You are a digital security officer for the European External Action Service (EEAS). A new directive requires your team to enhance cybersecurity resilience against major disruptions across the EU's critical digital infrastructure. Which of the following frameworks is the primary EU legislative instrument specifically designed to mandate strict security and reporting requirements for operators of essential services and digital providers to achieve this resilience?