Member states were obliged to apply the directive from October 18 and must develop and adopt a national strategy to strengthen the resilience of critical entities and carry out a risk assessment by January 17, 2026.

The CER further specifies that, taking into account the results of the risk assessment, Member States must identify critical entities before this date.

In a statement, the Ministry of Defense said Tánaiste and Defense Minister Micheál Martin had signed new regulations “which will strengthen the resilience of the state’s essential service operators”.

He said the regulations are part of a European Union-wide effort to increase the resilience of all member states.

He said:

The following sectors will be subject to regulation: energy, transport, banking, financial market infrastructure, health, drinking water, wastewater, digital infrastructure, public administration, space and large-scale food production, processing and distribution.

The Tánaiste said: “These new regulations will focus on improving the physical resilience of essential service operators in Ireland. My department will create a framework to ensure these operators are able to prevent, resist, absorb and recover from disruptive incidents, whether caused by natural hazards, accidents, terrorism, insider threats or public health emergencies .

The statement said the Department of Defense will develop a national strategy for the resilience of critical entities.

“This strategy will define the governance framework, identification criteria, specific obligations and measures to strengthen resilience, in particular around the sharing of information and the development of public and private collaborative engagement”, indicates -he.

“The ministry will also develop an enhanced national risk assessment process to help identify these entities. For their part, critical entities, once identified, will carry out their own risk assessments and take technical, security and organizational measures to strengthen their resilience. The department will work with sector regulators to implement this work across the various sectors it covers.

The CER Directive works in tandem with the Network and Information Systems Directive (NIS2) – a landmark EU cybersecurity law, expected to be implemented by October 17.

The Defense Ministry statement said: “Defense Ministry officials will work closely with the Ministry of Environment, Climate and Communications to implement these new regulations. The Ministry of Environment, Climate and Communications is currently developing legislation covering the same sectors with a focus on cyber resilience rather than physical resilience.