THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty establishing the European Community, and in particular Article 157(3) thereof,

Having regard to the proposal from the Commission(1),

Having regard to the opinion of the European Economic and Social Committee(2),

Having regard to the opinion of the Committee of the Regions(3),

Acting in accordance with the procedure set out in Article 251 of the Treaty(4),

Whereas:

(1) On 23 and 24 March 2000 the Lisbon European Council set the objective of making the European Union the most competitive and dynamic knowledge-based economy in the world and stated the need to use an open method for the coordination of measurement of progress.

(2) On 19 and 20 June 2000, the Feira European Council endorsed the eEurope 2002 action plan and especially underlined the necessity to prepare longer-term perspectives for the knowledge-based economy encouraging the access of all citizens to the new technologies and on 30 November 2000 the Internal Market Council defined a list of 23 indicators to measure progress of the eEurope 2002 action plan.

(3) On 28 May 2002, the Commission published a communication addressed to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions entitled ‘eEurope 2005: An information society for all’, and the Seville European Council endorsed the general objectives of the action plan on 21 and 22 June 2002.

(4) On 22 January 2001, the Commission published a communication addressed to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions entitled ‘Creating a safer information society by improving the security of information infrastructures and combating computer-related crime’.

(5) The conclusions of the Stockholm European Council of 23 and 24 March 2001 contained a request that the Council, together with the Commission, develop a comprehensive strategy on the security of electronic networks including practical implementing action. The communication on ‘Network and information security: Proposal for a European policy approach’ of 6 June 2001 was the initial Commission response to this request.

(6) The Council resolution of 30 May 2001 on the eEurope action plan: Information and network security, the Council resolution of 28 January 2002 on a common approach and specific actions in the area of network and information security(5), the Council resolution of 18 February 2003 on a European approach towards a culture of network and information security(6) and the European Parliament resolution of 22 October 2002 on network and information security: proposal for a European policy called upon Member States to launch specific actions to enhance the security of electronic communication networks and information systems. The European Parliament and the Council further welcomed the Commission's intentions to develop, inter alia, a strategy for a more stable and secure operation of the Internet infrastructure and to make a proposal for the establishment of the future structure at European level for network and information security issues.

(7) The eEurope 2005 action plan, confirmed in this respect by the Council resolution of 18 February 2003, proposes, inter alia, the establishment of the future structure at European level for network and information security issues.

(8) The move towards the information society can, by introducing new forms of economic, political and social relations, help the European Union to cope with the challenges of this century, and can contribute to growth, competitiveness and job creation. The information society gradually reorganises the nature of economic and social activity and has important cross-sectorial effects in hitherto independent areas of activity. The measures necessary for its implementation should take into account the economic and social cohesion of the Community and the risks associated with a digital exclusion as well as the efficient functioning of the internal market. The actions of the European Union and of the Member States in relation to the information society aim to promote further the participation of disadvantaged groups in the information society.

(9) There is a need for the establishment of mechanisms for monitoring and for the exchange of experiences which will enable Member States to compare and analyse performances and review progress in relation to the eEurope 2005 action plan.

(10) Benchmarking allows Member States to assess whether the national initiatives that they have taken in the framework of the eEurope 2005 action plan are producing results that can be compared with those in other Member States, as well as internationally, and are fully exploiting the potential of the technologies.

(11) Action by Member States in the framework of the eEurope 2005 action plan can be further supported by disseminating good practices. The European added value in the area of benchmarking and good practices consists of the comparative evaluation of results of alternative decisions, measured by a common methodology of monitoring and analysis.

(12) There is a need to analyse the economic and societal consequences of the information society with a view to facilitating policy discussions. This will allow Member States better to exploit the economic and industrial potential of technological development, in particular in the area of the information society.

(13) Network and information security has become a prerequisite for further progress towards a secure business environment. The complex nature of network and information security implies that, in developing policy measures in this field, local, national and, where appropriate, European authorities should take into account a range of political, economic, organisational and technical aspects, and be aware of the decentralised and global character of communication networks. The planned establishment of the future structure at European level for network and information security issues would enhance the Member States' and the Community's ability to respond to major network and information security problems. Preparatory work needs to commence as early as 2003.

(14) Since the activities mentioned above pursue the objectives of promoting synergies and cooperation between Member States, countries of the European Economic Area, applicant and candidate countries as well as the associated countries of central and eastern Europe, the Commission could in future encourage further involvement of these countries in the activities of the programme.

(15) This Decision lays down, for the entire duration of the programme, a financial framework constituting the prime reference, within the meaning of point 33 of the Interinstitutional Agreement of 6 May 1999 between the European Parliament, the Council and the Commission on budgetary discipline and improvement of the budgetary procedure, for the budgetary authority during the annual budgetary procedure.

(16) The measures necessary for the implementation of this Decision should be adopted in accordance with Council Decision 1999/468/EC of 28 June 1999 laying down the procedures for the exercise of implementing powers conferred on the Commission(7).

(17) The progress of this programme should be continuously monitored,

HAVE ADOPTED THIS DECISION: