Why ERRA?... Go beyond legal compliance...

The EU and the EU-CER Directive^[1] require “…Member States to apply a UNIFORM APPROACH in regulating safety and security of critical infrastructure (called “critical entities” in the new CER directive) and identifying critical entities, while at the same time accounting for specificities at national level, including varying levels of risk exposure and interdependencies between sectors and over borders”. It also asks the critical entities to provide an “EFFECTIVE RESPONSE to the incident”^[2] This practically means that of risk and resilience assessment as well as stress-testing of the critical entities is needed^[3]