: A6-0270/2007 body: EP committees: body: EP responsible: False committee: ECON date: 2007-01-24T00:00:00 committee_full: Economic and Monetary Affairs rapporteur: group: PSE name: ETTL Harald body: EP responsible: False committee_full: Environment, Public Health and Food Safety committee: ENVI body: EP responsible: False committee_full: Internal Market and Consumer Protection committee: IMCO body: EP responsible: False committee: ITRE date: 2007-02-27T00:00:00 committee_full: Industry, Research and Energy rapporteur: group: PSE name: GLANTE Norbert body: EP responsible: True committee: LIBE date: 2007-01-25T00:00:00 committee_full: Civil Liberties, Justice and Home Affairs rapporteur: group: ALDE name: HENNIS-PLASSCHAERT Jeanine body: EP responsible: False committee: TRAN date: 2007-01-31T00:00:00 committee_full: Transport and Tourism rapporteur: group: PPE-DE name: SOMMER Renate type: Committee report tabled for plenary, 1st reading/single reading
  • date: 2007-07-09T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?secondRef=TOC&language=EN&reference=20070709&type=CRE type: Debate in Parliament title: Debate in Parliament body: EP type: Debate in Parliament
  • date: 2007-07-10T00:00:00 docs: url: http://www.europarl.europa.eu/oeil/popups/sda.do?id=13821&l=en type: Results of vote in Parliament title: Results of vote in Parliament url: http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P6-TA-2007-325 type: Decision by Parliament, 1st reading/single reading title: T6-0325/2007 body: EP type: Results of vote in Parliament
  • body: CSL meeting_id: 2838 docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=2838*&MEET_DATE=06/12/2007 type: Debate in Council title: 2838 council: Justice and Home Affairs (JHA) date: 2007-12-06T00:00:00 type: Council Meeting
  • date: 2008-06-05T00:00:00 body: CSL type: Council Meeting council: Justice and Home Affairs (JHA) meeting_id: 2783
  • date: 2008-12-08T00:00:00 body: CSL type: Council Meeting council: General Affairs meeting_id: 2914
  • date: 2008-12-08T00:00:00 body: EP type: End of procedure in Parliament
  • date: 2008-12-08T00:00:00 body: EP/CSL type: Act adopted by Council after consultation of Parliament
  • date: 2008-12-23T00:00:00 type: Final act published in Official Journal docs: url: http://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!CELEXnumdoc&lg=EN&numdoc=32008L0114 title: Directive 2008/114 url: http://eur-lex.europa.eu/JOHtml.do?uri=OJ:L:2008:345:SOM:EN:HTML title: OJ L 345 23.12.2008, p. 0075
committees
  • body: EP responsible: False committee: ECON date: 2007-01-24T00:00:00 committee_full: Economic and Monetary Affairs rapporteur: group: PSE name: ETTL Harald
  • body: EP responsible: False committee_full: Environment, Public Health and Food Safety committee: ENVI
  • body: EP responsible: False committee_full: Internal Market and Consumer Protection committee: IMCO
  • body: EP responsible: False committee: ITRE date: 2007-02-27T00:00:00 committee_full: Industry, Research and Energy rapporteur: group: PSE name: GLANTE Norbert
  • body: EP responsible: True committee: LIBE date: 2007-01-25T00:00:00 committee_full: Civil Liberties, Justice and Home Affairs rapporteur: group: ALDE name: HENNIS-PLASSCHAERT Jeanine
  • body: EP responsible: False committee: TRAN date: 2007-01-31T00:00:00 committee_full: Transport and Tourism rapporteur: group: PPE-DE name: SOMMER Renate
links
National parliaments
European Commission
other
  • body: CSL type: Council Meeting council: Former Council configuration
  • body: EC dg: url: http://ec.europa.eu/justice/ title: Justice commissioner: FRATTINI Franco
procedure
dossier_of_the_committee
LIBE/6/44115
reference
2006/0276(CNS)
instrument
Directive
legal_basis
stage_reached
Procedure completed
subtype
Legislation
title
Identification and designation of European critical infrastructures and assessment of the need to improve their protection
type
CNS - Consultation procedure
final
subject