1. A Critical Entities Resilience Group is hereby established. The Critical Entities Resilience Group shall support the Commission and facilitate cooperation among Member States and the exchange of information on issues relating to this Directive.
2. The Critical Entities Resilience Group shall be composed of representatives of the Member States and the Commission who hold security clearance, where appropriate. Where relevant for the performance of its tasks, the Critical Entities Resilience Group may invite relevant stakeholders to participate in its work. Where requested by the European Parliament, the Commission may invite experts from the European Parliament to attend meetings of the Critical Entities Resilience Group.
The Commission’s representative shall chair the Critical Entities Resilience Group.
3. The Critical Entities Resilience Group shall have the following tasks:
(a) supporting the Commission in assisting Member States in reinforcing their capacity to contribute to ensuring the resilience of critical entities in accordance with this Directive;
(b) analysing the strategies in order to identify best practices in respect of the strategies;
(c) facilitating the exchange of best practices with regard to the identification of critical entities by the Member States pursuant to Article 6(1), including in relation to cross-border and cross-sectoral dependencies and regarding risks and incidents;
(d) where appropriate, contributing on issues relating to this Directive to documents concerning resilience at Union level;
(e) contributing to the preparation of the guidelines referred to in Article 7(3) and Article 13(5) and, upon request, any delegated or implementing acts adopted pursuant to this Directive;
(f) analysing the summary reports referred to in Article 9(3) with a view to promoting the sharing of best practices on the action taken in accordance with Article 15(3);
(g) exchanging best practices related to the notification of incidents referred to in Article 15;
(h) discussing the summary reports of advisory missions and the lessons learned in accordance with Article 18(10);
(i) exchanging information and best practices on innovation, research and development relating to the resilience of critical entities in accordance with this Directive;
(j) where relevant, exchanging information on matters concerning the resilience of critical entities with relevant Union institutions, bodies, offices and agencies.
4. By 17 January 2025 and every two years thereafter, the Critical Entities Resilience Group shall establish a work programme in respect of actions to be undertaken to implement its objectives and tasks. That work programme shall be consistent with the requirements and objectives of this Directive.
5. The Critical Entities Resilience Group shall meet on a regular basis and in any event at least once a year with the Cooperation Group established under Directive (EU) 2022/2555 to promote and facilitate cooperation and the exchange of information.
6. The Commission may adopt implementing acts laying down procedural arrangements necessary for the functioning of the Critical Entities Resilience Group, respecting Article 1(4). Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 24(2).
7. The Commission shall provide the Critical Entities Resilience Group with a summary report of the information provided by the Member States pursuant to Article 4(3) and Article 5(4) by 17 January 2027, whenever necessary subsequently, and at least every four years.
- Recital CER 37
In order to support the Commission and facilitate cooperation among Member States and the exchange of information, including best practices, on issues relating to this Directive, a Critical Entities Resilience Group should be established as a Commission expert group. Member States should endeavour to ensure that the designated representatives of their competent authorities in the Critical Entities Resilience Group effectively and efficiently cooperate, including by designating representatives who hold security clearance, where appropriate. The Critical Entities Resilience Group should begin to perform its tasks as soon as possible, so as to provide additional means for appropriate cooperation during the transposition period of this Directive. The Critical Entities Resilience Group should interact with other relevant sector-specific expert working groups.
- Recital CER 38
The Critical Entities Resilience Group should cooperate with the Cooperation Group established under Directive (EU) 2022/2555 with a view to supporting a comprehensive framework for cyber and non-cyber resilience of critical entities. The Critical Entities Resilience Group and the Cooperation Group established under Directive (EU) 2022/2555 should engage in a regular dialogue to promote cooperation between the competent authorities under this Directive and the competent authorities under Directive (EU) 2022/2555 and to facilitate the exchange of information, in particular on topics of relevance to both groups.
- Art. 20 CER – Commission support to competent authorities and critical entities
1. The Commission shall, where appropriate, support Member States and critical entities in complying with their obligations under this Directive. The Commission shall prepare a Union-level overview of cross-border and cross-sectoral risks to the provision of essential services, organise advisory missions as referred to in Article 13(4) and Article 18 and facilitate information exchange among Member States and experts across the Union.
2. The Commission shall complement Member States’ activities as referred to in Article 10 by developing best practices, guidance materials and methodologies, and cross-border training activities and exercises to test the resilience of critical entities.
3. The Commission shall inform Member States about financial resources at Union level available to Member States for enhancing the resilience of critical entities.
- Recital CER 39
In order to achieve the objectives of this Directive and without prejudice to the legal responsibility of Member States and critical entities to ensure compliance with their respective obligations laid down therein, the Commission should, where it considers it appropriate, support competent authorities and critical entities with the aim of facilitating their compliance with their respective obligations. When providing support to Member States and critical entities in the implementation of obligations under this Directive, the Commission should build on existing structures and tools, such as those under the Union Civil Protection Mechanism, established by Decision No 1313/2013/EU, and the European Reference Network for Critical Infrastructure Protection. In addition, it should inform Member States about resources available at Union level, such as within the Internal Security Fund, established by Regulation (EU) 2021/1149 of the European Parliament and of the Council(23), Horizon Europe, established by Regulation (EU) 2021/695 of the European Parliament and of the Council(24), or other instruments relevant for the resilience of critical entities.
(23) Regulation (EU) 2021/1149 of the European Parliament and of the Council of 7 July 2021 establishing the Internal Security Fund (OJ L 251, 15.7.2021, p. 94).
(24) Regulation (EU) 2021/695 of the European Parliament and of the Council of 28 April 2021 establishing Horizon Europe – the Framework Programme for Research and Innovation, laying down its rules for participation and dissemination, and repealing Regulations (EU) No 1290/2013 and (EU) No 1291/2013 (OJ L 170, 12.5.2021, p. 1).
