Activities of Cyrus ENGERER related to 2022/0084(COD)
Shadow opinions (1)
OPINION on the proposal for a regulation of the European Parliament and of the Council on information security in the institutions, bodies, offices and agencies of the Union
Amendments (16)
Amendment 37 #
Proposal for a regulation
Recital 14
Recital 14
(14) With the purpose of adjusting to the new teleworking practices, the networks used for connecting to the Union institution’s or body’s remote access services should be protected by adequateffective security measures.
Amendment 38 #
Proposal for a regulation
Recital 16
Recital 16
(16) The substantive rules regarding access to EUCI in the internal rules of various Union institutions and bodies are currently aligned, but there are significant differences as regards denominations and required procedures. This creates a burden for the National Security Authorities of the Member States who need to adjust to different requirements. Thus it is necessary to provide for a common glossary and common procedures in the area of personnel security, thereby simplifying cooperation with the National Security Authorities of the Member States and limiting the risk of compromising EUCI, while respecting the Rules of Procedure of each institution and body.
Amendment 44 #
Proposal for a regulation
Article 6 – paragraph 2 – point e a (new)
Article 6 – paragraph 2 – point e a (new)
(e a) ensure compliance of the Union bodies, institutions, offices and agencies with the provisions set out within the Regulation
Amendment 46 #
Proposal for a regulation
Article 6 – paragraph 6 a (new)
Article 6 – paragraph 6 a (new)
6 a. The appointed members of the Coordination Group shall be adequately gender and geographically balanced.
Amendment 47 #
Proposal for a regulation
Article 6 – paragraph 7
Article 6 – paragraph 7
7. Union institutions and bodies shall bring to the attention of the Coordination Group any significant information security policy development within their organisation, within a reasonable timeframe.
Amendment 48 #
Proposal for a regulation
Article 8 – paragraph 4
Article 8 – paragraph 4
4. TUnder exceptional circumstances, the responsibilities of one or more of the functions referred to in paragraph 3 may be delegated to another Union institution or body whenever decentralised delivery of security offers significant efficiency, resource or time savings.
Amendment 49 #
Proposal for a regulation
Article 12 – paragraph 2
Article 12 – paragraph 2
2. Union institutions and bodies mayshall mark with ‘PUBLIC USE’ the information referred to in paragraph 1.
Amendment 50 #
Proposal for a regulation
Article 15 – paragraph 1
Article 15 – paragraph 1
1. Union institutions and bodies shall establish streamlined procedures for the reporting and management of any incident or suspected incident that could lead to a compromise of the security of non- classified information.
Amendment 51 #
Proposal for a regulation
Article 17 – paragraph 1 – introductory part
Article 17 – paragraph 1 – introductory part
1. Union institutions and bodies shallmust ensure that CISs meet the following minimum requirements when handling and storing sensitive non-classified information:
Amendment 56 #
Proposal for a regulation
Article 21 – paragraph 1
Article 21 – paragraph 1
1. The security Authority of each Union institution and body shall approve the security measures for protecting EUCI throughout its life-cycle in accordance with the outcome of a risk assessment performed by the respective Union institution or body. The risk assessment shall have a common criteria to ensure all Union institutions and bodies have aligned security measures, while also considering the particularities relevant to each institution or body.
Amendment 57 #
Proposal for a regulation
Article 22 – paragraph 3 – point a
Article 22 – paragraph 3 – point a
(a) inform the originator as soon as the compromise has been identified;
Amendment 58 #
Proposal for a regulation
Article 22 – paragraph 3 – point e
Article 22 – paragraph 3 – point e
(e) notify the competent authorities about the actual or potential compromise and the action taken, without any undue delay.
Amendment 59 #
Proposal for a regulation
Article 23 – paragraph 1 – introductory part
Article 23 – paragraph 1 – introductory part
1. The Security Authority of a Union institution or body mayshall grant individuals access to EUCI where all the following conditions are met:
Amendment 62 #
Proposal for a regulation
Article 51 – paragraph 3 – subparagraph 2 a (new)
Article 51 – paragraph 3 – subparagraph 2 a (new)
Such agreements and arrangements shall be subject to an ongoing review and assessment procedure, factoring in developments in the security measures, as well as Union's relationship with these third countries, subject to the provisions laid out in Article 53.
Amendment 63 #
Proposal for a regulation
Article 52 – paragraph 2
Article 52 – paragraph 2
2. The sub-group on EUCI sharing and exchange of classified information shall be composed of representatives from the Commission, the Council and the European External Action Service, ensuring gender and geographical balance, and shall work by consensus.
Amendment 64 #
Proposal for a regulation
Article 53 – paragraph 1
Article 53 – paragraph 1
1. The sub-group on EUCI sharing and exchange of classified information shall carry out regular assessment visits in full cooperation with the officials of the Union institution or body being visited. It may seek assistance from the NSA on whose territory the Union institution or body is located.