REC strategy

Critical Entity Resilience Strategy

Based on the provisions of Law no. 294/2024, the strategy in the field of resilience of critical entities includes the following elements:

  1. strategic objectives and priorities, in order to strengthen the general resilience of critical entities, taking into account cross-border and intersectoral dependencies and interdependencies;
  2. the governance framework for the achievement of strategic objectives and priorities, including a description of the roles and responsibilities of the various authorities, critical entities and other parties involved in the implementation of the Strategy;
  3. description of the measures necessary to strengthen the general resilience of critical entities, including a description of the risk assessment, in accordance with Law 294/2024;
  4. description of the process by which critical entities are identified;
  5. description of the process of supporting critical entities in accordance with this chapter, including measures to strengthen cooperation between the public sector, on the one hand, and the private sector and public and private entities, on the other hand;
  6. the list of the main authorities and relevant stakeholders, other than critical entities, involved in the implementation of the Strategy;
  7. the general cooperation framework between CNCPIC, ACS designated under this law and the competent authorities responsible for cyber security and the tasks of supervision and ensuring compliance with measures for a common high level of cyber security, for the purpose of exchanging information on cyber security risks, cyber threats and cyber incidents and non-cyber risks, threats and incidents and the exercise of surveillance tasks;
  8. the description of the measures already in force aimed at facilitating the implementation by small and medium-sized enterprises within the meaning of Law no. 346/2004 regarding the stimulation of the establishment and development of small and medium-sized enterprises, with subsequent amendments and additions, identified as critical entities, as well as their obligations under ch. III of the said law.

Also, the strategy aims to achieve the general framework necessary for a unified and coherent approach to the objective of improving the level of resilience in the reference field, as well as combining the efforts of the authorities and institutions with relevant attributions and responsibilities, and takes into account the current stage of development of the field of resilience of critical entities, the ongoing or planned projects and activities, the experience and international standards in the field, as well as the legal obligations deriving from Romania's status as a member state of European Union.

Through the strategy in the field of resilience of critical entities, coordinates are ensured for the continuous development of the national resilience capacities of critical infrastructures, the harmonization of the internal regulatory framework with the developments recorded at the European and national level, as well as the creation of a mechanism for monitoring the efficiency and impact of the measures proposed thereby, respectively for alignment with complementary provisions from other programmatic instruments, which contribute to the general objective of increasing the resilience of critical entities.