If there are incidents or disruptions caused by, for example, (potential) attackers or terrorists, service providers must notify their national government. In turn, the authorities must inform the public about what is happening to serve the public interest.
The new law also includes a definition of critical infrastructure. Additionally, it provides minimum requirements for risk assessments and for determining national resilience strategies.
Member of the European Parliament Tom Berendsen (CDA) welcomes the new legislation. ‘We have seen how vulnerable our energy and data infrastructure can be. While we are working on this legislation at the European level, member states are wide open to foreign influence through the back door.’
Berendsen points out that at least 22 European ports have engaged in partnerships with Chinese investors. ‘They hand over important control points in our transport chain to foreign powers. A European port strategy is needed.’
Also, VVD Member of the European Parliament Bart Groothuis points fingers at China, but also at Russia and Iran. According to the politician, these countries seek to undermine the EU. ‘We may think we live in peace with the world, but they are creating a conflict against us.’
Since 2004, the European Parliament has set rules and guidelines for protecting critical infrastructure against threats such as terrorism. The latest version only covered the sectors 'energy' and 'transport.' In 2018, the European Parliament called for a revision of the directive. Earlier this year, the Parliament adopted a directive on cybersecurity.