When infrastructure becomes critical

This distinction is not semantic. It reflects a fundamental difference in how assets interact with the systems around them, and therefore a fundamental difference in how they should be assessed, managed, and valued. Some important structural characteristics below help to define what criticality means in practice.

• Non-substitutability: Services cannot be rerouted or replaced quickly. Any disruption creates immediate pressure on dependent systems.
• System dependency: Assets sit within interconnected networks e.g., energy, transport, water, and digital. Failure in one propagates through others.
• Societal reliance: Essential public functions depend on continued operation. Failure affects public safety, economic activity, and political confidence.
• Continuity expectation: Minimal tolerance for downtime exists even under extreme conditions. Restoration alone is insufficient, and continuity is the standard.
• State interest: Governments have a direct stake in performance. This introduces regulatory oversight, reporting obligations, and potential intervention.

These characteristics define not just how critical infrastructure behaves under disruption, but how it must be priced and governed across the investment lifecycle.

For infrastructure investors, criticality alters the underlying logic of how assets are evaluated, managed, and valued over time. Traditional investment models are built on the assumption that risk can be contained, performance optimised, and disruption absorbed within the boundaries of the asset. Critical infrastructure does not behave that way.

The implications are structural. Criticality changes how risk is understood, how resilience is defined, how ownership is exercised, and how value is protected over long holding periods.

1. Risk is no longer contained within the asset

Infrastructure risk models are built around the asset itself, i.e. its age, condition, exposure to specific hazards and contractual protection. These models are effective when the consequences of failure are largely contained within the asset boundary. They are far less effective when the asset is embedded within a wider system of dependencies.

Critical infrastructure assets are, by definition, system embedded. A single node sits within multiple layers of interconnection, where disruption can propagate across sectors and geographies. Failure is no longer a discrete event but a trigger for wider system degradation. To continue to model risk at the asset level may underestimate both the likelihood and the consequence of disruption. The scenarios that matter most are those in which a localised failure leads to wider systemic impact. These require network-level analysis, dependency mapping, and an understanding of cascade pathways that are not yet standard in infrastructure due diligence.

2. Resilience is a performance standard rather than a cost

In infrastructure management, resilience is often framed as a defensive measure, such as hardening assets against known hazards, building redundancy, and maintaining emergency response capability. In this context, it is treated as a cost, justified by its ability to reduce the probability or severity of adverse events.

For critical infrastructure, resilience is not an adjunct to performance but rather a core component. The expectation is now that assets maintain continuity during disruptions rather than recover after failure. This distinction is fundamental. Assets that cannot demonstrate this capability will face increasing regulatory pressure, potential licence constraints, and ultimately questions about their long-term viability. From an investor perspective, this directly affects downside risk, capital allocation, and the durability of returns.

3.Ownership implies stewardship

When an asset is designated as critical, ownership carries an implicit public dimension. Investors are no longer simply providers of capital to a commercial operation. They are stewards of services on which societies and economies depend.

This introduces expectations that extend beyond contractual and regulatory compliance. It shapes how assets are operated in normal conditions, how disruption is managed, how information is shared with authorities, and how decisions are made when commercial and public interests are not perfectly aligned. The gap between how investors traditionally frame their role and how it is increasingly perceived by regulators and governments is not merely conceptual. It is a source of political, regulatory, and operational risk that can crystallise quickly under stress conditions.

4.Regulation is becoming a condition of operation

The CER Directive and the broader trajectory of critical infrastructure regulation point towards a shift in how regulation functions. It is no longer simply a set of compliance requirements but rather increasingly a framework through which the licence to operate is defined and maintained.

This shift is already visible in sectors undergoing structural transition, such as energy, and is emerging in others, including water and digital infrastructure. For investors, this changes the role of regulatory engagement. It needs to be treated as a strategic discipline, integrated into investment decision-making and asset management.

Criticality is not a regulatory category to be monitored at arm’s length. It is an investment lens that needs to be embedded across the full lifecycle, from acquisition through asset management to portfolio construction.

At the due diligence stage, the starting point is systemic position, not just asset condition. What does this asset depend on? What depends on it? How does failure propagate outward, and how do failures elsewhere propagate inward? These questions require dependency mapping and cascade risk analysis alongside the standard financial and technical review. The regulatory trajectory under frameworks such as CER should be assessed with the same rigour as revenue assumptions, including designation status, likely obligations, and the capital expenditure required for compliance. Where resilience maturity is low, this is not a manageable gap to be noted in the risk register but rather a capital requirement that should be reflected in acquisition pricing.

At the asset management stage, resilience needs to sit alongside EBITDA and operational efficiency as a reported performance metric. This requires the establishment of clear indicators, including continuity performance under stress events, progress against multi-hazard risk assessments, dependency exposure, and regulatory readiness. It also requires investment in adaptive capacity, specifically the internal capability to identify emerging threats early and respond before they escalate into incidents. Regulatory engagement should be active and strategic, rather than reactive.

At the portfolio level, the key question is systemic concentration, and conventional sector diversification does not fully address it. A portfolio spread across energy, transport, and digital assets may appear well diversified until the dependencies between those assets and the shared critical systems underpinning them are mapped. Portfolio-level dependency mapping should be more commonly carried out.