THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 249 thereof,
Having regard to the Treaty establishing the European Atomic Energy Community, and in particular Article 106 thereof,
Having regard to the Protocol No 7 on the Privileges and Immunities of the European Union annexed to the Treaties, and in particular Article 18 thereof,
Whereas:
(1) The Commission's security provisions regarding the protection of European Union Classified Information (EUCI) need to be reviewed and updated, taking into account institutional, organisational, operational and technological developments.
(2) The European Commission has entered into instruments on security matters for its principal sites with the governments of Belgium, Luxembourg and Italy(1)
(3) The Commission, the Council and the European External Action Service are committed to applying equivalent security standards for protecting EUCI.
(4) It is important that, where appropriate, the European Parliament and other Union institutions, agencies, bodies or offices, are associated with the principles, standards and rules for protecting classified information which are necessary in order to protect the interests of the Union and its Member States.
(5) Risk to EUCI shall be managed as a process. This process shall be aimed at determining known security risks, defining security measures to reduce such risks to an acceptable level in accordance with the basic principles and minimum standards set out in this Decision and at applying these measures in line with the concept of defence in depth. The effectiveness of such measures shall be continuously evaluated.
(6) Within the Commission, physical security aimed at protecting classified information is the application of physical and technical protective measures intended to prevent unauthorised access to EUCI.
(7) The management of EUCI is the application of administrative measures for controlling EUCI throughout its life-cycle to supplement the measures provided for in Chapters 2, 3 and 5 of this Decision and thereby help deter, detect and recover from deliberate or accidental compromise or loss of such information. Such measures relate in particular to the creation, storage, registration, copying, translation, downgrading, declassification, carriage and destruction of EUCI and they supplement the general rules on document management of the Commission (Decisions 2002/47/EC(2), ECSC, Euratom and 2004/563/EC, Euratom(3)).
(8) The provision of this Decision shall be without prejudice to:
HAS ADOPTED THIS DECISION:
Cf. the ‘Arrangement entre le Gouvernement belge et le Parlement européen, le Conseil, la Commission, le Comité économique et social européen, le Comité des régions, la Banque européenne d'investissement en matière de sécurité’ of 31 December 2004, the ‘Accord de sécurité signé entre la Commission et le Gouvernement luxembourgeois’ of 20 January 2007, and the ‘Accordo tra il Governo italiano e la Commissione europea dell'energia atomica (Euratom) per l'istituzione di un Centro comune di ricerche nucleari di competenza generale’ of 22 July 1959.
Commission Decision 2002/47/EC, ECSC, Euratom of 23 January 2002 amending its rules of procedure (OJ L 21, 24.1.2002, p. 23).
Commission Decision 2004/563/EC, Euratom of 7 July 2004 amending its Rules of Procedure (OJ L 251, 27.7.2004, p. 9).
Regulation (Euratom) No 3 of 31 July 1958 implementing Article 24 of the Treaty establishing the European Atomic Energy Community (OJ 17, 6.10.1958, p. 406/58).
Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ L 145, 31.5.2001, p. 43).
Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (OJ L 8, 12.1.2001, p. 1).
Council Regulation (EEC, Euratom) No 354/83 of 1 February 1983 concerning the opening to the public of the historical archives of the European Economic Community and the European Atomic Energy Community (OJ L 43, 15.2.1983, p. 1).