Friday, 11 December 2015

Aviation security: Recent regulatory developments in the EU

In response to the ongoing security situation in Europe, a series of regulatory developments has occurred in the EU: the EU Council reached an informal with the EU Parliament on the content of a proposed cybersecurity Directive, which includes aviation; the European Commission presented a proposal for Directive on terrorism, which includes travelling abroad for terrorist purposes; the European Council approved a legislative proposal for a Directive on an EU-wide Passenger Name Records (PNR) system.

Concerning cybersecurity, the EU Council has reached an informal agreement with the European Parliament on a Directive proposal for common rules to strengthen Network and Information Security across the EU. The proposed Directive will set out cybersecurity obligations for operators of essential services and digital service providers. These operators will be required to take measures to manage cyber risks and report major security incidents. The “essential services” are services provided in listed critical sectors, such as energy, transport, finance and health. Each EU country will be required to designate one or more national authorities and set out a strategy to deal with cyber matters. Furthermore, EU Member states will enhance their cooperation on cybersecurity: an EU-level cooperation group will be created to support strategic cooperation and exchange of best practices among member states, while a network of national computer security incident response teams will be set up to promote operational cooperation. However, in order for the Directive proposal to become binding, formal adoption by both the EU Council and the EU Parliament is required. Click here for more.

The proposed Directive on terrorism aims at closing criminal-enforcement gaps in the EU legal framework. It provides for common definitions of terrorist offences and incorporates into EU law international anti-terrorism instruments, like the UN Security Council Resolution 2178(2014) on Foreign Terrorist Fighters, the Additional Protocol to the Council of Europe Convention on the Prevention of terrorism and the Financial Action Task Force Recommendations on terrorist financing. The proposed Directive criminalizes:

  •  travelling for terrorist purposes, both within and outside the EU;
  • funding, organizing and facilitating travels;
  • receiving training for terrorist purposes;
  • providing funds to commit terrorist offences and offences related to terrorist groups or terrorist activities.
The proposed Directive was announced alongside the EU Action Plan against firearms illicit trafficking and the use of explosives and is part of the European Agenda for Security 2015-2020. See more here.

As to PNRs, the European Parliament's civil liberties committee has approved a preliminary deal between the EU Council and the EU Parliament on EU PNR. The proposed Directive covers flights between the EU and third countries, but Member States may extend its scope to selected intra-EU flights. The Directive applies to air carriers, yet Member States are free to extend, through national legislation, its provisions to other economic operators, such as travel agencies and tour operators. The PNR will be reported to the Member States only for the purposes of prevention, detection, investigation and prosecution of terrorist offences and serious crime. The Directive includes a list of relative offences, e.g. participation in a criminal organization, cybercrime, child pornography and trafficking in weapons. EU Member States will retain the data for five years, but will anonymize (mask out) them after the first six months. Rules on monitoring and implementation of data processing are also foreseen. You can find more here.

Overall, the recent terrorist attacks in Paris have accelerated legislative procedures in the EU on security issues, but the implementation of concrete measures has still a long way to go.

No comments:

Post a Comment