The European Programme for Critical Infrastructure Protection (EPCIP) refers to the doctrine and programmes created to identify and protect critical infrastructure that, in case of fault, incident or attack, could seriously impact both the country where it is hosted and at least one other European Member State.
The EPCIP came about as a result of a consultation in 2004 by the European Council, seeking a programme to protect critical infrastructure through its 'Communication on Critical Infrastructure Protection in the Fight against Terrorism'. In December 2004 it endorsed the intention of the European Commission to propose a European Programme for Critical Infrastructure Protection (EPCIP) and agreed to the creation of a European Critical Infrastructure Warning Information Network (CIWIN). In December the European Commission issued its finalised design as a directive EU COM(2006) 786; this obliged all member states to adopt the components of the EPCIP into their national statutes. Not only did it apply to main area of the European Union but also to the wider European Economic Area.
EPCIP also identified National Critical Infrastructure (NCI) where its disruption would only affect a single Member State. It set the responsibility for protecting items of NCI on its owner/operators and on the relevant Member State, and encouraged each Member State to establish its own National CIP programme.