The Strategic Consideration of Prison Administrations as Critical Entities and Prisons as Critical Infrastructures: A Necessary Shift in the European Security Policy

Blog Article

Pedro das Neves1

The European Directive on the Resilience of Critical Entities2 3, which came into force on January 16, 2023, represents a significant step in strengthening the security and resilience of critical infrastructures across the European Union4. Member States have until October 2024 to adopt national legislation to transpose this directive that extends and updates the previous European Programme for Critical Infrastructure Protection (EPCIP) and the Directive on European Critical Infrastructures (ECI), aiming to address both physical and digital threats, strengthening the resilience of critical entities against a range of threats, including natural hazards, terrorist attacks, insider threats, or sabotage, as well as public health emergencies.

The directive expands the definition of critical entities5, including a wider range of sectors, such as energy, transport, banking, drinking water, wastewater, production, processing and distribution of food, health, space, financial market infrastructure and digital infrastructure sectors and, in certain aspects, public administration sectors6 that may provide one or more essential services7. This expansion recognises the interconnected nature of modern infrastructures and the potential cascading effects that disruptions can cause. In this context, critical entities are required to undertake thorough risk assessments8 and implement adequate security measures to mitigate these risks. This involves preparing for a range of scenarios, including natural disasters, cyberattacks, and other man-made threats. Furthermore, EU member states must develop, implement, and regularly update national strategies to enhance the resilience of critical entities by establishing appropriate regulatory frameworks and providing guidance and support. The directive also emphasises the importance of cooperation both within each country and across national borders to facilitate the sharing of information, best practices, and mutual assistance in times of crisis.  

The directive is part of a broader effort by the EU to protect its citizens and services from a wide array of risks, ensuring that essential services can continue to operate smoothly even under adverse conditions. While the directive broadly encompasses key sectors from energy to transportation and public services, there is a compelling case to be made for including prison administrations as critical entities and prisons in Europe’s critical infrastructure list.

The rise of transnational organised crime, radicalisation, and violent extremism that leads to terrorism presents profound challenges. Prisons are not merely facilities for confinement; they are nodes in our security network where significant risks and rehabilitation opportunities coexist. The failure to recognise and adequately protect these facilities can lead to dire consequences, not just internally but for society at large.

Firstly, prisons play a pivotal role in containing individuals who pose a significant threat to society. The physical security of these institutions is crucial to ensuring that such individuals do not continue their criminal activities from prison or escape to pose further threats. However, beyond mere containment, prisons are also arenas where the battles against radicalisation and organised crime can be fought through restoration, retribution, incapacitation, deterrence, and effective rehabilitation. Ensuring that these facilities are resilient means not only securing them against internal and external threats but also bolstering them as rehabilitative institutions that can address and mitigate the roots of criminal behaviour and extremism.

Incidents in prisons have ripple effects that resonate well beyond their walls. Security breaches lead to widespread public panic, economic disruption, and a significant loss of public trust in the government’s ability to maintain control and safety. In the EU, where we’ve witnessed the impact of transnational organised crime and terrorism, cross-border security is of paramount importance. The destabilisation of a single member state’s prison system has transnational repercussions, affecting the continent’ security architectures.

Considering prison administration as critical entities and prisons as critical infrastructures also aligns with the broader EU goal of harmonising security standards across member states. The disparity in the security protocols and conditions of detention facilities across Europe is marked. Recognising these facilities as critical infrastructure will necessitate a baseline of resilience that all member states must achieve, thereby elevating security throughout the EU. Investing in the resilience of prison systems is cost-effective. Enhanced security technologies, more effective training for prison staff, better prison intelligence, and the use of evidence-based rehabilitation and desistance approaches, reduces the likelihood of incidents that require expensive emergency responses.

Considering prisons administrations as critical entities and the strategic inclusion of prisons in Europe’s list of critical infrastructures is not merely an administrative adjustment. It is a necessary evolution in our approach to national and continental security. As we witness the complex interplay of organised crime, radicalisation, extremism, and terrorism in the 21st century, our resilience strategies must adapt. By strengthening these institutions against the manifold threats they face, we not only enhance their capacity to function effectively but also safeguard society at large from the cascading effects of their potential failure.

Where does your prison service stand in the overall discussion on the definition of critical entities and critical infrastructures? The time to act is now, ensuring that resilience in the face of evolving threats remains robust and responsive to the needs of a secure, stable Europe.


1 Pedro das Neves is the Chief Executive Officer of IPS Innovative Prison Systems, a research, advisory and technology development firm focusing on the modernisation of correctional services.
2 European Commission website on Critical infrastructure resilience.
3  Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC.
4  Article 2 (4) defines ”critical infrastructure” means an asset, a facility, equipment, a network or a system, or a part of an asset, a facility, equipment, a network, or a system, which is necessary for the provision of an essential service.
5  A public or private entity which has been identified by a Member State in accordance with Article 6 of the directive that may provide one or more essential services; that operates, and its critical infrastructure is located, on the territory of that Member State; and an incident would have significant disruptive effects, as determined in accordance with Article 7(1), on the provision by the entity of one or more essential services or on the provision of other essential services in the sectors set out in the Annex (energy, transport, banking, drinking water, wastewater, production, processing and distribution of food, health, space, financial market infrastructure and digital infrastructure sectors, public administration sector) that depend on that or those essential services.
6  Public administration entities of central governments as defined by Member States in accordance with national law.
7  Article 2 (4) defines “essential service” means a service which is crucial for the maintenance of vital societal functions, economic activities, public health and safety, or the environment.
8  “Critical entity risk assessments shall account for all the relevant natural and man-made risks which could lead to an incident, including those of a cross-sectoral or cross-border nature, accidents, natural disasters, public health emergencies and hybrid threats and other antagonistic threats, including terrorist offences as provided for in Directive (EU) 2017/541”, as stated in article 12 (2) of the directive.

Pedro das Neves has experience in various European, Central Asian, Middle Eastern and Latin American countries in preventing and fighting organised crime and extremism. Pedro is CEO of IPS Innovative Prison Systems and ICJS Innovative Criminal Justice Solutions Inc, a board director of the International Corrections and Prisons Association (ICPA) and editor of the JUSTICE TRENDS Magazine.  He is a lecturer in Intelligence in Penitentiary Systems (identification, prevention, and management of threats) in the Prevention and Management of Penitentiary Security Master Program of UNED University, a joint program of UNED and the General Secretary of Penitentiary Institutions in Spain. 

Like / Share:
More stories
The Evidence Moving Through Prison Walls – What You’re Missing