New EU Regulations Come into Force: What Is the CER Directive?
The year 2026 brings a revolution in the protection of critical infrastructure in the European Union. Alongside the widely discussed NIS2 Directive, the CER Directive (Critical Entities Resilience – Directive (EU) 2022/2557 of the European Parliament and of the Council) is becoming a key pillar of security. While NIS2 focuses on cybersecurity, the CER Directive obliges critical entities to ensure physical and operational resilience against all types of threats – from natural disasters and sabotage to supply chain failures.
In Poland, this process has gathered tremendous momentum. On June 19, 2026, President Karol Nawrocki signed an amendment to the Crisis Management Act, which implements the CER provisions into Polish law. Furthermore, by July 17, 2026, Member States are required to finalize the identification of critical entities in 11 key sectors (including energy, transport, banking, digital infrastructure, healthcare, and food production). For hundreds of enterprises, this means an immediate need to comply with strict resilience standards.
Why DevOps and SysOps Are Key to Resilience?
It might seem that 'physical resilience' and 'crisis management' are the domain of security officers and auditors. Nothing could be further from the truth. Modern critical infrastructure – even physical infrastructure like waterworks or power plants – relies on IT systems, cloud computing, and distributed architecture. It is the DevOps (Development and Operations) and SysOps (System Operations) specialists who possess the skills necessary to translate legal requirements into working technical solutions.
A CER Compliance Engineer is a role that combines regulatory knowledge with hard technical skills. The main tasks in this area include designing systems in such a way that they are resilient to sudden failures of entire data centers or physical damage to infrastructure.
1. Disaster Recovery and Infrastructure as Code (IaC)
Under the CER Directive, a critical entity must be able to restore services immediately after an incident. Traditional backup methods are not enough. This is where DevOps comes in with the Infrastructure as Code (IaC) approach. Tools like Terraform, OpenTofu, or Ansible allow the entire infrastructure to be defined as code. In the event of physical destruction of a server room, an engineer can recreate an identical production environment in another location or cloud in just a few minutes.
2. Multi-Cloud and Hybrid-Cloud Architecture
Ensuring business continuity requires eliminating single points of failure (SPOF). SysOps and DevOps design and maintain geographically distributed architectures. Working on CER compliance requires implementing multi-cloud strategies and hybrid solutions that guarantee a failure of a single cloud provider or physical node will not paralyze operations, such as power distribution systems or banking services.
3. Advanced Monitoring and Observability
According to the new regulations, critical entities must monitor their systems in real-time and immediately report incidents with significant disruptive effects. Implementing and configuring monitoring systems (e.g., Prometheus, Grafana, ELK Stack) and automated alerting systems are classic tasks for SysOps engineers.
What Skills Must a CER Compliance Engineer Have?
If you want to enter this stable and highly paid niche in 2026, you should combine your existing administrative skills with compliance knowledge:
- Knowledge of business continuity standards: Key is the knowledge of the ISO 22301 (Business Continuity Management) standard and related regulatory frameworks (CER, NIS2, DORA for the financial sector).
- Automation and orchestration: Proficiency in Kubernetes, Docker, and CI/CD tools (GitLab, GitHub Actions, Jenkins).
- Backup and replication management: Designing advanced backup policies, testing Disaster Recovery (DR) procedures in real-world scenarios (e.g., Chaos Engineering).
- Communication and auditing: Ability to cooperate with legal departments, auditors, and regulatory bodies (such as the Government Security Centre in Poland).
Why Is This a Stable Niche for Years to Come?
The IT sector has undergone market verification in recent years, and many general roles have lost stability. However, the area of regulatory compliance and critical infrastructure resilience is completely immune to economic turmoil. Entities classified as critical must hire specialists to ensure CER compliance under threat of massive financial penalties. For DevOps and SysOps engineers, this translates to long-term contracts, high rates, and job security.
If you are looking for new challenges and want to see which companies in Poland are already looking for system resilience specialists, visit ITcompare (itcompare.pl). Our job aggregator gathers the latest listings from across the IT and telecommunications market, allowing you to quickly find offers tailored to your unique skills in DevOps, SysOps, and Security Compliance.