NEW EU DIRECTIVE 2026

Strengthening the resilience of critical infrastructure

The EU requires critical entities to implement systematic risk management. We support you with analysis, implementation, and documentation — before the deadline expires.

Request a consultation now

NEW EU DIRECTIVE 2026

Strengthening the resilience of critical infrastructure

The EU requires critical entities to implement systematic risk management. We support you with analysis, implementation, and documentation — before the deadline expires.

Request a consultation now

NEW EU DIRECTIVE 2026

Strengthening the resilience of critical infrastructure

The EU requires critical entities to implement systematic risk management. We support you with analysis, implementation, and documentation — before the deadline expires.

Request a consultation now

Critical facilities under pressure – act now before the deadline expires.

The CER Directive (EU 2022/2557) establishes, for the first time, binding minimum standards for physical and operational resilience for eleven essential sectors such as energy, transport, healthcare, and digital infrastructure. From July 2026, Member States must identify critical entities and formally notify them—affected companies will then learn whether the requirements apply to them, and if so, which obligations they must meet.

11

Essential sectors covered by the CER Directive.

9 months

Deadline for implementation.
Begins in July 2026.

EU 2022/2557

Legal basis of the Critical Entities Resilience Directive.

27 EU member states

Required to be transposed into national law.

Resilience as a strategic management task.
The CER Directive calls for a comprehensive all-hazards approach: understand dependencies, plan measures, measurably improve protection – at board level and across all business units.

Fulfill compliance obligations

Complete documentation and evidence management for national authorities – revision-proof, audit-ready, and delivered on time.

Increase operational safety

Systematically identified vulnerabilities are addressed before they turn into incidents.

Minimize downtime

Proven emergency and business continuity structures measurably reduce the impact of critical incidents.

Documentation, evidence and compliance – we support you throughout the entire process. Turn obligation into opportunity and benefit from the requirements!

Step 1
Analysis (BIA and RM)

Standards-compliant risk analysis based on the all-hazards approach, as well as business impact analysis – documented in a structured, complete, and authority-ready manner.

Step 2
Risk Management & Resilience Building

Step 2
Development of
Measures

Development of concrete measures based on identified risks and dependencies – prioritized, actionable, and assessed from a business perspective. Establishment of emergency, continuity, and protection structures that genuinely make your company more resilient.

Step 3
Practice & Training

Resilience is built through repetition. We support exercises, simulations, and training so that structures work when it matters most.

Step 4
Documentation & Compliance

Meeting all documentation and verification obligations — on time, before regulatory pressure builds up.

Companies that trust risk on mind.

Image 2: Industrial facility with large silos and warehouse buildings under blue sky

Interstarch

“risk on mind is far more than an external consultant for us. Their approach is practical, economically sound, and technically state of the art. They have not only helped us reduce risks, but also created real economic value — whether through better insurance terms or efficient technical measures. Today, we see risk on mind as a strategic partner.”

— Anton Yakovenko, Interstarch Executive Management

Companies that trust risk on mind.

Interstarch

“risk on mind is far more than an external consultant for us. Their approach is practical, economically sound, and technically state of the art. They have not only helped us reduce risks, but also created real economic value — whether through better insurance terms or efficient technical measures. Today, we see risk on mind as a strategic partner.”

— Anton Yakovenko, Interstarch Executive Management

Companies that trust risk on mind.

Interstarch

“risk on mind is far more than an external consultant for us. Their approach is practical, economically sound, and technically state of the art. They have not only helped us reduce risks, but also created real economic value — whether through better insurance terms or efficient technical measures. Today, we see risk on mind as a strategic partner.”

— Anton Yakovenko, Interstarch Executive Management

Request advice on the EU Resilience Directive now.
We analyze your current situation and show you the most efficient path to compliance – with no obligation and in a practical, hands-on way.

Request a Consultation

Get to know rismo®

Request advice on the EU Resilience Directive now.
We analyze your current situation and show you the most efficient path to compliance – with no obligation and in a practical, hands-on way.

Request a Consultation

Get to know rismo®

Request advice on the EU Resilience Directive now.
We analyze your current situation and show you the most efficient path to compliance – with no obligation and in a practical, hands-on way.

Request a Consultation

Get to know rismo®

Book initial consultation

Schedule an initial appointment without any risk.

Academy

Strengthening the resilience of critical infrastructure

Strengthening the resilience of critical infrastructure

Strengthening the resilience of critical infrastructure

Critical facilities under pressure – act now before the deadline expires.

Critical facilities under pressure – act now before the deadline expires.

11

Essential sectors covered by the CER Directive.

9 months

Deadline for implementation.
Begins in July 2026.

EU 2022/2557

Legal basis of the Critical Entities Resilience Directive.

27 EU member states

Required to be transposed into national law.

Resilience as a strategic management task.
The CER Directive calls for a comprehensive all-hazards approach: understand dependencies, plan measures, measurably improve protection – at board level and across all business units.

Resilience as a strategic management responsibility.
The CER Directive requires a comprehensive all-hazards approach: understand dependencies, plan measures, and demonstrably improve protection – at board level and across all business areas.