2005/952/EC: Council Decision of 20 December 2005 amending Decision 2001/264/EC adopting the Council’s security regulations
2001/264/EC • 32005D0952
Legal Acts - Directives
- 11 Inbound citations:
- •
- 2 Cited paragraphs:
- •
- 11 Outbound citations:
29.12.2005
EN
Official Journal of the European Union
L 346/18
COUNCIL DECISION
of 20 December 2005
amending Decision 2001/264/EC adopting the Council’s security regulations
(2005/952/EC)
THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty establishing the European Community, and in particular Article 207(3) thereof,
Having regard to Council Decision 2004/338/EC, Euratom of 22 March 2004 adopting the Council’s Rules of Procedure (1), and in particular Article 24 thereof,
Whereas:
(1)
Article 2(1) of Decision 2001/264/EC (2) states that the Secretary-General/High Representative is to take appropriate measures to ensure that, when handling EU classified information, the Council’s security regulations are respected within the General Secretariat of the Council (GSC), and, inter alia, by GSC external contractors.
(2)
Article 2(2) of Decision 2001/264/EC states that Member States are to take appropriate measures, in accordance with national arrangements, to ensure that, when EU classified information is handled, the Council’s security regulations are respected within their services and premises, inter alia, by Member States’ external contractors.
(3)
Decision 2001/264/EC does not at present include elements on how its basic principles and minimum standards should apply where the GSC entrusts to external entities, by contract, tasks involving, entailing and/or containing EU classified information.
(4)
It is therefore necessary to insert specific common minimum standards in that regard in Decision 2001/264/EC.
(5)
These common minimum standards should also be complied with by Member States, for measures to be taken, in accordance with national arrangements, where they entrust by contract tasks involving, entailing and/or containing EU classified information to external entities referred to in Article 2(2) of Decision 2001/264/EC.
(6)
These common minimum standards should apply without prejudice to relevant acts, in particular Directive 2004/18/EC (3), Regulation (EC, Euratom) No 1605/2002 (4) and its implementing rules and the WTO Agreement on Government Procurement (GPA),
HAS DECIDED AS FOLLOWS:
Article 1
The following sentence shall be added to Part I(8) of the Annex to Decision 2001/264/EC:
‘Such minimum standards shall also include minimum standards to be applied when the GSC entrusts by contract tasks involving, entailing and/or containing EU classified information to industrial or other entities: these common minimum standards are contained in Section XIII of Part II.’
Article 2
The text appearing in the Annex to this Decision shall be added as Section XIII of Part II of the Annex to Decision 2001/264/EC.
Article 3
This Decision shall take effect on the day of its publication in the Official Journal of the European Union.
Done at Brussels, 20 December 2005.
For the Council
The President
M. BECKETT
(1) OJ L 106, 15.4.2004, p. 22. Decision as amended by Decision 2004/701/EC, Euratom (OJ L 319, 20.10.2004, p. 15).
(2) OJ L 101, 11.4.2001, p. 1. Decision as last amended by Decision 2005/571/EC (OJ L 193, 23.7.2005, p. 31).
(3) Directive 2004/18/EC of the European Parliament and of the Council of 31 March 2004 on the coordination of procedures for the award of public works contracts, public supply contracts and public service contracts (OJ L 134, 30.4.2004, p. 114).
(4) Council Regulation (EC, Euratom) No 1605/2002 of 25 June 2002 on the Financial Regulation applicable to the general budget of the European Communities (OJ L 248, 16.9.2002, p. 1).
ANNEX
‘SECTION XIII
COMMON MINIMUM STANDARDS ON INDUSTRIAL SECURITY
1.
This Section deals with security aspects of industrial activities that are unique to negotiating and awarding contracts entrusting tasks involving, entailing and/or containing EU classified information and to their performance by industrial or other entities, including the release of, or access to, EU classified information during the public procurement procedure (bidding period and pre-contract negotiations).
DEFINITIONS
2.
For the purposes of these common minimum standards, the following definitions shall apply:
(a)
“Classified contract”: any contract to supply products, execute works or provide services, the performance of which requires or involves access to or generation of EU classified information;
(b)
“Classified subcontract”: a contract entered into by a contractor with another contractor (i.e. the subcontractor) for the supply of goods, execution of works or provision of services, the performance of which requires or involves access to or generation of EU classified information;
(c)
“Contractor”: an individual or legal entity possessing the legal capability to undertake contracts;
(d)
“Designated Security Authority (DSA)”: an authority responsible to the National Security Authority (NSA) of an EU Member State which is responsible for communicating to industrial or other entities the national policy in all matters of industrial security and for providing direction and assistance in its implementation. The function of DSA may be carried out by the NSA;
(e)
“Facility Security Clearance (FSC)”: an administrative determination by a NSA/DSA that, from the security viewpoint, a facility can afford adequate security protection to EU classified information of a specified security classification level and its personnel who require access to EU classified information have been appropriately security cleared and briefed on the relevant security requirements necessary to access and protect EU classified information;
(f)
“Industrial or other entity”: an entity involved in supplying goods, executing works or providing services; this may involve industrial, commercial, service, scientific, research, educational or development entities;
(g)
“Industrial security”: the application of protective measures and procedures to prevent, detect and recover from the loss or compromise of EU classified information handled by a contractor or subcontractor in pre-contract negotiations and contracts;
(h)
“National Security Authority (NSA)”: the Government Authority of an EU Member State with ultimate responsibility for the protection of EU classified information;
(i)
“Overall level of the security classification of a contract”: determination of the security classification of the whole contract, based on the classification of information and/or material that is to be, or may be, generated, released or accessed under any element of the overall contract. The overall level of security classification of a contract may not be lower than the highest classification of any of its elements, but may be higher because of the aggregation effect;
(j)
“Security Aspects Letter (SAL)”: a set of special contractual conditions, issued by the contracting authority, which forms an integral part of a classified contract involving access to or generation of EU classified information, that identifies the security requirements or those elements of the contract requiring security protection;
(k)
“Security Classification Guide (SCG)”: a document which describes the elements of a programme or contract which are classified, specifying the applicable security classification levels. The SCG may be expanded throughout the life of the programme or contract and the elements of information may be re-classified or downgraded. The SCG must be part of the SAL.
ORGANISATION
3.
The General Secretariat of the Council (GSC) may entrust by contract tasks involving, entailing and/or containing EU classified information to industrial or other entities registered in a Member State.
4.
The GSC shall ensure that all requirements deriving from these minimum standards are complied with when awarding classified contracts.
5.
Each Member State shall ensure that its NSA has appropriate structures to apply these minimum standards on industrial security. These may include one or more DSA.
6.
The ultimate responsibility for protecting EU classified information within industrial or other entities rests with their management.
7.
Whenever a contract or a subcontract falling within the scope of these minimum standards is awarded, the GSC and/or the NSA/DSA, as appropriate, will promptly notify the NSA/DSA of the Member State in which the contractor or subcontractor is registered.
CLASSIFIED CONTRACTS
8.
The security classification of classified contracts must take account of the following principles:
(a)
the GSC determines, as appropriate, the aspects of the contract which require protection and the consequent security classification; in doing so, it must take into account the original security classification assigned by the originator to information generated before awarding the contract;
(b)
the overall level of classification of the contract may not be lower than the highest classification of any of its elements;
(c)
EU classified information generated under contractual activities is classified in accordance with the SCG;
(d)
when appropriate, the GSC is responsible for changing the overall level of classification of the contract, or security classification of any of its elements, in consultation with the originator, and for informing all interested parties;
(e)
classified information released to the contractor or subcontractor or generated under contractual activity must not be used for purposes other than those defined by the classified contract and must not be disclosed to third parties without the prior written consent of the originator.
9.
The NSAs/DSAs of the Member States are responsible for ensuring that contractors and subcontractors awarded classified contracts which involve information classified CONFIDENTIEL UE or SECRET UE take all appropriate measures for safeguarding such EU classified information released to or generated by them in the performance of the classified contract in accordance with national laws and regulations. Non-compliance with the security requirements may result in termination of the contract.
10.
All industrial or other entities participating in classified contracts which involve access to information classified CONFIDENTIEL UE or SECRET UE must hold a national FSC. The FSC is granted by the NSA/DSA of a Member State to confirm that a facility can afford and guarantee adequate security protection to EU classified information to the appropriate classification level.
11.
The NSA/DSA is responsible for granting, in accordance with its national regulations, a Personnel Security Clearance (PSC) to all persons employed in industrial or other entities registered in that Member State whose duties require access to EU information classified CONFIDENTIEL UE or SECRET UE subject to a classified contract.
12.
Classified contracts must include the SAL as defined in point 2(j). The SAL must contain the SCG.
13.
Before initiating the negotiation of a classified contract the GSC will contact the NSA/DSA of the Member States in which the industrial or other entities concerned are registered in order to obtain confirmation that they hold a valid FSC appropriate to the level of security classification of the contract.
14.
The contracting authority must not place a classified contract with a preferred bidder before having received the valid FSC certificate.
15.
Unless required by Member States national laws and regulations, an FSC is not required for contracts involving information classified RESTREINT UE.
16.
In the case of bids in respect of classified contracts, invitations must contain a provision requiring that a bidder which fails to submit a bid or which is not selected be required to return all documents within a specified period of time.
17.
It may be necessary for a contractor to negotiate classified subcontracts with subcontractors at various levels. The contractor is responsible for ensuring that all subcontracting activities are undertaken in accordance with the common minimum standards contained in this Section. However, the contractor must not transmit EU classified information or material to a subcontractor without the prior written consent of the originator.
18.
The conditions under which the contractor may subcontract must be defined in the tender and in the contract. No subcontract may be awarded to entities registered in a non-EU Member State without the express written authorisation of the GSC.
19.
Throughout the life of the contract, compliance with all its security provisions will be monitored by the relevant NSA/DSA in coordination with the GSC. Notification of security incidents shall be reported, in accordance with the provisions laid down in Part II, Section X of these Security Regulations. Change or withdrawal of an FSC shall immediately be communicated to the GSC and to any other NSA/DSA to which it has been notified.
20.
When a classified contract or a classified subcontract is terminated, the GSC and/or the NSA/DSA, as appropriate, will promptly notify the NSA/DSA of the Member States in which the contractor or subcontractor is registered.
21.
The common minimum standards contained in this Section shall continue to be complied with, and the confidentiality of classified information shall be maintained by the contractors and subcontractors, after termination or conclusion of the classified contract or subcontract.
22.
Specific provisions for the disposal of classified information at the end of the contract will be laid down in the SAL or in other relevant provisions identifying security requirements.
VISITS
23.
Visits by personnel of the GSC to industrial or other entities in the Member States performing EU classified contracts must be arranged with the relevant NSA/DSA. Visits by employees of industrial or other entities within the framework of EU classified contract must be arranged between the NSAs/DSAs concerned. However, the NSAs/DSAs involved in a EU classified contract may agree on a procedure whereby the visits by employees of industrial or other entities can be arranged directly.
TRANSMISSION AND TRANSPORTATION OF EU CLASSIFIED INFORMATION
24.
With regard to the transmission of EU classified information, the provisions of Part II, Section VII, Chapter II, and where relevant of Section XI, of these Security Regulations shall apply. In order to supplement such provisions, any existing procedures in force among Member States will apply.
25.
The international transportation of EU classified material relating to classified contracts are carried out in accordance with Member States national procedures. The following principles will be applied when examining security arrangements for international transportation:
(a)
security is assured at all stages during the transportation and under all circumstances, from the point of origin to the ultimate destination;
(b)
the degree of protection accorded to a consignment is determined by the highest classification level of material contained within it;
(c)
an FSC is obtained, where appropriate, for companies providing transportation. In such cases, personnel handling the consignment shall be cleared in compliance with the common minimum standards contained in this Section;
(d)
journeys are point to point to the extent possible, and are completed as quickly as circumstances permit;
(e)
whenever possible, routes should be only through EU Member States. Routes through non-EU Member States should only be undertaken when authorised by the NSA/DSA of the States of both the consignor and the consignee;
(f)
prior to any movement of EU classified material, a Transportation Plan is made up by the consignor and approved by the NSAs/DSAs concerned.’