Seven EU countries taken to Court for failing to protect critical entities

Seven EU countries taken to Court for failing to protect critical entities

Editorial Team
Water News Europe

The European Commission has referred Bulgaria, France, Luxembourg, the Netherlands, Poland, Spain, and Sweden to the European Court of Justice for failing to transpose the Directive on Critical Entities Resilience (CER). Among these critical entities are drinking water companies, water management organisations and wastewater treatment plants (WWTPs). The European Commission is requesting the EU Court to impose financial sanctions on each of these Member States.

The decision of the European Commission was published on 29 April in a Press Release and follows after  two previous legal orders that have been neglected.  Member States had to transpose the CER Directive into their national law by 17 October 2024. Most Member States have notified complete transposition of the CER Directive. However, this is not the case for Bulgaria, France, Luxembourg, the Netherlands, Poland, Spain and Sweden.

Deal with systemic disruptions

The CER Directive is part of a broader effort to strengthen the EU’s ability to withstand systemic disruptions and ensure the continuity of essential services. The swift transposition of the CER Directive is essential to reach this important common objective. In 2023, the Russians blew up the Kakhovka Dam in Ukraine. This led to large-scale flooding along the Dnipro River in the Kherson region and widespread evacuations.

Risks concerning safe drinking water

At a NATO base in Germany, concerns arose in January 2025 about a possible drinking water poisoning after a fence surrounding a drinking water reservoir had been cut through. Abnormal values were detected during testing of the drinking water. Five firefighters showed symptoms of poisoning. In recent years, similar incidents have occurred at other NATO locations in Germany.

Protection of critical infrastructure

The CER Directive ensures the continued provision of services that are of vital importance for EU society and economy in key sectors such as energy, transport, health, water, banking and digital infrastructure. It requires Member States to conduct regular risk assessments to identify critical entities and ensure that these entities implement appropriate measures to protect the uninterrupted provision of essential services. The directive takes an all-hazards approach, covering natural and man-made risks such as terrorist attacks, cyber threats, criminal infiltration and sabotage. Critical entities designated under the directive must regularly conduct risk assessments and take measures to ensure their resilience. The CER Directive also sets out measures to enable the identification and mitigation of cross-border risks.

Infringement procedure

The Commission sent letters of formal notice to these Member States in November 2024 and subsequently reasoned opinions in July 2025. In the absence of any notification of national transposing measures, the Commission is referring them to the Court of Justice of the European Union, requesting the Court to impose financial sanctions on each of these Member States.

Cyber security

As explained in the ProtectEU European Internal Security Strategy, the EU must enhance its resilience against hybrid threats by protecting critical infrastructure, reinforcing cybersecurity and combatting online threats. This directive is part of a package of legislative measures to improve the resilience and incident-response capacities of public and private entities in the EU in the fields of critical infrastructure protection and cybersecurity.

The post Seven EU countries taken to Court for failing to protect critical entities appeared first on Water News Europe.

Back to blog

Leave a comment

Please note, comments need to be approved before they are published.

Related Posts