ARTICLE
7 November 2024

Irish Government Implements Critical Entities Directive Into Irish Law

M
Matheson

Contributor

Established in 1825 in Dublin, Ireland and with offices in Cork, London, New York, Palo Alto and San Francisco, more than 700 people work across Matheson’s six offices, including 96 partners and tax principals and over 470 legal and tax professionals. Matheson services the legal needs of internationally focused companies and financial institutions doing business in and from Ireland. Our clients include over half of the world’s 50 largest banks, 6 of the world’s 10 largest asset managers, 7 of the top 10 global technology brands and we have advised the majority of the Fortune 100.
On 25 October 2024, the Irish Government promulgated the European Union (Resilience of Critical Entities) Regulations 2024 SI 559/2024 (the "Regulations").
Ireland Government, Public Sector

On 25 October 2024, the Irish Government promulgated the European Union (Resilience of Critical Entities) Regulations 2024 SI 559/2024 (the "Regulations"). This statutory instrument implements the Critical Entities Resilience Directive (EU) 2022/2557 and aims to strengthen the resilience of so-called "critical entities" in Ireland, ensuring they can withstand and recover from various disruptions.

Key Highlights of the Regulations:

Scope and Application: The regulations will apply to a wide range of critical entities which have been designated as such by a competent authority (or which fall into the categories listed in the Regulations). It will include entities in the banking sector, energy, transport, and health services. Competent authorities must decide which entities they supervise should be counted as critical entities within 21 months of the entry into force of the Regulations, and those entities will be notified of their designation within one month of identification being made by a competent authority. The requirements then apply to critical entities from the date 10 months after their notification.

  1. National Strategy: A National Strategy on the Resilience of Critical Entities will be developed to provide a comprehensive framework for enhancing the resilience of these entities. This strategy will include risk assessments, identification of critical entities, and measures to improve their resilience.
  2. Competent Authorities: The regulations designate sector-specific competent authorities responsible for overseeing the implementation of the regulations. These existing regulators will have the power to conduct inspections, enforce compliance, and issue guidance to critical entities.
  3. Background Checks: The Regulations allow for the Minister to provide for circumstances in which a designated critical entity to carry out background checks, including criminal record checks.
  4. Incident Notification: Critical entities are required to notify the competent authorities of any incidents that could significantly disrupt their operations. This will enable timely responses and mitigate the impact of such incidents.
  5. Cooperation with Other Member States: The Regulations emphasize the importance of cooperation with other EU member states to enhance the resilience of critical entities across Europe. This includes sharing information, conducting joint risk assessments, and participating in advisory missions.
  6. Penalties and Enforcement: The Regulations outline penalties for non-compliance, including fines and other enforcement measures. Competent authorities are empowered to take necessary actions to ensure compliance and protect the public interest.

Conclusion

The Regulations represent a significant step in the Irish cybersecurity regulatory landscape, towards enhancing the resilience of critical entities. Any overlap with DORA and NIS 2 appears to be dealt with by way of a broad carve-out for entities already within the scope of that legislation, but the precise implementation remains to be seen.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Find out more and explore further thought leadership around Government Regulation and Public Sector Law

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More