1.   This Decision sets out the handling conditions for EU classified information (EUCI) of CONFIDENTIEL UE/EU CONFIDENTIAL (6) and SECRET UE/EU SECRET (7) level in compliance with Decision (EU, Euratom) 2015/444.

2.   This Decision shall apply to all Commission departments and in all premises of the Commission.

1.   Access to information classified as CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET may be granted after:

2.   Commission trainees shall not be given duties that require them to have access to CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET information.

3.   Access shall be withheld or permitted for other categories of staff in accordance with the table set out in the Annex.

1.   Staff drafting a document on the basis of information within the meaning of Article 1 shall always consider whether their document needs to be classified. Classifying a document as EUCI shall involve an assessment and a decision by the originator as to whether the disclosure of the document to unauthorised persons would cause prejudice to the interests of the European Union or of one or more of the Member States. If drafters are in any doubt as to whether the document they are drafting warrants being classified as CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET they should consult the Head of Unit or Director responsible.

2.   A document shall be classified as at least CONFIDENTIEL UE/EU CONFIDENTIAL if its unauthorised disclosure could, inter alia:

3.   Information shall be classified as at least SECRET UE/EU SECRET if its unauthorised disclosure could, inter alia:

4.   Originators may decide to attribute a standard classification level to categories of information that they create on a regular basis. However, they shall ensure that individual pieces of information are given the appropriate classification level.

1.   Information shall be classified as soon as it is produced. Personal notes, preliminary drafts or messages containing information that warrants classification at the level of CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET shall be marked as such from the outset and shall be produced and handled in accordance with this Decision.

2.   If the final document no longer warrants the initial classification level it shall be downgraded or declassified.

1.   In accordance with Article 22(6) of Decision (EU, Euratom) 2015/444, the overall classification level of a document shall be at least as high as that of its most highly classified component. When information from various sources is collated, the final aggregated document shall be reviewed to determine its overall security classification level, since it may warrant a higher classification than its component parts.

2.   Documents containing classified and non-classified parts shall be structured and marked so that components with different classification and/or sensitivity levels can be easily identified and detached if necessary. This shall enable each part to be handled appropriately when detached from the other components.

1.   Information that warrants classification shall be marked and handled as such regardless of its physical form. The classification level shall be clearly communicated to recipients, either by a classification marking, if the information is delivered in written form, whether this is on paper, on removable storage media or in a Communication and Information System (CIS), or by an announcement, if the information is delivered in oral form, such as in a conversation or a presentation. Classified material shall be physically marked so as to allow for easy identification of its security classification.

2.   On documents, the full classification marking CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET shall be written in block capitals, in full in French and English (French first), in accordance with paragraph 3. The marking shall not be translated into other languages.

3.   The CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET classification marking shall be affixed as follows:

4.   When creating a CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET document:

5.   When possible, the SECRET UE/EU SECRET marking shall appear in red.

1.   CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET documents may bear other markings, or ‘security designators’, specifying, for example, the field to which the document relates, or indicating a particular distribution on a need-to-know basis. An example is:

2.   CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET documents may bear a security caveat that gives specific instructions on how to handle and manage the documents.

3.   Whenever possible, any indications for downgrading or declassifying shall be affixed on the first page of the document at the time it is created. For example, the following marking may be used:

1.   CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET documents shall be created using electronic means, where these are available.

2.   When creating CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET information, Commission staff shall use CIS accredited for the corresponding classification level or for a higher classification level. Staff shall consult their Local Security Officer (LSO) if there is any doubt as to which CIS may be used. In consultation with the Commission security authority specific procedures may be applied in emergencies or in specific technical configurations.

3.   CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET documents, including drafts, as required by Article 5, shall not be sent by email, printed or scanned on standard printers or scanners, or handled on the personal devices of members of staff. Only printers or copiers connected to standalone computers protected from electromagnetic emissions or to an accredited system shall be used to print out CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET documents.

1.   Information classified as CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET shall be registered for security purposes prior to distribution and on receipt. It shall be registered:

2.   This registration may be carried out in paper or in electronic logbooks.

3.   If the information is handled electronically within a CIS, these recording procedures may be performed by processes within the CIS itself. In this case, the CIS shall include measures to guarantee the integrity of the log records.

4.   The Registry Control Officer shall keep a register that contains at least the following information for each document:

1.   The originator shall have ‘originator control’ over CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET information which it has created. The originator's prior written consent shall be sought before the information can be:

2.   Holders of CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET information are duly authorised individuals that have been given access to the classified information in order to be able to perform their duties. They are responsible for the correct handling, storage and protection of it in accordance with Decision (EU, Euratom) 2015/444. Unlike originators of classified information, holders shall not be authorised to decide on the downgrading, declassification or onward release of CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET information.

3.   If the originator of a piece of CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET information cannot be identified, the Commission department holding that classified information shall exercise originator control. The Commission Security Expert Group shall be consulted before CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET information is released to a third country or international organisation.

1.   CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET information shall be handled and transmitted by electronic means, where these are available. Only CIS and equipment that has been accredited by the Commission security accreditation authority for handling information classified at the relevant level or a higher classification level shall be used.

2.   Where a Commission department has the appropriate equipment to handle and send information classified at these levels it shall assist other Commission entities in handling and sending information appropriately, as far as it is able to do so.

1.   The use of removable storage media shall be strictly controlled and accounted for. Only removable storage media provided by the Commission and encrypted by a product approved by the Commission security authority shall be used. Personal removable storage media and those given freely at conferences, seminars, etc. shall not be used for transferring classified information. Where possible, Tempest-proof removable storage media should be used, in accordance with the guidance from the Commission security authority.

2.   Where a classified document is handled or stored electronically on removable storage media, such as USB sticks, CDs or memory cards, the classification marking shall be clearly visible on the displayed information itself, as well as in the filename and on the removable storage medium.

3.   Staff shall bear in mind that when large amounts of classified information are stored on removable storage media the device may warrant a higher classification level.

4.   Only CIS that have been appropriately accredited shall be used to transfer CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET information onto or from removable storage media.

5.   When downloading such information on removable storage media, particular care shall be taken to ensure that the media does not contain viruses or malware prior to the transfer of the data.

6.   Where applicable, removable storage media shall be handled in accordance with any security operating procedures relating to the encryption system used.

7.   Documents on removable storage media that are either no longer required, or have been transferred onto an appropriate CIS, shall be securely removed or deleted using approved products or methods. Unless stored in an appropriate safe, removable storage media shall be destroyed when no longer needed. Any destruction or deletion shall use a method that is in accordance with the Commission security rules. An inventory shall be kept of the removable media, and their destruction shall be registered.

1.   In accordance with Article 19(3)(a) of Decision (EU, Euratom) 2015/444, CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET information shall be handled in a Secured Area (8).

2.   Pursuant to Article 19(3)(b) of Decision (EU, Euratom) 2015/444, this information may be handled in an Administrative Area (9), provided the EUCI is protected from access by unauthorised persons.

3.   This information may be handled outside a Secured Area or an Administrative Area provided the holder has undertaken to comply with compensatory measures as required under Article 19(3)(c) of Decision (EU, Euratom) 2015/444, which shall include at least the following:

4.   CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET information shall be stored in a Secured Area in a security container or a strong room.

5.   Further advice can be sought from the Local Security Officer (LSO) of the relevant Commission department.

6.   Any suspected or actual security incidents involving the document shall be reported to the LSO as soon as possible.

1.   CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET information may be copied or translated on instruction from the holder, provided the originator has not imposed any caveats. However, no more copies shall be made than are strictly necessary.

2.   Where only part of a classified document is reproduced, the same conditions shall apply as for copying the full document. Extracts shall also be classified at the same level, unless the originator has specifically classified them at a lower level, or marked them as unclassified.

3.   The security measures applicable to the original information shall also be applied to copies and translations thereof.

1.   Whenever possible, CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET information that needs to be taken outside Secured Areas or Administrative Areas shall be sent electronically by appropriately accredited means and/or protected by approved cryptographic products.

2.   Depending on the means available or the particular circumstances, CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET information may be physically carried by hand in the form of paper documents or on removable storage media. The use of removable storage media to transfer CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET information shall be given preference to sending paper documents.

3.   Only removable storage media encrypted by a product approved by the Commission security authority may be used. CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET information on removable storage media that is not protected by an encryption product that has been approved by the Commission security authority shall be handled in the same manner as paper copy.

4.   A consignment may contain more than one piece of EUCI, provided the need-to-know principle is respected.

5.   The packaging used shall ensure that the contents are covered from view. CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET information shall be carried in two layers of opaque packaging, such as envelopes, opaque folders or a briefcase. The outer packaging shall not bear any indication of the nature or classification level of its contents. The inner layer of packaging shall be marked as CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET. Both layers shall state the intended recipient's name, job title and address, as well as a return address in case delivery cannot be made.

6.   Staff or couriers hand-carrying CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET information shall be security authorised and shall be issued with a courier certificate.

7.   The envelope/package shall not be opened en route. The security authorisation for the courier does not authorise him/her to access the content of the classified information.

8.   Any security incidents involving CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET information that is carried by staff or couriers shall be reported for subsequent investigation to the Security Directorate of the Directorate-General for Human Resources and Security, via the LSO of the relevant Commission department.

1.   Removable storage media that are used to transport CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET information shall be accompanied by a dispatch note, detailing the removable storage media containing the classified information, as well as all files contained on them, to allow the recipient to make the necessary verifications and to confirm receipt.

2.   Only the documents to be provided shall be stored on the media. All the classified information on a single USB stick, for instance, would have to be intended for the same recipient. The sender shall bear in mind that large amounts of classified information stored on such devices may warrant a higher classification level for the device as a whole.

3.   Only removable storage media bearing the appropriate classification marking shall be used to carry CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET information.

4.   Any CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET information saved on removable storage media shall be registered for security purposes.

1.   Security authorised staff may carry CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET documents within a Commission building, but the documents shall not leave the possession of the bearer or be read in public.

2.   CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET documents shall not be sent through internal mail.

1.   CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET information may be carried by staff or Commission couriers anywhere within the Union provided they comply with the following instructions:

2.   Registry staff wishing to send CONFIDENTIEL UE/EU CONFIDENTIAL information to other locations in the Union may arrange for it to be conveyed by one of the following means:

3.   Staff wishing to send SECRET UE/EU SECRET information to other Member States in the EU may only arrange with their Registry for it to be conveyed by military, government or diplomatic courier, but not by postal services or commercial couriers.

4.   Commission staff or official Commission couriers bearing CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET information shall carry a courier certificate for each consignment, issued by the respective department's registry, which certifies that the bearer is authorised to carry the consignment.

1.   Information classified as CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET may be hand-carried by staff between the territory of the Union and the territory of a third country.

2.   Registry staff may arrange for carriage by military or diplomatic courier.

3.   When hand-carrying either paper documents or removable storage media classified as CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET, staff shall comply with all of the following additional measures:

1.   For the purposes of this Decision, ‘commercial couriers’ include national postal services and commercial courier companies that offer a service where information is delivered for a fee and is either personally hand carried or tracked.

2.   Commercial couriers may convey CONFIDENTIEL UE/EU CONFIDENTIAL information within a Member State or from one Member State to another Member State. Commercial couriers may convey SECRET UE/EU SECRET information only within a Member State, but not abroad.

3.   Commercial courier services shall be instructed that they may deliver CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET consignments only to the Registry Control Officer, to his duly authorised substitute or to the intended recipient.

4.   Commercial couriers may use the services of a sub-contractor. However, responsibility for complying with this Decision shall remain with the courier company.

5.   Services offered by commercial couriers providing electronic transmission of registered delivery documents shall not be used for CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET information.

1.   When classified consignments are being prepared the sender shall bear in mind that commercial courier services shall only deliver CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET consignments to the intended recipient, a duly authorised substitute, the registry control officer or his/her duly authorised substitute or a receptionist.

2.   When such information is sent by an approved commercial courier service the consignment shall be prepared and packaged as follows:

3.   The sender shall liaise with the named recipient before the consignment is sent to agree a suitable date and time for delivery.

4.   The sender is solely responsible for any consignment sent by a commercial courier service. In the event that the consignment is lost or not delivered on time, the sender shall report it to the Commission security authority, which will follow up the security incident.

1.   Any carriage conditions set out in a security of information agreement or in administrative arrangements shall be complied with. If in doubt, staff shall consult their respective registry or the Security Directorate in the Directorate-General for Human Resources and Security.

2.   The double packaging requirement can be waived for classified information that is protected by approved cryptographic products. However, for addressing purposes, and also as the removable storage medium bears an explicit security classification marking, the medium shall be carried in at least an ordinary envelope but may require additional physical protection measures, such as bubble wrap envelopes.

1.   Meetings where CONFIDENTIEL UE/EU CONFIDENTIEL or SECRET UE/EU SECRET information is due to be discussed shall only be held in a meeting room that has been accredited at the appropriate level or higher. Where these are not available, staff shall seek the advice of the Commission security authority.

2.   As a general rule, agendas should be not classified. If the agenda of a meeting mentions classified documents, the agenda itself shall not automatically be classified. Agenda items shall be worded in a way that avoids jeopardising the protection of the Union or one or more of the Member States' interests.

3.   Meeting organisers shall remind participants that any comments sent in on a CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET agenda item must not be sent through email, or through other means that have not been appropriately accredited in accordance with Article 11 of this Decision.

4.   Meeting organisers shall endeavour to group CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET items consecutively on the agenda in order to facilitate the smooth functioning of the meeting. Only persons with a need-to-know, who are security cleared to the appropriate level, and authorised where applicable, may be present during discussions of classified items.

5.   The invitation itself shall forewarn the participants that the meeting will discuss classified topics, and that corresponding security measures will apply.

6.   Participants shall be reminded that portable electronic devices are to be left outside the meeting room during discussion of CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET items.

7.   Meeting organisers shall prepare a complete list of participants prior to the meeting.

1.   Meeting organisers shall inform the Commission security authority of any external visitors who will attend a CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET meeting on Commission premises.

2.   Participants will be required to prove they hold a valid Personnel Security Clearance at the appropriate level in order to be able to attend the discussion of CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET agenda items.

1.   Only accredited IT systems in accordance with Article 11 of this Decision may be used where classified information is conveyed, such as to give a presentation that displays CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET information or for videoconferences.

2.   The Chair shall ensure that unauthorised portable electronic devices have been left outside the meeting room.

1.   At the start of the classified discussion, the Chair shall announce to the meeting that it is moving into classified mode. The doors shall be closed.

2.   Only the necessary number of documents shall be signed for and issued to participants and interpreters, as appropriate, at the start of the discussion.

3.   CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET documents shall not be left unattended during any breaks in the meeting.

4.   At the end of the meeting, the participants and interpreters shall be reminded not to leave any classified documents or classified notes they might have made lying unattended in the room. Any CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET documents not required by the participants at the end of the meeting, and in any case all interpreters' documents, shall be signed for and returned to the Registry Control Officer for destruction in appropriate shredders.

5.   The list of participants and an outline of any classified information shared with Member States and released orally to third countries or international organisations shall be noted down during the meeting in order to be recorded in the outcome of proceedings.

1.   CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET information shall only be shared with another Union institution, agency, body or office if the recipient has a need-to-know and the entity has a corresponding legal arrangement with the Commission.

2.   Within the Commission, the EUCI Registry managed by the Secretariat-General shall as a general rule be the main point of entry and exit for classified information exchanges with other Union institutions, agencies, bodies and offices. The Commission security authority shall be consulted where there are security, organisational or operational grounds for it to be more appropriate for local EUCI registries to operate as the point of entry and exit for matters within the competence of the department concerned.

1.   CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET information may be shared with Member States if the recipient has a need-to-know and has been security cleared.

2.   Member States' classified information that bears an equivalent national classification marking (10) and which has been provided to the Commission shall be afforded the same level of protection as CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET information.

1.   CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET information shall only be released to a third country or international organisation if the recipient has a need-to-know and the country or international organisation has an appropriate legal or administrative framework in place, such as a security of information agreement or an administrative arrangement with the Commission. The provisions of such an agreement or arrangement shall prevail over the provisions of this Decision.

2.   The EUCI registry managed by the Secretariat-General shall as a general rule act as the main point of entry and exit for all information classified CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET exchanged between the Commission and third countries and international organisations. The Commission security authority shall be consulted where there are security, organisational or operational grounds which make it more appropriate for local EUCI registries to operate as the point of entry and exit for matters within the competence of the department concerned.

3.   Any classified information received from a third country or an international organisation shall be registered for security purposes. Staff shall therefore contact the registry if they receive classified information from outside the usual registry circuit.

4.   To ensure traceability, CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET information shall be registered:

5.   Such registration may be carried out on paper or in electronic logbooks.

6.   Registration procedures for classified information handled within an accredited CIS may be performed by processes within the CIS itself. In that case, the CIS shall include measures to guarantee the integrity of the log records.

7.   Classified information received from third countries or international organisations shall be afforded an equivalent level of protection as EUCI bearing the equivalent classification marking as set out in the respective security of information agreement or administrative arrangement.

1.   Where the Commission or one of its departments determines that there is an exceptional need to release CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET information to a third country, international organisation or an EU entity but no security of information agreement or administrative arrangement is in place, the exceptional ad hoc release procedure shall be followed.

2.   Commission departments shall contact the Commission security authority, which shall consult the Commission Security Expert Group.

3.   After consulting the Commission Security Expert Group, the Commission may, on the basis of a proposal by the member of the Commission responsible for security matters, authorise release of the information concerned.

1.   Information shall remain classified only for as long as it requires protection. Downgrading means a reduction in the level of security classification. Declassification means that the information shall no longer be considered as classified at all. At the time of its creation, the originator shall indicate, where possible, whether the EUCI can be downgraded or declassified on a given date or following a specific event. Otherwise, the originator shall review the information and assess the risks at least every 5 years in order to determine whether the original classification level is still appropriate.

2.   Commission documents may also be downgraded or declassified on an ad hoc basis, for example following a request for access from the public.

1.   CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET information shall not be downgraded or declassified without the permission of the originator.

2.   The Commission department that creates a classified document shall be responsible for deciding whether it can be downgraded or declassified. Within the Commission, all requests for downgrading and declassifying shall be subject to consultation of the Head of Unit or Director of the originating department. If the department has compiled classified information from various sources it shall first seek the consent of any other parties that provided source material, including in Member States, other EU bodies, third countries or international organisations.

3.   Where the originating Commission department no longer exists and its responsibilities have been taken on by another service, the decision on downgrading and declassifying shall be taken by this service. Where the originating department no longer exists and its responsibilities have not been taken on by another service, the decision to downgrade or declassify shall be taken jointly by the Heads of Unit or Directors of the recipient Directorates-General.

4.   The department responsible for downgrading or declassifying shall work with its respective registry on the practical arrangements for carrying out downgrading or declassification.

1.   The original classification marking at the top and bottom of every page shall be visibly crossed out (not removed) using the ‘strikethrough’ functionality for electronic formats, or manually for print-outs.

2.   The first (cover) page shall be stamped as downgraded or declassified and completed with the details of the authority responsible for downgrading or declassifying and the corresponding date.

3.   The original recipients of the CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET information shall be informed of the downgrading or declassification. The initial recipients shall be responsible for informing any subsequent addressees to whom they have sent or copied the original CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET information.

4.   The Commission's Historical Archives Service shall be informed of all declassification decisions taken.

5.   All translations of classified information shall be subject to the same downgrading or declassification procedures as the original language version.

1.   Partial downgrading or declassification shall also be possible (e.g. annexes, some paragraphs only). The procedure shall be identical to that for downgrading or declassifying an entire document.

2.   Upon partial declassification (‘sanitising’) of CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET information, a declassified extract shall be produced.

3.   The parts that remain classified shall be replaced by:

either in the body of the text itself, if the part that remains classified is a part of a paragraph, or as a paragraph, if the part that remains classified is a specific paragraph or more than one paragraph.

4.   Specific mention shall be made in the text if a complete annex cannot be declassified and has therefore been withheld from the extract.

1.   The Commission shall not amass large quantities of classified information.

2.   Originating departments shall review documents at least every 5 years for destruction or deletion. A review shall take place both for information stored on paper and for information stored in CIS at regular intervals.

3.   Staff shall not destroy any hard copy CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET documents that they no longer require, but shall instead ask their Registry Control Officer to destroy the documents, subject to any archiving requirements for the original document.

4.   Staff shall not be required to inform the originator if they delete copies of CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET documents.

5.   Draft material containing classified information shall be subject to the same disposal methods as finalised classified documents.

6.   Only approved shredders shall be used for destroying CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET documents. Level 5 of DIN 66399 shredders are suitable for destroying CONFIDENTIEL UE/EU CONFIDENTIAL documents. Level 6 of DIN 66399 shredders are suitable for destroying SECRET UE/EU SECRET documents.

7.   The shred from approved shredders may be disposed of as normal office waste.

8.   The Registry Control Officer shall create destruction certificates and update the logbooks and other registration information accordingly.

9.   All media and devices containing CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET information shall be properly sanitised when they reach the end of their lifetime. The electronic data shall be destroyed or erased from information technology resources and associated storage media in a manner that gives reasonable assurance that the information cannot be recovered. Sanitisation shall remove data from the storage device, and also remove all labels, markings and activity logs.

10.   Computer storage media shall be given to the LSO or Local Informatics Security Officer and/or Registry Control Officer for destruction and disposal.

1.   The Head of Department shall develop, approve and if necessary activate emergency evacuation and destruction plans to safeguard EUCI that is at significant risk of falling into unauthorised hands during a crisis. In order of priority, and depending on the nature of the emergency, consideration shall be given to:

2.   When emergency plans have been activated, priority shall be given to moving or destroying SECRET UE/EU SECRET information first, and any CONFIDENTIEL UE/EU CONFIDENTIAL thereafter.

3.   The operational details of emergency evacuation and destruction plans shall themselves be classified as RESTREINT UE/EU RESTRICTED. A copy shall be kept in each safe that stores CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET information so as to be accessible in the event of an emergency.

1.   Decisions on whether and when to archive, and the corresponding practical measures to be taken, shall be in accordance with the Commission's policy on document management.

2.   CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET documents shall not be sent to the Historical Archives of the European Union in Florence.