THE COUNCIL OF THE EUROPEAN COMMUNITIES,

Having regard to the Treaty establishing the European Economic Community, and in particular Article 235 thereof,

Having regard to the proposal from the Commission1,

Having regard to the opinion of the European Parliament2,

Having regard to the opinion of the Economic and Social Committee3,

Whereas the Community has as its task, by establishing a common market and progressively approximating the economic policies of the Member States, to promote throughout the Community a harmonious development of economic activities, a continuous and balanced expansion, an increase in stability, an accelerated raising of the standard of living and closer relations between the Member States;

Whereas information stored, processed and transmitted electronically plays an increasingly important role in economic and social activities;

Whereas the advent of efficient global communications and the pervasive use of electronic handling of information emphasizes the need for adequate protection;

Whereas the European Parliament has repeatedly stressed the importance of the security of information systems in its debates and resolutions;

Whereas the Economic and Social Committee has emphasized the need to address issues relating to the security of information systems in Community forms of action, particularly in view of the impact of the completion of the internal market;

Whereas forms of action at national, international and Community levels provide a good basis;

Whereas there is a close link between telecommunications, information technology, standardization, the information market and research, development and technology (RDT) policies, as well as the work already undertaken in these areas by the Community;

Whereas it is appropriate to ensure that efforts are concerted by building on existing national and international work and by promoting cooperation between the principal parties concerned; whereas it is therefore appropriate to proceed within the framework of a coherent action plan;

Whereas the complexity of the security of information systems calls for the development of strategies to enable the free movement of information within the single market while ensuring the security of the use of information systems throughout the Community;

Whereas it is the responsibility of each Member State to take into account the constraints imposed by security and public order;

Whereas the responsibilities of the Member States in this area imply a concerted approach based on close collaboration with senior officials of the Member States;

Whereas provision should be made for a plan of action for an initial period of twenty-four months and the setting-up of a Committee of Senior Officials with a long-term mandate to advise the Commission on forms of action in the area of security of information systems;

Whereas an amount of ECU 12 million is considered necessary to implement the action for an initial period of twenty-four months; whereas for 1992, in the context of the present financial perspective, the amount estimated necessary is ECU 2 million;

Whereas the amounts to be committed in order to finance the programme for the period following the 1992 budget year will form part of the existing Community financial framework,

HAS DECIDED AS FOLLOWS: