Have technical questions or need support for your physical security installation? View new support portal instructions
Want to access technical documentation and software downloads for our physical security products?
Have technical questions or need support for your physical security installation?
View new support portal instructions
April 17, 2025
Daily reminders of the importance of safeguarding national critical infrastructure are ever present, whether it’s a fire at an electrical substation or an attack on a nuclear power plant or water utility. The ramifications of these events are rarely localized – effects can be felt nationally and internationally. In response, there has been a raft of new regulations and directives recently introduced around the world, all with the objective of strengthening the resilience of critical infrastructure, in an increasingly interconnected world.
In the European Union (EU), the Critical Entities Resilience (CER) Directive will come into force across all Member States in July 2026 and applies to organizations and bodies responsible for sectors including energy, water, transport, banking and health. The aim is to ensure the necessary resilience-enhancing measures are in place to better prevent, respond and mitigate incidents (such as natural hazards, terrorist attacks, insider threats and sabotage) from disrupting the provision of essential services. This new directive sits alongside NIS2 (Network and Information Systems Directive II) which came into force in October last year to uphold the cyber defenses of 18 critical sectors across the EU.
At a national level, the work being done in Germany with its KRITIS umbrella law is helping lay the blueprint for CER compliance. This landmark regulation (which became law in October 2024) requires operators of critical facilities to have conducted risk assessments and implemented sufficient measures to bridge any gaps.
Organizations that must comply with these new laws and directives already place a premium on physical security and are making significant investments in CCTV, access control, perimeter protection (increasingly including the use of 3D LiDAR detection), sensors and alarms, etc. The challenge for many of these organizations is not necessarily the physical security infrastructure, but how it works as an ecosystem.
To be as effective as possible at preventing and mitigating incidents, as well as reporting them in a timely manner (a specific requirement of KRITIS), control rooms and operators need to have the information from these systems presented to them in a way that enables them to take the right action at the right time.
KRITIS requires organizations to deploy suitable and appropriate technical, security-related and organizational measures to ensure resilience but stops short of detailing specific requirements. As a consequence, there has been a lot of spending on new technologies, but adding more cameras, alarms and sensors does not in itself improve the ability to detect, respond and report incidents, or aid compliance.
Given the emphasis KRITIS in particular places on incident recording and reporting and the fact that organizations have been given guidelines to deploy suitable measures, rather than shopping lists for compliance, it is clear that what is being sought is a holistic ecosystem approach.
This is a challenge when systems (old and new) are not integrated or optimized to work in this way. To put it simply, they can’t talk to each other. In many cases, organizations already have many pieces of the puzzle, but what they are often missing is the integration and actionable layer that connects the dots, giving them the insight to know what is going on and having the ability to orchestrate an appropriate response.
It is for this reason that organizations have been taking a closer look at the approaches adopted by those in other heavily regulated sectors and specifically their use of holistic management systems – whether that is a video management software (VMS) system for more camera-centric operations, or a physical security incident management (PSIM) system. Both of these can provide the system integration and workflows that enable incidents to be handled quickly and efficiently, but also provide the recording, reporting, reconstruction and reply that will aid compliance.
Physical security resilience regulation, whether at an international or national level, provides important clarity and guidance; however, legislative processes are typically slow to adapt. The threat landscape is continually evolving and organizations responsible for providing critical utilities and protecting vital assets must be nimble in their ability to keep the lights on and the pipelines flowing.
Physical security for critical infrastructure is a fundamental aspect of national security and public safety. HxGN dC3 – Hexagon‘s comprehensive portfolio of physical security solutions – is perfectly suited to meet the demanding requirements in highly regulated environments and critical infrastructure industries. It enables a holistic physical security technology ecosystem that orchestrates the entire lifecycle of an event or incident to minimize its impact as much as possible.
Discover more
Sunil Mudholkar is the VP of product, physical security, for Hexagon’s Safety, Infrastructure & Geospatial division. Based in Boston, he has almost 20 years of product management experience and leads Hexagon’s physical security product team, including developing the roadmap and strategy along with a talented global team of product managers.
