Read and download

Digital transformation is accelerating the digital reliance of critical economic and social activities while digital security threats are growing in number and sophistication.

Many governments are anticipating a greater occurrence and severity of digital security incidents affecting critical activities in the coming years, potentially leading to large-scale disasters.

This situation pushes governments to adopt policies that strengthen digital security of critical activities. However, such policies should not undermine the benefits from digital transformation in critical sectors through constraints that would inhibit innovation or unnecessarily restrict the use, dynamic nature and openness of digital technologies.

The OECD Recommendation on Digital Security of Critical Activities sets out a range of policy recommendations to ensure that policies targeting operators of critical activities focus on what is critical for the economy and society without imposing unnecessary burdens on the rest.

These recommendations support adherents in: (i) adapting their overarching policy framework; (ii) promoting and building trust-based partnerships; and (iii) improving co-operation at the international level.

The Recommendation also clarifies how this public policy area relates to broader national risk management/critical infrastructure protection policy.

This Recommendation updates and replaces the 2008 Recommendation on the Protection of Critical Information Infrastructures (CIIP Recommendation), which was the first international legal instrument in this area. The review of the CIIP Recommendation concluded on the need to ensure coherence with the 2015 OECD Recommendation on Digital Security Risk Management for Economic and Social Prosperity.