32003D2256

Decision No 2256/2003/EC of the European Parliament and of the Council

of 17 November 2003

adopting a multiannual programme (2003-2005) for the monitoring of the eEurope 2005 action plan, dissemination of good practices and the improvement of network and information security (MODINIS)

(Text with EEA relevance)

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty establishing the European Community, and in particular Article 157(3) thereof,

Having regard to the proposal from the Commission(1),

Having regard to the opinion of the European Economic and Social Committee(2),

Having regard to the opinion of the Committee of the Regions(3),

Acting in accordance with the procedure set out in Article 251 of the Treaty(4),

Whereas:

(1) On 23 and 24 March 2000 the Lisbon European Council set the objective of making the European Union the most competitive and dynamic knowledge-based economy in the world and stated the need to use an open method for the coordination of measurement of progress.

(2) On 19 and 20 June 2000, the Feira European Council endorsed the eEurope 2002 action plan and especially underlined the necessity to prepare longer-term perspectives for the knowledge-based economy encouraging the access of all citizens to the new technologies and on 30 November 2000 the Internal Market Council defined a list of 23 indicators to measure progress of the eEurope 2002 action plan.

(3) On 28 May 2002, the Commission published a communication addressed to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions entitled "eEurope 2005: An information society for all", and the Seville European Council endorsed the general objectives of the action plan on 21 and 22 June 2002.

(4) On 22 January 2001, the Commission published a communication addressed to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions entitled "Creating a safer information society by improving the security of information infrastructures and combating computer-related crime".

(5) The conclusions of the Stockholm European Council of 23 and 24 March 2001 contained a request that the Council, together with the Commission, develop a comprehensive strategy on the security of electronic networks including practical implementing action. The communication on "Network and information security: Proposal for a European policy approach" of 6 June 2001 was the initial Commission response to this request.

(6) The Council resolution of 30 May 2001 on the eEurope action plan: Information and network security, the Council resolution of 28 January 2002 on a common approach and specific actions in the area of network and information security(5), the Council resolution of 18 February 2003 on a European approach towards a culture of network and information security(6) and the European Parliament resolution of 22 October 2002 on network and information security: proposal for a European policy called upon Member States to launch specific actions to enhance the security of electronic communication networks and information systems. The European Parliament and the Council further welcomed the Commission's intentions to develop, inter alia, a strategy for a more stable and secure operation of the Internet infrastructure and to make a proposal for the establishment of the future structure at European level for network and information security issues.

(7) The eEurope 2005 action plan, confirmed in this respect by the Council resolution of 18 February 2003, proposes, inter alia, the establishment of the future structure at European level for network and information security issues.

(8) The move towards the information society can, by introducing new forms of economic, political and social relations, help the European Union to cope with the challenges of this century, and can contribute to growth, competitiveness and job creation. The information society gradually reorganises the nature of economic and social activity and has important cross-sectorial effects in hitherto independent areas of activity. The measures necessary for its implementation should take into account the economic and social cohesion of the Community and the risks associated with a digital exclusion as well as the efficient functioning of the internal market. The actions of the European Union and of the Member States in relation to the information society aim to promote further the participation of disadvantaged groups in the information society.

(9) There is a need for the establishment of mechanisms for monitoring and for the exchange of experiences which will enable Member States to compare and analyse performances and review progress in relation to the eEurope 2005 action plan.

(10) Benchmarking allows Member States to assess whether the national initiatives that they have taken in the framework of the eEurope 2005 action plan are producing results that can be compared with those in other Member States, as well as internationally, and are fully exploiting the potential of the technologies.

(11) Action by Member States in the framework of the eEurope 2005 action plan can be further supported by disseminating good practices. The European added value in the area of benchmarking and good practices consists of the comparative evaluation of results of alternative decisions, measured by a common methodology of monitoring and analysis.

(12) There is a need to analyse the economic and societal consequences of the information society with a view to facilitating policy discussions. This will allow Member States better to exploit the economic and industrial potential of technological development, in particular in the area of the information society.

(13) Network and information security has become a prerequisite for further progress towards a secure business environment. The complex nature of network and information security implies that, in developing policy measures in this field, local, national and, where appropriate, European authorities should take into account a range of political, economic, organisational and technical aspects, and be aware of the decentralised and global character of communication networks. The planned establishment of the future structure at European level for network and information security issues would enhance the Member States' and the Community's ability to respond to major network and information security problems. Preparatory work needs to commence as early as 2003.

(14) Since the activities mentioned above pursue the objectives of promoting synergies and cooperation between Member States, countries of the European Economic Area, applicant and candidate countries as well as the associated countries of central and eastern Europe, the Commission could in future encourage further involvement of these countries in the activities of the programme.

(15) This Decision lays down, for the entire duration of the programme, a financial framework constituting the prime reference, within the meaning of point 33 of the Interinstitutional Agreement of 6 May 1999 between the European Parliament, the Council and the Commission on budgetary discipline and improvement of the budgetary procedure, for the budgetary authority during the annual budgetary procedure.

(16) The measures necessary for the implementation of this Decision should be adopted in accordance with Council Decision 1999/468/EC of 28 June 1999 laying down the procedures for the exercise of implementing powers conferred on the Commission(7).

(17) The progress of this programme should be continuously monitored,

HAVE ADOPTED THIS DECISION:

Article 1

A multiannual programme (2003 to 2005) for the monitoring of the eEurope 2005 action plan, dissemination of good practices and improvement of network and information security (hereafter referred to as "the programme") is hereby adopted.

The programme shall have the following objectives:

(a) to monitor performance of and within Member States and to compare it with the best in the world by using, where possible, official statistics;

(b) to support efforts made by Members States in the framework of eEurope, at national, regional or local level, by analysis of eEurope good practices and by the complementary interaction of developing mechanisms of exchange of experiences;

(c) to analyse the economic and societal consequences of the information society with a view to facilitating policy discussions particularly in terms of industrial competitiveness and cohesion as well as in terms of social inclusion; to provide the eEurope steering group with the necessary information for it to be able to assess the appropriate strategic direction of the eEurope 2005 action plan;

(d) to prepare for the establishment of the future structure at European level for network and information security issues, as envisaged by the Council resolution of 28 January 2002 and in the eEurope 2005 action plan, with a view to improving network and information security.

The activities of the programme shall be actions of a cross-sectorial nature, complementing Community actions in other fields. None of these actions shall duplicate the work being carried out in these fields under other Community programmes. The actions taken under the programme on benchmarking, good practices and policy coordination shall work to achieve the objectives of the eEurope 2005 action plan, to promote network and information security and broadband, and to promote eGovernment, eBusiness, eHealth and eLearning.

The programme shall also provide a common framework for complementary interaction at European level of the various national, regional and local levels.

Article 2

In order to attain the objectives referred to in Article 1, the following categories of actions shall be undertaken:

(a) Action 1

Monitoring and comparison of performance:

- data collection and analysis on the basis of the benchmarking indicators as defined in the Council resolution of 18 February 2003 on the implementation of the eEurope 2005 action plan(8), including regional indicators where appropriate. A special focus should be given to data relating to the key targets of the eEurope 2005 action plan;

(b) Action 2

Dissemination of good practices:

- studies to identify good practices, at national, regional and local level, contributing to successful implementation of the eEurope 2005 action plan,

- support for targeted conferences, seminars or workshops in support of the objectives of the eEurope 2005 action plan in order to promote cooperation and exchange of experiences and good practices within the common framework of complementary interaction as defined in Article 1(b);

(c) Action 3

Analysis and strategic discussion:

- support the work of social and economic experts with a view to providing the Commission and, on request, the eEurope steering group with input as regards prospective policy analysis,

- support for the eEurope steering group to provide a strategic overview of implementation of the eEurope 2005 action plan, to offer a forum to exchange experiences and to permit early participation of candidate countries and, where appropriate, to invite other stakeholders to express their views;

(d) Action 4

Improvement of network and information security:

- preparation for the establishment of the future structure at European level for network and information security issues, as envisaged in the Council resolutions of 28 January 2002 and of 18 February 2003 on a European approach towards a culture of network and information security, and in the eEurope 2005 action plan, through, inter alia, financing surveys, studies, workshops on subjects such as security mechanisms and their interoperability, network reliability and protection, advanced cryptography, privacy and security in wireless communications.

Article 3

In carrying out the objectives set out in Article 1 and the actions set out in Article 2, the Commission shall use appropriate and relevant means, and in particular:

- the award of contracts for the execution of tasks relating to surveys, exploratory studies, detailed studies on specific fields, demonstration actions of limited size including workshops and conferences;

- the collection, publication and dissemination of information and the development of web-based services;

- the granting of support for meetings of experts, conferences, seminars.

Article 4

The programme shall cover a period from 1 January 2003 to 31 December 2005.

The financial framework for the implementation of this programme is hereby set at EUR 21 million.

An indicative breakdown is given in the Annex.

The annual appropriations shall be authorised by the budgetary authority within the limits of the financial perspective.

Article 5

The Commission shall be responsible for the implementation of the programme and its coordination with other Community programmes. The Commission shall draw up a work programme every year on the basis of this Decision.

The Commission shall act in accordance with the procedure referred to in Article 6(2):

(a) for the adoption of the work programme, including the overall budgetary breakdown;

(b) for the adoption of the measures for programme evaluation;

(c) for determination of the criteria for calls for proposals, in line with the objectives outlined in Article 1, and for the assessment of the projects submitted in response to such calls where Community funding of an estimated amount of Community contribution is equal to, or more than, EUR 250000.

Article 6

1. The Commission shall be assisted by a committee (hereinafter referred to as "the Committee").

2. Where reference is made to this paragraph, Articles 4 and 7 of Decision 1999/468/EC shall apply, having regard to the provisions of Article 8 thereof.

The period laid down in Article 4(3) of Decision 1999/468/EC shall be set at three months.

3. The Committee shall adopt its Rules of Procedure.

Article 7

1. In order to ensure that Community aid is used efficiently, the Commission shall ensure that actions in accordance with this Decision are subject to effective prior appraisal, monitoring and subsequent evaluation.

2. During implementation of actions and after their completion the Commission shall evaluate the manner in which they have been carried out and the impact of their implementation in order to assess whether the original objectives have been achieved.

3. The Commission shall regularly inform the Committee and the eEurope steering group of progress with the implementation of the programme as a whole.

4. At the end of the programme, the Commission shall submit to the European Parliament, to the Council and to the European Economic and Social Committee an evaluation report on the results obtained in implementing the actions referred in Article 2.

Article 8

1. The programme may be opened, within the framework of their respective agreements with the European Community, to countries of the European Economic Area, applicant and candidate countries as well as the associated countries of central and eastern Europe.

2. In the course of implementing this Decision, cooperation with non-member countries and with international organisations or bodies, as appropriate, shall be encouraged.

Article 9

This Decision shall enter into force on the day following that of its publication in the Official Journal of the European Union.

Article 10

This Decision is addressed to the Member States.

Done at Brussels, 17 November 2003.

For the European Parliament

The President

P. Cox

For the Council

The President

G. Alemanno

(1) OJ C 291 E, 26.11.2002, p. 243.

(2) OJ C 61, 14.3.2003, p. 184.

(3) OJ C 128, 29.5.2003, p. 19.

(4) Opinion of the European Parliament of 12 February 2003 (not yet published in the Official Journal), Council common position of 26 May 2003 (OJ C 159 E, 8.7.2003, p. 11) and position of the European Parliament of 25 September 2003 (not yet published in the Official Journal). Council Decision of 27 October 2003.

(5) OJ C 43, 16.2.2002, p. 2.

(6) OJ C 48, 28.2.2003, p. 1.

(7) OJ L 184, 17.7.1999, p. 23.

(8) OJ C 48, 28.2.2003, p. 2.

ANNEX

Multiannual programme for the monitoring of eEurope, dissemination of good practices and the improvement of network and information security (MODINIS)

Indicative breakdown of expenditure 2003 to 2005

>TABLE>