The aim of the Critical Entities Resilience (CER) Directive is to enhance the resilience of critical entities that provide essential services by laying down harmonised minimum rules. The CER Directive sets out a risk-based approach to reducing vulnerabilities and strengthening the resilience of critical entities in the State in line with efforts across the European Union (EU) in order to ensure the continuous provision of essential services. To achieve this, the CER Directive seeks to address all relevant natural and man-made resilience risks, including those of a cross-sectoral or cross-border nature, accidents, natural disasters, public health emergencies, hybrid threats and other antagonistic threats, including terrorist threats.
The EU Commission has proposed a non-exhaustive list of services that are crucial for the maintenance of vital societal functions, economic activities, public health and safety, or the environment, for the eleven sectors covered by the CER Directive.
The Critical Entities Resilience (CER) Directive has been transposed into Irish law by Statutory Instrument 559/2024 ‘European Union (Resilience of Critical Entities) Regulations 2024’ which came into effect on the 17 October 2024,
S.I. No. 559/2024 – European Union (Resilience of Critical Entities) Regulations 2024.
The Commission for Communications Regulation (ComReg) has been designated as the competent authority in the State for the resilience of critical entities in the Digital Infrastructure sector.