IP/08/899

Brussels, 6 June 2008

Critical Infrastructure Protection

The Justice and Home Affairs Council 5-6 June has reached political agreement on a Commission proposal for a Directive on the identification and designation of European Critical Infrastructure (ECI) and the assessment of the need to improve their protection. The entry into force of the Directive is envisaged before the end of 2008.

"Critical infrastructure industries are becoming more and more interdependent as the economic, technological, and social processes of globalization intensify. Therefore, the damage or loss of a piece of infrastructure in one Member State may have negative effects on several others and on the European economy as a whole. Because of this trans-boundary dimension, an integrated EU-wide approach complements and provides added value to existing national programmes for critical infrastructure protection in place in the Member States." declared Vice-President Barrot, who added: "The Directive raises the level of security for all EU citizens, provides legal clarity to operators and increases competitiveness"

The Directive establishes the procedure for the identification and designation of European Critical Infrastructure (ECI) and a common approach to assessment of the need to improve the protection of such infrastructure in order to contribute to the protection of people.

ECI means critical infrastructure located in the EU Member States the disruption or destruction of which would have a significant impact on at least two Member States of the EU. The Directive concentrates on the energy and transport sector and will be reviewed after three years, to assess its impact and the need to include other sectors within its scope - inter alia the Information and Communication Technology (ICT) sector.

Each designated European Critical Infrastructure is to have an Operator Security Plan (OSP) covering inter alia identification of important assets, a risk analysis based on major threat scenarios and the vulnerability of each asset, and the identification, selection and prioritisation of counter-measures and procedures.

A Security Liaison officer will function as the point of contact for security issues between the European Critical Infrastructure owner/operator and the relevant Member State authority.

Every two years, each Member State will forward to the Commission information on threats and risks encountered in each European Critical Infrastructure sector. On the basis of those reports, the Commission and the Member States will examine whether further protection measures at the EU level should be considered.