Strategy for Strengthening the Resilience of Critical Entities

In response to the evolving threats likely to affect the country's vital functions, the Government has adopted a national strategy aimed at sustainably strengthening the resilience of critical entities and ensuring the continuity of essential services.

The National Strategy for Strengthening the Resilience of Critical Entities constitutes the national reference framework for implementing European Directive (EU) 2022/2557, transposed into national law by the Law of 5 May 2026 on the resilience of critical entities. It builds upon the National Protection Concept and the National Resilience Strategy through a whole-of-government approach covering all sectors and risks.

In an environment characterised by multiple, interconnected, and evolving threats, the strategy aims to strengthen Luxembourg's capacity to prevent, absorb, manage, and overcome major disruptions affecting essential services and critical infrastructure. Within a structured framework, it organises the coordinated implementation of legal requirements through a multiannual strategic resilience cycle.

It reflects a shift towards a systemic approach encompassing the entire resilience cycle: prevention, preparedness, crisis management, and recovery. In this regard, it defines strategic orientations and structural measures. It recognises critical entities, through their provision of essential services, as key actors in maintaining vital societal functions and safeguarding the vital interests and essential needs of the country and its population.

The strategy is based on clear principles. An entity is designated as critical only where the failure of its infrastructure is liable to trigger a crisis within the meaning of the National Protection Concept. The criticality criteria therefore make it possible to assess both the strategic importance of the infrastructure concerned and their potential impact on the functioning of the country.

Its implementation relies on a coordinated governance framework involving the competent authorities responsible for the resilience of critical entities (CER) and, where appropriate, cybersecurity (NIS2), as well as sectoral and functional authorities and the critical entities themselves.

The strategic orientations notably aim to:

• strengthen risk management and crisis anticipation; consolidate the national crisis management cycle; strengthen cooperation between public and private actors; sustainably develop a culture of resilience; strengthen systemic resilience in relation to critical dependencies and interdependencies.

In order to translate these orientations into concrete action, the strategy includes measures aimed at strengthening the overall resilience of critical entities, primarily led by public authorities:

• establishing a national strategic resilience cycle; improving risk assessment; mapping dependencies and interdependencies; prioritising critical infrastructure; identifying strategic stock requirements; strengthening the cyber-physical resilience of critical infrastructure; harmonising background check regimes; developing resilience skills and practices; strengthening public-private cooperation.

Through this strategy, the Government reaffirms its commitment to sustainably strengthening national resilience in the face of crises and protecting the essential services necessary for the functioning of society and the economy.