As announced in Official Journal C 156 of 2 June 2012, the Commission decided to withdraw this proposal, which had become obsolete.

The Lisbon Treaty, which entered into force on 1 December 2009, amended the EU's two core treaties, the Treaty on European Union (TEU) and the Treaty establishing the European Community (EC Treaty). The latter was renamed the Treaty on the Functioning of the European Union (TFEU).

These changes had various consequences for many ongoing procedures. First of all, the articles of the TEU and of the old EC Treaty that constitute the legal basis of all the proposals founded on those Treaties were renumbered in accordance with the table of equivalences mentioned in Article 5 of the Lisbon Treaty.

In addition, some proposals underwent a change to their legal basis going beyond a mere change to their numbering, and this resulted in changes to the type of procedure .

The Lisbon Treaty also introduced new concepts of decision-making procedure . The old "codecision procedure" was extended to new areas and renamed the "ordinary legislative procedure". A new "consent procedure" replaced the old "assent procedure". New interinstitutional procedures were also set up for the adoption of certain non-legislative acts, for example the conclusion of some international agreements.

The ongoing proposals concerned by these changes were formally modified by the Commission in a Communication published on 2 December 2009 ( COM(2009)0665 ).

In the case of the proposal for a Council Decision on a Critical Infrastructure Warning Information Network (CIWIN), the entry into force of the Lisbon Treaty had the following impacts :

· the old legal basis - Treaty/EC/Art. 308, Euratom Article 203– became Article 196 (2) of the TFEU and Euratom Article 203. Please note that the numbering of the old legal basis corresponds to the consolidated version of the Treaty that was applicable immediately before the entry into force of the Lisbon Treaty, and may differ from the references in the original Commission proposal ;

· the proposal, which had previously fallen under the old consultation procedure (CNS), was classified as an ordinary legislative procedure (COD).

The European Parliament adopted by 599 votes to 38, with 35 abstentions, a legislative resolution amending, under the consultation procedure, the proposal for a Council decision on a Critical Infrastructure Warning Information Network (CIWIN).

The main amendments were as follows:

Rapid Alert System: the text is amended so that references to an alert system are deleted. Parliament felt that further analysis and evaluation is needed. The text states that the first evaluation of CIWIN should also include an in-depth analysis of the necessity of adding a new functionality to CIWIN, namely the technical facility of a rapid alert system (RAS). This functionality should enable Member States and the Commission to post alerts on immediate risks and threats to critical infrastructure, taking into account all the necessary security requirements.

Participation: the text is amended in order to render the participation of Member States obligatory. Parliament deletes references to "Participating Member State" and “Participation”.

Functionality and structure : the resolution adds that the technical platform for CIWIN shall be present in at least one secure location in each Member State .

Annex I contains a list of fixed areas, but this does not preclude the inclusion of new areas if the functioning of the system demonstrates that this is necessary.

Role of the Commission : the Commission shall monitor the functioning of the CIWIN system.

Security: a new clause states that in Member States, the exchange of sensitive information uploaded onto CIWIN between authorised users and third parties shall be subject to the prior authorisation of the owner of that information and shall take place in accordance with relevant Community and national law.

Requirements relating to information included in CIWIN : a new article states that for any information or documents uploaded in the system an automatic translation will be possible. The Commission shall, in collaboration with CIP contact points, develop a list of key words for each sector which could be used when uploading or searching for information in CIWIN.

User Guidelines: these will be established in accordance with the advisory procedure.

Report: the Commission, using specially developed indicators for monitoring progress, shall review and evaluate the operation of the CIWIN every 3 years. It will report, inter alia, to the European Parliament, the Committee of Regions and the European Economic and Social Committee, and will, in particular, assess the participation of each Member State in the CIWIN system as well as the possibility of upgrading CIWIN to include a RAS functionality.

Lastly, the date of effect should be the date of publication in the OJ rather than 1 January 2009.

The Committee on Civil Liberties, Justice and Home Affairs adopted the report drawn up by Luca ROMAGNOLI (NI, IT) and amended, under the consultation procedure, the proposal for a Council decision on a Critical Infrastructure Warning Information Network (CIWIN).

The main amendments are as follows:

Rapid Alert System : the text is amended so that references to an alert system are deleted. The report states that although the option for a rapid alert system within CIWIN is to be welcome, further analysis and evaluation is needed in this respect. The first evaluation of CIWIN should also include an in-depth analysis of the necessity of adding a new functionality to CIWIN, namely the technical facility of a rapid alert system (RAS). This functionality should enable Member States and the Commission to post alerts on immediate risks and threats to critical infrastructure, taking into account all the necessary security requirements.

Participation: the text is amended in order to render the participation of Member States obligatory. The committee states that this is in order to fully comply with the legal basis of the proposal, especially in relation to the "necessity" requirement, and with the first branch of the proportionality test (the Community action "must be appropriate for securing the attainment of the objective it pursues").

Functionality and structure : the report adds that the technical platform for CIWIN shall be present in at least one secure location in each Member State .

Annex I contains a list of fixed areas, but this does not preclude the inclusion of new areas if the functioning of the system demonstrates that this is necessary.

Role of the Commission : the Commission shall monitor the functioning of the CIWIN system.

Security : a new clause states that in Member States, the exchange of sensitive information uploaded onto CIWIN between authorised users and third parties shall be subject to the prior authorisation of the owner of that information and shall take place in accordance with relevant Community and national law. The committee notes that while the Commission acknowledges in its impact assessment that sectors of industry will not have direct access to the information contained in CIWIN, it also emphasises that the advantages of such information for the private sector will be limited by their classification and the distribution of relevant information will depend upon the relevant Member States authorities' willingness to distribute it through appropriate national channels. Although it can be expected that the rules on the transmission of information contained in CIWIN to third parties will be clearly specified in the guidelines, a specific provision on how third parties could receive information uploaded onto CIWIN is necessary.

Requirements relating to information included in CIWIN : a new article states that for any information or documents uploaded in the system an automatic translation will be possible. The Commission shall, in collaboration with CIP contact points, develop a list of key words for each sector which could be used when uploading or searching for information in CIWIN.

Report: the Commission will report, inter alia, to the European Parliament, the Committee of Regions and the European Economic and Social Committee, and will, in particular, assess the participation of each Member State in the CIWIN system as well as the possibility of upgrading CIWIN to include a RAS functionality.

Lastly, the date of effect should be the date of publication in the OJ rather than 1 January 2009.

PURPOSE: to establish a critical infrastructure warning information network ( CIWIN ) to strengthen information-sharing on critical infrastructure protection between EU Member States.

PROPOSED ACT: Council Decision.

BACKGROUND: the security and economy of the European Union as well as the well-being of its citizens depend on certain infrastructure and the services they provide: telecommunication and energy networks, financial services and transport systems, health services, and the provision of safe drinking water and food, etc. Any destruction or disruption of infrastructure providing key services, on one hand, and an inappropriate response to this kind of event, on the other, could entail loss of life, loss of property and a collapse of public confidence in the EU. Critical infrastructure in the European Union is currently subjected to a varying puzzle of protective measures and obligations, with no minimum standards being applied horizontally.

In June 2004, the European Council asked the Commission to prepare an overall strategy to protect critical infrastructure which lead to the proposed creation of a European Programme for Critical Infrastructure Protection (EPCIP) (see COM(2006)0786 ). It also adopted conclusions calling on the Commission to set up a Critical Infrastructure Warning Information Network (CIWIN). In December 2006, the Commission proposed a Directive on the identification and designation of European Critical Infrastructure (ECI) (see CNS/2006/0276 ). Together, these documents set out the framework for infrastructure protection in the EU. The CIWIN initiative is part of EPCIP, being concerned more specifically with the information-sharing process between EU Member States and an information technology system to support that process.

CONTENT: the aim of the proposed Decision is to set up a secure information, communication and alert system – Critical Infrastructure Warning Information Network ( CIWIN ) - with the aim of assisting Member States to exchange information on shared threats, vulnerabilities and appropriate measures and strategies to mitigate risks related critical infrastructure protection. Critical Infrastructure shall mean those assets, systems or parts thereof located in Member States which are essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions.

Participation : participation in and use of CIWIN is open to all Member States. The participation to CIWIN shall be conditional upon the signature of a Memorandum of understanding that contains technical and security requirements applicable to CIWIN, and information on the sites to be connected to CIWIN.

Functionalities : the CIWIN shall consist of two main functions:

1) an electronic forum for the CIP related to information exchange which shall be composed of fixed areas and dynamic areas . Fixed areas shall be included in the system on a permanent basis. While their content may be adjusted, the areas may not be removed, renamed or new areas added (Annex I contains a list of fixed areas such as Member State areas, sector areas (chemical industry; energy; financial; food; health; ICT; nuclear fuel-cycle industry; space, transport; and water, etc), CIWIN executive areas,). Dynamic areas shall be created upon demand, and shall serve a specific purpose. Their existence shall be terminated upon fulfilment of their initial purpose (Annex II contains a list of dynamic areas to be created upon the establishment of the CIWIN such as expert working group area, alert areas and special topics area). to focus on specific topics;

2) a rapid alert functionality that shall enable participating Member States and the Commission to post alerts on immediate risks and threats to critical infrastructure.

Respective roles of the Member States and the Commission in the CIWIN :

participating Member States shall designate a CIWIN Executive and notify the Commission thereof. CIWIN Executive shall be responsible for granting or denying access rights to the CIWIN within the relevant Member State. Participating Member States shall provide access to the CIWIN in compliance with the guidelines adopted by the Commission and shall provide and regularly update relevant CIP information of common EU interest;the Commission shall be responsible for the technical development and management of the CIWIN, including the IT structure thereof and the elements for information exchange; laying down guidelines on the terms of use of the system, including confidentiality, transmission, storage, filing and deletion of information. It shall also establish the terms and procedures for granting full or selective access to the CIWIN. It shall appoint the CIWIN Executive, responsible for granting or denying access rights to the CIWIN within the Commission and shall provide and regularly update relevant CIP information of common EU interest.

Level of security : the CIWIN shall be established as a secure classified system, and shall be capable of handling information up to the level of RESTREINT UE. The Commission shall decide on the most appropriate technological platform for CIWIN and users shall meet the technical requirements established by the Commission. The security classification of the CIWIN shall be upgraded as appropriate. Users' rights to access documents shall be on a “need to know” basis and must at all times respect the author’s specific instructions on the protection and distribution of a document.

Member States and the Commission shall take the necessary security measures:

to prevent any unauthorised person from having access to the CIWIN; to guarantee that, when using the CIWIN, authorised persons have access only to data which are within their sphere of competence; to prevent information on the system from being read, copied, modified or erased by unauthorised persons.

Budgetary implication : the costs incurred in connection with the operation, maintenance and central functioning of the CIWIN shall be borne by the Community budget (see the accompanying financial statement). Costs related to users' access to CIWIN within participating Member States shall be borne by participating Member States.

This Decision shall apply as from 1 January 2009. The Commission shall review and evaluate the operation of the CIWIN every 3 years, and shall submit regular reports to the Member States.

PURPOSE: to establish a critical infrastructure warning information network ( CIWIN ) to strengthen information-sharing on critical infrastructure protection between EU Member States.

PROPOSED ACT: Council Decision.

BACKGROUND: the security and economy of the European Union as well as the well-being of its citizens depend on certain infrastructure and the services they provide: telecommunication and energy networks, financial services and transport systems, health services, and the provision of safe drinking water and food, etc. Any destruction or disruption of infrastructure providing key services, on one hand, and an inappropriate response to this kind of event, on the other, could entail loss of life, loss of property and a collapse of public confidence in the EU. Critical infrastructure in the European Union is currently subjected to a varying puzzle of protective measures and obligations, with no minimum standards being applied horizontally.

In June 2004, the European Council asked the Commission to prepare an overall strategy to protect critical infrastructure which lead to the proposed creation of a European Programme for Critical Infrastructure Protection (EPCIP) (see COM(2006)0786 ). It also adopted conclusions calling on the Commission to set up a Critical Infrastructure Warning Information Network (CIWIN). In December 2006, the Commission proposed a Directive on the identification and designation of European Critical Infrastructure (ECI) (see CNS/2006/0276 ). Together, these documents set out the framework for infrastructure protection in the EU. The CIWIN initiative is part of EPCIP, being concerned more specifically with the information-sharing process between EU Member States and an information technology system to support that process.

CONTENT: the aim of the proposed Decision is to set up a secure information, communication and alert system – Critical Infrastructure Warning Information Network ( CIWIN ) - with the aim of assisting Member States to exchange information on shared threats, vulnerabilities and appropriate measures and strategies to mitigate risks related critical infrastructure protection. Critical Infrastructure shall mean those assets, systems or parts thereof located in Member States which are essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions.

Participation : participation in and use of CIWIN is open to all Member States. The participation to CIWIN shall be conditional upon the signature of a Memorandum of understanding that contains technical and security requirements applicable to CIWIN, and information on the sites to be connected to CIWIN.

Functionalities : the CIWIN shall consist of two main functions:

1) an electronic forum for the CIP related to information exchange which shall be composed of fixed areas and dynamic areas . Fixed areas shall be included in the system on a permanent basis. While their content may be adjusted, the areas may not be removed, renamed or new areas added (Annex I contains a list of fixed areas such as Member State areas, sector areas (chemical industry; energy; financial; food; health; ICT; nuclear fuel-cycle industry; space, transport; and water, etc), CIWIN executive areas,). Dynamic areas shall be created upon demand, and shall serve a specific purpose. Their existence shall be terminated upon fulfilment of their initial purpose (Annex II contains a list of dynamic areas to be created upon the establishment of the CIWIN such as expert working group area, alert areas and special topics area). to focus on specific topics;

2) a rapid alert functionality that shall enable participating Member States and the Commission to post alerts on immediate risks and threats to critical infrastructure.

Respective roles of the Member States and the Commission in the CIWIN :

participating Member States shall designate a CIWIN Executive and notify the Commission thereof. CIWIN Executive shall be responsible for granting or denying access rights to the CIWIN within the relevant Member State. Participating Member States shall provide access to the CIWIN in compliance with the guidelines adopted by the Commission and shall provide and regularly update relevant CIP information of common EU interest;the Commission shall be responsible for the technical development and management of the CIWIN, including the IT structure thereof and the elements for information exchange; laying down guidelines on the terms of use of the system, including confidentiality, transmission, storage, filing and deletion of information. It shall also establish the terms and procedures for granting full or selective access to the CIWIN. It shall appoint the CIWIN Executive, responsible for granting or denying access rights to the CIWIN within the Commission and shall provide and regularly update relevant CIP information of common EU interest.

Level of security : the CIWIN shall be established as a secure classified system, and shall be capable of handling information up to the level of RESTREINT UE. The Commission shall decide on the most appropriate technological platform for CIWIN and users shall meet the technical requirements established by the Commission. The security classification of the CIWIN shall be upgraded as appropriate. Users' rights to access documents shall be on a “need to know” basis and must at all times respect the author’s specific instructions on the protection and distribution of a document.

Member States and the Commission shall take the necessary security measures:

to prevent any unauthorised person from having access to the CIWIN; to guarantee that, when using the CIWIN, authorised persons have access only to data which are within their sphere of competence; to prevent information on the system from being read, copied, modified or erased by unauthorised persons.

Budgetary implication : the costs incurred in connection with the operation, maintenance and central functioning of the CIWIN shall be borne by the Community budget (see the accompanying financial statement). Costs related to users' access to CIWIN within participating Member States shall be borne by participating Member States.

This Decision shall apply as from 1 January 2009. The Commission shall review and evaluate the operation of the CIWIN every 3 years, and shall submit regular reports to the Member States.