Commission Regulation (EC) No 792/2009 of 31 August 2009 laying down detailed rules for the Member States' notification to the Commission of information and documents in implementation of the common organisation of the markets, the direct payments' regime, the promotion of agricultural products and the regimes applicable to the outermost regions and the smaller Aegean islands
OJ L 228, 1.9.2009, p. 3–6 (BG, ES, CS, DA, DE, ET, EL, EN, FR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
BG CS DA DE EL EN ES ET FI FR HU IT LT LV MT NL PL PT RO SK SL SV
|Bilingual display: BG CS DA DE EL EN ES ET FI FR HU IT LT LV MT NL PL PT RO SK SL SV|
Commission Regulation (EC) No 792/2009
of 31 August 2009
laying down detailed rules for the Member States' notification to the Commission of information and documents in implementation of the common organisation of the markets, the direct payments' regime, the promotion of agricultural products and the regimes applicable to the outermost regions and the smaller Aegean islands
THE COMMISSION OF THE EUROPEAN COMMUNITIES,
Having regard to the Treaty establishing the European Community,
Having regard to Council Regulation (EC) No 247/2006 of 30 January 2006 laying down specific measures for agriculture in the outermost regions of the Union , and in particular Article 25 thereof,
Having regard to Council Regulation (EC) No 1405/2006 of 18 September 2006 laying down specific measures for agriculture in favour of the smaller Aegean islands and amending Regulation (EC) No 1782/2003  and in particular Article 14 thereof,
Having regard to Council Regulation (EC) No 1234/2007 of 22 October 2007 establishing a common organisation of agricultural markets and on specific provisions for certain agricultural products (Single CMO Regulation) , and in particular Article 192(2) in conjunction with Article 4 thereof,
Having regard to Council Regulation (EC) No 3/2008 of 17 December 2007 on information provision and promotion measures for agricultural products on the internal market and in third countries , and in particular Article 15 thereof,
Having regard to Council Regulation (EC) No 73/2009 of 19 January 2009 establishing common rules for direct support schemes for farmers under the common agricultural policy and establishing certain support schemes for farmers, amending Regulations (EC) No 1290/2005, (EC) No 247/2006, (EC) No 378/2007 and repealing Regulation (EC) No 1782/2003 , and in particular Article 142 (q) thereof,
(1) Due to the generalised use of new information and communication technologies by the Commission and the Member States — in particular with the competent national authorities responsible for implementing the common agricultural policy (CAP) — the documents held by the Commission and the Member States are increasingly in electronic or digitised form.
(2) The Commission has intensified its efforts to develop computer systems that make it possible to manage documents and procedures electronically in its own internal working procedures and in its relations with the authorities involved in the CAP. In parallel, Member States have developed computer systems at national level to meet the requirements of shared management of the CAP.
(3) In this context and given the need to ensure uniform and harmonised management of the CAP by all those involved, a legal framework should be established and provide for common rules applicable to the information systems set up for the purpose of notifying information and documents to the Commission from the Member States and the authorities or bodies designated by them under the CAP.
(4) For these objectives to be achieved effectively, the scope of this legal framework should be defined, both in terms of the legislation and the actors concerned.
(5) With regard to the legislation, Regulations (EC) No 247/2006, (EC) No 1405/2006, (EC) No 1234/2007, (EC) No 3/2008 and (EC) No 73/2009 and their implementing provisions (hereafter CAP Regulations) lay down a wide range of obligations for the Member States to notify to the Commission information and documents needed for the implementation of those Regulations. Therefore, they should be taken into account in accordance with their own specific features.
(6) As regards the actors involved, the rights and obligations laid down by the CAP Regulations, both for the Commission and for Member States and their competent authorities and bodies, require precise identification of the individuals and authorities responsible for actions and measures taken.
(7) The CAP Regulations generally provide that information should be transmitted electronically or by means of an information system but do not necessarily specify the principles that apply. To ensure consistency and sound management and simplify the procedures for users and the authorities responsible for the systems, it is therefore desirable to establish common principles applicable to all information systems set up.
(8) For documents to be recognised as valid for the Commission's purposes and in the Member States, it should be possible to guarantee the authenticity, integrity and legibility over time of the documents and the associated metadata throughout the period for which they are required to be kept.
(9) With a view to providing that guarantee, the authorities or individuals authorised to send communications should always be identified in the information systems set up, based on the powers allocated to them. The identification process must be under the responsibility of the competent authorities referred to in each of the CAP Regulations. However, in the interests of sound management, it should be left to the Member States and the Commission to determine the conditions for designating authorised individuals, providing for designation through a single liaison body. Furthermore, the conditions for granting access rights to information systems set up by the Commission should be determined.
(10) Given the wide range of notification obligations addressed under the scope of this Regulation, the information systems will be progressively made available to the competent authorities of the Member States. The obligation to notify through those information systems should be applicable when the corresponding provisions of the CAP Regulations provide for the application of this Regulation.
(11) Documents must be managed in accordance with the personal data protection rules. To that end, the general rules laid down by Community legislation, notably Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data , Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) , Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents  and Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data , should apply.
(12) The measures provided for in this Regulation are in accordance with the opinion of the Management Committee for Direct Payments and the Management Committee for the Common Organisation of Agricultural Markets,
HAS ADOPTED THIS REGULATION:
SCOPE AND DEFINITIONS
Subject matter and scope
This Regulation lays down rules applicable to the notification, through information systems, of information and documents (hereinafter documents) as required to meet communication obligations by the Member States to the Commission, pursuant to:
- Regulation (EC) No 247/2006 and its implementing rules,
- Regulation (EC) No 1405/2006 and its implementing rules,
- Regulation (EC) No 1234/2007 and its implementing rules,
- Regulation (EC) No 3/2008 and its implementing rules,
- Regulation (EC) No 73/2009 and its implementing rules,
For the purposes of this Regulation:
(a) "notification obligation" means the obligation to submit documents from the Member States to the Commission, provided for in the Community legislation referred to in Article 1;
(b) "competent authorities" means the authorities or bodies designated by the Member States as responsible for fulfilling the notification obligation;
(c) "authority responsible for the information systems" means the authority, department, body or person that is responsible in the Commission for validating and using the system and is identified as such in that system;
(d) "metadata" means the data describing the context, contents and structure of documents and their management over time.
COMMISSION INFORMATION SYSTEMS, ACCESS RIGHTS AND AUTHENTICITY OF DOCUMENTS
Commission information systems
To fulfil the notification obligation, documents shall be notified to the Commission by means of the information systems made available to the competent authorities, hereinafter referred to as "information systems", as from the date that the corresponding notification obligation provides for the obligation to use those systems in accordance with this Regulation.
Access rights and single liaison body
1. Granting access rights and certifying the identity of those authorised to access the information systems (hereinafter users) shall be the responsibility of the competent authorities of the Member States.
2. As regards access to the systems, each Member State shall:
(a) designate a single liaison body responsible for:
(i) validating, for each system, the access rights granted and updated by the competent authorities and the certified identity of the users authorised to have an access to the systems;
(ii) notifying the Commission of the competent authorities and users authorised to access the systems;
(b) inform the Commission of the identity and contact details of the liaison body it has designated.
After access rights have been validated, they shall be activated by the authority responsible for the information systems.
Establishment and notification of documents
1. The documents shall be set up and notified in accordance with the procedures established by the information systems, using models or methods made available to users through those information systems, under the responsibility of the competent authority of the Member State and in accordance with the access rights granted by the authorities in question. Those models and methods shall be amended and made available after an information has been given to the users of the related system.
2. In cases of force majeure or exceptional circumstances, and in particular of malfunctioning of the information system or a lack of a lasting connection, the Member State may submit the documents to the Commission in hard copy or by other appropriate electronic means. Such submission of hard copies or by other electronic means shall require motivated prior notice sent to the Commission in due time before the notification deadline.
Authenticity of documents
The authenticity of a document notified or held using an information system in conformity with this Regulation is recognised if the person who sent the document is duly identified and if the document has been set up and notified in compliance with this Regulation.
INTEGRITY AND LEGIBILITY OVER TIME AND PROTECTION OF PERSONAL DATA
Integrity and legibility over time
Information systems shall protect the integrity of the documents notified and held.
In particular, they shall offer the following guarantees:
(a) they shall allow each user to be unequivocally identified and shall incorporate effective control measures of access rights in order to protect against illegal, malicious or unauthorised access, deletion, alteration or movement of documents, files, metadata and stages of the procedure;
(b) they shall be equipped with physical protection systems against intrusions and environmental incidents and software protection against cyber attacks;
(c) they shall prevent, by various means, any unauthorised changes and incorporate integrity mechanisms to check if a document has been altered over time;
(d) they shall keep an audit trail for each essential stage of the procedure;
(e) they shall safeguard stored data in an environment which is secure in both physical and software terms, in accordance with point (b);
(f) they shall provide reliable format conversion and migration procedures in order to guarantee that documents are legible and accessible throughout the entire storage period required;
(g) they shall have sufficiently detailed and up-to-date functional and technical documentation on the operation and characteristics of the system, that documentation being accessible at all times to the organisational entities responsible for the functional and/or technical specifications.
Protection of personal data
The provisions of this Regulation shall apply without prejudice to Regulations (EC) No 45/2001 and (EC) No 1049/2001, Directives 95/46/EC and 2002/58/EC and the provisions adopted pursuant to them.
Entry into force
This Regulation shall enter into force on the seventh day following its publication in the Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, 31 August 2009.
For the Commission
Mariann Fischer Boel
Member of the Commission
 OJ L 42, 14.2.2006, p. 1.
 OJ L 265, 26.9.2006, p. 1.
 OJ L 299, 16.11.2007, p. 1.
 OJ L 3, 5.1.2008, p. 1.
 OJ L 30, 31.1.2009, p. 16.
 OJ L 281, 23.11.1995, p. 31.
 OJ L 201, 31.7.2002, p. 37.
 OJ L 145, 31.5.2001, p. 43.
 OJ L 8, 12.1.2001, p. 1.