CoESS highly welcomes the report of the European Parliament on the European Commission’s proposal for a Directive on the resilience of critical entities (“CER Directive”). With a new position paper published today and directed at the European Council, CoESS takes the opportunity to highlight those Amendments, which we believe should be adopted in interinstitutional negotiations. This includes highly valuable, new provisions that recognise the importance of European Standards for the better protection of Critical Infrastructure, as well as additional requirements for operators of Critical Infrastructure for the quality control of security providers.
On the whole, CoESS supports the Amendments tabled by the European Parliament, and congratulates the Members of European Parliament involved. CoESS believes that the proposed additional provisions would substantially improve the quality of the legal text, enhance the resilience of critical entities (and hence the European internal market), better protect the public against existing and emerging security threats, and ensure higher coherence with the European Commission’s proposal for a NIS Directive 2.
In particular, CoESS considers Amendments 25, 36, 37, 67, 76 and 81 in the European Parliament Report as highly important additions to the legal text.
New provisions on the recognition of Standards
To start with, these Amendments would introduce a new Article 13 that promotes the importance of European Standards for the better protection of Critical Infrastructure. This provision enhances coherence with the NIS Directive 2, notably the latter’s Article 22, and was, without objective justification, missing from the original proposal for a CER Directive - despite clear recommendations from the European Parliament and although relevant European or internationally accepted standards exist that can serve enhanced resilience and physical protection of critical entities, as CoESS outlined in detail in a previous position paper.
Standards can be particularly helpful for quality control of private security services: three European standards already exist, which list the quality criteria for security services suppliers for Aviation and Airport environments (EN16082:2011), for Maritime and Port environments (EN16747:2015), and for any type of Critical Infrastructure (EN17483-1:2021). These existing and future standards are a highly efficient way (1) to ensure the provision of qualitative private security services for CIP across Europe and (2) to support operators of critical entities in complying with the provisions of Article 11.
CoESS therefore calls on the European Council to reflect these amendments in its own compromise text and the upcoming interinstitutional negotiations.
Quality control of security providers
CoESS further welcomes Amendment 67 in Article 11 of the European Parliament Report in order to guarantee quality control and compliance of private security services protecting Critical Infrastructure – although CoESS believes that the wording of this amendment can be improved in order to provide legal clarity of the scope of this provision.
This Amendment was an important recommendation of CoESS’ previous, more detailed position paper, and is in line with Recital DV. of the European Parliament’s Report of the Special Committee on Terrorism, which states, with regard to the protection of Critical Infrastructure, that “whereas private security services play a role in ensuring resilient security chains, public procurement of their services should therefore be subject to specific quality criteria, with regards to aspects such as the training, vetting and screening of personnel, quality control and compliance assurance, and the implementation of technological developments and contract management”.
CoESS will stay in engaged with both the current EU Council Presidency of Slovenia, and the upcoming French Presidency in order to support policymakers where needed to agree on a legal text that clearly fosters resilience of Critical Infrastructure in Europe, particularly in times of a complex security environment.
The full position paper can be found here.