1.A breach of security occurs as the result of an act or omission by an individual which is contrary to the security rules laid down in this Decision.
2.Compromise of EUCI occurs when, as a result of a breach of security, it has wholly or in part been disclosed to unauthorised persons.
3.Any breach or suspected breach of security shall be reported immediately to the competent security authority.
4.Where it is known or where there are reasonable grounds to assume that EUCI has been compromised or lost, the competent security authority shall take all appropriate measures in accordance with the relevant laws and regulations to:
(a)inform the originator;
(b)ensure that the case is investigated by personnel not immediately concerned with the breach in order to establish the facts;
(c)assess the potential damage caused to the interests of the EU or of the Member States;
(d)take appropriate measures to prevent a recurrence; and
(e)notify the appropriate authorities of the action taken.
5.Any individual who is responsible for a breach of the security rules laid down in this Decision may be liable to disciplinary action in accordance with the applicable rules and regulations. Any individual who is responsible for compromising or losing EUCI shall be liable to disciplinary and/or legal action in accordance with the applicable laws, rules and regulations.