The global pandemic caused many organisations to take a second look at what it means to be resilient. Beyond the office disruptions, there were also profound supply chain, customer and general economic upheavals that challenged many organisations. People also became educated on what “critical infrastructure” means: systems that provide the necessities for human life and the economy. So, in addition to obvious critical infrastructure like public utilities, people also saw how organisations that provide food, healthcare and more fall into that category.
Recognising how vital critical infrastructure is to society’s welfare and how events like the pandemic, war in the Ukraine and other geopolitical events can cause major disruptions to society and business, the European Commission (EC) has introduced the European Union (EU) Critical Entities Resilience (CER) Directive. Deloitte fully addresses the CER Directive here.
Under the CER Directive, EU states have until 17 July 2026, to identify critical entities within their respective jurisdictions and then have 10 months to comply with many new resilience requirements.
The CER Directive is designed to improve and harmonise resilience strategies in EU member states and the organisations within them. Each state will need to convert CER Directive requirements into national legislation. Identified critical infrastructure entities will have to move quickly to comply with the laws. Because of this, any entity that might be deemed critical would be well-served to start a review of its resilience capabilities now.
The following are key requirements from the CER Directive and why entities should start making necessary resilience changes now, so it’s not an “all-hands-on-deck” situation when the 10-month deadline period begins.
The CER Directive has an ambitious timeline both for EU member states and critical entities. This is why both would be well-served to start reviewing resilience plans and capabilities now, so they don’t find themselves “playing catch-up” later.
Download Deloitte’s article about the CER Directive