Article 1Definitions
Article 2Purpose and scope
Article 3Rules governing lodging and return
Article 4FIDUCIA marking
Article 5Protection of FIDUCIA information
Article 6Security risk management
Article 7Personnel security measures
Article 8Physical security
Article 9Management of FIDUCIA information
Article 10Protection of FIDUCIA information handled electronically
Article 11Security in the event of external action
Article 12No digital transmission, communication or exchange of FIDUCIA information
Article 13Breaches of security and compromise of FIDUCIA information
Article 14Organisation of security within the General Court
Article 15Practice rules for implementation
Article 16Entry into force
ANNEX I PERSONNEL SECURITY MEASURES
1.This Annex sets out provisions for implementing Article 7 of...2.The Registrar of the General Court shall be responsible for...3.With a view to the grant of authority to have...4.At the end of the security investigation, acting in accordance...5.When the result of the security investigation is that the...6.When the completed security investigation does not lead to the...7.Authorisation of access to FIDUCIA information shall be valid for...8.Authorisation of access to FIDUCIA information may be renewed in...9.The FIDUCIA office shall keep a record of authorisations of...10.If it is brought to the FIDUCIA office's knowledge that...11.In an emergency, the appointing authority may, after consulting the...12.Before being granted access to FIDUCIA information, the persons holding...
ANNEX II PHYSICAL SECURITY
I.INTRODUCTION 1.This Annex sets out provisions for implementing Article 8 of...2.Physical security measures shall be designed to prevent unauthorised access...3.Physical security measures shall be chosen in the light of...II.PREMISES IN WHICH FIDUCIA INFORMATION IS STORED AND CONSULTED Creation of physically protected premises for storage and consultation 4.Secured premises shall be created for the purpose of storage...5.Within those premises, FIDUCIA information shall be kept in security...6.No communications system (telephone or other electronic device) may be...7.The FIDUCIA office meeting room shall be protected against eavesdropping....Access to storage and consultation premises 8.Access to the FIDUCIA office premises shall be controlled by...9.Persons who have been authorised to have access to FIDUCIA...10.The security authority may in exceptional cases issue access authorisation...11.All access to FIDUCIA office premises shall be recorded in...12.The protection measures governing the written use of FIDUCIA information...III.CONTROL OF KEYS AND COMBINATIONS USED TO PROTECT FIDUCIA INFORMATION...13.The security authority shall define procedures for managing keys and...14.Combination settings shall be committed to memory by the smallest...15.Technical equipment intended for the physical protection of FIDUCIA information...16.Technical equipment shall be periodically inspected and maintained at regular...17.At every inspection the efficiency of the various security measures...
ANNEX III MANAGEMENT OF FIDUCIA INFORMATION
I.INTRODUCTION 1.This Annex sets out provisions for implementing Article 9 of...II.REGISTER OF FIDUCIA INFORMATION 2.A register of FIDUCIA information shall be created. This register...III.REGISTRATION OF FIDUCIA INFORMATION 3.For the purposes of this decision, registration for security purposes...4.Registration of FIDUCIA information shall be the responsibility of the...5.The FIDUCIA office shall automatically give a FIDUCIA mark to...6.The FIDUCIA office shall draw up a report annexed to...7.FIDUCIA information shall be registered, in accordance with paragraphs 5...IV.MANAGEMENT OF FIDUCIA INFORMATION Marking 8.When EUCI or any other information, in respect of which...9.The FIDUCIA mark shall be clearly and correctly indicated in...Creation of FIDUCIA information 10.Only a person authorised to have access to FIDUCIA information...11.All FIDUCIA information created shall be registered by the FIDUCIA...12.All FIDUCIA information created shall be subject to all the...Removal of the FIDUCIA mark 13.FIDUCIA information shall lose its mark in two cases: 14.The FIDUCIA office shall remove the FIDUCIA mark and record...15.Removal of the FIDUCIA mark shall not mean that EUCI...V.COPIES OF FIDUCIA INFORMATION 16.FIDUCIA information shall not be copied unless this is essential....17.Copies shall be subject to all the security rules laid...VI.DESTRUCTION OF FIDUCIA INFORMATION 18.When information or material produced in accordance with Article 105(1)...19.The destruction of FIDUCIA information referred to in paragraph 18...20.The destruction of FIDUCIA information referred to in paragraph 18...21.The FIDUCIA office shall draw up a destruction certificate. 22.The destruction certificate shall be annexed to the FIDUCIA information...
ANNEX IV PROTECTION OF FIDUCIA INFORMATION HANDLED ELECTRONICALLY
1.This Annex sets out provisions for implementing Article 10. 2.FIDUCIA information may be handled only on electronic equipment (work...3.All electronic equipment used in the handling of FIDUCIA information...4.All possible connections to the internet and to other tools...5.Work stations shall be equipped with appropriate anti-virus protection. Anti-virus...6.The memories of printers and photocopiers shall be erased before...7.Only cryptographic products approved in accordance with the rules on...
ANNEX V SECURITY IN THE EVENT OF EXTERNAL ACTION
1.This Annex sets out provisions for implementing Article 11. 2.Contractors may gain access to FIDUCIA information only in connection...3.The security authority shall draw up guidelines for external action...4.Documents relating to the tendering procedures and maintenance contracts for...5.The contract involving action having to be taken that entails...6.The contractor may not sub-contract the activities defined in the...

Decision (EU) 2016/2387 of the General Court

of 14 September 2016

concerning the security rules applicable to information or material produced in accordance with Article 105(1) or (2) of the Rules of Procedure

THE GENERAL COURT

Having regard to the Rules of Procedure, and in particular Article 105(11) thereof,

Whereas:

(1)

In accordance with Article 105(1) and (2) of the Rules of Procedure, a main party to the proceedings may, on his own initiative or following a measure of inquiry ordered by the General Court, produce information or material pertaining to the security of the European Union or to that of one or more of its Member States or to the conduct of their international relations. Article 105(3) to (10) of those Rules lays down the procedural rules applicable to such information or material.

(2)

In view of the sensitive, confidential nature of the information or material concerned, the application of the body of rules established by Article 105 of the Rules of Procedure requires a suitable security framework to be set up in order to ensure a high level of protection for that information or material.

(3)

To this end, the security framework must be applied to all information or material produced in accordance with Article 105(1) or (2) of the Rules of Procedure if it is European Union classified information or if the main party producing it has indicated that to communicate it to the other main party would harm the security of the Union or of its Member States or the conduct of their international relations, even when that information or material is not European Union classified information.

(4)

In order to guarantee a high level of protection for that information or for that material, the fundamental principles and minimum security rules for the protection of that information or material are based on those applicable for the protection of SECRET UE/EU SECRET classified information according to the rules of the EU institutions on the protection of European Union classified information (EUCI), in particular those adopted by the Council of the European Union, the European Parliament and the European Commission.

(5)

Information or material produced in accordance with Article 105(1) or (2) of the Rules of Procedure shall be given a mark specific to the Court of Justice of the European Union, called ‘FIDUCIA’, which is to determine the security rules applicable to it throughout proceedings before the General Court and, in the event of an appeal, before the Court of Justice. The affixing and removing of this marking shall have no consequences for the classification of information communicated to the General Court.

(6)

Access to FIDUCIA information shall be provided in accordance with the need-to-know principle,

HAS DECIDED: