COMMISSION IMPLEMENTING DECISION (EU) 2017/179
of 1 February 2017
laying down procedural arrangements necessary for the functioning of the Cooperation Group pursuant to Article 11(5) of the Directive (EU) 2016/1148 of the European Parliament and of the Council concerning measures for a high common level of security of network and information systems across the Union
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union(1), and in particular Article 11(5) thereof,
Whereas:
(1) Strategic cooperation between Member States and sharing of information, experience and best practice relating to the security of network and information systems is essential for effectively responding to the challenges of incidents and risks related to the security of those systems across the Union.
(2) In order to support and facilitate strategic cooperation and the exchange of information among Member States and to develop trust and confidence amongst them, Article 11 of Directive (EU) 2016/1148, establishes a Cooperation Group, composed of representatives of the Member States, the Commission and the European Union Agency for Network and Information Security
(3) Under Article 11 of Directive (EU) 2016/1148 the Cooperation Group is required to carry out its tasks on the basis of biennial work programmes, the first of which must be established by 9 February 2018. Among its tasks, the Cooperation Group is to provide strategic guidance for the activities of the Computer Security Incident Response Teams network, exchange information and best practice, discussing capabilities and preparedness of the Member States. The Cooperation Group is also required to prepare by 9 August 2018 and every year and half thereafter, a report assessing the experience gained with the strategic cooperation pursued under this Article.
(4) Pursuant to Article 24(2) of Directive (EU) 2016/1148 for the period from 9 February 2017 to 9 November 2018 and for the purposes of supporting Member States in taking a consistent approach in the identification of operators of essential services, the Cooperation Group is to discuss the process, substance and type of national measures allowing for the identification of operators of essential services within a specific sector. The Cooperation Group is also to discuss, at the request of a Member State, specific draft national measures of that Member State regarding the identification of operators of essential services within a specific sector.
(5) Under Article 14(7) of Directive (EU) 2016/1148 competent authorities acting together within the Cooperation Group may develop and adopt guidelines concerning the circumstances in which operators of essential services are required to notify incidents, including on the parameters to determine the significance of the impact of an incident.
(6) Pursuant to Article 11(2) of Directive (EU) 2016/1148 the Commission is to provide the secretariat of the Cooperation Group. The Commission should also provide secretarial support for sub-groups created in accordance with this decision.
(7) The Cooperation Group should be chaired by a representative of a Member State holding the Presidency of the Council of the European Union. The Chair should be assisted in the performance of his duties by representatives of the Member States holding the previous and the following Presidency of the Council of the Union. The Chair may specify in relation to which duties such assistance may be needed. In case a Member State holding the Presidency of the Council would refrain from chairing the Group, a substitute chair should be elected by a two-third majority of the members of the Group.
(8) The work of the Chair should be governed by the principles of inclusiveness, engagement, respect for diversity and consensus building. In particular, the Chair of the Cooperation group should facilitate the engagement of all members, allowing for diverse views and positions to be expressed and endeavour to find solutions which command the widest possible support within the Cooperation Group.
(9) Pursuant to Article 11(2) of Directive (EU) 2016/1148, the Cooperation Group may, where appropriate, invite representatives of relevant stakeholders to attend the meetings of the group. In order to ensure that acceding countries comply with the requirements of Directive (EU) 2016/1148 from the day of accession, it is appropriate that representatives of such countries are invited to attend the meetings of the Cooperation Group as from the date of signature of the Treaty of accession. The decision to invite representatives of relevant stakeholders or experts to attend a meeting or a particular part of a meeting of the Cooperation Group should be taken by the Chair, unless by a simple majority of the component members, the Group would oppose the participation of the representative or expert concerned in the meeting or in part of it.
(10) Pursuant to Article 13 of Directive (EU) 2016/1148 the Union may conclude international agreements in accordance with Article 218 TFEU with third countries and international organisations that will allow and organise their participation in some activities of the Cooperation Group.
(11) In the interest of efficiency, the Cooperation Group should have the possibility to create sub-groups.
(12) In the interest of simplification, the Cooperation Group should adopt more detailed rules of procedure, relating, inter alia, to modalities of distribution of documentation, the written procedure or the drawing up of summary minutes of meetings.
(13) In principle, the discussions of the Group should not be open to the public as their disclosure could have negative implications for trust and confidence building between the members, in view of the fact that matters discussed often concern public security. The Group however may decide with the agreement of the Chair to open up its discussion for certain matters to the public and also to facilitate public disclosure of appropriate documentation.
(14) With a view to ensuring the smooth functioning of the Group from the day referred to in Article 24(1) of Directive (EU) 2016/1148, this decision should enter into force on the day following that of its publication in the
Official Journal of the European Union
.
(15) The measures provided for in this Decision are in accordance with the opinion of the Network and Information Systems Security Committee established by Article 22 of Directive (EU) 2016/1148,
HAS ADOPTED THIS DECISION:
Article 1
Objective
This Decision lays down the procedural arrangements necessary for the functioning of the Cooperation Group (the ‘Group’) established by Article 11 of Directive (EU) 2016/1148.
Article 2
Chair of the Group
1. The Group shall be chaired by a representative of the Member State holding the Presidency of the Council of the European Union. The Chair shall be assisted in the performance of his duties by representatives of the Member States holding the previous and the following Presidency of the Council of the Union.
2. By way of derogation from paragraph 1 and following a request from a representative of the Member State holding the Presidency of the Council of the European Union, in case that Member State would refrain from chairing the Group, the Group may decide by a two-third majority of its component members to elect a substitute chair among the Member States until the next Chair will succeed according to paragraph 1.
Article 3
Convening a meeting
1. Meetings of the Group shall be convened by the chair, either on its own initiative, or at the request of a simple majority of members. The chair shall provide an indicative schedule of the meetings during his term while taking into account the Work Programme of the Group.
2. Meetings of the Group shall, in principle, be held on Commission premises.
Article 4
Working methods
The Group shall conduct its work as a combination of meetings in physical or virtual form and written procedure.
Article 5
Agenda
1. The Chair, assisted by the secretariat, shall draw up the agenda and shall send it to the members of the Group.
2. The agenda shall be adopted by the Group at the start of the meeting.
Article 6
Voting rules and positions expressed by the members of the Group
1. The decisions of the Group shall be taken by consensus, unless otherwise provided for in this Decision.
2. If a vote is taken, the members that have voted against or abstained shall have the right to have a summary of the reasons for their position annexed to the document submitted to the vote.
3. The Group shall adopt its work programme by a two-third majority of its component members.
Article 7
Third parties and experts
1. Representatives of acceding countries shall be invited to attend the meetings of the Group as from the date of signature of the Treaty of accession.
2. The chair may decide to invite representatives of relevant stakeholders or experts to participate in a meeting or in a particular part of a meeting of the Group, on his/her own initiative or at the request of a member of the Group. However, a simple majority of the component members of the Group may oppose such participation.
3. Representatives of third parties, relevant stakeholders and experts referred to in paragraphs 1 and 2 shall not be present at and shall not participate in voting of the Group.
Article 8
Creation of sub-groups
1. The Group may setup sub-groups to examine specific questions related to its work.
2. The Group shall define the terms of reference of the sub-groups. A sub-group shall report to the Group and shall cease to exist once it has fulfilled its mandate.
3. The Commission shall provide secretarial support to any sub-groups referred to in paragraph 1.
4. The rules on access to documents and confidentiality referred to in Article 10, the rules on protection of personal data referred to in Article 11 and the rules on meeting expenses referred to in Article 12 shall apply to sub-groups.
Article 9
Rules of procedures
1. The group shall adopt, by a two-third majority of its component members, its rules of procedure.
2. The Chair may propose following a request from a member of the Group or on his own initiative, amendments to the rules of procedure.
Article 10
Access to documents and confidentiality
1. Requests addressed to the Group for access to the documents concerning its activities shall be handled by the Commission in accordance with Regulation (EC) No 1049/2001 of the European Parliament and of the Council(2).
2. The Group's discussions shall not be open to the public. In agreement with the Chair, the Group may decide, for certain subject matters to open up its discussions to the public.
3. Documents submitted to members of the Group, representatives of third parties and experts shall not be disclosed to the public, unless access is granted to those documents pursuant to paragraph 1 or they are otherwise made public by the Commission.
4. The Commission's rule on security regarding the protection of Union classified information laid down in Commission Decisions (EU, Euratom) 2015/443(3) and (EU, Euratom) 2015/444(4) shall apply to any such information received, created or handled by the Group. Information handled by the Group which is covered by an obligation of professional secrecy, shall be duly protected.
5. Members of the Group as well as representatives of third parties and experts shall be required to respect the confidentiality obligations set out in this Article. The chair shall ensure that representatives of third parties and experts are made aware of the confidentiality requirements imposed upon them.
Article 11
Protection of personal data
The processing of personal data by the Group shall be in conformity with Regulation (EC) No 45/2001 of the European Parliament and of the Council(5).
Article 12
Meeting expenses
1. The Commission shall not remunerate those involved in the activities of the Group for their services.
2. Travel expenses incurred by participants in the meetings of the Group may be reimbursed by the Commission. Reimbursement shall be made in accordance with the provisions in force within the Commission and the limits of the available appropriations allocated to the Commission services under the annual procedure for the allocation of resources.
Article 13
Entry into force
This Decision shall enter into force on the day following that of its publication in the
Official Journal of the European Union
.
Done at Brussels, 1 February 2017.
For the Commission
The President
Jean-Claude JUNCKER
(1)
OJ L 194, 19.7.2016, p. 1
.
(2) Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (
OJ L 145, 31.5.2001, p. 43
).
(3) Commission Decision (EU, Euratom) 2015/443 of 13 March 2015 on Security in the Commission (
OJ L 72, 17.3.2015, p. 41
).
(4) Commission Decision (EU, Euratom) 2015/444 of 13 March 2015 on the security rules for protecting EU classified information (
OJ L 72, 17.3.2015, p. 53
).
(5) Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (
OJ L 8, 12.1.2001, p. 1
).
Feedback