CER Directive

What is the CER Directive?

The EU Directive on the Resilience of Critical Entities (Directive (EU) 2022/2557 — CER Directive) is designed to ensure that vital services remain operational, even in the face of serious disruptions.
Its goal is to strengthen the ability of critical entities to prevent, withstand, and recover from physical incidents, safeguarding essential societal functions and the communities that depend on them.

Is Your Organisation a Critical Entity?

Under the CER Directive, an organisation is considered a critical entity if it:

  • Provides one or more essential services

  • Operates, with its critical infrastructure located within an EU Member State

  • Could suffer significant service disruption if impacted by an incident

Critical entities may be public or private and must fall within one of the key sectors outlined in the Directive’s Annex:

  • Energy

  • Transport

  • Health

  • Banking

  • Digital infrastructure

  • Space

  • Waste water

  • Drinking water

  • Public administration

  • Large-scale food production, processing, and distribution

  • Financial market infrastructure

How Does This Differ from Traditional Risk Management?

The CER Directive marks a shift from siloed risk management to an integrated, multi-hazard approach.
It requires critical entities to:

  • Conduct both probabilistic and non-probabilistic risk assessments, covering frequent and rare high impact threats

  • Understand compounding and cascading risks

  • Identify vulnerabilities across upstream dependencies (e.g., cloud hosting, power supply, pharmaceuticals), downstream reliance (e.g., logistics), and lateral interconnections (shared systems/assets) that could trigger cascading failures

How Prosilience Consulting Can Help You Meet CER Directive Requirements

At Prosilience Consulting, we specialise in helping organisations navigate uncertainty and build crisis ready teams. We can support your CER Directive compliance and resilience goals by:

1. Strengthening Incident & Crisis Management Capability

  • Reviewing, refreshing, or creating incident and crisis management plans

  • Developing clear crisis communication strategies for effective stakeholder engagement during disruptions (Article 13 and 15)

2. Designing and Delivering Realistic Training & Exercises

  • Building a tailored programme of exercises based on your risk assessment scenarios

  • Conducting post-exercise reviews to evaluate response effectiveness

  • Identifying opportunities to enhance resilience maturity and operational readiness (Article 13)

 

 

Nighttime cityscape with illuminated buildings, a construction crane, and streaks of red and blue lights from moving cars on a highway
Contact us