Securing Europe’s digital connectivity

November 2024

The European Commission’s Recommendation on Secure and Resilient Submarine Cable Infrastructures has made four recommendations for its member states. These measures focus on both immediate security enhancements and long-term infrastructure development, with an emphasis on cooperation between member state governments.

National risk assessments and stress testing

The first recommendation calls on member states to conduct national risk assessments on their submarine cable infrastructure. These assessments are vital for mapping out existing cables, identifying vulnerabilities, and evaluating cybersecurity and physical risks. For Ireland, conducting such assessments is essential due to its dependence on submarine cables for communication and economic activities, especially its financial services sector, which relies on stable international data connections.

These risk assessments, the recommendation asserts, should not only focus on physical security – such as the risk of sabotage or natural disasters – but also address cybersecurity vulnerabilities in the infrastructure. Cyber threats, especially from state-sponsored actors, are cited as posing a significant risk to the confidentiality and integrity of data transmitted through these cables.

To complement risk assessments, the recommendation advises member states to carry out regular ‘stress testing’ of entities operating these cables. Stress testing, the recommendation states, can help identify weaknesses in infrastructure resilience under various threat scenarios, such as cyberattacks or physical damage to cables.

High security standards

The recommendation advocates for implementing high security standards for submarine cable infrastructure, regardless of ownership. In particular, member states should “adopt defence-level standards where relevant, especially in sensitive areas like national security”. These standards encompass both physical security – protecting the cables from sabotage or accidental damage – and cybersecurity, ensuring data transmitted through the cables is secure from interception or manipulation.

Additionally, the recommendation suggests reinforcing obligations on suppliers and operators under the EU’s Network and Information Systems (NIS 2) Directive. This could include obligating companies to provide detailed information to national authorities on any planned changes to the cables and requiring IT systems used for cable management to undergo security testing. For national governments, this would require enhanced cooperation between private sector cable operators and public security agencies, ensuring that potential threats are addressed collaboratively and proactively.

Fast-tracking of permit procedures

The third recommendation focuses on streamlining administrative processes related to the planning, acquisition, construction, maintenance, and repair of submarine cables. Given the critical role these cables play, delays in obtaining permits for repairs or new construction could leave vital infrastructure vulnerable for extended periods. The recommendation advises member states to process permit applications as efficiently as possible, using online systems to expedite procedures.

The recommendation also proposes granting submarine cables the status of “overriding public interest” in national law, allowing for faster approvals under environmental and spatial planning regulations.

For Ireland, this would mean that, in the event of environmental considerations, maintaining the functionality of these cables would take precedence, ensuring swift action when needed. Planning and Development Act 2024 – signed in to law on 17 October, 2024 – which includes mechanisms for simplifying development consent processes and emphasises the need for efficient planning around critical infrastructures such as cables, wires, and pipelines in both land and maritime contexts.

Information sharing and international cooperation

The final recommendation encourages cross-border cooperation and information sharing among EU member states. Given the international nature of submarine cables, a coordinated European approach is vital. Member states are advised to exchange best practices, threat intelligence, and incident response strategies to enhance the collective resilience of the EU’s digital infrastructure.

This recommendation aligns with Ireland’s broader role within the EU as a key player in transatlantic connectivity. Ireland is not only connected to other EU member states but also to North America, making it strategically important in global data transmission. By actively participating in EU-wide information sharing initiatives, Ireland can contribute to – and benefit from – a collective pool of knowledge on emerging threats and mitigation strategies.

What this means for Ireland

For Ireland, the European Commission’s Recommendation on Secure and Resilient Submarine Cable Infrastructures is crucial given the State’s reliance on international digital connectivity and its potential role as a transatlantic data hub as the Government aims to expand use of data centres. It would further enable the Government to meet its goals under the National Cyber Security Strategy 2019–2024, which prioritises protecting critical infrastructure, including submarine cables.

Under the Government’s broad goals for digital connectivity and subsequent economic growth, under the framework of Project Ireland 2040, alignment with the EU’s proposals would allow Ireland to secure a direct submarine cable link with the European Union – something which was lost upon Britain’s exit from the EU in 2020 – and reduce the extent to which the economy is dependent on Britain.

Related Articles

How Ireland can capitalise on its connected future and lead on AI

Ireland’s digital infrastructure continues to expand

Fexco: Enhancing public sector transformation through advisory excellence

Making Ireland a digital ‘gateway to Europe’