Digital transformation is accelerating the digital reliance of critical economic and social activities. In parallel, digital security threats have been growing in number and sophistication. Many governments are anticipating a greater occurrence and severity of digital security incidents affecting critical activities in the coming years, potentially leading to large-scale disasters.
This situation pushes governments to adopt policies that strengthen digital security of critical activities. However, such policies should not undermine the benefits from digital transformation in critical sectors through constraints that would inhibit innovation or unnecessarily restrict the use, dynamic nature and openness of digital technologies.
Adopted in December 2019, the OECD Recommendation on Digital Security of Critical Activities sets out a range of policy recommendations to ensure that policies targeting operators of critical activities focus on what is critical for the economy and society without imposing unnecessary burdens on the rest. These recommendations support adherents in:
The Recommendation also clarifies how this public policy area relates to broader national risk management/critical infrastructure protection policy.
Background
This Recommendation updates and replaces the 2008 Recommendation on the Protection of Critical Information Infrastructures (CIIP). As the first international legal instrument in this area, the CIIP Recommendation played a key role to raise awareness about the need to develop policies to protect critical information infrastructure. In 2017, the review of the CIIP Recommendation concluded that there was a need to update it in order to:
The resulting 2019 Recommendation on Digital Security of Critical Activities provides guidance on how to implement the 2015 Recommendation on Digital Security Risk Management for Economic and Social Prosperity to maintain the continuity, resilience and safety of critical activities without inhibiting the benefits from digital transformation.
Further reading
Related OECD legal instruments
Documents connexes