The Critical Entities Resilience (CER) Directive is a new initiative in the EU that focuses on enhancing cyber resilience for critical entities providing essential services. Introduced as part of the EU's efforts to strengthen cyber resilience in Europe, along with NIS2 and the EU Cyber Resilience Act, the CER Directive requires critical entities to effectively manage their network and information security. The Directive, which came into force on 16 January 2023, builds upon the previous ECI Directive by expanding from protecting individual assets to safeguarding service providers as a whole
Its objectives include creating a framework for resilience, enhancing risk assessment capabilities, and addressing cross-border impacts by improving cooperation and communication among critical entities. The Directive outlines key obligations for critical entities and Member States, such as adopting resilience plans, conducting regular risk assessments, and ensuring incident notification. Member States are also required to establish strategies for enhancing cyber resilience and identify critical entities by specific deadlines. The enforcement and compliance monitoring of the Directive will be overseen by competent authorities designated by each Member State and the establishment of the Critical Entities Resilience Group (CERG) to facilitate cooperation. The CER Directive applies to critical entities across various sectors identified for their societal and economic significance and outlines steps for compliance, including updating policies, crisis management plans, and conducting training exercises. https://www.upguard.com/blog/cer-directive