Click here to sign up
for DBI's newsletter

What is the CER directive?

The CER-directive concerns critical infrastructure in the event of e.g. natural disasters, sabotage, and disruptions to supply chains. Its purpose is to increase the EU’s critical infrastructure resilience. CER ensures that companies in vital industries can prevent, withstand, and respond to various types of crises e.g. hybrid attacks, terrorist attacks, sabotage, public health crises, and natural disasters. This protects society and maintains continuity in critical services and functions.

What does CER mean?

CER stands for Critical Entities Resilience and the directive states a range of resilience building requirements to critical infrastructure companies within the EU. It is up to each member state country to refine and implement the directive into their respective national legislation.

Who is covered by the CER-directive?

CER covers multiple industries including energy, transport, banking, financial market infrastructure, health, drinking water, wastewater, digital infrastructure, public administration, aerospace, and food. It is up to each member state country to define the type of companies they consider part of their critical infrastructure.

When does the CER-directive come into effect?

You can see the rollout plan for the CER directive below.

What minimum requirements does the CER directive set for your organisation?

Risk management:

Companies must regularly conduct and update a comprehensive risk assessment, to identify threats to and vulnerabilities of vital societal services.

Risk management:

Risk assessment as well as, implementation of appropriate and proportionate technical and organisational measures to manage identified risks. This includes prevention, protection and emergency management planning.

Incident reporting:

Establish procedures for the rapid identification and reporting of significant incidents to relevant national authorities, often within tight timeframes.

Security audits:

Conduct regular security audits to assess the effectiveness of measures and ensure compliance with requirements.

Information sharing:

Promote the sharing of information about threats, vulnerabilities, and incidents with other critical entities and relevant authorities to strengthen societal security and resilience.

Supplier management:

Ensure that suppliers and partners also meet strict security standards to protect the supply chain from potential threats.

Awareness and training:

Implement training programs to increase employee and stakeholder awareness and level of training in security measures.

Cross-sector collaboration:

Establish contact with national contact points for critical infrastructure to ensure coordination and support for directive implementation and compliance.

National contact points:

Participate in cross-sector and cross-national cooperation to promote the exchange of best practices and strengthen resilience across borders and sectors.

Background checks:

The purpose of background checks is to verify an individual or company's background so that you can make informed decisions. Do you know who you are hiring? Integrate background checks as a central part of your CER compliance plan. Background checks help uncover hidden risks and ensure that your team meets the directive's standards.

These requirements are designed to ensure that critical entities are prepared for and can withstand all types of threats while maintaining continuity of their critical services.

DBI can help you meet the new legal requirements

Specific examples of our services:


Risk analysis and assessment: We conduct detailed risk assessments, identifying and analysing specific threats and vulnerabilities a company may have. We can also assist you to develop a tailored risk management strategy.


Emergency management plans: We can help design and implement comprehensive emergency management plans that address potential incidents in both physical and cyber domains, based on identified risks.


Development of recovery plans: We can assist in developing robust business continuity and recovery plans that ensure minimal operational disruption and swift recovery after security incidents.


Crisis and emergency management exercises: We can aid your company in conducting regular crisis and emergency management exercises. This offers the opportunity to assess the effectiveness of implemented security measures and identify improvement areas.


Supplier management: We offer advice on best practices to ensure that the supply chain meets the necessary security standards.

Background checkWe tailor the background check to your needs. The service is scalable and can be expanded to include e.g. social media and digital footprints.

Physical security reviewDBI’s physical security advisors, work with you to familiarise you with the use and maintenance of your security solutions and measures. This ensures that the equipment meets your functional requirements and that the individual physical security and electronic surveillance measures work when needed.

Read more

DO YOU WANT TO KNOW MORE? CONTACT US OR REQUEST A CALL

Jesper Florin Head of Security Certified Security Advisor®, CFPA Certified Business Continuity Professional (CBCP), DRII
+45 51 35 37 07 jfl@dbigroup.dk
Andreas Norstedt Security Advisor
+45 50 80 78 33 apn@dbigroup.dk
Karin Castro Functional Manager
+45 50 80 78 32 kcm@dbigroup.dk

CALL ME – FILL IN THE FORM AND WE WILL CONTACT YOU

Company*
Name*
Email*
Phone*
Comment
* required
Submit
CLICK HERE TO SIGN UP FOR DBI'S NEWSLETTER