Advanced Search

Executive Order On European Critical Infrastructure In The Rail Sector (Epcip)

Original Language Title: Bekendtgørelse om europæisk kritisk infrastruktur på jernbaneområdet (EPCIP-direktivet)

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.
Table of Contents

Appendix 1

Annex I

Annex II

Annex III

Completion on European critical infrastructure in the railway sector (EPCIP Directive) 1)

In accordance with Article 8 (d) (d) 5 and Section 26 (1). ONE, ONE. pkt;, in the law of rail, cf. Law Order no. 1249 of 11. In November 2010, according to section 24 h, paragraph, shall be adopted. 1 :

§ 1. The announcement shall implement the Council Directive 2008 /114/EC of 8. December 2008 on the introduction and designation of European critical infrastructure and the assessment of the need to protect it better (i.e. The provisions of the Directive relating to European critical infrastructure in the railway sector).

Paragraph 2. The Directive shall be annexes 1 to the notice.

§ 2. Competencies of the Member States in the railway area after Directive 2008 /114/EC shall be exercised by the Traffic Management Board.

§ 3. The announcement shall enter into force on 10. January, 2011.

Traffic Management, the 14th. December 2010

Carsten Falk Hansen

-Lise Aena Kobberholm

Appendix 1

COUNCIL DIRECTIVE 2008 /114/EF

of 8. December 2008

on the introduction and designation of European critical infrastructure and the assessment of the need to protect it better ;

(Text with EEA relevance)

THE COUNCIL OF THE EUROPEAN UNION HAS-

Having regard to the Treaty establishing the European Union,

Community, and in particular Article 308 thereof,

Having regard to the proposal from the Commission,

Having regard to the opinion of the European Parliament 1) ,

Having regard to the opinion of the European Central Bank, 2) , and

in the following considerations :

(1) In June 2004, the European Council requested that a general strategy be drawn up for the protection of critical infrastructure. In response to this, the Commission adopted the 20. In October 2004, a communication on the protection of critical infrastructure in the fight against terrorism, which includes proposals for improving the prevention of, preparedness and response to terrorist attacks, which : affects critical infrastructure.

(2) The 17. In November 2005 the Commission adopted a Green Paper on a European programme for the protection of critical infrastructure, which sets out the political options for establishing the programme and setting up a critical information and alert network infrastructure. In the responses to the Green Paper, the added value of a Community framework for the protection of critical infrastructure has been stressed. It was confirmed that there is a need to increase the opportunities to protect critical infrastructure in the European Union and reduce the vulnerability of critical infrastructure. The importance of the basic principles of subsidiarity, proportionality and complementarity, as well as dialogue with the people concerned, was highlighted.

(3) In December 2005, the Justice and Home Affairs Council called on the Commission to submit proposals for a European programme for the protection of critical infrastructure (EPCIP programme (European Programme for Critical Infrastructure Protection)), and decided that it should include all types of hazards, with particular emphasis on terrorist threats. We had to take human-made technological threats and natural disasters in connection with the protection of critical infrastructure, but the terrorist threat should be the priority.

(4) In April 2007, the Council adopted conclusions on the EPCIP, in which it reiterate that the Member States have the ultimate responsibility for the management of systems for the protection of critical infrastructures within their national borders, at the same time as the greeting ; The European Commission's efforts to develop a European procedure for the introduction and designation of European critical infrastructure and the assessment of the need to protect it.

(5) This directive is the first step in a step-by-step approach to constituting and designing European critical infrastructure and assessing the need to protect it better. As such, the directive is concentrated on the transport and energy sector, and will be reviewed in order to assess the consequences of this and the need to extend its scope to other sectors, including information and, inter alia, information and, the communications technology sector (ICT).

(6) The main responsibility and ultimate responsibility for the protection of European critical infrastructure rests with the Member States and the owners / operators of that infrastructure.

(7) There is a certain number of critical infrastructures in the Community whose interruption or destruction would have significant consequences across borders. For example, there can be consequences across borders and sectors as a result of the interdependence of interconnected infrastructures. These European critical infrastructures should be circulated and designated by means of a common procedure. The evaluation of the safety requirements for such a infrastructure should take place in accordance with a common minimum strategy. Bilateral cooperation arrangements between Member States in the area of the protection of critical infrastructure constitute a well-established and effective means of addressing problems of critical infrastructure crossing borders. The EPCIP programme should be based on such cooperation. Information relating to the designation of a particular infrastructure as a European critical infrastructure should be provided at an appropriate level in accordance with existing legislation in the Community and in the Member States.

(8) Since the various sectors have specific experience and expertise and special requirements in the area of critical infrastructure protection, a Community strategy on the protection of critical infrastructure needs to be developed, which must be carried out under taking into account the characteristics of the sectors and existing sectoral measures, including measures already at Community level, at national or regional level, and where applicable, already concluded agreements ; between owners / operators of critical infrastructure cross-border operators . Given that the private sector plays a very important role in monitoring and risk management, the continuation of the operation and restoration of disaster, the Community strategy must promote the full involvement of the private sector.

(9) As regards the energy sector and in particular for the production and transmission of electricity (for electricity supply), it is determined that, as far as it is deemed appropriate, electricity generation may include electrical transmission parts of : nuclear power plants without including the specific nuclear elements covered by the relevant nuclear legislation, including nuclear treaties and Community law.

(10) This directive supplements the existing sectoral measures at Community level and in the Member States. The places where Community mechanisms already exist should continue to be used, and they will help to ensure the general implementation of this directive, duplication or conflict between different legal acts or regulations should be avoided.

(11) Safety plans for operators or equivalent measures involving the identification of important assets, risk assessment and the introduction, selection and prioritisation of counter-measures and procedures should be available to all identified ; European critical infrastructures. In order to avoid unnecessary work and duplication of work, each Member State should first assess whether the owners / operators of a designated European critical infrastructure have appropriate safety plans for operators or similar measures. Where such plans do not exist, each Member State should ensure that appropriate measures are taken. The individual Member State can decide for itself what will be the most appropriate way of proceeding in the design of safety plans for operators.

(12) Measures, principles and guidelines, including Community measures, bilateral and / or multilateral cooperation arrangements, containing provisions for a plan similar to or similar to a safety plan for operators, or provisions relating to a security liaison officer or equivalent, should be considered to comply with the requirements of this Directive, respectively, to a safety plan for operators and a security liaison officer.

(13) A security liaison officer should be appointed for all designated European critical infrastructures, thereby facilitating cooperation and communication with the relevant national authorities for the protection of critical infrastructure. In order to avoid unnecessary work and duplication of work, each Member State should first assess whether the owners / operators of a designated European critical infrastructure already have a security liaison officer or equivalent. If such a security liaison officer does not exist, then each Member State should ensure that appropriate measures are taken. The individual Member State may decide for themselves what will be the most appropriate method for the designation of security liaison officers.

(14) An effective introduction of risks, threats and vulnerability in the particular sectors requires communication both between owners and operators of European critical infrastructure and Member States and between Member States and the Commission. Each Member State should collect information relating to the European critical infrastructure located in its territory. Whereas the Commission should receive general information from Member States on the risks, threats and vulnerability of the sectors in which the European critical infrastructure was encircled, including relevant information on possible improvements in the European critical system. infrastructure and interdependence across sectors, which may form the basis of the Commission's presentation of specific proposals to improve the protection of European critical infrastructure when necessary.

(15) In order to make it easier to improve the protection of European critical infrastructure, common methods can be developed for the introduction and classification of risks, threats and vulnerability in the context of infrastructure.

(16) Owners and operators of European critical infrastructure should have access primarily through relevant authorities in Member States to best practice and the best practices in terms of protecting critical infrastructure protection.

(17) An effective protection of European critical infrastructure requires communication, coordination and cooperation at national level and at Community level. It is best achieved by designing contact points for the protection of European critical infrastructure (CIP (Critical Infrastructure Protection)) in each Member State, which should coordinate questions in the context of protecting European critical infrastructure. internally, as well as with other Member States and the Commission.

(18) In order to develop activities related to the protection of European critical infrastructure in areas requiring a certain degree of confidentiality, it is appropriate to ensure a coherent and secure exchange of information within the framework ; of this Directive ; it is important that the rules on confidentiality in accordance with applicable national legislation or the Regulation of the European Parliament and of the Council of the European Parliament and of the Council (EC) 1049/2001 by 30. May 2001 on public access to European Parliament, Council and Commission documents 3) be complied with with regard to specific data on critical infrastructure, which may be used to plan and act in order to cause unacceptable consequences for the infrastructure. Classified information should be protected in accordance with the relevant Community law and legislation in the Member States. Each Member State and the Commission should respect the safety classification provided by the originator of a document.

(19) Information sharing with regard to European critical infrastructure should be done in an atmosphere of confidence and security. Information sharing requires relations based on trust, so that companies and organisations know that their sensitive and confidential information is adequately protected.

(20) The objectives of this Directive, namely the introduction of a procedure for the introduction and designation of European critical infrastructure and a common approach to the assessment of needs in order to improve the protection of this infrastructure, cannot be established ; whereas the Community may therefore adopt measures in accordance with the principle of subsidiarity, as set out in accordance with the principle of subsidiarity, as set out in the Member States, as defined by the Member States. Article 5 of the Treaty. In accordance with the principle of proportionality, cf. in this Article, this Directive does not go beyond what is necessary in order to achieve these objectives.

(21) This Directive respects the fundamental rights and principles recognised in, inter alia, the Charter of Fundamental Rights of the European Union,

ISSUED THE FOLLOWING DIRECTIVE :

ARTICLE 1

Scope of application

This Directive lays down a procedure for the introduction and designation of European critical infrastructure and a common approach to the assessment of the need to protect this type of infrastructure in order to contribute to the protection of people.

ARTICLE 2

Definitions

For the purposes of this Directive :

a) critical infrastructure means : assets, systems, or parts thereof in the Member States which are essential to the maintenance of vital social functions and human health, security and economic or social well-being, and where : interruption or destruction would significantly affect a Member State as a result of the fact that these functions cannot be maintained ;

b) European critical infrastructure is ' : critical infrastructure in the Member States, and whose interruption or destruction would have significant consequences for two or more Member States. The significance of the consequences shall be assessed on the basis of the cross-cutting criteria. This also includes consequences as a result of dependency across the sectors of other types of infrastructure

c) risk analysis ` : consideration of relevant threat scenarios in order to assess the vulnerability and the potential consequences of critical infrastructure being interrupted or destroyed ;

d) sensitive information related to critical infrastructure data : data on critical infrastructure, which, if published, could be used to plan and act in order to cause disruption or destruction of critical information ; infrastructure facilities,

(e) protection ' shall mean all activities aimed at ensuring critical infrastructure functionality, continuity and integrity in order to avert, mitigate and neutralise a threat, risk or vulnerability ;

(f) European critical infrastructure operators ' means entities that are responsible for the investments or the day-to-day operation of and the investment in any particular asset, system, or part thereof designated as a European critical infrastructure in accordance with the following : for this Directive.

ARTICLE 3

Debortion of European critical infrastructure

1. Each Member State shall, in accordance with the procedure laid down in Annex III, the potential European critical infrastructure which both meet the transverse and sectoral criteria and comply with the definitions referred to in Article 2 (a) and (b).

The Commission may, at the request of the Member States, assist these in constituencies of potential European critical infrastructure. The Commission may draw the attention of the relevant Member States to the existence of potential critical infrastructure which can be regarded as complying with the requirements for the designation as a European critical infrastructure.

Each Member State and the Commission continue to continue the process of constituencies of potential European critical infrastructure.

2. The cross-cutting criteria include the following :

a) the battery of victims (an assessment of the potential number of deaths or injured),

b) the economic consequences of an assessment of the amount of the financial loss and / or the deterioration of goods or services ; including potential environmental consequences) ;

c) the criterion of general consequences (an assessment of the consequences of the confidence of the people, physical suffering and the disturbance of daily life, including the outcome of essential services).

The threshold values for the cross-cutting criteria shall be based on the seriousness of the consequences of the interruption or destruction of a particular infrastructure. The precise threshold values to be applied to the cross-cutting criteria shall be determined in each case of the Member States affected by a particular critical infrastructure. Each Member State shall inform the Commission each year of the number of infrastructures per year. sector which has been the subject of discussion with regard to threshold values for the cross-cutting criteria.

The sector-based criteria take into account the specific characteristics of each sector with a European critical infrastructure.

The Commission, together with the Member States, shall draw up guidelines for the application of the cross-cutting and sectoral criteria and the circumtronic limit values to be used for the introduction of a European critical infrastructure. Criteria are classified. Member States are free to choose whether or not to apply such guidelines.

3. the sectors in which the implementation of this directive is to be implemented is the energy and transport sector. The sub-sectors are indicated in Annex I.

In the context of the revision of this Directive, cf. Article 11, if deemed appropriate, may be designated further sectors in which the implementation of this Directive should be implemented. The Information and Communication Technologies sector (ICT) must be the number one priority.

ARTICLE 4

Epitation of European critical infrastructure

1. Each Member State shall inform the other Member States which may be significantly affected by a potential European critical infrastructure, its identity and the reasons for appointing it as a potential European critical infrastructure.

2. Each Member State, on whose territory a potential European critical infrastructure is located, shall initiate bilateral and / or multilateral discussions with the other Member States which may be significantly affected by the potential European critical infrastructure. The Commission may participate in these discussions but does not have access to detailed information, which will allow an unambiguous introduction of a particular infrastructure.

A Member State which has reason to believe that it may be significantly affected by a potential European critical infrastructure which has not been constitucted as such by the Member State in whose territory the potential European critical infrastructure is located to inform the Commission of its desire to engage in bilateral and / or multilateral discussions on this issue. The Commission shall immediately inform the Member State in whose territory the potential European critical infrastructure is situated, on this request and shall endeavour to facilitate an agreement between the parties.

The third Member State, in whose territory a potential European critical infrastructure is located, identifies it as a European critical infrastructure on the basis of an agreement between this Member State and Member States which may be significantly affected.

The acceptance of the Member State in whose territory the infrastructure to be identified as a European critical infrastructure is situated is necessary.

4. The Member State in whose territory a designated European critical infrastructure is situated shall inform the Commission each year on the number of designated European critical infrastructures per year ; the sector and the number of Member States which are dependent on each designated European critical infrastructure. Only those Member States which are able to be significantly affected by a European critical infrastructure are aware of its identity.

5. Member States, on whose territory the European critical infrastructure is located, inform the owner / operator of the infrastructure identification of its designation as a European critical infrastructure. Information on the designation of an infrastructure as a European critical infrastructure safety is being provided at an appropriate level.

6. The process of subcircuit and designation of European critical infrastructure, cf. Article 3 and this Article shall be completed by the 12 of the 12. In January 2011, a review is regularly carried out.

Article 5

Safety Plans for Operators

1. By means of the procedures relating to the safety plan for operators, the critical infrastructure assets of the European critical infrastructure are identified as well as the safety solutions that exist or implemented in order to protect them. This is shown in Annex II what a procedure for a safety plan for operators to be at least must include.

2. Each Member State shall check that all designated European critical infrastructures located in its territory have a safety plan for operators or has implemented similar measures covering the points that have been established ; in Annex II. Where a Member State ascertains that such a safety plan for operators or similar products exists and is regularly updated, it is not necessary to carry out any further implementation.

3. If a Member State ascertains that such a safety plan for operators or equivalent arrangements has not been drawn up, it shall ensure, by means of appropriate measures, that the safety plan for operators or equivalent work is drawn up and covers them ; points set out in Annex II. Each Member State shall ensure that the critical infrastructure has been designated as a European critical infrastructure within a year that the safety plans for operators or equivalent have been implemented and are regularly reviewed. This period may be extended under special circumstances under agreement with the authority of the Member State, and the Commission shall be informed accordingly.

4. If there are already supervisory or surveillance systems in the context of European critical infrastructure, these arrangements shall not be affected by this Article, and the relevant authority of the Member State, as mentioned in this Article, is the supervisors in : under these existing arrangements.

5. in compliance with measures, including Community measures, which, in a particular sector, require or reference a need to have a plan corresponding to a safety plan for operators, and the monitoring of such a plan by it ; The relevant authority shall be deemed to have been fulfilled by all Member States, or adopted pursuant to this Article. The guidelines for the use referred to in Article 3 (1). 2, must include an indicative list of such measures.

ARTICLE 6

Security liaison officers

1. The security liaison officer shall act as a contact point in connection with security issues between the owner / operator of the European critical infrastructure and the relevant authority of the Member State.

2. Each Member State shall check that all designated European critical infrastructures located in its territory have a security liaison officer or equivalent. Where a Member State notes that such a security liaison officer or equivalent, it is not necessary to carry out any further action to implement.

3. If a Member State ascertains that there is no such thing as a security liaison officer or equivalent to a designated European critical infrastructure, it shall ensure that such measures are appropriate to be designated as such ; security liaison officer or equivalent.

4. Each Member State shall establish an appropriate means of communication between the competent authority of the Member State and the security liaison officer or equivalent in order to exchange relevant information on the identified risks and threats ; connection with the relevant European critical infrastructure. This communication mechanism does not affect the national requirements for access to sensitive and classified information.

5. in compliance with measures, including Community measures, which in a particular sector require or reference a need to have a security liaison officer or equivalent, the requirements of all the Member States in, or adopted, are considered to be : pursuant to this Article to be fulfilled. The guidelines for the use referred to in Article 3 (1). 2, must include an indicative list of such measures.

Article 7

Reporting

1. Each Member State shall carry out a threat assessment in the context of the subsectors of European critical infrastructure within one year of the fact that the critical infrastructure in its territory has been designated as a European critical infrastructure in the field ; sub-sectors in question.

2. Each Member State shall report every two years in summary information to the Commission in general information on the risks, threats and vulnerability of each year. sector of European critical infrastructure, within which a European-critical infrastructure has been designated in accordance with Article 4 in its territory. The Commission may, in cooperation with the Member States, draw up a common model for these reports. Each report shall be classified at an appropriate level as deemed necessary by the Member State of origin.

On the basis of the provisions referred to in paragraph 1, 2 the reports referred to shall assess the Commission and the Member States on a sectoral basis, whether further safeguard measures should be considered at Community level for European critical infrastructure. This procedure shall be carried out in the context of the revision of this Directive, cf. Article 11.

The Commission, in cooperation with the Member States, can draw up common methodology guidelines for the implementation of risk analyses of European critical infrastructure. Member States shall choose freely whether they will apply such guidelines.

ARTICLE 8

Support from the Commission to European critical infrastructure

The Commission shall support, through the relevant authority of the Member State, owners / operators of designated European critical infrastructure by providing them with access to best practices and methods, as well as through the training and exchange of information on new technical developments ; mapping to the protection of critical infrastructure.

Article 9

Sensitive information regarding the protection of European critical infrastructure

1. Any person who, on behalf of a Member State or the Commission, processes classified information pursuant to this Directive must be subject to appropriate security at appropriate levels. Member States, the Commission and the relevant supervisory authorities shall ensure that sensitive information concerning the protection of European critical infrastructure is given to the Member States or the Commission is not used for purposes other than protection ; of critical infrastructure.

2. This Article shall also apply to non-written information exchanged during meetings of which sensitive topics are discussed.

Article 10

Contact points for the protection of European critical infrastructure

1. Each Member State shall designate a contact point for the protection of European critical infrastructure.

2. The contact point coordinates questions relating to the protection of European critical infrastructure internally in the Member State, with other Member States and with the Commission. The selection of a contact point for the protection of European critical infrastructure does not exclude the inclusion of other authorities in a Member State on matters relating to the protection of European critical infrastructure.

Article 11

Audit

This Directive shall be reviewed by the 12 of the 12. January 2012.

Article 12

Implementation

Member States shall take the measures necessary to comply with this Directive not later than 12. January, 2011. They shall forthwith inform the Commission thereof. When Member States adopt these measures, they shall contain a reference to this Directive or shall be accompanied by such reference on the occasion of their official publication. The methods of making such reference shall be laid down by the Member States.

ARTICLE 13

Entry into force

This Directive shall enter into force on the twentiday following its publication in the Official Journal of the European Union.

ARTICLE 14

Addressees

This Directive is addressed to all Member States.

Done at, Brussels, 8. For the Council December 2008.

For the Council

B. KOUCHNER

BORS

Annex I

List of European Critical Infrastructure sectors

Sector
Sub-sector
In Energy
1. Electricity
Infrastructure and installations for the electricity generation and transmission for electricity supply
2. Oil
Production, refining, treatment and storage of oil, including transport through pipelines
3. Gas
Production, refining, treatment and storage of gas, including transport through pipelines
LNG terminals
II Transport
4th Road Transport
5. Rail transport
6. Air Transport
7. Transport by inland waterway
8. Maritime transport over long and short distances and ports

The Member States ' introduction of critical infrastructure, which can be identified as a European critical infrastructure, is carried out in accordance with Article 3.

Consequently, the list of European critical infrastructure sectors does not, in itself, lead to a general obligation to identify European critically

infrastructure in each sector.

Annex II

PROCEDURES FOR SAFETY PLAN FOR OPERATORS

The Safety Plan for Operators shall circulate critical infrastructural assets and specify the safety solutions that have been implemented or are being carried out in order to protect them. Safety Plans Procedures must cover at least the following :

1) the introduction of important assets,

2) carrying out a risk analysis on the basis of serious threat scenarios, the vulnerability of each asset and the potential consequences, and

3) the introduction, selection and prioritisation of countermeasures and procedures with a distinction between :

-WHAT? permanent safeguards with the clarification of the investments and means necessary for the safety and the relevant use of any time. This heading includes information on general measures such as technical measures (including the installation of detectors, access control and protection and prevention funds), organizational measures (including alert procedures and crisis management), control and verification measures, communication, awareness-raising and training, as well as the provision of information systems ;

-WHAT? graduated security measures which may be activated depending on the risk and threat level.

Annex III

Procedure for the Member States ' introduction of critical infrastructure, which can be identified as a European critical infrastructure, cf. Article 3,

Under Article 3, each Member State must identify critical infrastructure that can be designated as a European critical infrastructure. This procedure shall be carried out by each Member State through the following consecutive steps.

Potential European critical infrastructure that does not meet the requirements of one of the following consecutive steps is not considered to be European infrastructure and is not subject to the procedure. Potential European critical infrastructure that meets the definitions must review the next steps of the procedure.

Step 1

Each Member State shall apply the sectoral criteria for the purpose of conducting a preliminary selection of critical infrastructure in the sector.

Step 2

Each Member State shall apply the definition of critical infrastructure, cf. Article 2 (a) of the potential European critical infrastructure as constituencies in step 1.

The significance of the consequences shall be determined either by using national methods to identify critical infrastructure or by reference to the horizontal criteria at appropriate national level. In the case of infrastructure providing important services, account will be taken of the existence of alternatives and to the duration of the suspension / reestablishment.

Step 3

Each Member State shall apply the definition of European critical infrastructure, cf. Article 2 (b) of the potential European critical infrastructure, which has undergone the first two steps of this procedure. Potential European critical infrastructure that meets the definition must review the next step in the procedure. In the case of infrastructure providing important services, account will be taken of the existence of alternatives and to the duration of the suspension / reestablishment.

Step 4

Each Member State shall apply the cross-cutting criteria to the remaining potential European critical infrastructure. The cross-cutting criteria shall take into account the seriousness of the consequences and, in the case of infrastructure, which provide important services, whether there are alternatives, and to the duration of the interruption / reestablishment. Potential European critical infrastructure that does not meet the cross-cutting criteria will not be regarded as a European critical infrastructure.

Potential European critical infrastructure, which has undergone this procedure, will only be communicated to those Member States that may be significantly affected by the potential European critical infrastructure.

Official notes

1) The announcement shall be carried out in parts of Council Directive 2008 /114/EC of 8. December 2008 on the introduction and designation of European critical infrastructure and the assessment of the need to protect it better (EU-tiering 2008 L 345 on 23. December page 75-82)

1) Opinion delivered on 10.7 2007 (not yet published in the Official Journal).

2) EUT C 116 of 26.5.2007, p. 1.

3) OJ L 145, 31.5.2001, p. 43.