2019-2024

Committee on Industry, Research and Energy

2020/0365(COD)

31.5.2021

AMENDMENTS 25 - 91

Draft opinion Nils Torvalds (PE692.663v01-00)

Resilience of critical entities

Proposal for a directive (COM(2020)0829 – C9-0421/2020 – 2020/0365(COD))

AM\1232572EN.docx PE693.620v01-00

EN United in diversityEN AM_Com_LegOpinion

PE693.620v01-00 2/44 AM\1232572EN.docx EN Amendment 25 Alicia Homs Ginel, Lina Gálvez Muñoz, Maria-Manuel Leitão-Marques

Proposal for a directive Recital 1

Text proposed by the Commission Amendment

(1) Council Directive 2008/114/EC17 (1) Council Directive 2008/114/EC17 provides for a procedure for designating provides for a procedure for designating European critical infrastructures in the European critical infrastructures in the energy and transport sectors, the disruption energy and transport sectors, the disruption or destruction of which would have or destruction of which would have significant cross-border impact on at least significant cross-border impact on at least two Member States. That Directive focused two Member States. That Directive focused exclusively on the protection of such exclusively on the protection of such infrastructures. However, the evaluation of infrastructures. However, the evaluation of Directive 2008/114/EC conducted in Directive 2008/114/EC conducted in 201918 found that due to the increasingly 201918 found that due to the increasingly interconnected and cross-border nature of interconnected and cross-border nature of operations using critical infrastructure, operations using critical infrastructure, protective measures relating to individual protective measures relating to individual assets alone are insufficient to prevent all assets alone are insufficient to prevent all disruptions from taking place. Therefore, it disruptions from taking place. Therefore, it is necessary to shift the approach towards is necessary to shift the approach towards ensuring the resilience of critical entities, ensuring the resilience of critical entities, that is, their ability to mitigate, absorb, that is, their ability to mitigate, absorb, accommodate to and recover from accommodate to and recover from incidents that have the potential to disrupt incidents that have the potential to disrupt the operations of the critical entity. the operations of the critical entity endangering the overall economic and social well-being of citizens. ______17 Council Directive 2008/114/EC of 8 17 Council Directive 2008/114/EC of 8 December 2008 on the identification and December 2008 on the identification and designation of European critical designation of European critical infrastructures and the assessment of the infrastructures and the assessment of the need to improve their protection (OJ L 345, need to improve their protection (OJ L 345, 23.12.2008, p.75). 23.12.2008, p.75). 18 SWD(2019) 308. 18 SWD(2019) 308.

Or. en

Amendment 26

AM\1232572EN.docx 3/44 PE693.620v01-00 EN , Paolo Borchia,

Proposal for a directive Recital 1

Text proposed by the Commission Amendment

(1) Council Directive 2008/114/EC17 (1) Council Directive 2008/114/EC17 provides for a procedure for designating provides for a procedure for designating European critical infrastructures in the European critical infrastructures in the energy and transport sectors, the disruption energy and transport sectors, the disruption or destruction of which would have or destruction of which would have significant cross-border impact on at least significant cross-border impact on at least two Member States. That Directive focused two Member States. That Directive focused exclusively on the protection of such exclusively on the protection of such infrastructures. However, the evaluation of infrastructures. However, the evaluation of Directive 2008/114/EC18 conducted in Directive 2008/114/EC18 conducted in 2019 found that due to the increasingly 2019 found that due to the increasingly interconnected and cross-border nature of interconnected and cross-border nature of operations using critical infrastructure, operations using critical infrastructure, protective measures relating to individual protective measures relating to individual assets alone are insufficient to prevent all assets alone are insufficient to prevent all disruptions from taking place. Therefore, it disruptions from taking place. Therefore, it is necessary to shift the approach towards is necessary to shift the approach towards ensuring the resilience of critical entities, ensuring the resilience of critical entities, that is, their ability to mitigate, absorb, that is, their ability to mitigate, absorb, accommodate to and recover from react to, accommodate to and recover from incidents that have the potential to disrupt incidents that have the potential to disrupt the operations of the critical entity. the operations of the critical entity. ______17 Council Directive 2008/114/EC of 17 Council Directive 2008/114/EC of 8 December 2008 on the identification and 8 December 2008 on the identification and designation of European critical designation of European critical infrastructures and the assessment of the infrastructures and the assessment of the need to improve their protection (OJ L 345, need to improve their protection (OJ L 345, 23.12.2008, p. 75). 23.12.2008, p. 75). 18 SDW(2019) 308. 18 SDW(2019) 308.

Or. fr

Amendment 27 Jessica Stegrud

Proposal for a directive

PE693.620v01-00 4/44 AM\1232572EN.docx EN Recital 1 a (new)

Text proposed by the Commission Amendment

(1a) In the context of ensuring the resilience of critical entities, decentralisation may be considered a preemptive measure. Encouraging the construction of extensive cross-border installations does not necessarily promote the resilience of Member States, moreover, it can result in cross-border vulnerability.

Or. en

Amendment 28 Jessica Stegrud

Proposal for a directive Recital 1 b (new)

Text proposed by the Commission Amendment

(1b) It should likewise be taken into account that some objects are of such national strategic importance, that sharing vital information about them on international platforms would represent a security concern rather than a security measure.

Or. en

Amendment 29 Jessica Stegrud

Proposal for a directive Recital 1 c (new)

Text proposed by the Commission Amendment

(1c) The update of both the subject

AM\1232572EN.docx 5/44 PE693.620v01-00 EN matter and scope of the Directive 2008/114/EC, needs to respect the principles of subsidiarity, national sovereignty and proportionality, in order to ensure a balanced and holistic approach.

Or. en

Amendment 30 Jessica Stegrud

Proposal for a directive Recital 1 d (new)

Text proposed by the Commission Amendment

(1d) In order to avoid overlaps, the scope of this Directive should be limited to entities that are not already covered by other Union legislation.

Or. en

Amendment 31 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Recital 2

Text proposed by the Commission Amendment

(2) Despite existing measures at (2) Despite existing measures at Union19 and national level aimed at Union19 and national level aimed at supporting the protection of critical supporting the protection of critical infrastructures in the Union, the entities infrastructures in the Union, the entities operating those infrastructures are not operating those infrastructures are not adequately equipped to address current and adequately equipped to address current and anticipated future risks to their operations anticipated future risks to their operations that may result in disruptions of the that may result in disruptions of the provision of services that are essential for provision of services that are essential for the performance of vital societal functions the performance of vital societal functions or economic activities. This is due to a or economic activities. This is due to a

PE693.620v01-00 6/44 AM\1232572EN.docx EN dynamic threat landscape with an evolving dynamic threat landscape with an evolving terrorist threat and growing terrorist and hybrid threat and growing interdependencies between infrastructures interdependencies between infrastructures and sectors, as well as an increased and sectors, as well as an increased physical risk due to natural disasters and physical risk due to industrial accidents, climate change, which increases the human and cyber actions natural disasters frequency and scale of extreme weather and climate change, which increases the events and brings long-term changes in frequency and scale of extreme weather average climate that can reduce the events that can reduce the capacity and capacity and efficiency of certain efficiency of certain infrastructure types if infrastructure types if resilience or climate resilience or climate adaptation measures adaptation measures are not in place. are not in place. Moreover, relevant sectors Moreover, relevant sectors and types of and types of entities are not recognised entities are not recognised consistently as consistently as critical in all Member critical in all Member States. States. ______19 European Programme for Critical 19 European Programme for Critical Infrastructure Protection (EPCIP). Infrastructure Protection (EPCIP).

Or. fr

Amendment 32 Jessica Stegrud

Proposal for a directive Recital 2 a (new)

Text proposed by the Commission Amendment

(2a) In accordance with the principle of subsidiarity, national, bilateral and regional interests should be distinguished from issues that call for coordinated measures at Union level.

Or. en

Amendment 33 Alicia Homs Ginel, Jens Geier, Lina Gálvez Muñoz, Maria-Manuel Leitão-Marques

Proposal for a directive Recital 3

AM\1232572EN.docx 7/44 PE693.620v01-00 EN Text proposed by the Commission Amendment

(3) Those growing interdependencies (3) Those growing interdependencies are the result of an increasingly cross- are the result of an increasingly cross- border and interdependent network of border and interdependent network of service provision using key infrastructures service provision using key infrastructures across the Union in the sectors of energy, across the Union in the sectors of energy, transport, banking, financial market transport, banking, financial market infrastructure, digital infrastructure, infrastructure, digital infrastructure, drinking and waste water, health, certain drinking and waste water, health, certain aspects of public administration, as well as aspects of public administration, as well as space in as far as the provision of certain space in as far as the provision of certain services depending on ground-based services depending on ground-based infrastructures that are owned, managed infrastructures that are owned, managed and operated either by Member States or and operated either by Member States or by private parties is concerned, therefore by private parties is concerned, therefore not covering infrastructures owned, not covering infrastructures owned, managed or operated by or on behalf of the managed or operated by or on behalf of the Union as part of its space programmes. Union as part of its space programmes. These interdependencies mean that any Innovation and technology advancements disruption, even one initially confined to contribute to the creation of new forms one entity or one sector, can have and types of infrastructure systems that cascading effects more broadly, potentially use innovations aimed at reducing costs resulting in far-reaching and long-lasting and increasing efficiency and may have negative impacts in the delivery of services implications on risk and resilience. These across the internal market. The COVID-19 interdependencies mean that any pandemic has shown the vulnerability of disruption, even one initially confined to our increasingly interdependent societies in one entity or one sector, can have the face of low-probability risks. cascading effects more broadly, potentially resulting in far-reaching and long-lasting negative impacts in the delivery of services across the internal market. The COVID-19 pandemic has shown the vulnerability of our increasingly interdependent societies in the face of low-probability risks and the capital importance of raw materials, chemical, pharmaceutical and manufacturing industries and of products that are essential to many critical infrastructure sectors.

Or. en

Amendment 34

PE693.620v01-00 8/44 AM\1232572EN.docx EN Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Recital 3

Text proposed by the Commission Amendment

(3) Those growing interdependencies (3) Those growing interdependencies are the result of an increasingly cross- are the result of an increasingly cross- border and interdependent network of border and interdependent network of service provision using key infrastructures service provision using key infrastructures across the Union in the sectors of energy, across the Union in the sectors of energy, transport, banking, financial market transport, banking, financial market infrastructure, digital infrastructure, infrastructure, digital infrastructure, drinking and waste water, health, certain drinking and waste water, health, certain aspects of public administration, as well as aspects of public administration, as well as space in as far as the provision of certain space in as far as the provision of certain services depending on ground-based services depending on ground-based infrastructures that are owned, managed infrastructures that are owned, managed and operated either by Member States or and operated either by Member States or by private parties is concerned, therefore by private parties is concerned, therefore not covering infrastructures owned, not covering infrastructures owned, managed or operated by or on behalf of the managed or operated by or on behalf of the Union as part of its space programmes. Union as part of its space programmes. These interdependencies mean that any These interdependencies mean that any disruption, even one initially confined to disruption, even one initially confined to one entity or one sector, can have one entity or one sector, can have cascading effects more broadly, potentially cascading effects more broadly, potentially resulting in far-reaching and long-lasting resulting in far-reaching and long-lasting negative impacts in the delivery of services negative impacts in the delivery of services across the internal market. The COVID-19 across the internal market and for the pandemic has shown the vulnerability of security and safety of Member State our increasingly interdependent societies in citizens. The COVID-19 pandemic has the face of low-probability risks. shown the vulnerability of our increasingly interdependent societies in the face of low- probability risks.

Or. fr

Amendment 35 on behalf of the EPP Group Henna Virkkunen,

Proposal for a directive

AM\1232572EN.docx 9/44 PE693.620v01-00 EN Recital 3

Text proposed by the Commission Amendment

(3) Those growing interdependencies (3) Those growing interdependencies are the result of an increasingly cross- are the result of an increasingly cross- border and interdependent network of border and interdependent network of service provision using key infrastructures service provision using key infrastructures across the Union in the sectors of energy, across the Union in the sectors of energy, transport, banking, financial market transport, banking, financial market infrastructure, digital infrastructure, infrastructure, digital infrastructure, drinking and waste water, health, certain drinking and waste water, health, agri- aspects of public administration, as well as food, certain aspects of public space in as far as the provision of certain administration, as well as space in as far as services depending on ground-based the provision of certain services depending infrastructures that are owned, managed on ground-based infrastructures that are and operated either by Member States or owned, managed and operated either by by private parties is concerned, therefore Member States or by private parties is not covering infrastructures owned, concerned, therefore not covering managed or operated by or on behalf of the infrastructures owned, managed or Union as part of its space programmes. operated by or on behalf of the Union as These interdependencies mean that any part of its space programmes. These disruption, even one initially confined to interdependencies mean that any one entity or one sector, can have disruption, even one initially confined to cascading effects more broadly, potentially one entity or one sector, can have resulting in far-reaching and long-lasting cascading effects more broadly, potentially negative impacts in the delivery of services resulting in far-reaching and long-lasting across the internal market. The COVID-19 negative impacts in the delivery of services pandemic has shown the vulnerability of across the internal market. The COVID-19 our increasingly interdependent societies in pandemic has shown the vulnerability of the face of low-probability risks. our increasingly interdependent societies in the face of low-probability risks.

Or. en

Justification

The agri-food sector is essential for the functioning of our societies and economy. The livelihoods of European citizens and the good functioning of the internal market also depend on it, as such services are needed to maintain critical societal and economic activities.

Amendment 36 Salvatore De Meo on behalf of the EPP Group Tomas Tobé, Henna Virkkunen, Aldo Patriciello

PE693.620v01-00 10/44 AM\1232572EN.docx EN Proposal for a directive Recital 4

Text proposed by the Commission Amendment

(4) The entities involved in the (4) The entities involved in the provision of essential services are provision of essential services are increasingly subject to diverging increasingly subject to diverging requirements imposed under the laws of requirements imposed under the laws of the Member States. The fact that some the Member States. The fact that some Member States have less stringent security Member States have less stringent security requirements on these entities not only requirements on these entities not only risks impacting negatively on the risks impacting negatively on the maintenance of vital societal functions or maintenance of vital societal functions or economic activities across the Union, it economic activities across the Union, it also leads to obstacles to the proper also leads to obstacles to the proper functioning of the internal market. Similar functioning of the internal market. The types of entities are considered as critical resilience of critical entities is of great in some Member States but not in others, importance for the functioning of the and those which are identified as critical internal market and the security of the are subject to divergent requirements in Union, however, this Directive should not different Member States. This results in limit the responsibility of Member States additional and unnecessary administrative to protect national security. Similar types burdens for companies operating across of entities are considered as critical in borders, notably for companies active in some Member States but not in others, and Member States with more stringent those which are identified as critical are requirements. subject to divergent requirements in different Member States. This results in additional and unnecessary administrative burdens for companies operating across borders, notably for companies active in Member States with more stringent requirements.

Or. en

Justification

Necessary to ensure that Member States' responsibility to protect national security is not limited.

Amendment 37 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

AM\1232572EN.docx 11/44 PE693.620v01-00 EN Proposal for a directive Recital 4

Text proposed by the Commission Amendment

(4) The entities involved in the (4) The entities involved in the provision of essential services are provision of essential services are increasingly subject to diverging increasingly subject to diverging requirements imposed under the laws of requirements imposed under the laws of the Member States. The fact that some the Member States. The fact that some Member States have less stringent security Member States have less stringent security requirements on these entities not only requirements on these entities not only risks impacting negatively on the risks impacting negatively on the maintenance of vital societal functions or maintenance of vital societal functions or economic activities across the Union, it economic activities across the Union, it also leads to obstacles to the proper also leads to obstacles to the proper functioning of the internal market. Similar functioning of the internal market and types of entities are considered as critical affects the safety and security of Member in some Member States but not in others, State citizens. Similar types of entities are and those which are identified as critical considered as critical in some Member are subject to divergent requirements in States but not in others, and those which different Member States. This results in are identified as critical are subject to additional and unnecessary administrative divergent requirements in different burdens for companies operating across Member States. This results in additional borders, notably for companies active in and unnecessary administrative burdens for Member States with more stringent companies operating across borders, requirements. notably for companies active in Member States with more stringent requirements.

Or. fr

Amendment 38 Salvatore De Meo on behalf of the EPP Group Tomas Tobé, Henna Virkkunen, Aldo Patriciello

Proposal for a directive Recital 5

Text proposed by the Commission Amendment

(5) It is therefore necessary to lay (5) It is therefore necessary to lay down harmonised minimum rules to ensure down harmonised minimum rules to ensure the provision of essential services in the the provision of essential services in the internal market and enhance the resilience internal market and enhance the resilience

PE693.620v01-00 12/44 AM\1232572EN.docx EN of critical entities. of critical entities, while maintaining the responsibilities of Member States’ for national security.

Or. en

Justification

Necessary to ensure that Member States' responsibility to protect national security is not limited.

Amendment 39 Alicia Homs Ginel, Jens Geier, Lina Gálvez Muñoz, Maria-Manuel Leitão-Marques

Proposal for a directive Recital 7

Text proposed by the Commission Amendment

(7) Certain sectors of the economy (7) Certain sectors of the economy such as energy and transport are already such as energy and transport are already regulated or may be regulated in the future regulated or may be regulated in the future by sector-specific acts of Union law that by sector-specific acts of Union law that contain rules related to certain aspects of contain rules related to certain aspects of resilience of entities operating in those resilience of entities operating in those sectors. In order to address in a sectors. In order to address in a comprehensive manner the resilience of comprehensive manner the resilience of those entities that are critical for the proper those entities that are critical for the proper functioning of the internal market, those functioning of the internal market, those sector-specific measures should be sector-specific measures should be complemented by the ones provided for in complemented by the ones provided for in this Directive, which creates an this Directive, which creates an overarching framework that addresses overarching framework that addresses critical entities’ resilience in respect of all critical entities’ resilience in respect of all hazards, that is, natural and man-made, hazards, that is, natural and man-made, accidental and intentional. accidental and intentional. Resilience of energy infrastructures is integral to growth and production across the Union, in particular it contributes to reduce energy poverty, ensuring a decent standard of living and to energy security.

Or. en

AM\1232572EN.docx 13/44 PE693.620v01-00 EN Amendment 40 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Recital 7

Text proposed by the Commission Amendment

(7) Certain sectors of the economy (7) Certain sectors of the economy such as energy and transport are already such as energy and transport are already regulated or may be regulated in the future regulated or may be regulated in the future by sector-specific acts of Union law that by sector-specific acts of national or contain rules related to certain aspects of Union law that contain rules related to resilience of entities operating in those certain aspects of resilience of entities sectors. In order to address in a operating in those sectors. In order to comprehensive manner the resilience of address in a comprehensive manner the those entities that are critical for the proper resilience of those entities that are critical functioning of the internal market, those for the proper functioning of the internal sector-specific measures should be market, those sector-specific measures complemented by the ones provided for in should be complemented by the ones this Directive, which creates an provided for in this Directive, which overarching framework that addresses creates an overarching framework that critical entities’ resilience in respect of all addresses critical entities’ resilience in hazards, that is, natural and man-made, respect of all hazards, that is, natural and accidental and intentional. man-made, accidental and intentional.

Or. fr

Amendment 41 Salvatore De Meo on behalf of the EPP Group Henna Virkkunen, Aldo Patriciello

Proposal for a directive Recital 7 a (new)

Text proposed by the Commission Amendment

(7a) This Directive should apply to the following sectors: energy, transport, banking, financial market infrastructures, health, drinking water, waste water, digital infrastructure, agri-food, public administration, and space. As far as digital infrastructures that fall within the

PE693.620v01-00 14/44 AM\1232572EN.docx EN scope of the NIS 2 Directive are concerned, only the provisions of this Directive concerning the national frameworks on the resilience of critical entities should apply. Infrastructures belonging to one of those sectors, other than digital infrastructures, but with a digital feature, should fall within the scope of both this Directive and the NIS 2 Directive in their entirety.

Or. en

Justification

Necessary to clarify the scope of the two directives. Entities falling under the scope of the NIS 2 Directive, are automatically under the scope of this Directive, but not vice-versa.

Amendment 42 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Recital 8

Text proposed by the Commission Amendment

(8) Given the importance of (8) Given the importance of cybersecurity for the resilience of critical cybersecurity for the resilience of critical entities and in the interest of consistency, a entities and in the interest of consistency, a coherent approach between this Directive coherent approach between this Directive and Directive (EU) XX/YY of the and Directive (EU) XX/YY of the European Parliament and of the Council20 European Parliament and of the Council20 [Proposed Directive on measures for a high [Proposed Directive on measures for a high common level of cybersecurity across the common level of cybersecurity across the Union; (hereafter “NIS 2 Directive”)] is Union; (hereafter “NIS 2 Directive”)] is necessary wherever possible. In view of the necessary wherever possible, preventing higher frequency and particular any overlap that could hinder the characteristics of cyber risks, the NIS 2 simultaneous legislative effectiveness of Directive imposes comprehensive the two regulations. In view of the higher requirements on a large set of entities to frequency and particular characteristics of ensure their cybersecurity. Given that cyber risks, the NIS 2 Directive imposes cybersecurity is addressed sufficiently in comprehensive requirements on a large set the NIS 2 Directive, the matters covered by of entities to ensure their cybersecurity. it should be excluded from the scope of Given that cybersecurity is addressed this Directive, without prejudice to the sufficiently in the NIS 2 Directive, the

AM\1232572EN.docx 15/44 PE693.620v01-00 EN particular regime for entities in the digital matters covered by it should be excluded infrastructure sector. from the scope of this Directive, without prejudice to the particular regime for entities in the digital infrastructure sector. ______20 [Reference to NIS 2 Directive, once 20 [Reference to NIS 2 Directive, once adopted.] adopted.]

Or. fr

Amendment 43 Salvatore De Meo on behalf of the EPP Group Tomas Tobé, Henna Virkkunen, Aldo Patriciello

Proposal for a directive Recital 10

Text proposed by the Commission Amendment

(10) In view of ensuring a (10) In view of ensuring a comprehensive approach to the resilience comprehensive approach to the resilience of critical entities, each Member State of critical entities, each Member State should have a strategy setting out should have a strategy setting out objectives and policy measures to be objectives and policy measures to be implemented. To achieve this, Member implemented. In case a critical entity is States should ensure that their located in one Member States but the cybersecurity strategies provide for a consequences of a disaster could have an policy framework for enhanced impact in more than one Member State, coordination between the competent coordination between competent authority under this Directive and the NIS authorities on crisis management and 2 Directive in the context of information resilience strategy should be encouraged. sharing on incidents and cyber threats and To achieve this, Member States should the exercise of supervisory tasks. ensure that their cybersecurity strategies provide for a policy framework for enhanced coordination between the competent authority under this Directive and the NIS 2 Directive in the context of information sharing on incidents and cyber threats and the exercise of supervisory tasks.

Or. en

PE693.620v01-00 16/44 AM\1232572EN.docx EN Justification

In case of disasters with an impact in more than one Member State, cooperation between competent authorities on crisis management and resilience strategies is necessary.

Amendment 44 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Recital 10

Text proposed by the Commission Amendment

(10) In view of ensuring a (10) In view of ensuring a comprehensive approach to the resilience comprehensive approach to the resilience of critical entities, each Member State of critical entities, each Member State should have a strategy setting out should have a strategy setting out objectives and policy measures to be objectives and policy measures to be implemented. To achieve this, Member implemented. To achieve this, Member States should ensure that their States should ensure that their cybersecurity strategies provide for a cybersecurity strategies provide for a policy framework for enhanced policy framework for enhanced coordination between the competent coordination between the competent authority under this Directive and the NIS authority under this Directive and the NIS 2 Directive in the context of information 2 Directive in the context of information sharing on incidents and cyber threats and sharing on incidents and cyber threats and the exercise of supervisory tasks. the exercise of supervisory tasks without, however, causing additional double costs for operators.

Or. fr

Amendment 45 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Recital 11

Text proposed by the Commission Amendment

(11) The actions of Member States to (11) The actions of Member States to identify and help ensure the resilience of identify and help ensure the resilience of critical entities should follow a risk-based critical entities should follow a risk-based approach that targets efforts to the entities approach that targets efforts to the entities

AM\1232572EN.docx 17/44 PE693.620v01-00 EN most relevant for the performance of vital most relevant for the performance of vital societal functions or economic activities. In societal functions or economic activities. In order to ensure such a targeted approach, order to ensure such a targeted approach, each Member State should carry out, each Member State should carry out, within a harmonised framework, an within a harmonised framework, an assessment of all relevant natural and man- assessment of all relevant natural and man- made risks that may affect the provision of made risks that may affect the provision of essential services, including accidents, essential services, including industrial natural disasters, public health emergencies accidents, hybrid threats, natural disasters, such as pandemics, and antagonistic public health emergencies such as threats, including terrorist offences. When pandemics, and antagonistic threats, carrying out those risk assessments, including terrorist offences. When carrying Member States should take into account out those risk assessments, Member States other general or sector-specific risk should take into account other general or assessment carried out pursuant to other sector-specific risk assessment carried out acts of Union law and should consider the pursuant to other acts of Union law and dependencies between sectors, including should consider the dependencies between from other Member States and third sectors, including from other Member countries. The outcomes of the risk States and third countries. The outcomes of assessment should be used in the process of the risk assessment should be used in the identification of critical entities and to process of identification of critical entities assist those entities in meeting the and to assist those entities in meeting the resilience requirements of this Directive. resilience requirements of this Directive.

Or. fr

Amendment 46 Salvatore De Meo on behalf of the EPP Group Henna Virkkunen, Aldo Patriciello

Proposal for a directive Recital 11

Text proposed by the Commission Amendment

(11) The actions of Member States to (11) The actions of Member States to identify and help ensure the resilience of identify and help ensure the resilience of critical entities should follow a risk-based critical entities should follow a risk-based approach that targets efforts to the entities approach that targets efforts to the entities most relevant for the performance of vital most relevant for the performance of vital societal functions or economic activities. In societal functions or economic activities. In order to ensure such a targeted approach, order to ensure such a targeted approach, each Member State should carry out, each Member State should carry out, within a harmonised framework, an within a harmonised framework, an

PE693.620v01-00 18/44 AM\1232572EN.docx EN assessment of all relevant natural and man- assessment of all relevant natural and man- made risks that may affect the provision of made risks that may affect the provision of essential services, including accidents, essential services, including accidents, natural disasters, public health emergencies natural disasters, public health emergencies such as pandemics, and antagonistic such as pandemics, criminal infiltration, threats, including terrorist offences. When and antagonistic threats, including terrorist carrying out those risk assessments, offences. When carrying out those risk Member States should take into account assessments, Member States should take other general or sector-specific risk into account other general or sector- assessment carried out pursuant to other specific risk assessment carried out acts of Union law and should consider the pursuant to other acts of Union law and dependencies between sectors, including should consider the dependencies between from other Member States and third sectors, including from other Member countries. The outcomes of the risk States and third countries. The outcomes of assessment should be used in the process of the risk assessment should be used in the identification of critical entities and to process of identification of critical entities assist those entities in meeting the and to assist those entities in meeting the resilience requirements of this Directive. resilience requirements of this Directive.

Or. en

Justification

The problem of criminal infiltration in critical transport infrastructure is growing, becoming particularly problematic in logistic nodes such as (sea) ports and airports. This is undermining the effective provision of essential services throughout the European Union.

Amendment 47 Mikuláš Peksa on behalf of the Greens/EFA Group

Proposal for a directive Recital 12

Text proposed by the Commission Amendment

(12) In order to ensure that all relevant (12) In order to ensure that all relevant entities are subject to those requirements entities are subject to those requirements and to reduce divergences in this respect, it and to reduce divergences in this respect, it is important to lay down harmonised rules is important to lay down harmonised rules allowing for a consistent identification of allowing for a consistent identification of critical entities across the Union, while also critical entities across the Union, while also allowing Member States to reflect national allowing Member States to reflect national specificities. Therefore, criteria to identify specificities. This Directive addresses the critical entities should be laid down. In the need to ensure continuity of the services

AM\1232572EN.docx 19/44 PE693.620v01-00 EN interest of effectiveness, efficiency, essential for the maintenance of vital consistency and legal certainty, appropriate societal functions or economic activities, rules should also be set on notification and without prejudice to national competence cooperation relating to, as well as the legal in organising and delivering public consequences of, such identification. In services. Therefore, criteria to identify order to enable the Commission to assess critical entities should be laid down. In the the correct application of this Directive, interest of effectiveness, efficiency, Member States should submit to the consistency and legal certainty, appropriate Commission, in a manner that is as detailed rules should also be set on notification and and specific as possible, relevant cooperation relating to, as well as the legal information and, in any event, the list of consequences of, such identification. In essential services, the number of critical order to enable the Commission to assess entities identified for each sector and the correct application of this Directive, subsector referred to in the Annex and the Member States should submit to the essential service or services that each entity Commission, in a manner that is as detailed provides and any thresholds applied. and specific as possible, relevant information and, in any event, the list of essential services, the number of critical entities identified for each sector and subsector referred to in the Annex and the essential service or services that each entity provides and any thresholds applied.

Or. en

Justification

The harmonised rules laid down in this text only refer to the identification of entities and their response to incidents, therefore it must be clarified that the basic organisation and delivery of the services do not fall under the scope of this Directive.

Amendment 48 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Recital 16

Text proposed by the Commission Amendment

(16) Member States should designate (16) Member States, in coordination authorities competent to supervise the with their own national security application of and, where necessary, authorities, should designate authorities enforce the rules of this Directive and competent to supervise the application of ensure that those authorities are adequately and, where necessary, enforce the rules of empowered and resourced. In view of the this Directive and ensure that those

PE693.620v01-00 20/44 AM\1232572EN.docx EN differences in national governance authorities are adequately empowered and structures and in order to safeguard already resourced. In view of the differences in existing sectoral arrangements or Union national governance structures and in order supervisory and regulatory bodies, and to to safeguard already existing sectoral avoid duplication, Member States should arrangements or Union supervisory and be able to designate more than one regulatory bodies, and to avoid duplication, competent authority. In that case, they Member States should be able to designate should however clearly delineate the more than one competent authority. In that respective tasks of the authorities case, they should however clearly delineate concerned and ensure that they cooperate the respective tasks of the authorities smoothly and effectively. All competent concerned and ensure that they cooperate authorities should also cooperate more smoothly and effectively. All competent generally with other relevant authorities, authorities should also cooperate more both at national and Union level. generally with other relevant authorities, both at national and Union level.

Or. fr

Amendment 49 Salvatore De Meo on behalf of the EPP Group Henna Virkkunen, Aldo Patriciello

Proposal for a directive Recital 16

Text proposed by the Commission Amendment

(16) Member States should designate (16) Member States should designate authorities competent to supervise the authorities competent to supervise the application of and, where necessary, application of and, where necessary, enforce the rules of this Directive and enforce the rules of this Directive and ensure that those authorities are adequately ensure that those authorities are adequately empowered and resourced. In view of the empowered and resourced. In view of the differences in national governance differences in national governance structures and in order to safeguard already structures and in order to safeguard already existing sectoral arrangements or Union existing national or Union-based sector- supervisory and regulatory bodies, and to specific arrangements or Union avoid duplication, Member States should supervisory and regulatory bodies, and to be able to designate more than one avoid duplication, Member States should competent authority. In that case, they be able to designate more than one should however clearly delineate the competent authority. In that case, they respective tasks of the authorities should however clearly delineate the concerned and ensure that they cooperate respective tasks of the authorities smoothly and effectively. All competent concerned and ensure that they cooperate

AM\1232572EN.docx 21/44 PE693.620v01-00 EN authorities should also cooperate more smoothly and effectively. All competent generally with other relevant authorities, authorities should also cooperate more both at national and Union level. generally with other relevant authorities, both at national and Union level.

Or. en

Amendment 50 Mikuláš Peksa on behalf of the Greens/EFA Group

Proposal for a directive Recital 18

Text proposed by the Commission Amendment

(18) Given that under the NIS 2 (18) Given that under the NIS 2 Directive entities identified as critical Directive entities identified as critical entities, as well as identified entities in the entities, as well as identified entities in the digital infrastructure sector that are to be digital infrastructure sector that are to be treated as equivalent under the present treated as equivalent under the present Directive are subject to the cybersecurity Directive are subject to the cybersecurity requirements of the NIS 2 Directive, the requirements of the NIS 2 Directive, the competent authorities designated under the competent authorities designated under the two Directives should cooperate, two Directives should cooperate, particularly in relation to cybersecurity particularly in relation to cybersecurity risks and incidents affecting those entities. risks and incidents affecting those entities. In particular Member States, in the transposition acts for NIS 2 Directive and this Directive, should provide measures to avoid double reporting and control, to ensure strategies and requirements are complementary and that entities can benefit from simplified enforcement and reporting conditions.

Or. en

Justification

In line with proposed changes in the articles, it needs to be underlined that any possible overlap will be taken into account and the burden on entities is kept to the minimum necessary for achieving the policy goals.

PE693.620v01-00 22/44 AM\1232572EN.docx EN Amendment 51 Mikuláš Peksa on behalf of the Greens/EFA Group

Proposal for a directive Recital 19

Text proposed by the Commission Amendment

(19) Member States should support (19) Member States should support critical entities in strengthening their critical entities in strengthening their resilience, in compliance with their resilience, in compliance with their obligations under this Directive, without obligations under this Directive, without prejudice to the entities’ own legal prejudice to the entities’ own legal responsibility to ensure such compliance. responsibility to ensure such compliance. Member States could in particular develop Member States should in particular guidance materials and methodologies, develop guidance materials and support the organisation of exercises to test methodologies, support the organisation of their resilience and provide training to exercises to test their resilience and personnel of critical entities. Moreover, provide training to personnel of critical given the interdependencies between entities. Moreover, given the entities and sectors, Member States should interdependencies between entities and establish information sharing tools to sectors, Member States should establish support voluntary information sharing information sharing tools to support between critical entities, without prejudice voluntary information sharing between to the application of competition rules laid critical entities, without prejudice to the down in the Treaty on the Functioning of application of competition rules laid down the European Union. in the Treaty on the Functioning of the European Union.

Or. en

Justification

The new framework, although building up on the previous NIS directive needs to be made efficient by increasing the knowledge on the ground, including with support from Member States.

Amendment 52 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Recital 20

AM\1232572EN.docx 23/44 PE693.620v01-00 EN Text proposed by the Commission Amendment

(20) In order to be able to ensure their (20) In order to be able to ensure their resilience, critical entities should have a resilience, critical entities should have a comprehensive understanding of all comprehensive understanding of all relevant risks to which they are exposed relevant risks to which they are exposed and analyse those risks. To that aim, they and analyse those risks. To that aim, they should carry out risks assessments, should carry out risks assessments, whenever necessary in view of their whenever necessary in view of their particular circumstances and the evolution particular circumstances and the evolution of those risks, yet in any event every four of those risks, yet in any event every four years. The risk assessments by critical years. The risk assessments by critical entities should be based on the risk entities should be based on the risk assessment carried out by Member States. assessment carried out by Member States, in close cooperation with police, defence and national security authorities.

Or. fr

Amendment 53 Jessica Stegrud

Proposal for a directive Recital 20 a (new)

Text proposed by the Commission Amendment

(20a) Member States should be free to choose which entities they want to list as "critical", thereby respecting the fact that security matters fully remain a competence of Member States.

Or. en

Amendment 54 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Recital 24

Text proposed by the Commission Amendment

PE693.620v01-00 24/44 AM\1232572EN.docx EN (24) The risk of employees of critical (24) The risk of employees of critical entities misusing for instance their access entities misusing for instance their access rights within the entity’s organisation to rights within the entity’s organisation to harm and cause damage is of increasing harm and cause damage is of increasing concern. That risk is exacerbated by the concern. That risk is exacerbated by the growing phenomenon of radicalisation intensity of hybrid threats, which are leading to violent extremism and terrorism. increasingly difficult to track and identify, It is therefore necessary to enable critical and by the growing phenomenon of entities to request background checks on radicalisation leading to violent extremism persons falling within specific categories of and terrorism. It is therefore necessary to its personnel and to ensure that those enable critical entities to request requests are assessed expeditiously by the background checks on persons falling relevant authorities, in accordance with the within specific categories of its personnel applicable rules of Union and national law, and to ensure that those requests are including on the protection of personal assessed expeditiously by the relevant data. authorities, in accordance with the applicable rules of Union and national law, including on the protection of personal data. Specific training for employees and operators should be developed.

Or. fr

Amendment 55 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Recital 25

Text proposed by the Commission Amendment

(25) Critical entities should notify, as (25) Critical entities should notify, as soon as reasonably possible under the soon as reasonably possible under the given circumstances, Member States’ given circumstances, Member States’ competent authorities of incidents that competent authorities of incidents that significantly disrupt or have the potential significantly disrupt or have the potential to significantly disrupt their operations. to significantly disrupt their operations. The notification should allow the The notification should allow the competent authorities to respond to the competent authorities to respond to the incidents rapidly and adequately and to incidents rapidly and adequately to prevent have a comprehensive overview of the even worse consequences and to have a overall risks that critical entities face. For comprehensive overview of the overall that purpose, a procedure should be risks that critical entities face. For that established for the notification of certain purpose, a procedure should be established incidents and parameters should be for the notification of certain incidents and

AM\1232572EN.docx 25/44 PE693.620v01-00 EN provided for to determine when the actual parameters should be provided for to or potential disruption is significant and the determine when the actual or potential incidents should thus be notified. Given the disruption is significant and the incidents potential cross-border impacts of such should thus be notified. Given the potential disruptions, a procedure should be cross-border impacts of such disruptions, a established for Member States to inform procedure should be established for other affected Member States via single Member States to inform other affected points of contacts. Member States via single points of contacts. Given the sensitivity of some events, appropriate forms of confidentiality should be established, together with mechanisms to prevent the dissemination of uncontrolled information.

Or. fr

Amendment 56 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Article 1 – paragraph 1 – point a

Text proposed by the Commission Amendment

(a) lays down obligations for Member (a) lays down obligations for Member States to take certain measures aimed at States to take certain measures aimed at ensuring the provision in the internal ensuring the provision in the internal market of services essential for the market of services essential for the maintenance of vital societal functions or maintenance of vital societal functions or economic activities, in particular to economic activities, in particular to identify critical entities and entities to be identify critical entities and entities to be treated as equivalent in certain respects, treated as equivalent in certain respects, and to enable them to meet their and to enable them to meet their obligations; obligations, especially if they are particularly vulnerable;

Or. fr

Amendment 57 Mikuláš Peksa on behalf of the Greens/EFA Group

PE693.620v01-00 26/44 AM\1232572EN.docx EN Proposal for a directive Article 1 – paragraph 1 – point a

Text proposed by the Commission Amendment

(a) lays down obligations for Member (a) lays down obligations for Member States to take certain measures aimed at States to take certain measures aimed at ensuring the provision in the internal ensuring the continuous provision in the market of services essential for the internal market of services essential for the maintenance of vital societal functions or maintenance of vital societal functions or economic activities, in particular to economic activities, in particular to identify critical entities and entities to be identify critical entities and entities to be treated as equivalent in certain respects, treated as equivalent in certain respects, and to enable them to meet their and to enable them to meet their obligations; obligations;

Or. en

Justification

The scope of this Directive is not to regulate the provision of services, as it does not include such provisions, instead being aimed at ensuring that the services are provided by critical entities can continue to function despite possible incidents.

Amendment 58 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Article 1 – paragraph 1 – point b

Text proposed by the Commission Amendment

(b) establishes obligations for critical (b) establishes obligations for critical entities aimed at enhancing their resilience entities aimed at enhancing their resilience and improving their ability to provide those and improving their ability to provide those services in the internal market; services in the internal market and, in the event of an interruption, to quickly limit any damage or consequences in consultation with the designated national authorities;

Or. fr

AM\1232572EN.docx 27/44 PE693.620v01-00 EN Amendment 59 Mikuláš Peksa on behalf of the Greens/EFA Group

Proposal for a directive Article 1 – paragraph 2

Text proposed by the Commission Amendment

2. This Directive shall not apply to 2. This Directive shall not apply to matters covered by Directive (EU) XX/YY matters covered by Directive (EU) XX/YY [proposed Directive on measures for a high [proposed Directive on measures for a high common level of cybersecurity across the common level of cybersecurity across the Union; (‘NIS 2 Directive’)], without Union; (‘NIS 2 Directive’)], and prejudice to Article 7. Regulation [XX/YY] on digital operational resilience for the financial sector, without prejudice to Article 7. Entities covered by the NIS 2 Directive that are subject to obligations under this Directive, shall benefit from a single point of contact and common set of rules provided that all the other conditions are met.

Or. en

Justification

In parallel with work on NIS 2 and REC, the DORA needs to be taken into account. Also, a suggestion is being made indication the way towards simplification.

Amendment 60 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Article 2 – paragraph 1 – point 7 a (new)

Text proposed by the Commission Amendment

(7a) ‘security-critical technologies’ means the technologies needed to ensure that critical entities are resilient to hostile threats such as terrorism and hybrid threats.

Or. fr

PE693.620v01-00 28/44 AM\1232572EN.docx EN Amendment 61 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Article 3 – paragraph 2 – point a

Text proposed by the Commission Amendment

(a) strategic objectives and priorities (a) strategic objectives and priorities for the purposes of enhancing the overall for the purposes of enhancing the overall resilience of critical entities taking into resilience of critical entities and their account cross-border and cross-sectoral supply chain taking into account cross- interdependencies; border and cross-sectoral interdependencies;

Or. fr

Amendment 62 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Article 3 – paragraph 2 – point b

Text proposed by the Commission Amendment

(b) a governance framework to achieve (b) a governance framework to achieve the strategic objectives and priorities, the strategic objectives and priorities, including a description of the roles and including a description of the roles and responsibilities of the different authorities, responsibilities of the different authorities, critical entities and other parties involved (public and private) critical entities and in the implementation of the strategy; other parties involved in the implementation of the strategy, including, where necessary, police, defence and national security authorities;

Or. fr

Amendment 63 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive

AM\1232572EN.docx 29/44 PE693.620v01-00 EN Article 3 – paragraph 2 – point c

Text proposed by the Commission Amendment

(c) a description of measures necessary (c) a description of measures necessary to enhance the overall resilience of critical to enhance the overall resilience of critical entities, including a national risk entities, including a national risk assessment, the identification of critical assessment, the identification of critical entities and of entities equivalent to critical entities and of entities equivalent to critical entities, and the measures to support entities, and the measures to support critical entities taken in accordance with critical entities taken in accordance with this Chapter; this Chapter, including measures to establish a cooperation framework among stakeholders, including critical entities, operators and suppliers of technology solutions;

Or. fr

Amendment 64 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Article 3 – paragraph 2 – point d a (new)

Text proposed by the Commission Amendment

(da) the identification of technological needs and gaps to be addressed to ensure that critical entities are resilient, including security-critical technologies such as secure communications, biometrics, artificial intelligence, autonomous vehicles and space observation.

Or. fr

Amendment 65 Jessica Stegrud

Proposal for a directive Article 3 – paragraph 3

PE693.620v01-00 30/44 AM\1232572EN.docx EN Text proposed by the Commission Amendment

3. Member States shall communicate 3. Member States shall communicate their strategies, and any updates of their their strategies, and any updates of their strategies, to the Commission within three strategies, to the Commission within six months from their adoption. months from their adoption.

Or. en

Amendment 66 Salvatore De Meo on behalf of the EPP Group Henna Virkkunen, Aldo Patriciello

Proposal for a directive Article 3 – paragraph 3 a (new)

Text proposed by the Commission Amendment

3a.When drafting their strategies, Member States may consult local and regional authorities and take into consideration local capacities .

Or. en

Justification

Regional and local authorities should be consulted when relevant and their capacities taken into account.

Amendment 67 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Article 4 – paragraph 1 – subparagraph 2

Text proposed by the Commission Amendment

The risk assessment shall account for all The risk assessment shall account for all relevant natural and man-made risks, relevant natural and man-made risks, including accidents, natural disasters, including industrial accidents, hybrid public health emergencies, antagonistic threats, natural disasters, public health

AM\1232572EN.docx 31/44 PE693.620v01-00 EN threats, including terrorist offences emergencies, antagonistic threats, pursuant to Directive (EU) 2017/541 of the including terrorist offences pursuant to European Parliament and of the Council34. Directive (EU) 2017/541 of the European Parliament and of the Council34. ______34 Directive (EU) 2017/541 of the 34 Directive (EU) 2017/541 of the European Parliament and of the Council of European Parliament and of the Council of 15 March 2017 on combating terrorism and 15 March 2017 on combating terrorism and replacing Council Framework Decision replacing Council Framework Decision 2002/475/JHA and amending Council 2002/475/JHA and amending Council Decision 2005/671/JHA (OJ L 88, Decision 2005/671/JHA (OJ L 88, 31.3.2017, p. 6). 31.3.2017, p. 6).

Or. fr

Amendment 68 Salvatore De Meo on behalf of the EPP Group Henna Virkkunen, Aldo Patriciello

Proposal for a directive Article 4 – paragraph 2 – subparagraph 2

Text proposed by the Commission Amendment

For the purposes of point (c) of the first For the purposes of point (c) of the first subparagraph, Member States shall subparagraph, Member States shall cooperate with the competent authorities of cooperate with the competent authorities of other Member States and third countries, as other Member States and third countries, as appropriate. appropriate, as well as local and regional authorities.

Or. en

Justification

Regional and local authorities should be consulted when relevant and their capacities taken into account

Amendment 69 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

PE693.620v01-00 32/44 AM\1232572EN.docx EN Proposal for a directive Article 6 – paragraph 1 – point c

Text proposed by the Commission Amendment

(c) the impacts that incidents could (c) the impacts that incidents could have, in terms of degree and duration, on have, in terms of degree and duration, on economic and societal activities, the economic and societal activities, the environment and public safety; environment, public administration, health, energy supplies, national defence and public safety;

Or. fr

Amendment 70 Salvatore De Meo on behalf of the EPP Group Henna Virkkunen, Aldo Patriciello

Proposal for a directive Article 8 – paragraph 5

Text proposed by the Commission Amendment

5. Member States shall ensure that 5. Member States shall ensure that their competent authorities, whenever their competent authorities, whenever appropriate, and in accordance with Union appropriate, and in accordance with Union and national law, consult and cooperate and national law, consult and cooperate with other relevant national authorities, in with other relevant national authorities, particular those in charge of civil including, where appropriate, local and protection, law enforcement and protection regional authorities, in particular those in of personal data, as well as with relevant charge of civil protection, law enforcement interested parties, including critical and protection of personal data, as well as entities. with relevant interested parties, including critical entities.

Or. en

Justification

Regional and local authorities should be consulted when relevant and their capacities taken into account.

AM\1232572EN.docx 33/44 PE693.620v01-00 EN Amendment 71 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Article 8 – paragraph 5

Text proposed by the Commission Amendment

5. Member States shall ensure that 5. Member States shall ensure that their competent authorities, whenever their competent authorities, whenever appropriate, and in accordance with Union appropriate, and in accordance with Union and national law, consult and cooperate and national law, consult and cooperate with other relevant national authorities, in with other relevant national authorities, in particular those in charge of civil particular those in charge of national protection, law enforcement and protection security, defence, civil protection, law of personal data, as well as with relevant enforcement and protection of personal interested parties, including critical data, as well as with relevant interested entities. parties, including critical entities.

Or. fr

Amendment 72 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Article 9 – paragraph 1

Text proposed by the Commission Amendment

1. Member States shall support critical 1. Member States shall support critical entities in enhancing their resilience. That entities in enhancing their resilience, support may include developing guidance developing protocols, agreements, materials and methodologies, supporting cooperation and exchange of information the organisation of exercises to test their and expertise between the public and resilience and providing training to private sectors. That support may include personnel of critical entities. developing guidance materials and methodologies, supporting the organisation of exercises to test their resilience and providing training to personnel of critical entities.

Or. fr

PE693.620v01-00 34/44 AM\1232572EN.docx EN Amendment 73 Mikuláš Peksa on behalf of the Greens/EFA Group

Proposal for a directive Article 9 – paragraph 1

Text proposed by the Commission Amendment

1. Member States shall support critical 1. Member States shall support critical entities in enhancing their resilience. That entities in enhancing their resilience. That support may include developing guidance support shall include, among others, materials and methodologies, supporting developing guidance materials and the organisation of exercises to test their methodologies, supporting the organisation resilience and providing training to of exercises to test their resilience and personnel of critical entities. providing training to personnel of critical entities.

Or. en

Justification

A minimal intervention is needed in order to ensure coherent implementation of the Directive

Amendment 74 Alicia Homs Ginel, Lina Gálvez Muñoz, Maria-Manuel Leitão-Marques

Proposal for a directive Article 9 – paragraph 1 a (new)

Text proposed by the Commission Amendment

1a. Where necessary, Member States shall allocate additional resources to support critical entities to fulfil requirements of this Directive, in particular to cover additional costs associated with learning and training activities or employing additional staff for reporting, monitoring and reviewing.

Or. en

AM\1232572EN.docx 35/44 PE693.620v01-00 EN Amendment 75 Alicia Homs Ginel, Lina Gálvez Muñoz, Maria-Manuel Leitão-Marques

Proposal for a directive Article 9 – paragraph 3

Text proposed by the Commission Amendment

3. Member States shall establish 3. Member States shall establish information sharing tools to support information sharing tools to support voluntary information sharing between voluntary information sharing between critical entities in relation to matters critical entities, with the aim of increasing covered by this Directive, in accordance knowledge sharing and increased with Union and national law on, in transparency within and between sectors, particular, competition and protection of in relation to matters covered by this personal data. Directive, in accordance with Union and national law on, in particular, competition and protection of personal data.

Or. en

Amendment 76 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Article 10 – paragraph 2

Text proposed by the Commission Amendment

The risk assessment shall account for all The risk assessment shall account for all relevant risks referred to in Article 4(1) relevant risks referred to in Article 4(1) which could lead to the disruption of the which could lead to the disruption of the provision of essential services. It shall take provision of essential services, including into account any dependency of other an assessment of the international sectors referred to in the Annex on the situation. It shall take into account any essential service provided by the critical dependency of other sectors referred to in entity, including in neighbouring Member the Annex on the essential service provided States and third countries where relevant, by the critical entity, including in and the impact that a disruption of the neighbouring Member States and third provision of essential services in one or countries where relevant, and the impact more of those sectors may have on the that a disruption of the provision of essential service provided by the critical essential services in one or more of those entity. sectors may have on the essential service provided by the critical entity.

PE693.620v01-00 36/44 AM\1232572EN.docx EN Or. fr

Amendment 77 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Article 11 – paragraph 1 – point a

Text proposed by the Commission Amendment

(a) prevent incidents from occurring, (a) prevent incidents from occurring, including through disaster risk reduction including through disaster risk reduction and climate adaptation measures; measures and measures to protect against hybrid threats and industrial accidents and limit the effects of climate change;

Or. fr

Amendment 78 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

Proposal for a directive Article 11 – paragraph 1 – point e

Text proposed by the Commission Amendment

(e) ensure adequate employee security (e) ensure adequate employee and management, including by setting out training security management, including categories of personnel exercising critical by setting out categories of personnel functions, establishing access rights to exercising critical functions, establishing sensitive areas, facilities and other access rights to sensitive areas, facilities infrastructure, and to sensitive information and other infrastructure, and to sensitive as well as identifying specific categories of information as well as identifying specific personnel in view of Article 12; categories of personnel in view of Article 12;

Or. fr

Amendment 79 Thierry Mariani, Paolo Borchia, Isabella Tovaglieri

AM\1232572EN.docx 37/44 PE693.620v01-00 EN Proposal for a directive Article 11 – paragraph 1 – point f

Text proposed by the Commission Amendment

(f) raise awareness about the measures (f) raise awareness about and provide referred to in points (a) to (e) among training on the measures referred to in relevant personnel. points (a) to (e) among relevant personnel and operators.

Or. fr

Amendment 80 Jessica Stegrud

Proposal for a directive Article 12 – paragraph 2 – point c

Text proposed by the Commission Amendment

(c) cover previous employments, (c) cover possible links to extremist education and any gaps in education or groups as well as previous employments, employment in the person’s resume during education and any gaps in education or at least the preceding five years and for a employment in the person’s resume during maximum of ten years. at least the preceding five years and for a maximum of ten years,

Or. en

Amendment 81 Jessica Stegrud

Proposal for a directive Article 13 – paragraph 1

Text proposed by the Commission Amendment

1. Member States shall ensure that 1. Member States shall ensure that critical entities notify without undue delay critical entities only notify the competent the competent authority of incidents that authority of incidents that significantly significantly disrupt or have the potential disrupt their operations without undue to significantly disrupt their operations. delay, in order to avoid over-information Notifications shall include any available and unnecessary data flow, and

PE693.620v01-00 38/44 AM\1232572EN.docx EN information necessary to enable the to guarantee the effective functioning of competent authority to understand the national authorities and private entities. nature, cause and possible consequences of Notifications shall include any available the incident, including so as to determine information necessary to enable the any cross-border impact of the incident. competent authority to understand the Such notification shall not make the critical nature, cause and possible consequences of entities subject to increased liability. the incident, including so as to determine any cross-border impact of the incident. Such notification shall not make the critical entities subject to increased liability.

Or. en

Amendment 82 Mikuláš Peksa on behalf of the Greens/EFA Group

Proposal for a directive Article 13 – paragraph 2 – point -a (new)

Text proposed by the Commission Amendment

(-a) the impact on human life and the environmental consequences;

Or. en

Justification

Events that do endanger human life or the environment need to be prioritised.

Amendment 83 Mikuláš Peksa on behalf of the Greens/EFA Group

Proposal for a directive Article 13 – paragraph 4 a (new)

Text proposed by the Commission Amendment

4a. In the first trimester of every year, Member States shall submit a report to the Commission containing the summary of

AM\1232572EN.docx 39/44 PE693.620v01-00 EN incident notifications received in the previous year and the measures took.

Or. en

Justification

In order to raise the level of security across the Union, information that can contribute to incident prevention or contribute to solving them needs to become accessible.

Amendment 84 Alicia Homs Ginel, Jens Geier, Lina Gálvez Muñoz, Maria-Manuel Leitão-Marques

Proposal for a directive Article 16 – paragraph 2 – subparagraph 1

Text proposed by the Commission Amendment

2. The Critical Entities Resilience 2. The Critical Entities Resilience Group shall be composed of Group shall be composed of representatives of the Member States and representatives of the Member States and the Commission. Where relevant for the the Commission. Where relevant for the performance of its tasks, the Critical performance of its tasks, the Critical Entities Resilience Group may invite Entities Resilience Group may invite representatives of interested parties to representatives of interested parties to participate in its work. participate in its work, encouraging the active involvement of SMEs and civil society and trade unions for worker- related aspects such as training.

Or. en

Amendment 85 Mikuláš Peksa on behalf of the Greens/EFA Group

Proposal for a directive Article 16 – paragraph 7 a (new)

Text proposed by the Commission Amendment

7a. The Critical Entities Resilience Group, in spirit of security cooperation

PE693.620v01-00 40/44 AM\1232572EN.docx EN and open access, shall regularly publish it´s findings and appropriately anonymised source data for the general public for use in academia, security research and for other beneficial uses.

Or. en

Justification

Additional transparency can lead to crowdsourcing solutions.

Amendment 86 Mikuláš Peksa on behalf of the Greens/EFA Group

Proposal for a directive Article 17 – paragraph 2 a (new)

Text proposed by the Commission Amendment

2a. In order to receive and properly use the information received in accordance with Article 13(4a) the Commission shall keep a European registry of incidents and develop a common European reporting centre, with the aim of developing and sharing best practices and methodologies.

Or. en

Justification

In order to ensure efficient use and distribution of information, new capacity needs to be built.

Amendment 87 Jessica Stegrud

Proposal for a directive Article 18 – paragraph 1 – subparagraph 1 a (new)

AM\1232572EN.docx 41/44 PE693.620v01-00 EN Text proposed by the Commission Amendment

In order to ensure mutual confidence between the competent authorities and critical entities, supervision shall be conducted in a clear and transparent way.

Or. en

Amendment 88 Salvatore De Meo on behalf of the EPP Group Henna Virkkunen, Aldo Patriciello

Proposal for a directive Article 18 – paragraph 4

Text proposed by the Commission Amendment

4. Member State shall ensure that the 4. Member States shall ensure that the powers provided for in paragraphs 1, 2 and powers provided for in paragraphs 1, 2 and 3 can only be exercised subject to 3 can only be exercised subject to appropriate safeguards. Those safeguards appropriate safeguards. Those safeguards shall guarantee, in particular, that such shall guarantee, in particular, that such exercise takes place in an objective, exercise takes place in an objective, transparent and proportionate manner and transparent and proportionate manner and that the rights and legitimate interests of that the rights and legitimate interests of the critical entities affected are duly the critical entities affected are duly safeguarded, including their rights to be safeguarded, including their rights to be heard, of defence and to an effective heard, of defence and to an effective remedy before an independent court. remedy before an independent court.

Or. en

Amendment 89 Salvatore De Meo on behalf of the EPP Group Henna Virkkunen, Aldo Patriciello

Proposal for a directive Article 22 – paragraph 2

PE693.620v01-00 42/44 AM\1232572EN.docx EN Text proposed by the Commission Amendment

The Commission shall periodically review The Commission shall periodically review the functioning of this Directive, and report the functioning of this Directive, and report to the European Parliament and to the to the European Parliament and to the Council. The report shall in particular Council. The report shall in particular assess the impact and added value of this assess the impact and added value of this Directive on ensuring the resilience of Directive on ensuring the resilience of critical entities and whether the scope of critical entities and whether the scope of the Directive should be extended to cover the Directive should be extended to cover other sectors or subsectors. The first report other sectors or subsectors. The first report shall be submitted by [six years after the shall be submitted by [six years after the entry into force of this Directive] and shall entry into force of this Directive]. assess in particular whether the scope of the Directive should be extended to include the food production, processing and distribution sector.

Or. en

Justification

The agri-food sector should already be included in the scope of this Directive.

Amendment 90 Salvatore De Meo on behalf of the EPP Group Henna Virkkunen, Aldo Patriciello

Proposal for a directive Annex - Point 5. Health (new)

Text proposed by the Commission

Sector Subsector Type of entity

Amendment

— Entities involved in the provision and distribution of medical and pharmaceutical products that ensure the proper functioning of the medical supply chain.

Or. en

AM\1232572EN.docx 43/44 PE693.620v01-00 EN Justification

The challenges we are currently facing for the provision of vaccines shows the need to include the he logistics of the medical supply chain in the scope of this Directive, as a proper delivery of medical products is essential.

Amendment 91 Salvatore De Meo on behalf of the EPP Group Henna Virkkunen, Aldo Patriciello

Proposal for a directive Annex - Point 8 a (new)

Text proposed by the Commission

Sector Subsector Type of entity

Amendment

Agri-food Wholesale — Entities of public interest that markets ensure an essential service for the provision and distribution of agricultural, fishing, fresh and perishable food productions to the agri-food chain until the final consumer, for vast regional and interregional areas.

Or. en

Justification

The good functioning of the food chain should be considered as an essential service for the wellbeing and functioning of our societies. Wholesale markets are structures charged of services of public interests. Therefore, they play a strategic role to counter any form of monopoly in the agri-food chain from producers to consumers, as well as to safeguard the health standards of food. During the Covid-19 pandemic, the resilience of wholesale markets has already been tested, and they proved their vital role in the moment of greatest sanitary emergency when their activity proved crucial to guarantee the continuous collecting and distribution of fresh and perishables products to vast regional and interregional areas. A stop or problem to the functioning of these entities would result in an interruption of the food chain.

PE693.620v01-00 44/44 AM\1232572EN.docx EN