In response to the ongoing security situation
in Europe, a series of regulatory developments has occurred in the EU: the EU
Council reached an informal with the EU Parliament on the content of a proposed cybersecurity Directive, which
includes aviation; the European Commission presented a proposal for Directive on terrorism, which includes travelling
abroad for terrorist purposes; the European Council approved a legislative proposal for a Directive on an EU-wide Passenger
Name Records (PNR) system.
Concerning cybersecurity, the EU Council has reached
an informal agreement with the European Parliament on a Directive proposal for common
rules to strengthen Network and Information Security across the EU. The proposed
Directive will set out cybersecurity obligations for operators of essential
services and digital service providers. These operators will be required to
take measures to manage cyber risks and report major security incidents. The “essential
services” are services provided in listed critical sectors, such as energy,
transport, finance and health. Each EU country will be required to designate
one or more national authorities and set out a strategy to deal with cyber
matters. Furthermore, EU Member states will enhance their cooperation on
cybersecurity: an EU-level cooperation group will be created to support
strategic cooperation and exchange of best practices among member states, while
a network of national computer security incident response teams will be set up
to promote operational cooperation. However, in order for the Directive proposal
to become binding, formal adoption by both the EU Council and the EU Parliament
is required. Click here
for more.
The proposed
Directive on terrorism aims at closing criminal-enforcement gaps in the EU
legal framework. It provides for common definitions of terrorist offences and
incorporates into EU law international anti-terrorism instruments, like the UN Security
Council Resolution 2178(2014) on Foreign Terrorist Fighters, the Additional
Protocol to the Council of Europe Convention on the Prevention of terrorism
and the Financial
Action Task Force Recommendations on terrorist financing. The proposed
Directive criminalizes:
- travelling for terrorist purposes, both within and outside the EU;
- funding, organizing and facilitating travels;
- receiving training for terrorist purposes;
- providing funds to commit terrorist offences and offences related to terrorist groups or terrorist activities.
The proposed Directive was announced
alongside the EU
Action Plan against firearms illicit trafficking and the use of explosives
and is part of the European
Agenda for Security 2015-2020. See more here.
As to PNRs, the European Parliament's civil
liberties committee has approved a preliminary deal between the EU Council and
the EU Parliament on EU PNR. The proposed Directive covers flights between the
EU and third countries, but Member States may extend its scope to selected
intra-EU flights. The Directive applies to air carriers, yet Member States are
free to extend, through national legislation, its provisions to other economic
operators, such as travel agencies and tour operators. The PNR will be reported
to the Member States only for the purposes of prevention, detection,
investigation and prosecution of terrorist offences and serious crime. The
Directive includes a list of relative offences, e.g. participation in a
criminal organization, cybercrime, child pornography and trafficking in weapons.
EU Member States will retain the data for five years, but will anonymize (mask
out) them after the first six months. Rules on monitoring and implementation of
data processing are also foreseen. You can find more here.
Overall, the recent terrorist attacks in
Paris have accelerated legislative procedures in the EU on security issues, but
the implementation of concrete measures has still a long way to go.
No comments:
Post a Comment