Why Airport Resilience is Becoming Increasingly Important

Global dynamics are confronting airports with ever-increasing challenges. In the past, there has been a lot of discussion about making airports more resilient. In the context of climate change and political crises, these demands have become louder. The European Union (EU) has reacted to these developments with Directive 2022/2557 and initiated the implementation of essential mechanisms in the national legislation of the member states. The German legislator has followed suit accordingly and presented a draft for the new KRITIS umbrella law in November 2024.

What is the EU Critical Entities Resilience (CER) framework? 

The EU Critical Entities Resilience framework is established by the Critical Entities Resilience Directive (Directive (EU) 2022/2557). It provides a harmonised European legal basis for strengthening the resilience of entities that deliver essential services across the European Union. The directive requires EU Member States to identify critical entities in key sectors, define minimum resilience requirements, and carry out risk assessments covering natural, technological, and human-made hazards. Designated critical entities must implement proportionate technical, organisational, and security measures to prevent, withstand, and recover from disruptions. Attention is given to entities whose disruption would have significant societal, economic, or cross-border impacts, ensuring continuity of essential services for the population.

What does this mean in practice? 

The directive introduces a common EU approach to assessing hazard scenarios and managing critical infrastructure across a broad range of sectors, including energy, transport, health, banking, water supply, and digital infrastructure. Within the transport sector, aviation is explicitly covered, making airports and related operators particularly relevant. Airport operators, service providers, manufacturers, and other involved entities may be required to implement resilience measures, establish resilience plans, and set up reporting and escalation mechanisms based on structured risk assessments. These obligations are linked to the identification and periodic updating of national critical entities lists and aim to ensure the continuity of airport operations and essential aviation services.

What dangers are identified?

Historically established threat scenarios include terrorism, sabotage, and the consequences of geopolitical conflicts, which can directly or indirectly disrupt critical services and infrastructure. In addition, natural hazards such as floods, storms, heatwaves, earthquakes, or pandemics are explicitly considered, with climate change acting as a risk multiplier. Cyberattacks represent another significant and growing threat. 

What else plays a role? 

The European continent is confronted with new conflicts. This in threats related to infrastructure. In the digital era, this includes for example cyberattacks. To strengthen resilience here, the EU has adopted Directive 2022/2555. The so-called NIS-2 Directive (NIS stands for "Network and Information Security") sets out new standards and packages of measures for the protection of digital infrastructure. It thus complements the security culture created by the CER framework. 

How airsight supports you

airsight supports airports and aviation stakeholders in implementing the requirements of the CER and NIS-2 frameworks and in building a robust, future-proof resilience strategy.

Our services include:

• Resilience assessments & gap analyses: Evaluation of your current resilience level against EU directives and national legislation. 

• Risk & vulnerability analysis (CERA): Development of structured, comprehensive risk assessments covering natural, technological and human-made threats. 

• Resilience strategy & planning (CERP): Design of tailored resilience concepts, including contingency planning, redundancies and response strategies. 

• Implementation & reporting structures: Setup of efficient reporting, escalation and monitoring systems to ensure fast and effective response capabilities. 

• Training & awareness: Practical training programs for employees and management to strengthen organisational resilience and security culture. 

• Operational support & audits: Hands-on support during implementation as well as internal audits and preparation for regulatory inspections. 

• Stakeholder & interface consulting: Advisory services for third-party providers within the airport ecosystem (e.g. ground handling, energy, IT) to ensure a holistic resilience approach.

Get in touch with our experts to discuss how your organisation can strengthen its resilience and ensure compliance with upcoming regulations.