Agreement between the European Union and the United States on the security of classified information

This Agreement is intended to strengthen the security of the United States and the European Union (EU) and the safety of their citizens. The two parties undertake to develop mutual cooperation via the exchange of classified information and multiple protection mechanisms to ensure the required degree of security.

ACT

Council Decision 2007/274/JHA of 23 April 2007 concerning the conclusion of the Agreement between the European Union and the Government of the United States of America on the security of classified information.

SUMMARY

The United States and the EU agree to develop their cooperation on questions of common interest concerning security and the exchange of classified information. They recognise that effective cooperation requires access to this type of material, and that this type of exchange requires appropriate security measures.

Classified information, which may be in oral, visual, electronic or documentary form, or in the form of material, including equipment and technology, is defined as information:

• the unauthorised disclosure of which could damage or harm the interests of the parties;
• which needs to be protected against unauthorised disclosure in the security interests of the EU and the United States;
• which bears a security classification assigned by one of the parties.

All classified information must be marked with the name of the releasing party and the type of classification. For the United States, the classifications are: "top secret", "secret" and "confidential". For the EU, the classifications are: "très secret UE/EU top secret", "secret UE", "confidentiel UE" and "restreint UE".

Protection of classified information

The two parties are required to:

• have equivalent high-level security systems;
• provide one another with information about their security standards, procedures and practices;
• afford a high level of protection to information received and released.

The recipient:

• cannot use the information for any other purpose than the one for which it was provided without the prior agreement of the releasing party;
• cannot further release or disclose classified information received;
• must comply with any limitations on the release of classified information specified by the releasing party;
• must protect the rights of the originator of the classified information, as well as intellectual property rights (e.g. patents, copyright and trade secrets).

Personnel security clearances

Access to classified information is reserved to authorised persons and those whose official duties may require it. The parties will take care that all persons are security-cleared before being given access, and that these persons are aware of their responsibilities.

Security clearance is based on all available information on the individual's loyalty, integrity and trustworthiness, as determined by an appropriate investigation.

Transfer rules

The releasing party ensures that classified information is adequately protected until it reaches the intended recipient. Once in his possession, he is responsible for seeing that it is properly protected.

For the EU, classified information in written form is sent to the Chief Registry Officer of the Council of the European Union, who forwards it to the Member States and the European Commission. As regards the United States, classified information in written form is sent via the Mission of the United States of America to the European Union.

The electronic transmission of classified information is encrypted in accordance with the releasing party's requirements. These requirements must be met when transmitting, storing and processing this information.

Security and technical security arrangement

Each party ensures the security of facilities and establishments where classified information is kept. The releasing party can inspect and verify the security arrangements of the other party's facilities. The host party must assist visiting security representatives in their task. Before any exchange of classified information is made, the authorities responsible for security will decide whether the recipient is able to ensure its security.

Information may be provided to a contractor with the prior written consent of the releasing party. The recipient party will ensure that the contractor has the capability to protect the information.

A technical security arrangement is established to lay down standards for reciprocal security protection of classified information. The authorities responsible for developing this technical security arrangement are:

• the US Department of State;
• the Security Office of the General Secretariat of the Council (EU);
• the European Commission Security Directorate (for the EU, the arrangement is subject to the approval of the Council Security Committee).

Particular cases

Classified information should be downgraded or declassified once it no longer needs protection. The releasing party can downgrade or declassify its own information at its own discretion. The recipient cannot downgrade or declassify information received without the prior written consent of the releasing party.

The releasing party must be informed immediately of any loss or compromise of its classified information. The recipient party investigates the matter and informs the other party of the results.

Last updated: 11.01.2012