Resilient by Design: Integrating Standards, Tools and Partnerships to Secure Critical Infrastructure in Europe

ATLANTIS would like to thank the following reviewers for their valuable comments and feedback. Their input helped to strengthen the clarity and coherence of the brief. The final content remains the responsibility of the authors. Gabriele GIUNTA, Emilia GUGLIANDOLO, Nidhi NAGABHATLA, Catherine PIANA, Sean TRAVERS and Rory McGLYNN. 

This policy brief was coordinated by Thomas SELEGNY (RESALLIENCE), Policy manager of the ATLANTIS project, with contributions of: David BAKER, Nestor ALFONZO-SANTAMARIA, Domenico di FRANCESCO, Abla EDJOSSAN-SOSSOU, Antonio KUNG, Aljosa PASIC, Josip RADMAN, Stefan SCHAUER, Vittorio ROSATO, Daniel VLADUSIC and Nidhi NAGABHATLA.

For more information on this brief, contact: Thomas SELEGNY, thomas.selegny@resallience.com

As critical infrastructure (CI) in Europe becomes increasingly interdependent, it is also more vulnerable to cascading disruptions triggered by cyberattacks, physical sabotage, and climate-related hazards. These vulnerabilities are further amplified by persistent fragmentation across national, regional and local frameworks, divergent sectoral protocols, and varied risk management (RM) approaches, i.e. compounded by limited coordination mechanisms, particularly between public and private actors. The EU Strategic Foresight Report 2023 [1] has already flagged CI vulnerabilities as one of the top systemic risks to European stability, alongside digital dependencies and geopolitical shocks. Despite recent legislative advances, most notably the second version of the Directive on Network and Information Systems (NIS2) and Critical Entities Resilience (CER) Directives, the European Union (EU) still lacks a cohesive and interoperable model to secure its most vital systems.