The Critical Infrastructure Challenge: Strengthening Europe’s Resilience

The European Commission has issued formal notices to 23 Member States for failing to fully transpose the NIS2 Directive and to 24 Member States for delays in implementing the CER Directive. Both directives are essential for safeguarding critical sectors such as energy, water, healthcare, and digital infrastructure.

The NIS2 Directive focuses on establishing robust cybersecurity measures, while the CER Directive aims to enhance the resilience of critical entities against risks like natural disasters, sabotage, and terrorism. However, many Member States have yet to implement these frameworks, leaving critical infrastructure vulnerable.

Cyberattacks on energy and water systems are no longer hypothetical—they’re happening frequently and with growing sophistication. Recent incidents have demonstrated how attackers can disrupt services, compromise operations, and even endanger lives. As these sectors remain key targets, delays in implementing security measures expose critical vulnerabilities that adversaries are eager to exploit.

These challenges highlight the need for consistent and timely implementation of EU directives to ensure the safety and functionality of essential services.

‍