Activities of Patryk JAKI related to 2020/0365(COD)
Shadow reports (1)
REPORT on the proposal for a directive of the European Parliament and of the Council on the resilience of critical entities
Amendments (21)
Amendment 50 #
Proposal for a directive
Recital 2
Recital 2
(2) Despite existing measures at Union19 and national level aimed at supporting the protection of critical infrastructures in the Union, the entities operating those infrastructures are not always adequately equipped to address current and anticipated future risks to their operations that may result in disruptions of the provision of services that are essential for the performance of vital societal functions or economic activities. This is due to a dynamic threat landscape with an evolving terrorist threatmanmade threats, such as terrorism and cyber attacks, and growing interdependencies between infrastructures and sectors, as well as an increased physical risk due to natural disasters and climate change, which increases the frequency and scale of extreme weather events and brings long-term changes in average climate that can reduce the capacity and efficiency of certain infrastructure types if resilience or climate adaptation measures are not in place. Moreover, relevant sectors and types of entities are not recognised consistently as critical in all Member States. _________________ 19European Programme for Critical Infrastructure Protection (EPCIP).
Amendment 58 #
Proposal for a directive
Recital 4
Recital 4
(4) The entities involved in the provision of essential services are increasingly subject to diverging requirements imposed under the laws of the Member States. The fact that some Member States have less stringent security requirements on these entities not only risks impacting negatively on the maintenance of vital societal functions or economic activities across the Union, it also leads to obstacles to the proper functioning of the internal market. Similar types of entities are considered as critical in some Member States but not in others, and those which are identified as critical are subject to divergent requirements in different Member States. This results in additional and unnecessary administrative burdens for companies operating across borders, notably for companies active in Member States with more stringent requirements.
Amendment 60 #
Proposal for a directive
Recital 4 a (new)
Recital 4 a (new)
(4a) At Union level there is no single recognised list of critical infrastructure sectors and different pieces of legislation cover different sets of sectors.
Amendment 62 #
Proposal for a directive
Recital 5
Recital 5
(5) It is therefore necessary to lay down harmonised minimum rules to ensure the provision of essential services in the internal market and enhance the resilience of critical entities. It is essential that those rules are future-proof.
Amendment 66 #
Proposal for a directive
Recital 6
Recital 6
(6) In order to achieve that objective, Member States should identify critical entities that should be subject to specific requirements and oversight, but also particular support and guidance aimed at achieving a high level of resilience in the face of all relevantcurrent and future risks.
Amendment 74 #
Proposal for a directive
Recital 11
Recital 11
(11) The actions of Member States to identify and help ensure the resilience of critical entities should follow a risk-based approach that targets efforts to the entities most relevant for the performance of vital societal functions or economic activities. In order to ensure such a targeted approach, each Member State should carry out, within a harmonised framework, an assessment of all relevant natural and man- made risks that may affect the provision of essential services, including accidents, natural disasters, public health emergencies such as pandemics, and antagonistic threats, including threats from or sabotage by insiders and terrorist offences. When carrying out those risk assessments, Member States should take into account other general or sector-specific risk assessment carried out pursuant to other acts of Union law and should consider the dependencies between sectors, including from other Member States and third countries. The outcomes of the risk assessment should be used in the process of identification of critical entities and to assist those entities in meeting the resilience requirements of this Directive.
Amendment 77 #
Proposal for a directive
Recital 12
Recital 12
(12) In order to ensure that all relevant entities are subject to those requirements and to reduce divergences in this respect, it is important to lay down harmonised minimum rules allowing for a consistent identification of critical entities across the Union, while also allowing Member States to reflect national specificities. Therefore, criteria to identify critical entities should be laid down. In the interest of effectiveness, efficiency, consistency and legal certainty, appropriate rules should also be set on notification and cooperation relating to, as well as the legal consequences of, such identification. In order to enable the Commission to assess the correct application of this Directive, Member States should submit to the Commission, in a manner that is as detailed and specific as possible and taking into account security requirements, relevant information and, in any event, the list of essential services, the number of critical entities identified for each sector and subsector referred to in the Annex and the essential service or services that each entity provides and any thresholds applied.
Amendment 81 #
Proposal for a directive
Recital 16
Recital 16
(16) Member States should designate authorities competent to supervise the application of and, where necessary, enforce the rules of this Directive and ensure that those authorities are adequately empowered and resourced. In view of the differences in national governance structures and in order to safeguard already existing sectoral arrangements or Union supervisory and regulatory bodies, and to avoid duplication, Member States should be able to designate more than one competent authority. In that case, they should however clearly delineate the respective tasks of the authorities concerned and ensure that they cooperate smoothly and effectively, including across borders. All competent authorities should also cooperate more generally with other relevant authorities, both at national and Union level.
Amendment 99 #
(25) Critical entities should notify, as soon as reasonably possible under the given circumstances but no later than 24 hours after the discovery, Member States’ competent authorities of incidents that significantly disrupt or have the potential to significantly disrupt their operations. The notification should allow the competent authorities to respond to the incidents rapidly and adequately and to have a comprehensive overview of the overall risks that critical entities face. For that purpose, a procedure should be established for the notification of certain incidents and parameters should be provided for to determine when the actual or potential disruption is significant and the incidents should thus be notified. Given the potential cross-border impacts of such disruptions, a procedure should be established for Member States to inform other affected Member States via single points of contacts.
Amendment 107 #
Proposal for a directive
Article 1 – paragraph 1 – point a
Article 1 – paragraph 1 – point a
(a) lays down obligations for Member States to take certainspecified measures aimed at ensuring the provision in the internal market of services essential for the maintenance of vital societal functions or economic activities, in particular to identify critical entities and entities to be treated as equivalent in certain respects, and to enable them to meet their obligations;
Amendment 116 #
Proposal for a directive
Article 2 – paragraph 1 – point 4
Article 2 – paragraph 1 – point 4
(4) “infrastructure” means an asset, systems, including facilities, systems and equipment, or parts thereof, which isare necessary for the delivery of an essential service;
Amendment 120 #
Proposal for a directive
Article 2 – paragraph 1 – point 6
Article 2 – paragraph 1 – point 6
(6) “risk” means any circumstance or event having a potential adverse effect on the resilienceability of critical entities to perform their function;
Amendment 136 #
Proposal for a directive
Article 3 – paragraph 2 – subparagraph 2
Article 3 – paragraph 2 – subparagraph 2
The strategy shall be updated where necessary and shall be completely reviewed at least every four years.
Amendment 141 #
Proposal for a directive
Article 4 – paragraph 1 – subparagraph 2
Article 4 – paragraph 1 – subparagraph 2
The risk assessment shall account for all relevant natural and man-made risks, including accidents, natural disasters, public health emergencies, antagonistic threats, including threats from and sabotage by insiders, as well as terrorist offences pursuant to Directive (EU) 2017/541 of the European Parliament and of the Council34 . _________________ 34Directive (EU) 2017/541 of the European Parliament and of the Council of 15 March 2017 on combating terrorism and replacing Council Framework Decision 2002/475/JHA and amending Council Decision 2005/671/JHA (OJ L 88, 31.3.2017, p. 6).
Amendment 146 #
Proposal for a directive
Article 4 – paragraph 5
Article 4 – paragraph 5
5. The Commission may, in cooperation with the Member States, shall develop a voluntary common reporting template for the purposes of complying with paragraph 4.
Amendment 169 #
Proposal for a directive
Article 6 – paragraph 2 – subparagraph 1 – point b
Article 6 – paragraph 2 – subparagraph 1 – point b
(b) the number of critical entities identified for each sector and subsector referred to in the Annex, and the service ora quantitative summary of the services referred to in Article 4(1) that each entity providare provided by these entities;
Amendment 172 #
Proposal for a directive
Article 6 – paragraph 3
Article 6 – paragraph 3
3. The Commission mayshall, after consultation of the Critical Entities Resilience Group, adopt guidelines to facilitate the application of the criteria referred to in paragraph 1, taking into account the information referred to in paragraph 2.
Amendment 213 #
Proposal for a directive
Article 11 – paragraph 4
Article 11 – paragraph 4
Amendment 222 #
Proposal for a directive
Article 13 – paragraph 1
Article 13 – paragraph 1
1. Member States shall ensure that critical entities notify without undue delay and within 24 hours the competent authority of incidents that significantly disrupt or have the potential to significantly disrupt their operations. Notifications shall include any available information necessary to enable the competent authority to understand the nature, cause and possible consequences of the incident, including so as to determine any cross-border impact of the incident. Such notification shall not make the critical entities subject to increased liability.
Amendment 238 #
Proposal for a directive
Article 15 – paragraph 1 – subparagraph 1
Article 15 – paragraph 1 – subparagraph 1
1. Upon request of one or more Member States or of the Commission, the Member State where the infrastructureEuropean headquarters or principal operation of the critical entity of particular European significance is located shall, together with that entity, inform the Commission and the Critical Entities Resilience Group of the outcome of the risk assessment carried out pursuant to Article 10 and the measures taken in accordance with Article 11.
Amendment 241 #
Proposal for a directive
Article 15 – paragraph 2
Article 15 – paragraph 2
2. Upon request of one or more Member States, or at its own initiative, and in agreement with the Member State where the infrastructureEuropean headquarters or the principal operation of the critical entity of particular European significance is located, the Commission shall organise an advisory mission to assess the measures that that entity put in place to meet its obligations pursuant to Chapter III. Where needed, the advisory missions may request specific expertise in the area of disaster risk management through the Emergency Response Coordination Centre.