Progress: Awaiting committee decision
Role | Committee | Rapporteur | Shadows |
---|---|---|---|
Lead | LIBE | DÜPONT Lena ( EPP) | VIGENIN Kristian ( S&D), LEGGERI Fabrice ( PfE), FRIIS Sigrid ( Renew) |
Former Responsible Committee | LIBE | BILČÍK Vladimír ( EPP) | |
Committee Opinion | AFET | ||
Committee Opinion | INTA | ||
Committee Opinion | ITRE | ||
Committee Opinion | JURI | ||
Committee Opinion | AFCO | ||
Former Committee Opinion | AFET | Juozas OLEKAS ( S&D) | |
Former Committee Opinion | INTA | ||
Former Committee Opinion | BUDG | ||
Former Committee Opinion | ITRE | VIRKKUNEN Henna ( EPP) | Evžen TOŠENOVSKÝ ( ECR), Adriana MALDONADO LÓPEZ ( S&D), Mikuláš PEKSA ( Verts/ALE) |
Former Committee Opinion | JURI | ||
Former Committee Opinion | AFCO | DURAND Pascal ( Renew), PAGAZAURTUNDÚA Maite ( Renew) | Gwendoline DELBOS-CORFIELD ( Verts/ALE), Cyrus ENGERER ( S&D) |
Lead committee dossier:
Legal Basis:
Euratom Treaty A 106a-pa, RoP 57_o, TFEU 298-p2
Legal Basis:
Euratom Treaty A 106a-pa, RoP 57_o, TFEU 298-p2Subjects
Events
PURPOSE: to establish rules with a view to achieving a common high level of security for EU classified information and for non-classified information handled and stored by the EU institutions and bodies.
PROPOSED ACT: Regulation of the European Parliament and of the Council.
ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.
BACKGROUND: given the ever-increasing volumes of non-classified sensitive information and EU classified information (EUCI) that the EU institutions and bodies have to share, and due to the dramatically evolving threats, the EU administration is exposed to attacks in all its areas of activity. The information handled by the EU institutions and bodies is of great interest to malicious actors and needs to be properly protected, which requires swift action to improve its protection.
Currently, the EU institutions and bodies either have their own rules on information security, based on their Rules of Procedure or their founding acts, or they have no rules at all. The lack of a common approach hinders the deployment of common tools building on an agreed set of rules depending on the security needs of the information to be protected.
Therefore, and in order to increase the protection of the information handled by the European administration, this initiative aims to streamline the different legal frameworks of the Union institutions and bodies in the field by:
- establishing harmonised and comprehensive categories of information, as well as common handling rules for all Union institutions and bodies,
- setting up a lean cooperation scheme on information security between Union institutions and bodies able to foster a coherent information security culture across the European administration,
- modernising the information security policies at all levels of classification/categorisation, for all Union institutions and bodies, taking into account the digital transformation and the development of teleworking as a structural practice.
This initiative is part of the EU strategy for the Security Union adopted by the Commission on 24 July 2020 and is part of a broad set of EU policies in the field of security and information security.
CONTENT: the proposed Regulation is intended to create a minimum set of rules on information security applicable to all EU institutions and bodies. It applies to all information handled and stored by the Union institutions and bodies, including information related to the European Atomic Energy Community activities, other than Euratom classified information. The Regulation covers both non-classified information and EUCI.
Security governance and organisation
The proposal foresees the creation of an inter-institutional information security coordination group in which the security authorities of all EU institutions and bodies would be represented. The coordination group would have the task of defining the common policy of these institutions and bodies in the field of information security. It should enhance the coherence of policies in the field of information security and contribute to the harmonisation of information security procedures and tools across the Union institutions and bodies.
The coordination group should draft guidance documents and create platforms for sharing best practices and knowledge on common issues relevant to information security and for providing assistance in case of information security incidents. It would regularly exchange with the national security authorities of the Member States, gathered in an Information Security Committee .
Five sub-groups of experts representing different institutions and bodies would be set up to streamline procedures and other practical aspects of information security.
Each EU institution or body would be required to designate a security authority , responsible for the definition and implementation of internal information security policies.
Information assurance and communication and information systems
The proposed Regulation establishes a sub-group on information assurance with the objective of enhancing the coherence across the Union institutions and bodies between the information security rules and the cybersecurity baseline as defined by the Regulation laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union.
Non-classified information
The Regulation provides for three categories of non-classified information: (1) information for public use, (2) normal information and (3) sensitive non-classified information. All categories are defined, while markings and handling conditions are stipulated for protecting such information.
With a view to coordinating the work on equivalence between particular categories established by some Union institutions and bodies and common categories provided by the Regulation, the proposal sets up a sub-group on non-classified information.
Classified information (EUCI)
The section on general provisions provides for four levels of EUCI : (1) TRES SECRET UE/EU TOP SECRET, (2) SECRET UE/EU SECRET, (3) CONFIDENTIEL UE/EU CONFIDENTIAL, (4) RESTREINT UE/EU RESTRICTED. It also provides for an obligation of Union institutions and bodies to take the necessary security measures in accordance with the results of an information security risk management process.
The proposal also covers aspects of personnel security, physical security, EUCI management, protection in information and communication systems, industrial security, EUCI sharing and exchange of classified information.
The proposed regulation establishes sub-groups on information assurance, on non-classified information, on physical security, on accreditation of communication and information systems handling and storing EUCI and on EUCI sharing and exchange of classified information.
Legislative proposal
PURPOSE: to establish rules with a view to achieving a common high level of security for EU classified information and for non-classified information handled and stored by the EU institutions and bodies.
PROPOSED ACT: Regulation of the European Parliament and of the Council.
ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.
BACKGROUND: given the ever-increasing volumes of non-classified sensitive information and EU classified information (EUCI) that the EU institutions and bodies have to share, and due to the dramatically evolving threats, the EU administration is exposed to attacks in all its areas of activity. The information handled by the EU institutions and bodies is of great interest to malicious actors and needs to be properly protected, which requires swift action to improve its protection.
Currently, the EU institutions and bodies either have their own rules on information security, based on their Rules of Procedure or their founding acts, or they have no rules at all. The lack of a common approach hinders the deployment of common tools building on an agreed set of rules depending on the security needs of the information to be protected.
Therefore, and in order to increase the protection of the information handled by the European administration, this initiative aims to streamline the different legal frameworks of the Union institutions and bodies in the field by:
- establishing harmonised and comprehensive categories of information, as well as common handling rules for all Union institutions and bodies,
- setting up a lean cooperation scheme on information security between Union institutions and bodies able to foster a coherent information security culture across the European administration,
- modernising the information security policies at all levels of classification/categorisation, for all Union institutions and bodies, taking into account the digital transformation and the development of teleworking as a structural practice.
This initiative is part of the EU strategy for the Security Union adopted by the Commission on 24 July 2020 and is part of a broad set of EU policies in the field of security and information security.
CONTENT: the proposed Regulation is intended to create a minimum set of rules on information security applicable to all EU institutions and bodies. It applies to all information handled and stored by the Union institutions and bodies, including information related to the European Atomic Energy Community activities, other than Euratom classified information. The Regulation covers both non-classified information and EUCI.
Security governance and organisation
The proposal foresees the creation of an inter-institutional information security coordination group in which the security authorities of all EU institutions and bodies would be represented. The coordination group would have the task of defining the common policy of these institutions and bodies in the field of information security. It should enhance the coherence of policies in the field of information security and contribute to the harmonisation of information security procedures and tools across the Union institutions and bodies.
The coordination group should draft guidance documents and create platforms for sharing best practices and knowledge on common issues relevant to information security and for providing assistance in case of information security incidents. It would regularly exchange with the national security authorities of the Member States, gathered in an Information Security Committee .
Five sub-groups of experts representing different institutions and bodies would be set up to streamline procedures and other practical aspects of information security.
Each EU institution or body would be required to designate a security authority , responsible for the definition and implementation of internal information security policies.
Information assurance and communication and information systems
The proposed Regulation establishes a sub-group on information assurance with the objective of enhancing the coherence across the Union institutions and bodies between the information security rules and the cybersecurity baseline as defined by the Regulation laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union.
Non-classified information
The Regulation provides for three categories of non-classified information: (1) information for public use, (2) normal information and (3) sensitive non-classified information. All categories are defined, while markings and handling conditions are stipulated for protecting such information.
With a view to coordinating the work on equivalence between particular categories established by some Union institutions and bodies and common categories provided by the Regulation, the proposal sets up a sub-group on non-classified information.
Classified information (EUCI)
The section on general provisions provides for four levels of EUCI : (1) TRES SECRET UE/EU TOP SECRET, (2) SECRET UE/EU SECRET, (3) CONFIDENTIEL UE/EU CONFIDENTIAL, (4) RESTREINT UE/EU RESTRICTED. It also provides for an obligation of Union institutions and bodies to take the necessary security measures in accordance with the results of an information security risk management process.
The proposal also covers aspects of personnel security, physical security, EUCI management, protection in information and communication systems, industrial security, EUCI sharing and exchange of classified information.
The proposed regulation establishes sub-groups on information assurance, on non-classified information, on physical security, on accreditation of communication and information systems handling and storing EUCI and on EUCI sharing and exchange of classified information.
Legislative proposal
Documents
- EDPS: OJ C 258 05.07.2022, p. 0007
- EDPS: N9-0038/2022
- Legislative proposal: Go to the pageEur-Lex
- Legislative proposal: COM(2022)0119
- Document attached to the procedure: Go to the pageEur-Lex
- Document attached to the procedure: SWD(2022)0065
- Document attached to the procedure: Go to the pageEur-Lex
- Document attached to the procedure: SWD(2022)0066
- Legislative proposal published: Go to the page Eur-Lex
- Legislative proposal published: COM(2022)0119
- Legislative proposal: Go to the pageEur-Lex COM(2022)0119
- Document attached to the procedure: Go to the pageEur-Lex SWD(2022)0065
- Document attached to the procedure: Go to the pageEur-Lex SWD(2022)0066
- EDPS: OJ C 258 05.07.2022, p. 0007 N9-0038/2022
Amendments | Dossier |
232 |
2022/0084(COD)
2022/11/09
AFCO
34 amendments...
Amendment 31 #
Proposal for a regulation Recital 2 (2) While progress has been made towards more consistent rules for the protection of European Union classified information (‘EUCI’) and non-classified information, the interoperability of the relevant systems remains limited, preventing a seamless transfer of information between the different Union institutions and bodies.
Amendment 32 #
Proposal for a regulation Recital 4 (4) The recent pandemic caused a significant change in working practices with remote communication tools becoming the rule. Therefore, many procedures that were still at least partly paper-based were rapidly adjusted to enable electronic processing and exchanges
Amendment 33 #
Proposal for a regulation Recital 5 (5) By creating a minimum common level of protection for EUCI and non- classified information, this Regulation contributes to ensuring that the Union institutions and bodies have the support of an efficient and independent administration in carrying out their missions. At the same time, each Union institution and body retains its autonomy in determining how to implement the rules laid down in this Regulation, in line with its own security needs. This Regulation shall in no case prevent Union institutions and bodies to fulfil their mission, as entrusted by the EU legislation, or
Amendment 34 #
Proposal for a regulation Recital 8 (8) With a view to establishing a
Amendment 35 #
Proposal for a regulation Recital 9 (9) The Coordination Group’s work needs the support of experts in different areas of information security: categorisation and marking, communication and information systems, accreditation, physical security and sharing EUCI and exchanging classified information. In order to prevent duplication of effort across the Union institutions and bodies, thematic sub-groups should be therefore established. Moreover, where needed, the Coordination Group should be able to set up other subgroups with specific tasks. The Coordination Group’s work should also regard the training component for the Union institutions' and bodies' personnel, with the scope of enhancing information security awareness and best practices, complementary to the established procedures.
Amendment 36 #
Proposal for a regulation Recital 10 (10) The Coordination Group should closely cooperate with the National Security Authorities of the Member States with a view to enhancing information security in the Union. An Information Security Committee of the Member States should therefore be set up to provide advice to the Coordination Group. Given the constantly evolving threat landscape at Union level, close cooperation with the Committee is required in order to adapt prevention and mitigation methods for information security.
Amendment 37 #
Proposal for a regulation Recital 14 (14) With the purpose of adjusting to the new teleworking practices, the networks used for connecting to the Union institution’s or body’s remote access services should be protected by
Amendment 38 #
Proposal for a regulation Recital 16 (16) The substantive rules regarding access to EUCI in the internal rules of various Union institutions and bodies are currently aligned, but there are significant differences as regards denominations and required procedures. This creates a burden for the National Security Authorities of the Member States who need to adjust to different requirements. Thus it is necessary to provide for a common glossary and common procedures in the area of personnel security, thereby simplifying cooperation with the National Security Authorities of the Member States and limiting the risk of compromising EUCI, while respecting the Rules of Procedure of each institution and body.
Amendment 39 #
Proposal for a regulation Recital 25 (25) Furthermore, the sharing of EUCI between the Union institutions and bodies and the exchange of classified information with international organisations and third countries should also be regulated by appropriate security measures for the protection of that information. Where agreements on security of information are envisaged, the provisions of Article 218
Amendment 40 #
Proposal for a regulation Article 4 – paragraph 2 2. Non-compliance with this Regulation, in particular the unauthorised disclosure of information with the confidentiality levels referred to in Article 2(2), except information for public use shall be subject to investigation and may trigger personnel liability in accordance with the Treaties
Amendment 41 #
Proposal for a regulation Article 6 – paragraph 1 – subparagraph 2 It shall be composed of all Security Authorities of the Union institutions and bodies, and shall have a mandate to define
Amendment 42 #
Proposal for a regulation Article 6 – paragraph 2 – point c (c) establish recommendations and guidance documents on the implementation of this Regulation, in cooperation with the Interinstitutional Cybersecurity Board referred to in Article 9 of the Regulation EU [...] laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union, where appropriate;
Amendment 43 #
Proposal for a regulation Article 6 – paragraph 2 – point d (d) set up dedicated platforms for sharing best practices, training and knowledge on common topics relevant to information security as well as for providing assistance in case of information security incidents;
Amendment 44 #
Proposal for a regulation Article 6 – paragraph 2 – point e a (new) (e a) ensure compliance of the Union bodies, institutions, offices and agencies with the provisions set out within the Regulation
Amendment 45 #
Proposal for a regulation Article 6 – paragraph 2 – point e a (new) (e a) Shall carry out risk assessments, in particular with regards to foreign interference in EUCI.
Amendment 46 #
Proposal for a regulation Article 6 – paragraph 6 a (new) 6 a. The appointed members of the Coordination Group shall be adequately gender and geographically balanced.
Amendment 47 #
Proposal for a regulation Article 6 – paragraph 7 7. Union institutions and bodies shall bring to the attention of the Coordination Group any significant information security policy development within their organisation, within a reasonable timeframe.
Amendment 48 #
Proposal for a regulation Article 8 – paragraph 4 4.
Amendment 49 #
Proposal for a regulation Article 12 – paragraph 2 2. Union institutions and bodies
Amendment 50 #
Proposal for a regulation Article 15 – paragraph 1 1. Union institutions and bodies shall establish streamlined procedures for the reporting and management of any incident or suspected
Amendment 51 #
Proposal for a regulation Article 17 – paragraph 1 – introductory part 1. Union institutions and bodies
Amendment 52 #
Proposal for a regulation Article 17 – paragraph 1 – point c (c) SNC information shall be stored and processed exclusively in the Union;
Amendment 53 #
Proposal for a regulation Article 18 – paragraph 2 a (new) 2 a. In the event of any doubt as to the confidential nature of an item of information or its appropriate level of classification, the two institutions shall consult each other without delay and before transmission of the document. In these consultations, Parliament shall be represented by the chair of the parliamentary body concerned, accom-panied, where necessary, by the rapporteur, or the office-holder who submitted the request. The Commission shall be represented by the Member of the Commission with responsibility for that area, after consultation of the Member of the Commission responsible for security matters. In the event of a disagreement, the matter shall be referred to the Presidents of the two institutions so that they may resolve the dispute.
Amendment 54 #
Proposal for a regulation Article 20 – paragraph 1 1. The holder of any item of EUCI shall be legally responsible for its protection. This shall include responsibility under the Treaties, relevant criminal law and staff regulations.
Amendment 55 #
Proposal for a regulation Article 20 – paragraph 3 a (new) 3 a. This Article is without prejudice to Regulation No 1049/2001 regarding public access to European Parliament, Council and Commission documents.
Amendment 56 #
Proposal for a regulation Article 21 – paragraph 1 1. The security Authority of each Union institution and body shall approve the security measures for protecting EUCI throughout its life-cycle in accordance with the outcome of a risk assessment performed by the respective Union institution or body. The risk assessment shall have a common criteria to ensure all Union institutions and bodies have aligned security measures, while also considering the particularities relevant to each institution or body.
Amendment 57 #
Proposal for a regulation Article 22 – paragraph 3 – point a (a) inform the originator as soon as the compromise has been identified;
Amendment 58 #
Proposal for a regulation Article 22 – paragraph 3 – point e (e) notify the competent authorities about the actual or potential compromise and the action taken, without any undue delay.
Amendment 59 #
Proposal for a regulation Article 23 – paragraph 1 – introductory part 1. The Security Authority of a Union institution or body
Amendment 60 #
Proposal for a regulation Article 39 – paragraph 1 1. Union institutions and bodies shall decide
Amendment 61 #
Proposal for a regulation Article 39 – paragraph 2 2. EUCI documents shall
Amendment 62 #
Proposal for a regulation Article 51 – paragraph 3 – subparagraph 2 a (new) Such agreements and arrangements shall be subject to an ongoing review and assessment procedure, factoring in developments in the security measures, as well as Union's relationship with these third countries, subject to the provisions laid out in Article 53.
Amendment 63 #
Proposal for a regulation Article 52 – paragraph 2 2. The sub-group on EUCI sharing and exchange of classified information shall be composed of representatives from the Commission, the Council and the European External Action Service, ensuring gender and geographical balance, and shall work by consensus.
Amendment 64 #
Proposal for a regulation Article 53 – paragraph 1 1. The sub-group on EUCI sharing and exchange of classified information shall carry out regular assessment visits in full cooperation with the officials of the Union institution or body being visited. It may seek assistance from the NSA on whose territory the Union institution or body is located.
source: 731.766
2022/12/05
ITRE
50 amendments...
Amendment 20 #
Proposal for a regulation Recital 1 (1) Union institutions
Amendment 21 #
Proposal for a regulation Recital 2 (2) While progress has been made towards more consistent rules for the protection of European Union classified information (‘EUCI’) and non-classified information, the interoperability of the relevant systems remains limited, preventing a seamless transfer of information between the different Union institutions and bodies. Further efforts should therefore be made to enable an interinstitutional approach to the sharing of EUCI and sensitive non-classified information, with common categories of information
Amendment 22 #
Proposal for a regulation Recital 2 (2) While progress has been made towards more consistent rules for the protection of European Union classified information (‘EUCI’) and sensitive non- classified information (‘non-EUCI’), the interoperability of the relevant systems remains limited, preventing a seamless transfer of information between the different Union institutions and bodies. Further efforts should therefore be made to enable an interinstitutional
Amendment 23 #
Proposal for a regulation Recital 3 a (new) (3 a) When developing information security rules, Union institutions and bodies should ensure efficiency and choose the best solutions, in particular as regards return on investments, appropriate levels of flexibility, decrease of administrative burdens, minimisation of risks, and higher levels of transparency, and improvement of the work environment;
Amendment 24 #
Proposal for a regulation Recital 3 b (new) (3 b) In the context of information security, Union institutions and bodies should increase organisational interoperability and act together to ensure the protection of networks and information systems, data and the assets employed to capture, store, process and transmit it, and information as well as information infrastructure.
Amendment 25 #
Proposal for a regulation Recital 5 a (new) (5 a) While ensuring a high level of protection for information, this Regulation is also providing a clear framework to enhance transparency, minimising and limiting in time the use of confidential documents, providing safeguards against use of classification that would prevent Union institutions and bodies to fulfil their mission and ensuring that the whistleblowers are adequately protected.
Amendment 26 #
Proposal for a regulation Recital 5 a (new) (5 a) This Regulation should ensure that any limitation of the right to the protection of personal data and privacy is necessary and proportionate, in accordance with Article 52 (1) of the EU Charter of Fundamental Rights.
Amendment 27 #
Proposal for a regulation Recital 5 b (new) (5 b) All information security measures involving processing of personal data should be compliant with the relevant Union data protection and privacy legislation. Union institutions and bodies should take relevant technical and organisational safeguards to ensure compliance in an accountable and transparent manner.
Amendment 28 #
Proposal for a regulation Recital 6 (6) This Regulation is without prejudice to Regulation (Euratom) No 3/195817 , Regulation No 31 (EEC), 11 (EAEC), laying down the Staff Regulations of Officials and the Conditions of Employment of other servants of the European Economic Community and the European Atomic Energy Community18 , Regulation (EC) 1049/2001 of the European Parliament and of the Council19 , Regulation (EU) 2018/1725 of the European Parliament and of the Council20 , including the rules on international transfers, Council Regulation (EEC, EURATOM) No 354/8321 , Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council22 , Regulation (EU) 2021/697 of the European Parliament and of the Council23 , Regulation (EU) [...] of the European Parliament and of the Council24 laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union. _________________
Amendment 29 #
Proposal for a regulation Recital 12 (12) The principle of information security risk management should be at the core of the policy to be developed in the field by each Union institution and body. While the minimum requirements laid down in this Regulation must be met, each Union institution and body should adopt specific security measures for protecting information in accordance with the results of an internal risk assessment. In the same way, the technical means to protect the information should be adapted to the specific situation of each institution and body. However, the specific security measures should not constitute an impediment for the activity of other institutions and legal access to information, as for example unduly limiting the acces of the Members of European Parliament to the information produced or held by the European Commission.
Amendment 30 #
(14) With the purpose of adjusting to the new teleworking practices, the networks, information systems, digital infrastructure and terminal devices used for connecting to the Union institution’s or body’s remote access services should be protected by adequate security measures.
Amendment 31 #
Proposal for a regulation Recital 15 (15) Since Union institutions and bodies frequently make use of contractors and outsourcing, it is important to establish common provisions relating to contractors’ personnel carrying out tasks related to information security. Union institutions, bodies, offices and agencies should establish formal procedures underpinning the tendering process for contractors and outsourcing partners, taking into account the specificities of their operational technology environments and the complexities of their supply chains.
Amendment 32 #
Proposal for a regulation Recital 17 a (new) (17 a) All Union institutions, bodies, offices and agencies should integrate procedures for dealing with personal data breaches in their procedures for information security incident management. Union institutions, bodies, offices and agencies should adopt a personal data breach handling procedure which also includes notification to the European Data Protection Supervisor (EDPS) and communication to the people affected, where necessary. The procedure for dealing with personal data breaches does not replace or supersede any other incident handling process or procedure.
Amendment 33 #
Proposal for a regulation Recital 21 (21) Union institutions and bodies have been traditionally developed their communication and information systems autonomously, with insufficient attention to their interoperability across all Union institutions and bodies. It is therefore necessary to establish minimum security requirements concerning the Communication and Information Systems (CISs) handling
Amendment 34 #
Proposal for a regulation Recital 24 (24) The close cooperation between Union institutions and bodies as well as the multitude of synergies developed among them involve the sharing of a large amount of information. For the sake of the classified information security, the trustworthiness of a Union institution or body should be assessed before they handle and store a specified level of EUCI. Such synergies and cooperation is relevant, when dealing with activities such as applying data protection by design and by default to information security measures, selecting security measures that involve personal data, integrated risk management, and integrated security incident handling.
Amendment 35 #
Proposal for a regulation Recital 24 (24) The close cooperation between Union institutions and bodies as well as the multitude of synergies developed among them involve the sharing of a large amount of information. For the sake of the classified information security, the
Amendment 36 #
Proposal for a regulation Article 1 – paragraph 1 1. This Regulation lays down information security rules for all Union institutions
Amendment 37 #
Proposal for a regulation Article 2 – paragraph 2 – point a Amendment 38 #
Proposal for a regulation Article 3 – paragraph 1 – point i a (new) Amendment 39 #
Proposal for a regulation Article 3 – paragraph 1 – point i b (new) (i b) ‘classified ICT environment’ means any component of a Union institution, body, office or agency's ICT environment that is used for the processing, storing or transmission of EU classified information (EUCI);
Amendment 40 #
Proposal for a regulation Article 3 – paragraph 1 – point s (s) ‘zero trust’ means a security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgement of the existence of threats inside and outside traditional network boundaries
Amendment 41 #
Proposal for a regulation Article 3 – paragraph 1 – point ae a (new) (ae a) ‘standard’ means a standard as defined in point (1) of Article 2 of Regulation (EU) No 1025/2012;
Amendment 42 #
Proposal for a regulation Article 4 – paragraph 6 – subparagraph 2 Union institutions
Amendment 43 #
Proposal for a regulation Article 5 – paragraph 2 – point e a (new) (e a) integrity, availability and resilience of processing systems and services.
Amendment 44 #
Proposal for a regulation Article 5 – paragraph 2 a (new) 2 a. Each Union institution, body, office and agency shall ensure compliance with Regulation (EU) 2018/1725. Personal data processing activities allowed for the purposes of this Regulation shall include: a) the purposes of data processing; b) categories of personal data; c) categories of data subjects; d) definition of roles as applicable (controller, processor, joint controllers); e) retention periods; f) recipients, in case of transmission to entities not subject to the Regulation (EU) 2018/1725.
Amendment 45 #
Proposal for a regulation Article 5 – paragraph 3 – point -a (new) (-a) the risks for the rights and freedom of natural persons;
Amendment 46 #
Proposal for a regulation Article 5 – paragraph 3 – point c a (new) (c a) the threats deriving from access based on third country jurisdictions;
Amendment 47 #
Proposal for a regulation Article 5 – paragraph 3 – point f (f) business continuity
Amendment 48 #
Proposal for a regulation Article 6 – paragraph 1 – subparagraph 2 It shall be composed of all Security Authorities of the Union institutions and bodies and the chairperson of the Information Security Committee referred to in paragraph 8 of this Article, and shall have a mandate to define their common policy in the field of
Amendment 49 #
Proposal for a regulation Article 6 – paragraph 8 8. In the performance of the tasks referred to in paragraph 2, point (e), the Coordination Group shall be assisted by an Information Security Committee. That Committee shall be composed of one representative from each National Security Authority and shall
Amendment 50 #
Proposal for a regulation Article 8 – paragraph 2 a (new) 2 a. The Security Authority shall cooperate closely with the Data Protection Officer designated in accordance with Article 43 of Regulation (EU) 2018/1725.
Amendment 51 #
Proposal for a regulation Article 9 – paragraph 2 2. Any CIS that handles and stores EUCI shall be accredited in accordance with Chapter 5, Section 5.
Amendment 52 #
Proposal for a regulation Article 10 – paragraph 1 – point c a (new) (c a) strengthening cooperation and coordination with Cybersecurity Centre for the Union institutions and bodies (CERT-EU)
Amendment 53 #
Proposal for a regulation Article 11 – paragraph 4 – point d a (new) (d a) end-to-end encryption, in particular when exchanging sensitive non-classified information;
Amendment 54 #
Proposal for a regulation Article 11 – paragraph 5 – point d (d) information security incidents shall be formally recorded and
Amendment 55 #
Proposal for a regulation Article 12 Amendment 56 #
Proposal for a regulation Article 13 Amendment 57 #
Proposal for a regulation Article 14 Amendment 58 #
Proposal for a regulation Article 15 Amendment 59 #
Proposal for a regulation Article 16 Amendment 60 #
Proposal for a regulation Article 17 Amendment 61 #
Proposal for a regulation Article 18 – paragraph 2 2. The Coordination Group shall adopt guidance documents on EUCI creation and classification, implementing the principle of minimisation of the use of classification and limiting in time the duration of such classification; The guidance must contain rules on assessment and justification for classifying information and material, aimed at increasing transparency and avoiding unjustified lock-in effects.
Amendment 62 #
Proposal for a regulation Article 18 – paragraph 2 a (new) 2 a. In the case of the European Commission and the European Parliament, in the event of any doubt as to the confidential nature of an item of information or its appropriate level of classification, the two institutions shall consult each other without delay and before transmission of the document. In these consultations, Parliament shall be represented by the chair of the parliamentary body concerned, accompanied, where necessary, by the rapporteur, or the office-holder who submitted the request. The Commission shall be represented by the Member of the Commission with responsibility for that area, after consultation of the Member of the Commission responsible for security matters. In the event of a disagreement, the matter shall be referred to the Presidents of the two institutions so that they may resolve the dispute.
Amendment 63 #
Proposal for a regulation Article 20 – paragraph 3 a (new) 3 a. This Article is without prejudice to Regulation No 1049/2001 regarding public access to European Parliament, Council and Commission documents.
Amendment 64 #
Proposal for a regulation Article 22 – paragraph 3 a (new) 3 a. The persons who report, within the organisation concerned or to an outside authority, or disclose to the public EUCI on a wrongdoing, obtained in a work- related context, help preventing damage and detecting threat or harm to the public interest that may otherwise remain hidden, is exempted from administrative and criminal liability.
Amendment 65 #
Proposal for a regulation Article 36 – paragraph 1 1. Where Union institutions and bodies decide to declassify an EUCI document, consideration shall be given as to whether it is to bear a sensitive non- classified information distribution marking in accordance with [regulation on protection of non-EUCI].
Amendment 66 #
Proposal for a regulation Article 41 – paragraph 1 – point f a (new) (f a) the system owner or Information Assurance Operational Authority shall ensure that a process of identifying and reporting vulnerabilities is in place, including internal and external rewards as appropriate. This should be complemented by regular audits and penetration tests where appropriate.
Amendment 67 #
Proposal for a regulation Article 52 – paragraph 2 2. The sub-group on EUCI sharing and exchange of classified information shall be composed of representatives from the Commission, the European Parliament, the Council and the European External Action Service and shall work by consensus. The sub-group shall ensure synergy with the Access to Documents Regulation and make sure that classification doesn't in itself prevent disclosure.
Amendment 68 #
Proposal for a regulation Article 52 – paragraph 2 2. The sub-group on EUCI sharing and exchange of classified information shall be composed of representatives from the Commission, the European Parliament, the Council and the European External Action Service and shall work by consensus.
Amendment 69 #
Proposal for a regulation Article 54 – paragraph 1 a (new) 1 a. The conditions in paragraph 1 letter a) are considered to be fulfilled when acces to EUCI is needed in order to fulfil the institution mandate or mission, as entrusted by the EU legislation, or would otherwise encroach on heir institutional autonomy.
source: 739.608
2023/09/07
LIBE
148 amendments...
Amendment 100 #
Proposal for a regulation Article 12 – paragraph 2 2. Union institutions and bodies may mark with ‘PUBLIC USE’ the information referred to in paragraph 1. The absence of such marking shall not give rise to a presumption that the information could be classified.
Amendment 101 #
Proposal for a regulation Article 12 – paragraph 2 2. Union institutions and bodies
Amendment 102 #
Proposal for a regulation Article 12 – paragraph 3 3. All Union institutions and bodies shall ensure the integrity and availability of information for public use by appropriate measures based on
Amendment 103 #
Proposal for a regulation Article 13 – paragraph 2 2. Normal information may be marked visually or in metadata where necessary to ensure its protection, particularly where shared outside Union institutions and bodies. The marking ‘EU NORMAL’ or the ‘name or acronym of the Union institution or body NORMAL’ (adjusted on
Amendment 104 #
Proposal for a regulation Article 13 – paragraph 4 Amendment 105 #
Proposal for a regulation Article 13 – paragraph 4 Amendment 106 #
Proposal for a regulation Article 14 – paragraph 1 1. Union institutions and bodies shall categorise, handle and stored as sensitive non-classified all information that is not classified but which they must protect due to legal obligations or because of the harm that may be caused to the legitimate
Amendment 107 #
Proposal for a regulation Article 14 – paragraph 4 4. Sensitive non-classified information shall be exchanged outside Union institutions and bodies only with natural and legal persons that have a need- to-know while respecting the handling instructions accompanying the information and the requirements stemming from legal protections that might apply as per paragraph 1 . All parties involved shall be made aware of the appropriate handling instructions.
Amendment 108 #
Proposal for a regulation Article 15 – paragraph 1 1. Union institutions and bodies shall
Amendment 109 #
Proposal for a regulation Article 15 – paragraph 2 2. Where required, Union institutions and bodies shall use the markings provided for in Articles 12, 13 and 14.
Amendment 110 #
Proposal for a regulation Article 16 – paragraph 1 – point e a (new) (ea) monitoring compliance by Union institutions and bodies with the relevant provisions of this Regulation as well as with the guidance documents adopted by the Coordination Group.
Amendment 111 #
Proposal for a regulation Article 18 – paragraph 1 – point d Amendment 112 #
Proposal for a regulation Article 18 – paragraph 2 2. The Coordination Group shall adopt guidance documents on EUCI creation and classification. Such documents shall take into account both the principle of minimisation of the use of classified information and the risk of overclassification of certain documents, and shall include rules on assessing and justifying information and material classification, aimed at increasing transparency and avoiding unjustified lock-in effects.
Amendment 113 #
2a. In the event of any doubt as to the confidential nature of an item of information or its level of classification or in the event of a disagreement in between the European institutions, they shall consult each other without any delay and before transmission of this item of information. In these consultations, institutions shall be represented by the chair of the body concerned or the responsible for security matters. In the event of a disagreement, the matter shall be referred to the Presidents of the institutions so that they may resolve the dispute.
Amendment 114 #
Proposal for a regulation Article 20 – paragraph 3 a (new) 3a. This Article is without prejudice to Regulation (EC) No 1049/2001.
Amendment 115 #
Proposal for a regulation Article 22 – paragraph 1 1. Any act or omission of a Union institution or body or an individual, which is in breach of this Regulation, shall be
Amendment 116 #
Proposal for a regulation Article 22 – paragraph 3 – point a (a) inform the originator without undue delay, and in any event no later than three days after the Security Authority has been informed of the breach;
Amendment 117 #
Proposal for a regulation Article 22 – paragraph 3 – point b (b) ensure that the case is throughly investigated by personnel not immediately concerned with the breach in order to establish the facts;
Amendment 118 #
Proposal for a regulation Article 22 – paragraph 3 – point e (e) notify the competent authorities
Amendment 119 #
Proposal for a regulation Article 23 – paragraph 2 2. Union institutions and bodies shall take into account the loyalty, trustworthiness and reliability of an individual as determined by means of a security investigation conducted by the Commission in cooperation with the competent authorities of the relevant Member State
Amendment 120 #
Proposal for a regulation Article 23 – paragraph 3 Amendment 121 #
Proposal for a regulation Article 23 – paragraph 3 3. Union institutions and bodies may accept security clearances from third countries and international organisations with which the Union has a security of information agreement. They shall, in any event, ensure that the principles under paragraphs 1 and 2 are observed.
Amendment 122 #
Proposal for a regulation Article 23 – paragraph 4 – subparagraph 2 Amendment 123 #
Proposal for a regulation Article 24 – paragraph 4 Amendment 124 #
Proposal for a regulation Article 25 – paragraph 3 Amendment 125 #
Proposal for a regulation Article 25 – paragraph 3 3. Where the holder of an authorisation to access EUCI takes up employment in another Union institution or body, that Union institution or body shall, without undue delay, notify the relevant NSA of a change of employer, through the competent Security
Amendment 126 #
Proposal for a regulation Article 28 – paragraph 1 – point d a (new) (da) monitoring compliance by Union institutions and bodies with the relevant provisions of this Regulation as well as with the guidance documents adopted by the Coordination Group.
Amendment 127 #
Proposal for a regulation Article 30 – paragraph 2 2. Any Union institution and body which is the originator of EUCI shall determine the initial security classification of that information upon its creation and in accordance with Article 18(1).
Amendment 128 #
Proposal for a regulation Article 31 – paragraph 1 – point a (a) each page shall be marked clearly with the classification level and the duration of classification ;
Amendment 130 #
Proposal for a regulation Article 32 – paragraph 1 – introductory part 1. The Union institution or body under whose authority an EUCI document is created shall have originator control over that document. The originator shall determine the classification level of the document and shall be responsible for its initial dissemination. The originator may consult intended recipients regarding the classification level of an EUCI document, in particular in the event of any doubt as to the confidential nature of an item of information and its appropriate level of classification, and to prevent over- classification of such documents. For the purposes of the initial dissemination of an EUCI document, the originator shall take into account the rights and obligations of information recipients arising from the Treaties. Without prejudice to Regulation 1049/2001, the originator’s prior written consent shall be obtained before the information is:
Amendment 131 #
Proposal for a regulation Article 32 – paragraph 1 – introductory part 1. The Union institution or body under whose authority an EUCI document classified CONFIDENTIEL UE/EU- CONFIDENTIAL or higher is created shall have originator con
Amendment 132 #
Proposal for a regulation Article 32 – paragraph 1 – point d Amendment 133 #
Proposal for a regulation Article 32 – paragraph 2 2. Where the originator of an EUCI document cannot be identified, the Union institution or body holding that classified information shall exercise originator con
Amendment 134 #
Proposal for a regulation Article 35 – paragraph 1 1. Information shall be classified only for as long as it requires protection. EUCI that no longer needs the original classification shall be downgraded to a lower level. EUCI that no longer needs to be considered as classified at all shall be declassified. Any classification shall be reviewed at the latest one year after the document’s creation and every year afterwards. In case of documents that concern an ongoing legislative process, this review shall be done no later than two months after the document’s creation and every two months afterwards.
Amendment 135 #
Proposal for a regulation Article 35 – paragraph 2 2. At the time of creation of EUCI, the originator shall indicate
Amendment 136 #
Proposal for a regulation Article 35 – paragraph 2 2. At the time of creation of EUCI, the originator shall indicate, where possible,
Amendment 137 #
Proposal for a regulation Article 35 – paragraph 3 3.
Amendment 138 #
Proposal for a regulation Article 38 – paragraph 1 – subparagraph 2 The operational details of emergency evacuation and destruction plans shall themselves be classified
Amendment 139 #
Proposal for a regulation Article 39 – paragraph 1 1. Union institutions and bodies shall decide whether and when to archive EUCI, and the corresponding uniform practical measures
Amendment 140 #
Proposal for a regulation Article 39 – paragraph 2 Amendment 141 #
Proposal for a regulation Article 39 a (new) Article39a Disputes 1. In the event of any doubt as to the protected nature of information or its appropriate level of classification, the Union institutions and bodies shall consult each other without delay and before transmission of the information. In the event of a disagreement, the matter shall be referred to the Presidents of the Institutions or bodies so that they may resolve the dispute. 2. If, at the end of the procedure referred to in paragraph 1, no agreement has been reached, the refusal to revise the protected nature of information or its appropriate level of classification shall be subject to review of its legality in accordance with Article 263 TFEU.
Amendment 142 #
Proposal for a regulation Article 40 – paragraph 1 – point c a (new) (ca) monitoring compliance by Union institutions and bodies with the relevant provisions of this Regulation as well as with the guidance documents adopted by the Coordination Group.
Amendment 143 #
Proposal for a regulation Article 41 – paragraph 1 – point b (b)
Amendment 144 #
Proposal for a regulation Article 41 – paragraph 1 – point f a (new) (fa) the system owner or the Information Assurance Operational Authority shall ensure that a process of identifying and reporting vulnerabilities is in place; that process shall be complemented by regular audits and penetration tests where appropriate.
Amendment 145 #
Proposal for a regulation Article 42 – paragraph 1 a (new) 1a. For all information and material classified as EUCI a list of approved cryptographic products shall be maintained by the Council, on the basis of input from the National Security Authorities.
Amendment 146 #
Proposal for a regulation Article 42 – paragraph 4 a (new) 4a. For information and material classified as RESTREINT UE/EU RESTRICTED a list of additional approved cryptographic products shall be established by ENISA/EU-CERT within 18 months following the publication of the regulation in the Official Journal of the European Union. The list should be reviewed in view of putting it up to date with technological and market developments every subsequent year.
Amendment 147 #
Proposal for a regulation Article 42 – paragraph 5 5. The Coordination Group shall inform the Council on a yearly basis of any cryptographic products that it recommends for evaluation by a Crypto Authority Approval of a Member State, or ENISA/EU-CERT on the basis of a survey carried out in the Union institutions and bodies.
Amendment 148 #
Proposal for a regulation Article 51 – paragraph 1 1. All Union institutions and bodies
Amendment 149 #
Proposal for a regulation Article 52 – paragraph 2 2. The sub-group on EUCI sharing and exchange of classified information shall be composed of representatives from the European Parliament, the Commission, the Council and the European External Action Service and shall work by consensus.
Amendment 150 #
Proposal for a regulation Article 52 – paragraph 2 2. The sub-group on EUCI sharing and exchange of classified information shall be composed of representatives from the European Parliament, the Commission, the Council and the European External Action Service and shall work by consensus.
Amendment 151 #
Proposal for a regulation Article 52 – paragraph 2 2. The sub-group on EUCI sharing and exchange of classified information shall be composed of representatives from the European Parliament, the Commission, the Council and the European External Action Service and shall work by consensus.
Amendment 152 #
Proposal for a regulation Article 54 – paragraph 1 – point a (a) there is a legal obligation under Union law or under an agreement concluded between Union institutions;or (a) there is a proven need for the exchange;
Amendment 153 #
Proposal for a regulation Article 54 – paragraph 1 – point a a (new) (aa) there is a legal obligation pursuant to the Treaties, secondary law or an Interinstitutional agreement concluded between Union institutions;
Amendment 154 #
Proposal for a regulation Article 54 – paragraph 1 – point c Amendment 155 #
Proposal for a regulation Article 56 – paragraph 1 – point a (a) the Union institution or body concerned needs to exchange, on a long- term basis information classified, as a general rule, no higher than
Amendment 156 #
Proposal for a regulation Article 60 – paragraph 2 2. All Union institutions and bodies that have been assessed either by Commission
Amendment 157 #
Proposal for a regulation Article 60 – paragraph 2 2. All Union institutions and bodies that have been assessed either by Parliament, Commission
Amendment 158 #
Proposal for a regulation Article 61 – paragraph 1 1. By [dd/mm/yyyy
Amendment 159 #
Proposal for a regulation Article 61 – paragraph 2 2. No sooner than [
Amendment 160 #
Proposal for a regulation Annex I – point 1 1. Documents containing sensitive non-classified information must be marked using a security marking and, where relevant, one or more distribution marking or markings specifying the target audience as appropriate. The standard security marking shall be the word ‘
Amendment 161 #
Proposal for a regulation Annex I – point 4 4. Documents marked
Amendment 162 #
Proposal for a regulation Annex II – paragraph 1 – point 1 1) 1) ‘personnel Security Clearance’ or ‘PSC’ means a statement by
Amendment 163 #
Proposal for a regulation Annex II – paragraph 1 – point 2 2) ‘personnel Security Clearance Certificate’ means a certificate issued by
Amendment 164 #
Proposal for a regulation Annex II – point 1 1. The Security Authority of the Union institution and body concerned must seek the written consent of the individual for the security clearance procedure before
Amendment 165 #
Proposal for a regulation Annex II – point 2 2. Where information relevant to a security investigation becomes known to a Union institution or body, concerning an individual who has applied for a security clearance for access to EUCI, the competent Security Authority, acting in accordance with this Regulation, must notify the
Amendment 166 #
Proposal for a regulation Annex II – point 3 – introductory part 3. Following notification of the
Amendment 167 #
Proposal for a regulation Annex II – point 4 4. Where the individual starts service 12 months or more after the date of the notification of the result of the security investigation, or when there is a break of 12 months in the individual’s service, the competent Security Authority must seek confirmation from the
Amendment 168 #
Proposal for a regulation Annex II – point 5 5. Where information concerning a security risk posed by an individual who has authorisation to access EUCI becomes known to the Union institution or body concerned, the Security Authority of that Union institution or body must notify the
Amendment 169 #
Proposal for a regulation Annex II – point 6 6. Where
Amendment 170 #
Proposal for a regulation Annex II – point 8 – paragraph 1 The Security Authority of the Union institution and body concerned may extend the validity of an authorisation to access EUCI for a period of up to 12 months, where no adverse information has been received from the
Amendment 171 #
Proposal for a regulation Annex II – point 10 10. The Security Authority of the
Amendment 172 #
Proposal for a regulation Annex II – point 13 13. All Union institutions and bodies must ensure that national experts seconded to them for a position requiring security clearance present, prior to taking up their assignment, a valid
Amendment 173 #
Proposal for a regulation Annex III – point 8 Amendment 174 #
Proposal for a regulation Annex III – point 9 Amendment 175 #
Proposal for a regulation Annex III – point 10 Amendment 176 #
Proposal for a regulation Annex IV – point 8 8.
Amendment 177 #
Proposal for a regulation Annex IV – point 10 10. Commercial couriers may convey information classified
Amendment 178 #
Proposal for a regulation Annex V – point 18 Amendment 179 #
Proposal for a regulation Annex V – point 22 Amendment 180 #
Proposal for a regulation Annex V – point 24 Amendment 181 #
Proposal for a regulation Annex V – point 26 Amendment 34 #
Proposal for a regulation Citation 1 a (new) Having regard that for the effective exercise of their mandate in accordance with the Treaties, Members of Parliament shall have access to all types of information based on a need-to-know;
Amendment 35 #
Proposal for a regulation Citation 1 b (new) Having regard to the specificity of the mandate of Members of Parliament elected in EU Member States and to the separation of powers between the executive and legislative branches, and as a result, that Members shall be exempted from a security vetting procedure by national security authorities;
Amendment 36 #
Proposal for a regulation Recital 1 Amendment 37 #
Proposal for a regulation Recital 1 a (new) (1a) Given that Union institutions are obliged to apply Article 15(3) TFEU in line with democratic principles, in particular those laid down in Article 10(3) TEU and Article 42 of the Charter of Fundamental Rights of the European Union (‘the Charter’), the European Union classified information (‘EUCI’) system should adhere to the principles of data classification minimisation and time limitation for any such classification.
Amendment 38 #
Proposal for a regulation Recital 1 a (new) (1a) There are concerns surrounding the fact that the Commission and the European External Action Service (EEAS) are putting in place two concurrent initiatives to collaborate with private companies on cybersecurity threats.
Amendment 39 #
Proposal for a regulation Recital 2 (2) While progress has been made towards more consistent rules for the protection of European Union classified information (‘EUCI’) and non-classified information, the interoperability of the relevant systems remains limited, preventing a seamless transfer of information between the different Union institutions and bodies. Interinstitutional cooperation and trust is key to protecting, in an efficient and effective manner, the Information security environment of the Union. Further efforts should therefore be made to enable an interinstitutional approach based on increased synergies to the sharing of EUCI and sensitive non- classified information, with common categories of information and common key handling principles. A baseline should also be envisaged to simplify procedures for sharing EUCI and sensitive non-classified information between Union institutions and bodies and with Member States.
Amendment 40 #
Proposal for a regulation Recital 2 (2) While progress has been made towards more consistent rules for the protection of European Union classified information (‘EUCI’) and non-classified information, the interoperability of the relevant systems remains limited, preventing a seamless transfer of information between the different Union institutions and bodies.
Amendment 41 #
Proposal for a regulation Recital 3 (3) Therefore, relevant rules ensuring a common level of information security in all Union institutions and bodies should be laid down, especially as the cybersecurity threats are growing and many national bodies have been attacked. They should constitute a comprehensive and coherent general framework for protecting EUCI and non-
Amendment 42 #
Proposal for a regulation Recital 3 (3) Therefore, relevant rules ensuring a common level of information security in all Union institutions and bodies should be laid down. They should constitute a comprehensive and coherent general framework for protecting EUCI and non- classified information, and should ensure equivalence of basic principles and common minimum standards.
Amendment 43 #
Proposal for a regulation Recital 3 a (new) (3a) This Regulation lays down rules applicable to the administration of the all Union institutions and bodies, but it does not include the Commissioners, the Representatives of Member States acting within the Council, the Members of the European Parliament, the Judges of the Union Courts or the Members of the European Court of Auditors who are subject to their internal rules.
Amendment 44 #
Proposal for a regulation Recital 3 a (new) (3a) Article 15 TFEU states that the Unions’ institutions, bodies, offices and agencies shall conduct their work as openly as possible, and that every citizen of the Union shall have a right of access to documents. Accordingly, every classification of documents shall take place in the light of these overarching principles.
Amendment 45 #
Proposal for a regulation Recital 3 a (new) (3a) Whereas the Treaties attribute powers to the different Union institutions. For these powers to be exercised effectively, Members thereof should have access by virtue of their mandate to all necessary information on the basis of a need-to-know.
Amendment 46 #
Proposal for a regulation Recital 3 a (new) Amendment 47 #
Proposal for a regulation Recital 3 a (new) (3a) EU governments should keep ownership of their sensitive information.
Amendment 48 #
Proposal for a regulation Recital 3 b (new) (3b) In order to ensure the effectiveness of this Regulation it would be appropriate to assess whether the internal rules applicable to Commissioners, the Representatives of Member States acting within the Council, the Members of the European Parliament, the Judges of the Union Courts or the Members of the European Court of Auditors are in line with the common minimum level of protection established by this Regulation and make the modifications needed, if this is not the case.
Amendment 49 #
Proposal for a regulation Recital 3 b (new) (3b) In the context of information security, Union institutions and bodies should increase organisational interoperability and take joint action to ensure that networks, information systems, data, and all material assets employed to capture, store, process and transmit the information are duly protected.
Amendment 50 #
Proposal for a regulation Recital 3 c (new) (3c) Access to information in a secure manner and in a context of mutual trust is essential for the European co-legislators to exercise their functions and not to be restricted in the exercise of their democratic functions; Members of the European Parliament exercise this legislative function and their access to information should therefore be governed by rules comparable in requirements to the common minimum standards established by this Regulation.
Amendment 51 #
(4) The recent pandemic
Amendment 52 #
Proposal for a regulation Recital 5 (5) By creating a minimum common level of protection for EUCI and non- classified information, this Regulation contributes to ensuring that the Union institutions and bodies have the support of an efficient and independent administration in carrying out their missions. At the same time, each Union institution and body retains its autonomy in determining how to implement the rules laid down in this Regulation, in line with its own security needs. This Regulation shall in no case prevent Union institutions and bodies to fulfil their mission, as entrusted by the EU legislation, or encroach on their institutional autonomy. This minimum common level of protection for EUCI should ensure a careful balance between transparency and the use of classification in a way that prevents the EU bodies from carrying out their role.
Amendment 53 #
Proposal for a regulation Recital 5 (5) By creating a minimum common level of protection for EUCI and non- classified information, this Regulation contributes to ensuring that the Union institutions and bodies have the support of an efficient and independent administration in carrying out their missions. At the same time, each Union institution and body retains its autonomy in determining how to implement the rules laid down in this Regulation, in line with its own security needs. This Regulation shall in no case prevent Union institutions and bodies to fulfil their mission, as entrusted by the EU legislation, or encroach on their institutional autonomy. Due account should also be taken that the measures do not negatively affect the Union entities’ efficient information exchange and operations with other Union entities and national competent authorities.
Amendment 54 #
Proposal for a regulation Recital 5 a (new) Amendment 55 #
Proposal for a regulation Recital 5 a (new) (5a) This Regulation should ensure that any limitation of the right to the protection of personal data and privacy is necessary and proportionate and respect the essence of the right in accordance with Article 52(1) of the Charter of Fundamental Rights of the European Union.
Amendment 56 #
Proposal for a regulation Recital 5 b (new) (5b) All information security measures involving processing of personal data should be compliant with the relevant Union data protection and privacy law. Union institutions and bodies should provide relevant technical and organisational safeguards to ensure compliance in an accountable, transparent and justified manner.
Amendment 57 #
Proposal for a regulation Recital 6 a (new) (6a) Most of the information on cyberthreats relates to the vulnerabilities exploited, in other words the weaknesses hackers exploit to obtain unauthorised access. The European Union Agency for Cybersecurity (ENISA) may not have sufficient capacity to deal with the volume of reports received from product manufacturers about such vulnerabilities. Member States would prefer these notifications to be sent to the national computer security incident response teams (CSIRT).
Amendment 58 #
Proposal for a regulation Recital 7 a (new) (7a) In order to preserve the specific nature of the European Central Bank’s (ECB) tasks and activities as part of the European System of Central Banks (ESCB) and the Single Supervisory Mechanism (SSM), which are performed in cooperation with the national central banks and national competent authorities, this Regulation should not apply to ESCB and SSM Information.
Amendment 59 #
Proposal for a regulation Recital 8 (8) With a view to establishing a formal common and uniform structure for cooperation between Union institutions and bodies in the field of information security, it is necessary to set up an Interinstitutional Coordination Group (the ‘Coordination Group’) in which all Union institutions’ and bodies’ Security Authorities are represented. Without having decision- making powers, the Cordination Group should enhance the coherence of policies in the field of information security and should contribute to the harmonisation of the information security procedures and tools across the Union institutions and bodies.
Amendment 60 #
Proposal for a regulation Recital 9 (9) The Coordination Group’s work needs the support of experts in different areas of information security: categorisation and marking, communication and information systems,
Amendment 61 #
Proposal for a regulation Recital 10 (10) The Coordination Group should closely cooperate with the National Security Authorities of the Member States with a view to enhancing information security in the Union. An Information Security Committee of the Member States should therefore be set up to provide advice to the Coordination Group, while respecting the prerogatives of the Member States as regards confidential security data.
Amendment 62 #
Proposal for a regulation Recital 10 (10) The Coordination Group should closely cooperate with the
Amendment 63 #
Proposal for a regulation Recital 12 (12) The principle of information security risk management should be at the core of the policy to be developed in the field by each Union institution and body. While the common minimum requirements laid down in this Regulation must be met, each Union institution and body should adopt specific security measures for protecting information in accordance with the results of an internal risk assessment. In the same way, the technical means to protect the information should be adapted to the
Amendment 64 #
Proposal for a regulation Recital 13 Amendment 65 #
Proposal for a regulation Recital 14 (14) With the purpose of adjusting to the new teleworking practices, the network information systems, digital infrastructure, and terminal devices used for connecting to the Union institution’s or body’s remote access services should be protected by
Amendment 66 #
Proposal for a regulation Recital 14 (14) With the purpose of adjusting to the new teleworking practices, the networks used for connecting to the Union institution’s or body’s remote access services should be protected by adequate
Amendment 67 #
Proposal for a regulation Recital 15 (15) Since Union institutions and bodies frequently make use of contractors and outsourcing, it is important to establish common provisions relating to contractors’ personnel carrying out tasks related to information security. Such provisions should include, inter alia, a requirement in the tender procedures to undergo thorough vetting, taking into account the full range of the supply chain and economic and political environment in which the third parties operate. Where the relationships with third parties pose a risk to the integrity of democratic processes in the EU, they should be terminated without undue delay.
Amendment 68 #
Proposal for a regulation Recital 15 (15) Since Union institutions and bodies frequently make use of contractors and outsourcing, it is important to establish common provisions relating to contractors’ personnel carrying out tasks related to information security
Amendment 69 #
Proposal for a regulation Recital 16 (16) The substantive rules regarding access to EUCI in the internal rules of various Union institutions and bodies are currently aligned, but there are significant differences as regards denominations and required procedures.
Amendment 70 #
Proposal for a regulation Recital 18 (18) The protection of EUCI is also ensured by technical and organisational measures which apply to the premises, buildings, rooms, offices or facilities of the Union institutions and bodies where EUCI is discussed, handled or stored. This
Amendment 71 #
Proposal for a regulation Recital 20 (20) Originator control is a
Amendment 72 #
Proposal for a regulation Recital 21 (21) Union institutions and bodies have been traditionally developed their communication and information systems autonomously, with insufficient attention to their interoperability across all Union institutions and bodies. It is therefore
Amendment 73 #
Proposal for a regulation Recital 21 a (new) (21a) Information held by the Union entities is also exchanged through the ICT environment, on-premises or through virtual assets, ICT products, ICT services and ICT processes, as well as networks and information systems whether owned and operated by a Union entity or hosted or operated by a third party, including mobile devices, corporate networks, and business networks not connected to the internet and any devices connected to the ICT environment.
Amendment 74 #
Proposal for a regulation Article 1 – paragraph 1 1. This Regulation lays down a minimum set of common and uniform information security rules for all Union institutions and bodies.
Amendment 75 #
Proposal for a regulation Article 1 – paragraph 1 1. This Regulation lays down common minimum information security rules for all Union institutions and bodies.
Amendment 76 #
Proposal for a regulation Article 1 – paragraph 1 a (new) 1a. This Regulation is without prejudice to Regulation (EC) 1049/2001 of the European Parliament and of the Council. Nothing in this Regulation, in particular the provisions on EUCI, may be used to restrict the right of access to documents of the Union institutions, bodies, offices and agencies beyond the applicable legislation on such access.
Amendment 77 #
Proposal for a regulation Article 2 – paragraph 1 1. This Regulation shall apply to all
Amendment 78 #
Proposal for a regulation Article 2 – paragraph 1 a (new) 1a. This Regulation is without prejudice to Regulation (Euratom) No 3/1958[1], Regulation No 31 (EEC), 11 (EAEC), laying down the Staff Regulations of Officials and the Conditions of Employment of other servants of the European Economic Community and the European Atomic Energy Community[2], Regulation (EC) 1049/2001 of the European Parliament and of the Council[3], Regulation (EU) 2018/1725 of the European Parliament and of the Council[4], Council Regulation (EEC, EURATOM) No 354/83[5], Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council[6], Regulation (EU) 2021/697 of the European Parliament and of the Council[7], Regulation (EU) [...] of the European Parliament and of the Council[8] laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union.[KL1] [1] Regulation (Euratom) No 3/1958 implementing Article 24 of the Treaty establishing the European Atomic Energy Community (OJ 17, 6.10.1958, p. 406). [2] OJ 45, 14.6.1962, p. 1385. [3] Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ L 145, 31.5.2001, p. 43). [4] Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39). [5] Council Regulation (EEC, EURATOM) No 354/83 of 1 February 1983 concerning the opening to the public of the historical archives of the European Economic Community and the European Atomic Energy Community (OJ L 43, 15.2.1983, p. 1). [6] Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union, amending Regulations (EU) No 1296/2013, (EU) No 1301/2013, (EU) No 1303/2013, (EU) No 1304/2013, (EU) No 1309/2013, (EU) No 1316/2013, (EU) No 223/2014, (EU) No 283/2014, and Decision No 541/2014/EU and repealing Regulation (EU, Euratom) No 966/2012 (OJ L 193, 30.7.2018, p. 1). [7] Regulation (EU) 2021/697 of the European Parliament and of the Council of 29 April 2021 establishing the European Defence Fund and repealing Regulation (EU) 2018/1092 (OJ L 170, 12.5.2021, p. 149). [8] Regulation […] of the European Parliament and of the Council laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union.
Amendment 79 #
Proposal for a regulation Article 2 – paragraph 1 a (new) 1a. This Regulation does not apply to the Commissioners, the Representatives of Member States acting within the Council, the Members of the European Parliament, the Judges of the Union Courts or the Members of the European Court of Auditors. In order to ensure the effectiveness of the Regulation and not to create any gap within the information security system or any discrepancies among people within the same institution, this institutions and bodies shall adopt internal rules aligned with this Regulation.
Amendment 80 #
Proposal for a regulation Article 2 – paragraph 2 – point a (a) three levels of non-classified information: public use, normal and
Amendment 81 #
Proposal for a regulation Article 2 – paragraph 2 – point b (b)
Amendment 82 #
Proposal for a regulation Article 2 – paragraph 3 3. These levels are based on the damage that unauthorised disclosure may cause to the legitimate
Amendment 83 #
Proposal for a regulation Article 4 – paragraph 1 a (new) 1a. Members of the Union Institutions shall have access to all types of information on the basis of a need-to- know for the effective exercise of their mandate in accordance with the Treaties.
Amendment 84 #
Proposal for a regulation Article 4 – paragraph 2 2. Non-compliance with this Regulation, in particular the unauthorised disclosure of information with the confidentiality levels referred to in Article 2(2), except information for public use shall be subject to investigation and may trigger personnel liability in accordance with the Treaties or with their relevant staff rules with due regard to the provisions on the disclosure of facts which give rise to a presumption of the existence of possible illegal activity, including fraud or corruption, detrimental to the interests of the Union, or of conduct relating to the discharge of professional duties which may constitute a serious failure to comply with the professional obligations, as well as the protection of persons who report breaches of Union law.
Amendment 85 #
Proposal for a regulation Article 4 – paragraph 3 3. Whithout prejudice to Article 15 TFEU, Union institutions and bodies shall assess all information they handle and store in order to categorise it in accordance with the confidentiality levels referred to in Article 2(2).
Amendment 86 #
Proposal for a regulation Article 4 – paragraph 4 – point d (d) integrity: the fact that the information is complete and completeness of information is unaltered and the fact that the technical infrastructure used to share information is protected from any foreign interference;
Amendment 87 #
Proposal for a regulation Article 4 – paragraph 6 – subparagraph 2 Union institutions and bodies handling and storing EUCI shall organise mandatory training at least once every 5 years for all individuals authorised to access EUCI. The Union institutions and bodies concerned shall organise specific training for the specific functions entrusted with information security tasks. Union entities shall, not later than six months after the date of entry into force of this Regulation, design and implement effective and appropriate training courses for all individuals authorised to access EUCI, commensurate to the risks identified in accordance with Article 5.
Amendment 88 #
Proposal for a regulation Article 5 – paragraph 3 – point a a (new) (aa) the risks to the rights and freedoms of natural persons;
Amendment 89 #
Proposal for a regulation Article 5 – paragraph 3 – point f (f) business continuity, crisis management and disaster recovery;
Amendment 90 #
Proposal for a regulation Article 6 – paragraph 1 – subparagraph 2 a (new) Amendment 91 #
Proposal for a regulation Article 6 – paragraph 2 – point a a (new) (aa) adopt decisions on the establishment of thematic sub-groups, their terms of reference and the regularity of their meetings;
Amendment 92 #
Proposal for a regulation Article 6 – paragraph 2 – point e a (new) (ea) monitor compliance by Union institutions and bodies with this Regulation as well as with the guidance documents established pursuant to point (c) through the adoption of a yearly evaluation report, which shall compile input from the relevant sub-groups.
Amendment 93 #
Proposal for a regulation Article 6 – paragraph 2 – point e a (new) (ea) monitor compliance by Union institutions and bodies with this Regulation, as well as with the guidance documents established pursuant to point (c) through the adoption of a yearly evaluation report;
Amendment 94 #
Proposal for a regulation Article 6 – paragraph 6 6. Each Union institution or body shall be appropriately represented in the Coordination Group
Amendment 95 #
Proposal for a regulation Article 6 – paragraph 7 7. Union institutions and bodies shall bring to the attention of the Coordination Group any significant information security policy development within their organisation without undue delay.
Amendment 96 #
Proposal for a regulation Article 6 – paragraph 8 8. In the performance of the tasks referred to in paragraph 2, point (e), the Coordination Group shall be assisted by an Information Security Committee. That Committee shall be composed of one representative from each National Security Authority and shall be chaired by the Secretariat of the Coordination Group, referred to in paragraph 5. A representative of the Parliament shall attend as observer. The Information Security Committee shall have an advisory role.
Amendment 97 #
Proposal for a regulation Article 7 – paragraph 1 – point e a (new) (ea) a sub-group on administrative arrangements with third countries and international organisations.
Amendment 98 #
Proposal for a regulation Article 8 – paragraph 1 1. Each Union institution and body
Amendment 99 #
Proposal for a regulation Article 11 – paragraph 4 – point d (d) end-to-end encryption of information at
source: 752.883
|
History
(these mark the time of scraping, not the official date of the change)
committees/0 |
|
committees/0 |
|
committees/1/rapporteur/0/group |
Old
Group of European People's PartyNew
European People's Party |
committees/4 |
|
committees/5 |
|
committees/5/opinion |
False
|
committees/6 |
|
committees/7 |
|
committees/8 |
|
committees/8 |
|
committees/9 |
|
committees/9/rapporteur |
|
committees/10 |
|
committees/10 |
|
committees/10/rapporteur |
|
committees/11 |
|
committees/12 |
|
committees/12 |
|
committees/12/opinion |
False
|
committees/13 |
|
docs/0 |
|
docs/0 |
|
docs/1 |
|
docs/1 |
|
docs/2 |
|
docs/2 |
|
docs/3 |
|
events/0 |
|
events/0 |
|
events/3 |
|
procedure/dossier_of_the_committee |
Old
New
LIBE/10/00178 |
committees/0/shadows |
|
committees/0/shadows |
|
committees/0/shadows |
|
committees/0/shadows |
|
committees/0/shadows |
|
committees/0/shadows |
|
committees/0/shadows |
|
committees/0/shadows |
|
committees/0/shadows |
|
committees/0/shadows |
|
committees/0/shadows |
|
committees/0/shadows |
|
committees/0/shadows |
|
committees/0/rapporteur |
|
committees/0/rapporteur |
|
committees/0/rapporteur |
|
docs/2/docs/0/url |
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2022:258:TOCNew
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=05070202 |
docs/2/docs/0/url |
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2022:258:TOCNew
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=05070202 |
docs/2/docs/0/url |
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2022:258:TOCNew
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=05070202 |
docs/2/docs/0/url |
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2022:258:TOCNew
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=05070202 |
docs/2/docs/0/url |
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2022:258:TOCNew
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=05070202 |
docs/2/docs/0/url |
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2022:258:TOCNew
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=05070202 |
docs/2/docs/0/url |
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2022:258:TOCNew
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=05070202 |
docs/2/docs/0/url |
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2022:258:TOCNew
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=05070202 |
docs/2/docs/0/url |
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2022:258:TOCNew
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=05070202 |
docs/2/docs/0/url |
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2022:258:TOCNew
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=05070202 |
docs/2/docs/0/url |
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2022:258:TOCNew
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=05070202 |
docs/2 |
|
docs/2 |
|
docs/2 |
|
docs/2 |
|
docs/2 |
|
docs/2 |
|
docs/2 |
|
docs/2 |
|
committees/0 |
|
committees/0 |
|
committees/1 |
|
committees/1 |
|
committees/1/rapporteur |
|
committees/2 |
|
committees/2 |
|
committees/2/rapporteur |
|
committees/3 |
|
committees/3 |
|
committees/3/opinion |
False
|
committees/4 |
|
committees/4 |
|
committees/4/rapporteur |
|
committees/5 |
|
committees/5 |
|
committees/5/opinion |
False
|
committees/6 |
|
committees/6 |
|
committees/6/rapporteur |
|
committees/7 |
|
committees/8 |
|
committees/9 |
|
committees/10 |
|
committees/11 |
|
committees/12 |
|
committees/13 |
|
docs/3 |
|
docs/4 |
|
docs/5 |
|
docs/6 |
|
docs/7 |
|
docs/8 |
|
procedure/dossier_of_the_committee/0 |
LIBE/10/00178
|
procedure/dossier_of_the_committee/0 |
LIBE/9/08703
|
procedure/legal_basis/1 |
Rules of Procedure EP 57_o
|
procedure/legal_basis/1 |
Rules of Procedure EP 57
|
committees/0 |
|
committees/0 |
|
committees/1 |
|
committees/1 |
|
committees/1/rapporteur |
|
committees/2 |
|
committees/2 |
|
committees/2/rapporteur |
|
committees/3 |
|
committees/3 |
|
committees/3/opinion |
False
|
committees/4 |
|
committees/4 |
|
committees/4/rapporteur |
|
committees/5 |
|
committees/5 |
|
committees/5/opinion |
False
|
committees/6 |
|
committees/6 |
|
committees/6/rapporteur |
|
committees/7 |
|
committees/8 |
|
committees/9 |
|
committees/10 |
|
committees/11 |
|
committees/12 |
|
committees/13 |
|
docs/3 |
|
docs/4 |
|
docs/5 |
|
docs/6 |
|
docs/7 |
|
docs/8 |
|
procedure/dossier_of_the_committee/0 |
LIBE/10/00178
|
procedure/dossier_of_the_committee/0 |
LIBE/9/08703
|
procedure/legal_basis/1 |
Rules of Procedure EP 57_o
|
procedure/legal_basis/1 |
Rules of Procedure EP 57
|
committees/0 |
|
committees/0 |
|
committees/1 |
|
committees/1 |
|
committees/1/rapporteur |
|
committees/2 |
|
committees/2 |
|
committees/2/rapporteur |
|
committees/3 |
|
committees/3 |
|
committees/3/opinion |
False
|
committees/4 |
|
committees/4 |
|
committees/4/rapporteur |
|
committees/5 |
|
committees/5 |
|
committees/5/opinion |
False
|
committees/6 |
|
committees/6 |
|
committees/6/rapporteur |
|
committees/7 |
|
committees/8 |
|
committees/9 |
|
committees/10 |
|
committees/11 |
|
committees/12 |
|
committees/13 |
|
docs/3 |
|
docs/4 |
|
docs/5 |
|
docs/6 |
|
docs/7 |
|
docs/8 |
|
procedure/dossier_of_the_committee/0 |
LIBE/10/00178
|
procedure/dossier_of_the_committee/0 |
LIBE/9/08703
|
procedure/legal_basis/1 |
Rules of Procedure EP 57_o
|
procedure/legal_basis/1 |
Rules of Procedure EP 57
|
committees/0 |
|
committees/0 |
|
committees/1 |
|
committees/1 |
|
committees/1/rapporteur |
|
committees/2 |
|
committees/2 |
|
committees/2/rapporteur |
|
committees/3 |
|
committees/3 |
|
committees/3/opinion |
False
|
committees/4 |
|
committees/4 |
|
committees/4/rapporteur |
|
committees/5 |
|
committees/5 |
|
committees/5/opinion |
False
|
committees/6 |
|
committees/6 |
|
committees/6/rapporteur |
|
committees/7 |
|
committees/8 |
|
committees/9 |
|
committees/10 |
|
committees/11 |
|
committees/12 |
|
committees/13 |
|
docs/3 |
|
docs/4 |
|
docs/5 |
|
docs/6 |
|
docs/7 |
|
docs/8 |
|
procedure/dossier_of_the_committee/0 |
LIBE/10/00178
|
procedure/dossier_of_the_committee/0 |
LIBE/9/08703
|
procedure/legal_basis/1 |
Rules of Procedure EP 57_o
|
procedure/legal_basis/1 |
Rules of Procedure EP 57
|
committees/0 |
|
committees/0 |
|
committees/1 |
|
committees/1 |
|
committees/1/rapporteur |
|
committees/2 |
|
committees/2 |
|
committees/2/rapporteur |
|
committees/3 |
|
committees/3 |
|
committees/3/opinion |
False
|
committees/4 |
|
committees/4 |
|
committees/4/rapporteur |
|
committees/5 |
|
committees/5 |
|
committees/5/opinion |
False
|
committees/6 |
|
committees/6 |
|
committees/6/rapporteur |
|
committees/7 |
|
committees/8 |
|
committees/9 |
|
committees/10 |
|
committees/11 |
|
committees/12 |
|
committees/13 |
|
docs/3 |
|
docs/4 |
|
docs/5 |
|
docs/6 |
|
docs/7 |
|
docs/8 |
|
procedure/dossier_of_the_committee/0 |
LIBE/10/00178
|
procedure/dossier_of_the_committee/0 |
LIBE/9/08703
|
procedure/legal_basis/1 |
Rules of Procedure EP 57_o
|
procedure/legal_basis/1 |
Rules of Procedure EP 57
|
committees/0 |
|
committees/0 |
|
committees/1 |
|
committees/1 |
|
committees/1/rapporteur |
|
committees/2 |
|
committees/2 |
|
committees/2/rapporteur |
|
committees/3 |
|
committees/3 |
|
committees/3/opinion |
False
|
committees/4 |
|
committees/4 |
|
committees/4/rapporteur |
|
committees/5 |
|
committees/5 |
|
committees/5/opinion |
False
|
committees/6 |
|
committees/6 |
|
committees/6/rapporteur |
|
committees/7 |
|
committees/8 |
|
committees/9 |
|
committees/10 |
|
committees/11 |
|
committees/12 |
|
committees/13 |
|
docs/3 |
|
docs/4 |
|
docs/5 |
|
docs/6 |
|
docs/7 |
|
docs/8 |
|
procedure/dossier_of_the_committee/0 |
LIBE/10/00178
|
procedure/dossier_of_the_committee/0 |
LIBE/9/08703
|
procedure/legal_basis/1 |
Rules of Procedure EP 57_o
|
procedure/legal_basis/1 |
Rules of Procedure EP 57
|
committees/0 |
|
committees/0 |
|
committees/1 |
|
committees/1 |
|
committees/1/rapporteur |
|
committees/2 |
|
committees/2 |
|
committees/2/rapporteur |
|
committees/3 |
|
committees/3 |
|
committees/3/opinion |
False
|
committees/4 |
|
committees/4 |
|
committees/4/rapporteur |
|
committees/5 |
|
committees/5 |
|
committees/5/opinion |
False
|
committees/6 |
|
committees/6 |
|
committees/6/rapporteur |
|
committees/7 |
|
committees/8 |
|
committees/9 |
|
committees/10 |
|
committees/11 |
|
committees/12 |
|
committees/13 |
|
docs/3 |
|
docs/4 |
|
docs/5 |
|
docs/6 |
|
docs/7 |
|
docs/8 |
|
procedure/dossier_of_the_committee/0 |
LIBE/10/00178
|
procedure/dossier_of_the_committee/0 |
LIBE/9/08703
|
procedure/legal_basis/1 |
Rules of Procedure EP 57_o
|
procedure/legal_basis/1 |
Rules of Procedure EP 57
|
committees/0 |
|
committees/0 |
|
committees/1 |
|
committees/1 |
|
committees/1/rapporteur |
|
committees/2 |
|
committees/2 |
|
committees/2/rapporteur |
|
committees/3 |
|
committees/3 |
|
committees/3/opinion |
False
|
committees/4 |
|
committees/4 |
|
committees/4/rapporteur |
|
committees/5 |
|
committees/5 |
|
committees/5/opinion |
False
|
committees/6 |
|
committees/6 |
|
committees/6/rapporteur |
|
committees/7 |
|
committees/8 |
|
committees/9 |
|
committees/10 |
|
committees/11 |
|
committees/12 |
|
committees/13 |
|
docs/3 |
|
docs/4 |
|
docs/5 |
|
docs/6 |
|
docs/7 |
|
docs/8 |
|
procedure/dossier_of_the_committee/0 |
LIBE/10/00178
|
procedure/dossier_of_the_committee/0 |
LIBE/9/08703
|
committees/0 |
|
committees/0 |
|
committees/1 |
|
committees/1 |
|
committees/1/rapporteur |
|
committees/2 |
|
committees/2 |
|
committees/2/rapporteur |
|
committees/3 |
|
committees/3 |
|
committees/3/opinion |
False
|
committees/4 |
|
committees/4 |
|
committees/4/rapporteur |
|
committees/5 |
|
committees/5 |
|
committees/5/opinion |
False
|
committees/6 |
|
committees/6 |
|
committees/6/rapporteur |
|
committees/7 |
|
committees/8 |
|
committees/9 |
|
committees/10 |
|
committees/11 |
|
committees/12 |
|
committees/13 |
|
docs/3 |
|
docs/4 |
|
docs/5 |
|
docs/6 |
|
docs/7 |
|
docs/8 |
|
procedure/dossier_of_the_committee/0 |
LIBE/10/00178
|
procedure/dossier_of_the_committee/0 |
LIBE/9/08703
|
committees/0 |
|
committees/0 |
|
committees/1 |
|
committees/1 |
|
committees/1/rapporteur |
|
committees/2 |
|
committees/2 |
|
committees/2/rapporteur |
|
committees/3 |
|
committees/3 |
|
committees/3/opinion |
False
|
committees/4 |
|
committees/4 |
|
committees/4/rapporteur |
|
committees/5 |
|
committees/5 |
|
committees/5/opinion |
False
|
committees/6 |
|
committees/6 |
|
committees/6/rapporteur |
|
committees/7 |
|
committees/8 |
|
committees/9 |
|
committees/10 |
|
committees/11 |
|
committees/12 |
|
committees/13 |
|
docs/3 |
|
docs/4 |
|
docs/5 |
|
docs/6 |
|
docs/7 |
|
docs/8 |
|
procedure/dossier_of_the_committee/0 |
LIBE/10/00178
|
procedure/dossier_of_the_committee/0 |
LIBE/9/08703
|
committees/0 |
|
committees/0 |
|
committees/1 |
|
committees/1 |
|
committees/1/rapporteur |
|
committees/2 |
|
committees/2 |
|
committees/2/rapporteur |
|
committees/3 |
|
committees/3 |
|
committees/3/opinion |
False
|
committees/4 |
|
committees/4 |
|
committees/4/rapporteur |
|
committees/5 |
|
committees/5 |
|
committees/5/opinion |
False
|
committees/6 |
|
committees/6 |
|
committees/6/rapporteur |
|
committees/7 |
|
committees/8 |
|
committees/9 |
|
committees/10 |
|
committees/11 |
|
committees/12 |
|
committees/13 |
|
docs/3 |
|
docs/4 |
|
docs/5 |
|
docs/6 |
|
docs/7 |
|
docs/8 |
|
procedure/dossier_of_the_committee/0 |
LIBE/10/00178
|
procedure/dossier_of_the_committee/0 |
LIBE/9/08703
|
committees/0 |
|
committees/0 |
|
committees/1 |
|
committees/1 |
|
committees/1/rapporteur |
|
committees/2 |
|
committees/2 |
|
committees/2/rapporteur |
|
committees/3 |
|
committees/3 |
|
committees/3/opinion |
False
|
committees/4 |
|
committees/4 |
|
committees/4/rapporteur |
|
committees/5 |
|
committees/5 |
|
committees/5/opinion |
False
|
committees/6 |
|
committees/6 |
|
committees/6/rapporteur |
|
committees/7 |
|
committees/8 |
|
committees/9 |
|
committees/10 |
|
committees/11 |
|
committees/12 |
|
committees/13 |
|
docs/3 |
|
docs/4 |
|
docs/5 |
|
docs/6 |
|
docs/7 |
|
docs/8 |
|
procedure/dossier_of_the_committee/0 |
LIBE/10/00178
|
procedure/dossier_of_the_committee/0 |
LIBE/9/08703
|
docs/2/docs/0/url |
Old
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:2022:258:TOCNew
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2022:258:TOC |
docs/8 |
|
docs/7 |
|
docs/5 |
|
docs/6 |
|
docs/6/date |
Old
2023-06-27T00:00:00New
2023-07-12T00:00:00 |
docs/5 |
|
docs/6 |
|
docs/6/date |
Old
2023-06-22T00:00:00New
2023-07-04T00:00:00 |
docs/6 |
|
docs/5 |
|
docs/4/docs/0/url |
https://www.europarl.europa.eu/doceo/document/ITRE-AD-738558_EN.html
|
docs/0 |
|
docs/4 |
|
events/0 |
|
docs/0 |
|
events/0 |
|
docs/0 |
|
events/0 |
|
docs/0 |
|
events/0 |
|
docs/3/docs/0/url |
https://www.europarl.europa.eu/doceo/document/AFCO-AD-730186_EN.html
|
docs/3 |
|
docs/0 |
|
events/0 |
|
docs/0 |
|
events/0 |
|
docs/0 |
|
events/0 |
|
docs/0 |
|
events/0 |
|
committees/5 |
|
committees/5 |
|
committees/1 |
|
committees/3 |
Old
New
|
committees/4 |
Old
New
|
committees/5 |
Old
New
|
committees/6 |
|
committees/6 |
Old
New
|
docs/0 |
|
events/0 |
|
docs/0 |
|
events/0 |
|
docs/0 |
|
events/0 |
|
docs/0 |
|
events/0 |
|
docs/0 |
|
events/0 |
|
docs/0 |
|
events/0 |
|
events/2 |
|
docs/0 |
|
events/0 |
|
docs/0 |
|
events/0 |
|
procedure/legal_basis/1 |
Rules of Procedure EP 57
|
commission/0/dg |
Old
InformaticsNew
Human Resources and Security |
committees/5/rapporteur |
|
committees/0/shadows |
|
committees/4/rapporteur |
|
docs/0 |
|
events/0 |
|
docs/0 |
|
docs/3 |
|
events/0 |
|
committees/6/rapporteur |
|
committees/3 |
Old
New
|
committees/4 |
|
committees/6 |
Old
New
|
committees/2 |
|
committees/3 |
Old
New
|
committees/5 |
Old
New
|
committees/1/rapporteur |
|
docs/0/docs/0 |
|
docs/1/docs/0 |
|
events/0/docs/0 |
|
committees/0/rapporteur |
|
procedure/subject/2.80 |
Cooperation between administrations
|
procedure/subject/3.30.06 |
Information and communication technologies, digital technologies
|
procedure/subject/3.30.07 |
Cybersecurity, cyberspace policy
|
procedure/subject/3.30.25 |
International information networks and society, internet
|
procedure/subject/8.40 |
Institutions of the Union
|
procedure/subject/8.40.08 |
Agencies and bodies of the EU
|
commission |
|
committees/1 |
|
committees/1 |
Old
New
|
committees/2 |
Old
New
|
committees/4 |
|
committees/4/opinion |
False
|
docs/0 |
|
events/0 |
|
procedure/subject/2.80 |
Cooperation between administrations
|
procedure/subject/3.30.06 |
Information and communication technologies, digital technologies
|
procedure/subject/3.30.07 |
Cybersecurity, cyberspace policy
|
procedure/subject/3.30.25 |
International information networks and society, internet
|
procedure/subject/8.40 |
Institutions of the Union
|
procedure/subject/8.40.08 |
Agencies and bodies of the EU
|
docs/0/summary |
|
events |
|
procedure/dossier_of_the_committee |
|
procedure/stage_reached |
Old
Preparatory phase in ParliamentNew
Awaiting committee decision |