Activities of Sven SIMON related to 2022/0084(COD)
Shadow opinions (1)
OPINION on the proposal for a regulation of the European Parliament and of the Council on information security in the institutions, bodies, offices and agencies of the Union
Amendments (13)
Amendment 31 #
Proposal for a regulation
Recital 2
Recital 2
(2) While progress has been made towards more consistent rules for the protection of European Union classified information (‘EUCI’) and non-classified information, the interoperability of the relevant systems remains limited, preventing a seamless transfer of information between the different Union institutions and bodies. Further efforts should therefore be made to enable aAn interinstitutional approach to the sharing of EUCI and sensitive non-classified information, with common categories of information and common key handling principles. A baseline should also be envisaged to simplify is urgently needed. This includes common procedures for sharing EUCI and sensitive non-classified information between Union institutions and bodies and with Member States.
Amendment 32 #
Proposal for a regulation
Recital 4
Recital 4
(4) The recent pandemic caused a significant change in working practices with remote communication tools becoming the rule. Therefore, many procedures that were still at least partly paper-based were rapidly adjusted to enable electronic processing and exchanges of information. These developments require changes in the procurement, handling and protection of information. This Regulation takes account of the new working practices.
Amendment 33 #
Proposal for a regulation
Recital 5
Recital 5
(5) By creating a minimum common level of protection for EUCI and non- classified information, this Regulation contributes to ensuring that the Union institutions and bodies have the support of an efficient and independent administration in carrying out their missions. At the same time, each Union institution and body retains its autonomy in determining how to implement the rules laid down in this Regulation, in line with its own security needs. This Regulation shall in no case prevent Union institutions and bodies to fulfil their mission, as entrusted by the EU legislation, or encroachcreate disproportionate burdens on their institutional autonomy.
Amendment 34 #
Proposal for a regulation
Recital 8
Recital 8
(8) With a view to establishing a formal structure for cooperation between Union institutions and bodies in the field of information security, it is necessary to set up an Interinstitutional Coordination Group (the ‘Coordination Group’) in which all Union institutions’ and bodies’ Security Authorities are represented. Without having decision-making powers, tThe Coordination Group should adopt recommendations and provisions to enhance the coherence of policies in the field of information security and should contribute to the harmonisation of the information security procedures and tools across the Union institutions and bodies.
Amendment 39 #
Proposal for a regulation
Recital 25
Recital 25
(25) Furthermore, the sharing of EUCI between the Union institutions and bodies and the exchange of classified information with international organisations and third countries should also be regulated by appropriate security measures for the protection of that information. Where agreements on security of information are envisaged, the provisions of Article 218 of the TreatyTFEU should apply.
Amendment 40 #
Proposal for a regulation
Article 4 – paragraph 2
Article 4 – paragraph 2
2. Non-compliance with this Regulation, in particular the unauthorised disclosure of information with the confidentiality levels referred to in Article 2(2), except information for public use shall be subject to investigation and may trigger personnel liability in accordance with the Treaties or, with relevant criminal law and with their relevant staff rules.
Amendment 41 #
Proposal for a regulation
Article 6 – paragraph 1 – subparagraph 2
Article 6 – paragraph 1 – subparagraph 2
It shall be composed of all Security Authorities of the Union institutions and bodies, and shall have a mandate to define their common policymeasures in the field of information security.
Amendment 42 #
Proposal for a regulation
Article 6 – paragraph 2 – point c
Article 6 – paragraph 2 – point c
(c) establish recommendations and guidance documents on the implementation of this Regulation, in cooperation with the Interinstitutional Cybersecurity Board referred to in Article 9 of the Regulation EU [...] laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union, where appropriate;
Amendment 45 #
Proposal for a regulation
Article 6 – paragraph 2 – point e a (new)
Article 6 – paragraph 2 – point e a (new)
(e a) Shall carry out risk assessments, in particular with regards to foreign interference in EUCI.
Amendment 52 #
Proposal for a regulation
Article 17 – paragraph 1 – point c
Article 17 – paragraph 1 – point c
(c) SNC information shall be stored and processed exclusively in the Union;
Amendment 54 #
Proposal for a regulation
Article 20 – paragraph 1
Article 20 – paragraph 1
1. The holder of any item of EUCI shall be legally responsible for its protection. This shall include responsibility under the Treaties, relevant criminal law and staff regulations.
Amendment 60 #
Proposal for a regulation
Article 39 – paragraph 1
Article 39 – paragraph 1
1. Union institutions and bodies shall decide whether andupon a recommendation by the Coordination Group when to archive EUCI, and the corresponding practical measures, in accordance with their policy on document management.
Amendment 61 #
Proposal for a regulation
Article 39 – paragraph 2
Article 39 – paragraph 2
2. EUCI documents shall not be transferred to the Historical Archives of the European Union after 30 years. The Historical Archives of the European Union shall take effective measures to protect EUCI from unauthorised access prior to declassification.