18 Amendments of Inma RODRÍGUEZ-PIÑERO related to 2020/0365(COD)
Amendment 15 #
Proposal for a directive
Recital 2
Recital 2
(2) Despite existing measures at 19 Union and national level aimed at supporting the protection of critical infrastructures in the Union, the entities operating those infrastructures are not adequately equipped to address current and anticipated future risks to their operations that may result in disruptions of the provision of services that are essential for the performance of vital societal functions or economic activities. This is due to a dynamic threat landscape with an evolving terrorist threat, cyber attacks and growing interdependencies between infrastructures and sectors, as well as an increased physical risk due to natural disasters and climate change, which increases the frequency and scale of extreme weather events and brings long-term changes in average climate that can reduce the capacity and efficiency of certain infrastructure types if resilience or climate adaptation measures are not in place. Moreover, relevant sectors and types of entities are not recognised consistently as critical in all Member States. _________________ 19European Programme for Critical Infrastructure Protection (EPCIP).
Amendment 26 #
Proposal for a directive
Recital 5
Recital 5
(5) It is therefore necessary to lay down harmonised minimum rulrules for all critical entities from all Member States to ensure the provision of essential services in the internal market and enhance the resilience of critical entities.
Amendment 41 #
Proposal for a directive
Recital 20
Recital 20
(20) In order to be able to ensure their resilience, critical entities should have a comprehensive understanding of all relevant risks to which they are exposed and, analyse those risks and establish measures to combat them. To that aim, they should carry out risks assessments, whenever necessary in view of their particular circumstances and the evolution of those risks, yet in any event every fourthree years. The risk assessments by critical entities should be based on the risk assessment carried out by Member States.
Amendment 47 #
Proposal for a directive
Recital 30
Recital 30
(30) Member States should ensure that their competent authorities have certain specific powers, the necessary infrastructure and tools for the proper application and enforcement of this Directive in relation to critical entities, where those entities fall under their jurisdiction as specified in this Directive. Those powers should include, notably, the power to conduct inspections, supervision and audits, require critical entities to provide information and evidence relating to the measures they have taken to comply with their obligations and, where necessary, issue orders to remedy identified infringements. When issuing such orders, Member States should not require measures which go beyond what is necessary and proportionate to ensure compliance of the critical entity concerned, taking account of in particular the seriousness of the infringement and the economic capacity of the critical entity. More generally, those powers should be accompanied by appropriate and effective safeguards to be specified in national law, in accordance with the requirements resulting from Charter of Fundamental Rights of the European Union. When assessing the compliance of a critical entity with its obligations under this Directive, competent authorities designated under this Directive should be able to request the competent authorities designated under the NIS 2 Directive to assess the cybersecurity of those entities. Those competent authorities should cooperate and exchange information for that purpose.
Amendment 59 #
Proposal for a directive
Article 3 – paragraph 1
Article 3 – paragraph 1
1. Each Member State shall adopt by [threewo years after entry into force of this Directive] a strategy for reinforcing the resilience of critical entities. This strategy shall set out strategic objectives and policy measures with a view to achieving and maintaining a high level of resilience on the part of those critical entities and covering at least the sectors referred to in the Annex.
Amendment 60 #
Proposal for a directive
Article 3 – paragraph 2 – point a
Article 3 – paragraph 2 – point a
(a) strategic objectives and priorities for the purposes of enhancing the overall resilience of critical entities taking into account cross-border and cross-sectoral interdependencies and the need for the exchange of information between entities;
Amendment 63 #
Proposal for a directive
Article 3 – paragraph 2 – subparagraph 1
Article 3 – paragraph 2 – subparagraph 1
The strategy shall be updated where necessary and at least every fourthree years.
Amendment 68 #
Proposal for a directive
Article 4 – paragraph 1 – introductory part
Article 4 – paragraph 1 – introductory part
1. Competent authorities designated pursuant to Article 8 shall establish a list of essential services in the sectors referred to in the Annex. They shall carry out by [threewo years after entry into force of this Directive], and subsequently where necessary, and at least every fourthree years, an assessment of all relevant risks that may affect the provision of those essential services, with a view to identifying critical entities in accordance with Article 5(1), and assisting those critical entities to take measures pursuant to Article 11.
Amendment 72 #
Proposal for a directive
Article 4 – paragraph 1 – subparagraph 1
Article 4 – paragraph 1 – subparagraph 1
The risk assessment shall account for all relevant natural and man-made risks, including accidents, natural disasters, public health emergencies, antagonistic threats, cyber attacks including terrorist offences pursuant to Directive (EU) 2017/541 of the European Parliament and of the Council34 . _________________ 34Directive (EU) 2017/541 of the European Parliament and of the Council of 15 March 2017 on combating terrorism and replacing Council Framework Decision 2002/475/JHA and amending Council Decision 2005/671/JHA (OJ L 88, 31.3.2017, p. 6).
Amendment 85 #
Proposal for a directive
Article 5 – paragraph 7 – introductory part
Article 5 – paragraph 7 – introductory part
7. Member States shall, where necessary and in any event at least every fourthree years, review and, where appropriate, update the list of identified critical entities.
Amendment 87 #
Proposal for a directive
Article 6 – paragraph 1 – point c
Article 6 – paragraph 1 – point c
(c) the impacts that incidents could have, in terms of degree and duration, on economic and societal activities, the environment and public security and safety;
Amendment 90 #
Proposal for a directive
Article 6 – paragraph 2 – subparagraph 1
Article 6 – paragraph 2 – subparagraph 1
They shall subsequently submit that information where necessary, and at least every fourthree years.
Amendment 96 #
5 a. In the event of exceptional situations and high-risk incidents where critical entities and responsible national authorities fail to ensure that the incident is absorbed and remedied, the Commission should intervene through the available levers to help the critical entity to resolve this issue;
Amendment 98 #
Proposal for a directive
Article 10 – paragraph 1
Article 10 – paragraph 1
Member States shall ensure that critical entities assess within six months after receiving the notification referred to in Article 5(3), and subsequently where necessary and at least every fourthree years, on the basis of Member States’ risk assessments and other relevant sources of information, all relevant risks that may disrupt their operations.
Amendment 117 #
Proposal for a directive
Article 16 – paragraph 3 – point h
Article 16 – paragraph 3 – point h
(h) exchanging information and best practices on innovation, research and development relating to the resilience of critical entities in accordance with this Directive;
Amendment 121 #
Proposal for a directive
Article 16 – paragraph 7
Article 16 – paragraph 7
7. The Commission shall provide to the Critical Entities Resilience Group a summary report of the information provided by the Member States pursuant to Articles 3(3) and 4(4) by [threewo years and six months after entry into force of this Directive] and subsequently where necessary and at least every fourthree years.
Amendment 122 #
Proposal for a directive
Article 18 – paragraph 1 – introductory part
Article 18 – paragraph 1 – introductory part
1. In order to assess the compliance of the entities that the Member States identified as critical entities pursuant to Article 5 with the obligations pursuant to this Directive, they shall ensure that the competent authorities shall have the powers and mean, means and human and financial resources to:
Amendment 123 #
Proposal for a directive
Article 18 – paragraph 2 – introductory part
Article 18 – paragraph 2 – introductory part
2. Member States shall ensure that the competent authorities have the powers and mean, means and human and financial resources to require, where necessary for the performance of their tasks under this Directive, that the entities that they identified as critical entities pursuant to paragraph 5 provide, within a reasonable time period set by those authorities: