Ensure compliance and resilience with expert guidance on critical cybersecurity and operational regulations
Organizations across industries must comply with a range of cybersecurity and operational regulations depending on their sector and scope. These include the Critical Entities Resilience Directive (CER), the Radio Equipment Directive (RED), the EU Machinery Regulation (EU MR), and the North American Electric Reliability Corporation Critical Infrastructure Protection standards (NERC-CIP). At DNV Cyber, we help businesses navigate these complex requirements with confidence - ensuring resilience, compliance, and operational excellence.
Critical Entities Resilience Directive (CER)
The Critical Entities Resilience Directive (CER) aims to enhance the resilience of critical infrastructure against various threats such as natural hazards, terrorist attacks, insider threats, or sabotage. CER replaces the 2008 European Critical Infrastructure Directive with a broader scope and focuses on reducing vulnerabilities and enhancing the resilience of critical entities. CER applies to a range of entities deemed critical due to their essential role in providing crucial services for the maintenance of vital societal functions or economic activities within the European Union.
Radio Equipment Directive (RED)
The Radio Equipment Directive (RED) covers any radio equipment that can communicate over the internet. It sets requirements for safety and health, electromagnetic compatibility, and radio spectrum efficiency. The RED has been in effect since June 2016 and is expected to be amended to include cybersecurity requirements. These requirements will cover network protection, personal data privacy, and reducing the risk of fraud.
EU Machinery Regulation (EU MR)
The EU Machinery Regulation (EU MR) is part of the EU legislation on product safety. It aims to harmonize health and safety requirements for machinery in all member states. The regulation includes new mandatory Essential Health and Safety Requirements (EHSR) that need to be complied with, addressing both physical and digital components, including software. The regulation impacts manufacturers producing machinery on the EU market and includes a transition period until January 14, 2027.
North American Electric Reliability Corporation – Critical Infrastructure Protection (NERC-CIP)
The NERC-CIP standards are a set of cybersecurity requirements developed to protect the electric system in North America. These standards focus on securing critical cyber assets that support reliable operation of the electric grid. NERC-CIP covers areas such as personnel training, electronic security perimeters, incident response, and system recovery. While primarily applicable to North American entities, NERC-CIP principles are increasingly referenced in global energy projects and cybersecurity advisory services, especially where cross-border infrastructure or best practice alignment is required.
Safeguarding your company, operations, and resilience is crucial for long-term success. To comply with regulations, it's essential to have a structured approach and to embed resilience throughout your operations.
