Resilient Infrastructure 2023

ExpectedOutcome : Projects’ results are expected to contribute to all of the following outcomes: Tools for EU Member State authorities and operators for the assessment and anticipation of relevant risks to the provisions of essential services are identified; The cooperation between authorities of EU Member States is facilitated by providing solutions for data exchange and joint cross-border risk assessments; Simulation tools are developed for large-scale exercises to test the resilience of operators and of specific sectors, and related training courses are designed; Measures by Member State authorities to facilitate risk assessments by operators are identified, including the assessment of dependencies on different sectors and cross-border interdependencies; Provide common European guidance and support for the drafting of their resilience plans in order to meet all the provisions of the proposed CER-Directive: risk analysis, domino effects, cross-sector and cross-border analysis, standardised plans, educational and training tools; An all-hazards framework is created to support Member States in ensuring improved concepts and instruments for the anticipation of risks to entities that provide essential services, resulting in an improved preparedness and response against disruptions of key sectors in the EU and enhanced resilience of the EU internal market. Scope : The EU Security Union Strategy for 2020-2025 [1] , Counter-Terrorism Agenda [2] . for the EU and the Cyber Security Strategy stress the importance of ensuring resilience in the face of various risks. The livelihoods of European citizens and the good functioning of the internal market depend on the reliable provision of services fundamental for societal or economic activities in many different sectors. Those services often are reliant upon one another, thus disruptions in one sector can generate severe and long-lasting effects on the provision of services in others. Member States hold the primary responsibility in ensuring that operators who use critical infrastructures to deliver such services (hereafter: ‘operators’) comply with applicable rules and have the necessary support to ensure their own resilience and as part of a complex system of interdependencies. On EU-level, there has been a revision of certain legislation aiming at the minimum harmonisation of such rules, such as the directive on the resilience of critical entities (CER [3] ) and the directive on measures for high common level of cybersecurity across the Union (NIS-2 [4] ). In combination with sectoral EU-legislation and policies on resilience (e.g. for a Network Code on sector-specific rules for cybersecurity aspects of cross-border electricity flows [5] ), this provides a comprehensive framework that needs to be put in practice. “Facilitating strategic cooperation” refers to the necessity for public authorities of the Member States to be able to exchange information, in a secure way, on the risk assessments of their critical entities as well as their resilience. “Critical entities” is the specific term used in the CER directive to designate those entities that will be identified by the Member States under the directive. Pursuant to the directive, in particular of its articles 1 and 5, the identity of the critical entities will be classified. In the performance of the project, project participants will interact directly with Member States authorities responsible for risk assessment and analysis of the vulnerabilities of their critical entities. Pursuant to the proposed directive, the confidentiality of the critical entities (and of their vulnerabilities) shall be ensured and protected. Proposals under this topic should support the competent authorities of Member States to identify and develop the most suitable tools, solutions and strategies to ensure the resilience of key sectors and thus facilitate the implementation of [related/ future] EU legislation. Applicants should focus on delivering solutions t