BETA
Home MEPs Dossiers Committees Subjects Blog About Dumps

Activities of Evžen TOŠENOVSKÝ related to 2022/0084(COD)

Shadow opinions (1)

OPINION on the proposal for a regulation of the European Parliament and of the Council Proposal for a regulation of the European Parliament and of the Council on information security in the institutions, bodies, offices and agencies of the Union
2023/02/14
Committee: ITRE
Dossiers: 2022/0084(COD)
Documents: PDF(216 KB) DOC(176 KB)
Authors: [{'name': 'Henna VIRKKUNEN', 'mepid': 124726}]

Amendments (12)

Amendment 22 #
Evžen TOŠENOVSKÝ
Proposal for a regulation
Recital 2
(2) While progress has been made towards more consistent rules for the protection of European Union classified information (‘EUCI’) and sensitive non- classified information (‘non-EUCI’), the interoperability of the relevant systems remains limited, preventing a seamless transfer of information between the different Union institutions and bodies. Further efforts should therefore be made to enable an interinstitutional approach toframework for the sharing of EUCI and sensitive non- classified information, with common categories of informacomposed of this regulation and of the [regulation on non- EUCI] with common definitions and common key handling principles. A baseline should also be envisaged to simplify procedures for sharing EUCI and sensitive non-classified informationEUCI between Union institutions and bodies and with Member States.
2022/12/05
Committee: ITRE
Amendment 37 #
Evžen TOŠENOVSKÝ
Proposal for a regulation
Article 2 – paragraph 2 – point a
(a) three levels of non-classified information: public use, normal and sensitive non-classifideleted;
2022/12/05
Committee: ITRE
Amendment 48 #
Evžen TOŠENOVSKÝ
Proposal for a regulation
Article 6 – paragraph 1 – subparagraph 2
It shall be composed of all Security Authorities of the Union institutions and bodies and the chairperson of the Information Security Committee referred to in paragraph 8 of this Article, and shall have a mandate to define their common policy in the field of information security.
2022/12/05
Committee: ITRE
Amendment 49 #
Evžen TOŠENOVSKÝ
Proposal for a regulation
Article 6 – paragraph 8
8. In the performance of the tasks referred to in paragraph 2, point (e), the Coordination Group shall be assisted by an Information Security Committee. That Committee shall be composed of one representative from each National Security Authority and shall be chaired byhave the administrative support of the Secretariat of the Coordination Group, referred to in paragraph 5. The Information Security Committee shall have an advisory role.
2022/12/05
Committee: ITRE
Amendment 51 #
Evžen TOŠENOVSKÝ
Proposal for a regulation
Article 9 – paragraph 2
2. Any CIS that handles and stores EUCI shall be accredited in accordance with Chapter 5, Section 5. Any CIS that handles and stores sensitive non-classified information shall comply with the minimum requirements for sensitive non- classified information in CISs set out in Chapter 4.
2022/12/05
Committee: ITRE
Amendment 55 #
Evžen TOŠENOVSKÝ
Proposal for a regulation
Article 12
1. Information intended for public use or official publication or already disclosed, which can be shared without restrictions inside or outside the Union institutions and bodies, shall be categorised and handled and stored as information for public use. 2. Union institutions and bodies may mark with ‘PUBLIC USE’ the information referred to in paragraph 1. 3. All Union institutions and bodies shall ensure the integrity and availability of information for public use by appropriate measures based on its security needs.Article 12 deleted Information for public use
2022/12/05
Committee: ITRE
Amendment 56 #
Evžen TOŠENOVSKÝ
Proposal for a regulation
Article 13
1. Information intended for use by a Union institution or body in the execution of its functions which is neither sensitive non-classified nor for public use shall be categorised, handled and stored as normal information. This category covers all normal working level information processed in the Union institution or body concerned. 2. Normal information may be marked visually or in metadata where necessary to ensure its protection, particularly where shared outside Union institutions and bodies. The marking ‘EU NORMAL’ or the ‘name or acronym of the Union institution or body NORMAL’ (adjusted on a case-by-case basis) shall be used in that case. 3. Union institutions and bodies shall define standard protective measures for normal information taking into account guidance from the sub-group on non- classified information and any specific risks related to their tasks and activities. 4. Normal information shall be exchanged outside Union institutions and bodies only with natural or legal persons having a need-to-know.Article 13 deleted Normal information
2022/12/05
Committee: ITRE
Amendment 57 #
Evžen TOŠENOVSKÝ
Proposal for a regulation
Article 14
1. Union institutions and bodies shall categorise, handle and stored as sensitive non-classified all information that is not classified but which they must protect due to legal obligations or because of the harm that may be caused to the legitimate private and public interests, including those of the Union institutions and bodies, Member States or individuals by its unauthorised disclosure. 2. Each Union institution and body shall identify sensitive non-classified information by a visible security marking and shall define corresponding handling instructions in accordance with Annex I. 3. Union institutions and bodies shall protect sensitive non-classified information by applying appropriate measures in respect of its handling and storage. Such information may only be made available inside Union institutions and bodies to individuals with a need-to- know for the fulfilment of their assigned tasks. 4. Sensitive non-classified information shall be exchanged outside Union institutions and bodies only with natural and legal persons that have a need-to- know while respecting the handling instructions accompanying the information. All parties involved shall be made aware of the appropriate handling instructions.Article 14 deleted Sensitive non-classified information
2022/12/05
Committee: ITRE
Amendment 58 #
Evžen TOŠENOVSKÝ
Proposal for a regulation
Article 15
Protection of non-classified information 1. Union institutions and bodies shall establish procedures for the reporting and management of any incident or suspected incident that could lead to a compromise of the security of non-classified information. 2. Where required, Union institutions and bodies shall use the markings provided for in Articles 12, 13 and 14. Exceptionally, other equivalent markings may be used internally and in relation with their particular counterparts from other Union institutions and bodies or from the Member States, when all parties agree. Such exception shall be notified to the sub-group on non-classified information, as referred to in Article 7(1), point (b). 3. Contractual safeguards shall be established to ensure the protection of normal and sensitive non-classified information processed by outsourced services. The safeguards shall be designed to guarantee at least an equivalent level of protection to that provided by this Regulation, and shall include confidentiality and non-disclosure undertakings to be signed by all relevant service providers involved in the provision of the outsourced systems.5 deleted and interoperability
2022/12/05
Committee: ITRE
Amendment 59 #
Evžen TOŠENOVSKÝ
Proposal for a regulation
Article 16
Sub-group on non-classified information 1. The sub-group on non-classified information referred to in Article 7(1), point (b), shall have the following roles and responsibilities: (a) streamlining the procedures relating to handling and storing the non-classified information and preparing the relevant guidance; (b) coordinating with the sub-group on information assurance referred to in Article 7(1), point (a), on matters related to systems handling and storing non- classified information; (c) preparing handling instructions for the different confidentiality levels of non- classified information; (d) assisting Union institutions and bodies in establishing the equivalence between their particular categories of non- classified information and those provided for in Articles 12, 13 and 14; (e) facilitating the sharing of non- classified information between Union institutions and bodies, by providing assistance and guidance.Article 16 deleted
2022/12/05
Committee: ITRE
Amendment 60 #
Evžen TOŠENOVSKÝ
Proposal for a regulation
Article 17
Handling and storing of sensitive non- classified information in CISs 1. Union institutions and bodies shall ensure that CISs meet the following minimum requirements when handling and storing sensitive non-classified information: (a) strong authentication shall be implemented to access SNC information and SNC information shall be encrypted in transmission and in storage; (b) encryption keys used for storage shall be under the responsibility of the Union institution or body responsible for the operation of the CIS; (c) SNC information shall be stored and processed in the Union; (d) contractual provisions covering security of staff, assets and information shall be included in any outsourcing contracts; (e) interoperable metadata shall be used to record the confidentiality level of electronic documents and to facilitate the automation of security measures; (f) measures to prevent and detect data leaks shall be implemented by the Union institutions and bodies to protect sensitive non-classified information; (g) security equipment bearing a European cybersecurity certificate shall be used, where available; (h) implementation of security measures based on the principles of need-to-know and zero trust to minimise access to sensitive non-classified information by service providers and contractors. 2. Any derogation from the minimum requirements set out in paragraph 1 shall be subject to approval by the appropriate level of management of the Union institution or body concerned, on the basis of a risk assessment covering the legal and technical risks to the security of the sensitive non-classified information. 3. The Information Assurance Authority of the Union institution or body concerned may check compliance with the principles set out in paragraph 1 at any time during the lifecycle of a CIS.Article 17 deleted
2022/12/05
Committee: ITRE
Amendment 65 #
Evžen TOŠENOVSKÝ
Proposal for a regulation
Article 36 – paragraph 1
1. Where Union institutions and bodies decide to declassify an EUCI document, consideration shall be given as to whether it is to bear a sensitive non- classified information distribution marking in accordance with [regulation on protection of non-EUCI].
2022/12/05
Committee: ITRE
@parltrack
@parltrack@eupolicy.social
[javascript protected email address]
code AGPLv3.0+
data ODBLv1.0
site content CC-By-Sa-3.0

ParlTrack - 2011-2024

© European Union, 2011 – Source: European Parliament
Hosted by AS250.net Foundation