Other available languages: none
Brussels, 10 February 2003
Creation of a European Network and Information Security Agency - Frequent Questions and Answers
Why an agency?
The European Parliament, the Council, and the Commission are advocating closer European co-ordination on information security. The setting up of an entity with a legal personality is the most efficient way to achieve this objective.
The proposal presented here today reflects a number of concerns that were expressed during the consultation with the Member States. Corresponding concerns were also addressed in contributions from the private sector and can be summarised as requiring flexibility, trustworthiness, competence, efficiency and consistency of the proposed Agency.
The Agency's work will benefit from scientific support through research activities carried out by the Joint Research Centre and other Community research programmes.
Who will be in charge? What kind of organisational model for the agency?
The Agency will be managed by an Executive Director who possesses a high degree of independence and expertise. His or her recruitment will be based on an open call for expression of interest, followed by the normal institutional procedures. The Executive Director will be responsible for the preparation and implementation of the work programme and of the budget of the Agency and for personnel matters.
The organisational structure should facilitate the involvement of the Agency's diverse stakeholders, independence from external pressures, transparency and accountability to the democratic institutions. There will be a Management Board consisting of members appointed by the Council and the Commission. It is further proposed that there will be representatives of industry and consumers.
The Executive Director will be assisted by an Advisory Board comprising experts which will facilitate co-operation and information exchange between the Agency and the competent institutions and bodies in the different Member States. The Advisory Board will have advisory functions and be responsible together with the Executive Director for drafting the annual work programme of the Agency.
The Agency shall have the broadest legal personality in every Member State and will benefit from the same privileges and immunities as set out in the Protocol on the Privileges and Immunities of the European Communities.
Security deals with sensitive information how will this be handled?
The Agency will adopt its rules regarding transparency and access to documents in compliance with the decisions of the European Parliament and the Council in the context of Article 255 of the EC Treaty and with the Commission Security Provisions.
Although a high level of transparency is necessary for the acceptance of the work of the Agency as well as a wide access to the documents it issues, it will also collect information which needs to be kept confidential for protection of personal data or business secret reasons. Therefore confidential exchange of information systems will be put in place.
What will be the budgetary implications?
A budget of 24,300 M € is foreseen for a period of 5 years for a Europe with 15 Member States
For the possible 10 new entrants another 9 M € is foreseen.
The budget of the Agency will be financed by a contribution from the Community with possible contributions from participating third countries participating in the Agency's work.
Naturally this envelope remains subject to modifications during the adoption negotiations of the Agency by the Budgetary Authorities (European Parliament and Council).
The Agency is scheduled to start its operations in January 2004.
For preparatory work there is a budget provided through the Modinis programme. Under this programme one of the main actions is "improvement of Network and Information Security".
Additional preparatory work will be conducted in the framework of the eEurope 2005 Action Plan, through, inter alia, financing surveys, studies, workshops on subjects such as security mechanisms and their interoperability, network reliability and protection, advanced cryptography, privacy and security in wireless communications."
Is participation of third countries possible?
Yes, the Agency will be open to participation by third countries, on condition that they have entered into agreements with the European Community whereby they have adopted and are applying the Community law in the field covered by this regulation.
Who will work at the Agency? And how many people?
The Agency will need highly specialised and qualified staff to handle the scheduled tasks. We are aware that professionals with corresponding profiles are currently scarce in Europe, so it will be a challenge. The Agency shall recruit both from the public sector and the private sector.
The staff will comprise +/- 30 people, when fully operational with 15 Member States. It will grow accordingly when new entrants are joining.