Government approves risk assessment of critical infrastructure
On 15 January 2026, the Government approved the national risk assessment of critical infrastructure and resilience of critical entities.
The Finnish Act on the Protection of Infrastructure Critical to Society and on the Improvement of Resilience (the CER Act) entered into force on 1 July 2025. Under the Act, a national risk assessment of critical infrastructure and critical entities must be completed at least every four years.
The assessment examines significant risks to essential services, cross-border dependencies and interdependencies between sectors.
Finnish legislation is based on the EU Critical Entities Resilience Directive (the CER Directive), which requires Member States to identify entities critical to society and strengthen their ability to withstand disruptions and crises. The risk assessment is used to determine which entities are considered critical.
The risk assessment of critical infrastructure and resilience of society is not public. A broader national risk assessment will be published in autumn 2026.
Inquiries:
Ville Autero, Ministerial Adviser, tel. +358 295 488 427, [email protected]
Decision in Finnish Valtioneuvoston päätös SM/2025/97