25 Amendments of Dragoş TUDORACHE related to 2020/0365(COD)
Amendment 73 #
Proposal for a directive
Recital 11
Recital 11
(11) The actions of Member States to identify and help ensure the resilience of critical entities should follow a risk-based approach that targets efforts to the entities most relevant for the performance of vital societal functions or economic activities. In order to ensure such a targeted approach, each Member State should carry out, within a harmonised framework, an assessment of all relevant natural and man- made risks that may affect the provision of essential services, including accidents, natural disasters, public health emergencies such as pandemics, and antagonistic threats, including terrorist offences, in order to avoid a shortage of critical resources needed for the development of the infrastructure in question. When carrying out those risk assessments, Member States should take into account other general or sector-specific risk assessment carried out pursuant to other acts of Union law and should consider the dependencies between sectors, including from other Member States and third countries. The outcomes of the risk assessment should be used in the process of identification of critical entities and to assist those entities in meeting the resilience requirements of this Directive.
Amendment 87 #
Proposal for a directive
Recital 19
Recital 19
(19) Member States should support critical entities in strengthening their resilience, in compliance with their obligations under this Directive, without prejudice to the entities’ own legal responsibility to ensure such compliance. Member States could in particular develop guidance materials and methodologies, support the organisation of exercises to test their resilience and provide training to personnel of critical entities. Moreover, given the interdependencies between entities and sectors, Member States should establish information sharing tools to support voluntary information sharing between critical entities, without prejudice to the application of competition rules laid down in the Treaty on the Functioning of the European Union.
Amendment 90 #
Proposal for a directive
Recital 20
Recital 20
(20) In order to be able to ensure their resilience, critical entities should have a comprehensive understanding of all relevant risks to which they are exposed and analyse those risks. To that aim, they should carry out risks assessments, whenever necessary in view of their particular circumstances and the evolution of those risks, yet in any event every fourtwo years. The risk assessments by critical entities should be based on the risk assessment carried out by Member States.
Amendment 112 #
Proposal for a directive
Article 2 – paragraph 1 – point 1
Article 2 – paragraph 1 – point 1
(1) “critical entity” means a public or private entity of a type referred to in the Annex, which has been identified as such by a Member State or the Commission in accordance with Article 5;
Amendment 122 #
Proposal for a directive
Article 2 – paragraph 1 – point 6
Article 2 – paragraph 1 – point 6
(6) “risk” means any vulnerability, circumstance or event having a potential adverse effect on the resilience of critical entities;
Amendment 127 #
Proposal for a directive
Article 3 – paragraph 1
Article 3 – paragraph 1
1. Each Member State shall adopt by [threone years after entry into force of this Directive] a strategy for reinforcing the resilience of critical entities. This strategy shall set out strategic objectives and policy measures with a view to achieving and maintaining a high level of resilience on the part of those critical entities and covering at least the sectors referred to in the Annex.
Amendment 137 #
Proposal for a directive
Article 3 – paragraph 2 – subparagraph 2
Article 3 – paragraph 2 – subparagraph 2
The strategy shall be updated where necessary and at least every fourtwo years.
Amendment 140 #
Proposal for a directive
Article 4 – paragraph 1 – subparagraph 1
Article 4 – paragraph 1 – subparagraph 1
1. Competent authorities designated pursuant to Article 8 shall establish a list of essential services in the sectors referred to in the Annex. They shall carry out by [threone years after entry into force of this Directive], and subsequently where necessary, and at least every fourtwo years, an assessment of all relevant risks that may affect the provision of those essential services, with a view to identifying critical entities in accordance with Article 5(1), and assisting those critical entities to take measures pursuant to Article 11.
Amendment 145 #
Proposal for a directive
Article 4 – paragraph 4
Article 4 – paragraph 4
4. Each Member State shall provide the Commission with data on the types of risks identified and the outcomes of the risk assessments, per sector and sub-sector referred to in the Annex, by [threone years after entry into force of this Directive] and subsequently where necessary and at least every fourtwo years.
Amendment 150 #
Proposal for a directive
Article 5 – paragraph 1
Article 5 – paragraph 1
1. By [threone years and threesix months after entry into force of this Directive] Member States shall identify for each sector and subsector referred to in the Annex, other than points 3, 4 and 8 thereof, the critical entities.
Amendment 158 #
Proposal for a directive
Article 5 – paragraph 7 – subparagraph 1
Article 5 – paragraph 7 – subparagraph 1
7. Member States shall, where necessary and in any event at least every fourtwo years, review and, where appropriate, update the list of identified critical entities.
Amendment 159 #
Proposal for a directive
Article 5 – paragraph 7 – subparagraph 2
Article 5 – paragraph 7 – subparagraph 2
Where those updates lead to the identification of additional critical entities, paragraphs 3, 4, 5 and 6 shall apply. In addition, Member States shall ensure that entities that are no longer identified as critical entities pursuant to any such update are notified thereof and are informed in due time that they are no longer subject to the obligations pursuant to Chapter III as from the reception of that information.
Amendment 167 #
Proposal for a directive
Article 6 – paragraph 1 – point f a (new)
Article 6 – paragraph 1 – point f a (new)
(fa) the scarcity of the resources needed to produce components of the infrastructure necessary for the provision of the service.
Amendment 168 #
Proposal for a directive
Article 6 – paragraph 2 – subparagraph 1 – introductory part
Article 6 – paragraph 2 – subparagraph 1 – introductory part
2. Member States shall submit to the Commission by [threone years and threesix months after the entry into force of this Directive] the following information:
Amendment 170 #
Proposal for a directive
Article 6 – paragraph 2 – subparagraph 2
Article 6 – paragraph 2 – subparagraph 2
They shall subsequently submit that information where necessary, and at least every fourtwo years.
Amendment 171 #
Proposal for a directive
Article 6 – paragraph 3
Article 6 – paragraph 3
3. The Commission mayshall, after consultation of the Critical Entities Resilience Group, adopt guidelines to facilitate the application of the criteria referred to in paragraph 1, taking into account the information referred to in paragraph 2.
Amendment 174 #
Proposal for a directive
Article 7 – paragraph 1
Article 7 – paragraph 1
1. As regards the sectors referred to in points 3, 4 and 8 of the Annex, Member States shall, by [threone years and threesix months after entry into force of this Directive], identify the entities that shall be treated as equivalent to critical entities for the purposes of this Chapter. They shall apply the provisions of Articles 3, 4, 5(1) to (4) and (7), and 9 in respect of those entities.
Amendment 181 #
Proposal for a directive
Article 8 – paragraph 3
Article 8 – paragraph 3
3. By [threone years and six months after entry into force of this Directive], and every year thereafter, the single points of contact shall submit a summary report to the Commission and to the Critical Entities Resilience Group on the notifications received, including the number of notifications, the nature of notified incidents and the actions taken in accordance with Article 13(3).
Amendment 189 #
Proposal for a directive
Article 8 – paragraph 8
Article 8 – paragraph 8
8. The Commission shall publish a list of Member States’ single points of contacts. and encourage Member States to share best practices and collaborate via their single points of contact
Amendment 194 #
Proposal for a directive
Article 9 – paragraph 3
Article 9 – paragraph 3
3. Member States shall establish information sharing tools to support voluntary information sharing between critical entities in relation to matters covered by this Directive, in accordance with Union and national law on, in particular, competition and protection of personal data.
Amendment 197 #
Member States shall ensure that critical entities assess within six months after receiving the notification referred to in Article 5(3), and subsequently where necessary and at least every fourtwo years, on the basis of Member States’ risk assessments and other relevant sources of information, all relevant risks that may disrupt their operations.
Amendment 204 #
Proposal for a directive
Article 11 – paragraph 1 – point e
Article 11 – paragraph 1 – point e
(e) ensure adequate employee security management and training, including by setting out categories of personnel exercising critical functions, establishing access rights to sensitive areas, facilities and other infrastructure, and to sensitive information as well as identifying specific categories of personnel in view of Article 12;
Amendment 208 #
Proposal for a directive
Article 11 – paragraph 1 – point ea (new)
Article 11 – paragraph 1 – point ea (new)
(ea) evaluate critical personnel to ensure that they are fit for the job.
Amendment 258 #
Proposal for a directive
Article 16 – paragraph 7
Article 16 – paragraph 7
7. The Commission shall provide to the Critical Entities Resilience Group a summary report of the information provided by the Member States pursuant to Articles 3(3) and 4(4) by [threone years and six months after entry into force of this Directive] and subsequently where necessary and at least every four years.
Amendment 265 #
Proposal for a directive
Article 22 – paragraph 2
Article 22 – paragraph 2
The Commission shall periodically review the functioning of this Directive, and report to the European Parliament and to the Council. The report shall in particular assess the impact and added value of this Directive on ensuring the resilience of critical entities and whether the scope of the Directive should be extended to cover other sectors or subsectors. The first report shall be submitted by [sixtwo years after the entry into force of this Directive] and shall assess in particular whether the scope of the Directive should be extended to include the food production, processing and distribution sector.