European legislation such as the CER Directive sets the direction. But standards are what make it operational. They translate high-level requirements into concrete, measurable criteria, from staff training and vetting to service delivery and risk management.

As highlighted in CoESS’ standardisation work, standards act as the bridge between legislation and day-to-day security operations. They allow critical infrastructure operators to identify reliable, quality-driven security providers, while ensuring a common level of professionalism across Europe.

A Quality-Driven Approach at the Core of CoESS

For CoESS, standardisation is not a technical exercise, it is a strategic pillar of its quality approach.

In a sector still too often driven by lowest-price procurement, standards provide a different benchmark:

• Objective requirements
• Certifiable frameworks
• A focus on competence, training and resilience

This is essential in a context where, as recognised by the CER Directive, private security providers are part of the “critical personnel” protecting Europe’s infrastructure.

Building a European Standard System for CIP

Through CEN TC 439, chaired by Catherine Piana, CoESS has helped develop a comprehensive standard system for private security services in critical infrastructure. At its core:

• EN 17483-1 defines general requirements (governance, staff, service delivery)
• Sector-specific standards build on this foundation

 Today, this system is becoming a reality across sectors:

• Aviation (EN 17483-2)
• Maritime and ports (EN 17483-3)
• Energy infrastructure (EN 17483-4), now formally adopted
• Healthcare (future EN 17483-5), currently under development

This structured approach ensures both consistency and sector-specific adaptation—a key requirement for effective CIP.

Supporting the Implementation of the CER Directive

The CER Directive explicitly recognises the role of standards in strengthening resilience.

It calls on Member States to promote their use and highlights their role in ensuring quality and compliance.

In practice, this means:

• Translating resilience obligations into operational requirements
• Supporting procurement based on quality, not just price
• Ensuring that security providers meet defined training and competence standards

In short, standards are one of the most practical tools available to operationalise CER.

A Collective Effort, and an Open Invitation

Standards are not written in isolation. They are developed with input from industry, operators, public authorities and social partners, ensuring both legitimacy and real-world relevance.

This is particularly important for the next step: healthcare security.

Work is now underway on EN 17483-5, covering hospitals, pharmaceutical production, research facilities and distribution.

CoESS is actively seeking input from experts across the healthcare ecosystem. Your experience is essential to ensure that the future standard reflects operational realities and emerging risks.

The Bottom Line

In an increasingly complex threat environment, resilience cannot rely on principles alone. It requires clear expectations, shared frameworks and measurable quality. Standards deliver exactly that. And in doing so, they ensure that private security continues to play its full role in protecting Europe’s critical infrastructure.

For more information or if you wish to be involved, please contact Catherine Piana catherine@coess.eu