The Critical Entities Resilience CER Directive will impact you
The CER directive makes it the responsibility of appointed companies to ensure the integrity of their facilities and services and protect them against physical threats
CER will start to impact critical business and entities in 2026 and beyond
Since first enacted in 2008, CER is now coming into effect
The Critical Entities Resilience (CER) Directive or Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022.
- Entered into force on 16 January 2023, replacing the previous European Critical Infrastructure Directive (2008/114/EC).
- Member States were required to transpose it into national law by October 2024, but timelines have been extended and some countries are slated to enact local legislation in 2026 and beyond.
- Full compliance will continue to roll out through 2026 and beyond.
The Directive applies to critical entities in 11 sectors,
The focus is expanded beyond the 2008 focus on energy and transport.
You are impacted if you serve many customers (typically >100 000) and deliver services in the following sectors
- Energy
- Transport
- Banking
- Financial market infrastructure
- Health
- Drinking water
- Wastewater
- Digital infrastructure
- Public administration
- Space
- Food production, processing, and distribution.
What you need to prepare
Being an impacted entity means that you face some requirements
- Risk Assessments
EU States must conduct regular risk assessments to identify critical entities and evaluate risks that could disrupt essential services. Critical entities themselves must perform risk assessments within nine months of designation and at least every four years thereafter. - Resilience Measures
Critical entities must implement proportionate technical, security, and organizational measures to:- Prevent incidents (including disaster risk reduction and climate adaptation)
- Ensure physical protection of premises and infrastructure
- Respond to and recover from incidents
- Maintain business continuity and alternative supply chains.
- Incident Notification
Entities must notify competent authorities of incidents that significantly disrupt or could disrupt essential services. - Support and Oversight
Member States must provide guidance, training, and establish competent authorities for supervision and enforcement.
Discover ESSVE Safety Wall – Built for CER Compliance
Looking for a solution that meets the EU CER Directive’s physical resilience requirements?
ESSVE Safety Wall is engineered to help critical entities comply with the directive’s strict standards for physical security:
- Tested and certified according to EN 1627 (EN 1630) up to RC4
- Designed for fast installation, minimizing downtime
- Modular system for flexible protection
- Ideal for sectors covered by CER: energy, water, transport, digital infrastructure, health, and more
Authorities require proof of compliance – including certified anti-burglary solutions. ESSVE Safety Wall delivers that assurance.