Essential Service (CER)

An essential service under the CER Directive is a service that is critical to the maintenance of vital societal functions, economic activity, public safety or the health and well-being of citizens. Organisations that provide such services may be designated as critical entities.

Back to Dictionary

Table of Contents

    Definition of essential service

    The CER Directive defines an essential service as a service that is critical to the maintenance of vital societal functions, critical economic activity, public health, safety and security, or the economic and social welfare of the population.

    The central element of the definition is the degree of societal dependence: the greater the proportion of the population, economy or security apparatus that depends on the service, the more 'essential' it is. A disruption of an essential service will typically have cascading effects on many other societal functions.

    Examples of essential services

    The concept covers services within the eleven CER sectors. Examples include:

    • Energy: Electricity supply, gas distribution, oil supply
    • Transport: Air and rail traffic, port operations, road infrastructure
    • Health: Hospital operations, blood supply, pharmaceutical production
    • Drinking water: Water supply and distribution
    • Digital infrastructure: DNS, cloud services supporting critical sectors
    • Banking: Payment infrastructure, core banking services
    • Food: Production and distribution of staple food products
    • Space: Ground-based systems supporting satellite communications and navigation

    Consequences of disruption

    Authorities assess whether a service is 'essential' based on the potential consequences of a serious disruption. Factors considered include:

    • The number of people directly dependent on the service
    • Dependencies from other critical sectors and infrastructures
    • The degree of substitutability (can the service quickly be provided by another entity?)
    • The geographical extent of the impact
    • Consequences for security of supply, public health and public order


    National risk assessment as the starting point:     Each EU Member State conducts a national risk assessment that maps the services and infrastructures most critical to the country. This assessment forms the basis for the designation of critical entities and their essential services.

    Essential services and critical entities

    The identification of essential services is the first step in the CER compliance process. Once a service is deemed essential, the national authority assesses which organisations provide that service and whether those organisations should be designated as critical entities. Critical entities must then implement resilience measures, conduct risk assessments and notify authorities of incidents that significantly disrupt the provision of essential services.

    Frequently Asked Questions about Essential Service (CER)

    What is an essential service under the CER Directive?

    An essential service is a service that is critical to the maintenance of vital societal functions, economic activity, public safety or public health. The CER Directive uses this concept to identify which services must be protected through the designation of critical entities.

    Who decides whether a service is essential under CER?

    National authorities determine whether a service is essential as part of their national risk assessment. Organisations cannot self-designate; the decision is made by the competent authority in each Member State.

    What are examples of essential services?

    Examples include electricity supply, gas distribution, hospital operations, water supply, air and rail traffic, payment infrastructure, food production and distribution, and ground-based space infrastructure.

    What happens if an essential service is disrupted?

    A disruption of an essential service typically has cascading effects on other societal functions. Critical entities providing essential services must notify authorities of incidents that significantly disrupt or have the potential to disrupt the provision of the service.

    How does the CER Directive relate to NIS2?

    CER addresses physical resilience of critical infrastructure, while NIS2 addresses cybersecurity. Many organisations may be subject to both directives. Together, they create a comprehensive framework covering both physical and cyber threats to essential services.

    +400 companies use .legal
    Region Sjælland
    Aarhus Universitet
    aj_vaccines_logo
    Realdania
    Right People
    IO Gates
    PLO
    Finans Danmark
    geia-food
    Vestforbrænding
    Evida
    Klasselotteriet
    NRGI1
    BLUE WATER SHIPPING
    Karnov
    Ingvard Christensen
    VP Securities
    AH Industries
    Lægeforeningen
    InMobile
    AK Nygart
    ARP Hansen
    DEIF
    DMJX
    Axel logo
    qUINT Logo
    KAUFMANN (1)
    SMILfonden-logo
    kurhotel_skodsborg
    nemlig.com
    Molecule Consultancy
    Novicell
    Footer topswirl

    Info

    .legal A/S

    hello@dotlegal.com
    +45 7027 0127

    VAT-no: DK40888888

    Support

    support@dotlegal.com
    +45 7027 0127
    Need help?

     

    Office

    Aarhus

    Store Torv 14, 2.
    8000 Aarhus C

    We care about safety

    Download our declarations

    ISAE 3000

    ISAE 3402

    Modules

    Let me help you get started

    joa i blob
    Reach out to me on phone
    +45 7027 0127 and I'll get you started
    arrow-right-white Get a demo

    .legal is not a law firm and is therefore not under the supervision of the Bar Council.

    Footer bottomswirl