The EU directive on resilience of critical entities — physical and operational resilience baseline for 11 sectors including energy, transport, banking, and digital infrastructure.
Critical entities identified by Member States across 11 sectors.
Continuous evidence pipeline available; audit support included for all customers.
These are the obligations a regulated entity owes — the things an assessor or supervisor will ask about.
Risk assessment of physical and operational threats.
Resilience measures including business continuity and supply chain.
Incident notification to the competent authority.
Background checks for personnel in sensitive roles.
Each requirement above is bound to live telemetry — not screenshots. The mapping below is what your auditor or regulator sees.
Physical and cyber risk overlay — joint posture report.
Incident-notification timer mirroring NIS2 cadence where overlap exists.
Each evidence artifact is signed and timestamped. Auditors can verify integrity without trusting Safeguard.
Resilience plan with measures linked to risk assessment.
Personnel background-check register.
These frameworks share substantial control overlap with EU CER. Customers running one assessment typically satisfy the others with the same evidence base.
European Union
The expanded EU network and information security directive, covering essential and important entities across 18 sectors.
European Union
The EU Cyber Resilience Act — product cybersecurity requirements with CE marking for all products with digital elements sold in the EU.
Bring the framework. We'll walk the controls with you — section by section, evidence packet by evidence packet, with the regulators you actually have to answer to.