ECI process



Apply sectoral criteria for critical infrastructures

Apply the definition of critical infrastructure, according to Article 2(a) of the directive

Apply transboundary element according to Article 2(b)

Apply cross-cutting criteria to identify potential ECIs


Inform other Member States affected by a potential ECI

Critical Infrastructure Warning Information Network (CIWIN)

Engage in bilateral/multilateral dialogue with the Member States


Agree with the Member States affected on ECI

Inform European Commission and ECI owner/operator


Apply operator security plan (OSP) procedure in accordance with

Article 5 and Annex II, and review OSP regularly

Designate security liaison officer (Article 6)

Report to Commission every 2 years on types of risks, threats and vulnerabilities encountered per ECI sector

Classify reports at an appropriate level