25-26-27 March 2025 - Consultation Visit to Georgia

Overview

From 25 to 27 March 2025, the P101 project team conducted its consultation visit to Georgia, engaging with a wide range of national authorities involved in critical infrastructure (CI) protection and CBRN risk management. The visit was facilitated in close coordination with Georgia’s National Focal Point and included a series of in-depth technical and strategic discussions with ministries, agencies, and specialized institutions.

Strategic Meetings and Stakeholder Engagement

The mission began at the National Security Council (NSC), where Georgian representatives presented the ongoing CI reform process. Georgia is currently developing its national criteria for CI identification and protection, seeking tailored approaches that reflect national priorities. While a draft framework exists, the process remains ongoing and deliberately measured to ensure accuracy and stakeholder consensus. Georgian counterparts expressed interest in P101's potential to support the definition of CI criteria and methodologies for risk assessment, as well as to contribute to legal and institutional reform aligned with EU Directive 2022/2557.

Legal and Institutional Reform

The legal component of the visit focused on understanding Georgia’s current regulatory landscape. Georgia’s existing framework includes CI elements across multiple sectoral laws, although there is currently no unified CI law. Stakeholders expressed interest in using P101 to help shape future legislation, particularly in the areas of physical security and chemical safety. There was consensus on the need to harmonize national laws with EU standards and to clarify institutional responsibilities, especially regarding inspections and oversight.

Cybersecurity and Digital Infrastructure

Cybersecurity was a central theme throughout the visit. Meetings with the State Security Service of Georgia (SSSG), the Ministry of Defence, and digital governance institutions revealed a mature cybersecurity ecosystem. Georgia has advanced capabilities in operational technology (OT), industrial control systems (ICS), and SCADA systems. Stakeholders shared that they follow NIST and IEEE standards and have strong national strategies in place. While training on basic cyber hygiene is not required, there is a demand for advanced, tailored trainings—particularly in OT environments, security-by-design, and cyber-biosecurity. Georgia also signaled openness to knowledge exchange with other partner countries under P101.

CBRN Infrastructure and Sectoral Visits

The delegation visited key facilities including the Lugar Center and Georgia’s nuclear and radioactive waste management sites. Discussions with the Agency for Nuclear and Radiation Safety confirmed Georgia’s proactive stance on radiological safety, licensing, and inspections. The Ministry of Environmental Protection and Agriculture shared its role in policy enforcement related to chemical and environmental risks, although it clarified that certain safety-related responsibilities fall under other ministries. Chemical safety and waste management were identified as areas needing further coordination and clearer regulatory ownership.

Biological Risk Management and Health Security

At the Lugar Center, the team engaged with experts from the public health and biosafety sectors. Stakeholders raised specific questions regarding the classification of biological storage facilities and anthrax burial sites as critical infrastructure. The importance of developing biosecurity legislation was highlighted, with P101 seen as a valuable mechanism for identifying regulatory gaps and supporting capacity-building. The facility tour demonstrated Georgia’s existing strengths in laboratory safety and its commitment to high standards in biosafety.

Challenges and Opportunities

While Georgia is advanced in many technical domains, stakeholders acknowledged gaps in legislative consolidation and CI designation—particularly for the chemical and biological sectors. Participants emphasized the need for tailored support rather than generic capacity-building, particularly in advanced cybersecurity practices and risk-based regulatory development. The topic of digital twins was addressed diplomatically, with Georgian authorities expressing reservations about sharing sensitive infrastructure data and emphasizing the need for national control over critical information.

Conclusions and Next Steps

The consultation concluded with a wrap-up session at the State Security Service. Georgian stakeholders reaffirmed their interest in continued cooperation under P101 and welcomed the project’s potential contributions to national security reforms. Priorities identified for follow-up include expert recruitment, legislative drafting, targeted training, and institutional coordination. The Georgian authorities emphasized their ambition to remain a regional leader in CBRN management and acknowledged the strategic value of P101 in supporting this objective. The visit laid a solid foundation for long-term collaboration, mutual learning, and technical exchange under the EU CBRN CoE framework.