Get Ready for the Critical Entities Resilience Directive (CER)
The European Union’s Critical Entities Resilience Directive (CER) is a framework for strengthening the resilience of critical infrastructure against physical threats, be they natural or man-made, accidental or intentional. It covers a wide range of industries and sectors, including but not limited to energy, transportation, water treatment, and datacenters.
The CER requires that public and private organizations designed as critical infrastructure perform a security risk assessment and implement corrective actions. The directive also requires active cooperation and reporting within each sector’s applicable governing bodies. Adopted in 2023, regulatory enforcement is expected to begin by the end of 2026.
CER was introduced alongside NIS2, an updated cybersecurity framework. Like CER, NIS2 is concerned with the resiliency of designed critical entities, with both directives automatically applying. As both directives should be handled in parallel, a comprehensive risk assessment, one that takes both physical and cybersecurity considerations into account, is recommended.
The CER Directive requires that EU Member States ensure the physical facilities of critical entities undergo a thorough risk assessment and take corrective actions if required.
This post and the accompanying downloadable guide focuses specifically on CER-related physical concerns, and provides specific recommendations based on identified vulnerabilities.
Is Your Organization Ready?
There is a strong business case for meeting CER requirements – physical security is a substantial part of organization-level risk assessments and a key part of business continuity plans.
The CER process can be divided into four steps:
- Perform a physical security risk assessment.
- Create a resilience plan that describes the planned mitigation measures.
- Implement the plan.
- Monitor effectiveness and periodically reassess.
Senstar Can Help!
With over 40 years of experience securing critical infrastructure worldwide, Senstar has the knowledge, European presence, and comprehensive portfolio needed to assist organizations in mitigating security vulnerabilities. Our perimeter intrusion detection, video management software, video analytics, and access control solutions are cost-effective, field-proven, and highly regarded throughout the critical infrastructure sectors.
To assist facility owners and operators, Senstar has prepared a Critical Entities Resilience Directive (CER) Guide that outlines our security solutions related to measures designed to deter, delay, assess, communicate, and respond to potential physical threats and vulnerabilities identified during security risk assessments.