Quiero saber acerca de...

OJ C, 5.7.2024
14

In addition, the notion of significant disruptive effect should be understood in light of the criteria provided by Article 71 of Directive EU 2022/2557, which refer to: i the number of users relying on the essential service provided by the entity concerned; ii the extent to which other sectors and subsectors as set out in the Annex to that Directive depend on the essential service in question; iii the impact that incidents could have, in terms of degree and duration, on economic and societal activities, the environment, public safety and security, or the health of the population; iv the entitys market share in the market for the essential service or essential services concerned; v the geographic area that could be affected by an incident, including any cross-border impact, taking into account the vulnerability associated with the degree of isolation of certain types of geographic areas, such as insular regions, remote regions or mountainous areas; vi the importance of the entity in maintaining a sufficient level of the essential service, taking into account the availability of alternative means for the provision of that essential service.

15

In the interest of efficiency and effectiveness, the EU Critical Infrastructure Blueprint should fully respect the Councils Integrated Political Crisis Response IPCR arrangements for the coordination of the response 5. It should also be fully coordinated, coherent and interoperable with all the other sectoral Union instruments or processes, such as the processes described in the EU Hybrid Toolbox 6 and in the revised EU Protocol for countering hybrid threats 7. It should also take into account and respect the mandates of the European cyber crisis liaison organisation network EU-CyCLONe and the Computer Security Incident Response Teams CSIRTs Network as laid down in Directive EU 2022/2555 of the European Parliament and of the Council 8. The blueprint on coordinated response to large-scale cross-border cybersecurity incidents and crises laid down by Commission Recommendation EU
2017/1584 9 Cyber Blueprint and the pan-European systemic cyber incident coordination framework for relevant authorities EU-SCICF as recommended by the European Systemic Risk Board ESRB should, where relevant, also be taken into account. To the extent possible, the duplication of structures and activities should be avoided.

16

This Recommendation builds on and is, more broadly, consistent and complementary with existing bilateral or multilateral arrangements and the established Union crisis and emergency management mechanisms, notably the Councils IPCR arrangements, the Commissions internal crisis coordination process ARGUS 10 and the Union Civil Protection Mechanism 11 UCPM, supported by the Emergency Response Coordination Centre ERCC, 12 the European External Action Service EEAS Crisis Response Mechanism as well as the Regulation establishing a framework of measures related to an internal market emergency and to the resilience of the internal market, all of which may play a role in responding to a major disruption to critical infrastructure operations.

17

In responding to a critical infrastructure incident with significant cross-border relevance, the above mentioned tools and mechanisms at Union level could be used, in accordance with the rules and procedures applicable thereto, which this Recommendation should complement but leave unaffected. For instance, the Councils IPCR arrangements remain the main tool for coordination of response at Union political level among Member States. Internal coordination within the Commission takes place in the framework of the ARGUS cross-sectoral crisis coordination process. If the crisis entails an external dimension, the EEAS Crisis Response Mechanism could be used. Under Decision No 1313/2013/EU, the UCPM can be activated to respond to actual or imminent natural and man-made disasters within and outside the Union including those stemming from incidents affecting critical infrastructure with the operational support from the ERCC. The ERCC works in close contact with national civil protection authorities and relevant Union bodies to promote a cross-sectoral approach to disaster management.

5

Council Implementing Decision EU 2018/1993 of 11 December 2018 on the EU Integrated Political Crisis Response Arrangements OJ L 320, 17.12.2018, p. 28.
See the Council conclusions of 21 June 2022 on a Framework for a coordinated EU response to hybrid campaigns, and the Implementing guidelines approved by the Council on 13 December 2022 for the Framework for a coordinated EU response to hybrid campaigns.
Joint Staff Working Document EU Protocol for countering hybrid threats SWD 2023 116 final.
Directive EU 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation EU No 910/2014 and Directive EU 2018/1972, and repealing Directive EU 2016/1148 NIS 2 Directive OJ L 333, 27.12.2022, p. 80.
Commission Recommendation EU 2017/1584 of 13 September 2017 on coordinated response to large-scale cybersecurity incidents and crises OJ L 239, 19.9.2017, p. 36.
Communication from the Commission of 23 December 2005 to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions Commission provisions on ARGUS general rapid alert system COM
2005 662 final.
Decision No 1313/2013/EU of the European Parliament and of the Council of 17 December 2013 on a Union Civil Protection Mechanism OJ L 347, 20.12.2013, p. 924.
Decision No 1313/2013/EU creates an all-hazards framework setting out Union-level prevention, preparedness, and response arrangements to manage all kinds of natural and human-induced disasters or imminent disasters within and outside the Union.

6
7 8
9 10
11
12

ELI: http data.europa.eu/eli/C/2024/4371/oj
EN

3/16