In June 2004, the European Council called for the preparation of a comprehensive strategy for the protection of critical infrastructure. In response to this request, the Commission adopted on 20 October 2004 a Communication on Critical Infrastructure Protection in the fight against terrorism, which sets out suggestions on how to improve the prevention at European level of terrorist attacks on critical infrastructures, and the reaction thereto.
On 17 November 2005, the Commission adopted a Green Paper on a European Critical Infrastructure Protection Program which sets out a set of options for setting up the program and the Critical Infrastructure Alert Network. Reactions to this Green Paper have highlighted the added value of a Community framework on Critical Infrastructure Protection. The need to enhance the capacity to protect critical infrastructure in Europe and to help reduce the vulnerabilities of these infrastructures has been recognized. The importance of the fundamental principles of subsidiarity, proportionality and complementarity, as well as dialogue with stakeholders, has also been highlighted.
In December 2005, the Justice and Home Affairs Council invited the Commission to put forward a proposal for a European Program for the Protection of Critical Infrastructure ("PEPIC") and decided that it should be based on a risk-based approach , giving priority to the terrorist threat. Under this approach, man-made disasters, natural disasters as well as technological threats should be taken into account in the process of protecting critical infrastructure, while prioritizing the fight against terrorism.
In April 2007, the Council adopted conclusions on "PEPIC", in which it reiterated that Member States have the ultimate responsibility to manage critical infrastructure protection measures within their national borders while welcoming the Commission's efforts to develop a European procedure for identifying and designating European Critical Infrastructures ("CEI") and assessing the need to improve their protection.
The Council Directive 2008/114 / EC of 8 December 2008 is a first step in a step-by-step approach to identifying and designating CEIs and assessing the need to improve their protection.
There are a number of critical infrastructures in the Community whose disruption or destruction would have significant cross-border effects. These could include inter-sectoral cross-border effects resulting from the interdependence relationships between interconnected infrastructures. Such ECIs should be identified and designated through a joint procedure. The assessment of the security requirements for such infrastructures should be based on a common minimum approach. Bilateral cooperation systems between Member States in the field of critical infrastructure protection are a constant and effective means of protecting critical cross-border infrastructures. "PEPIC" should rely on this cooperation. Information on the designation of a particular infrastructure as an ECI should be classified at an appropriate level, in accordance with existing legislation in the Community and the Member States.
The implementation at national level of the Community approach on Critical Infrastructure Protection started in 2010 with the transposition into national law of the provisions of the Directive through O.U.G. no. 98 of 3 November 2010 on the identification, designation and protection of critical infrastructures, as amended and supplemented.