20.5.2014   

EN

Official Journal of the European Union

L 150/72


REGULATION (EU) No 512/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

of 16 April 2014

amending Regulation (EU) No 912/2010 setting up the European GNSS Agency

THE EUROPEAN PARLIAMENT AND THE COUNCIL,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 172 thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Economic and Social Committee (1),

After consulting the Committee of the Regions,

Acting in accordance with the ordinary legislative procedure (2),

Whereas:

(1)

It follows from the combined provisions of Article 14 of Regulation (EU) No 1285/2013 of the European Parliament and of the Council (3) and Article 2 of Regulation (EU) No 912/2010 of the European Parliament and of the Council (4) that the European GNSS Agency (the ‘Agency’) is to ensure the security accreditation of the European satellite navigation systems (the ‘systems’) and, to that end, initiate and monitor the implementation of security procedures and the performance of security audits.

(2)

The systems are defined in Article 2 of Regulation (EU) No 1285/2013. They are complex systems and their establishment and operation involve numerous stakeholders with different roles. In this context, it is crucial that EU classified information be handled and protected by all the stakeholders involved in the implementation of the Galileo and EGNOS programmes (the ‘programmes’) in accordance with the basic principles and minimum standards set out in the Commission’s and the Council’s security rules on the protection of EU classified information and that Article 17 of Regulation (EU) No 1285/2013, which guarantees an equivalent level of protection for EU classified information, apply, where appropriate, to all stakeholders involved in implementing the programmes.

(3)

The stakeholders participating in and affected by the security accreditation process are Member States, the Commission, relevant Union Agencies and the European Space Agency (ESA) and the parties involved in Council Joint Action 2004/552/CFSP (5).

(4)

Considering the specificity and complexity of the systems, the different bodies involved in their implementation and the variety of potential users, security accreditation should be facilitated by appropriate consultation of all relevant parties, such as national authorities of Member States and of third countries operating networks connected to the system established under the Galileo programme for the provision of the Public Regulated Service (PRS), other relevant authorities of Member States, ESA or, if provided for in an international agreement, third countries hosting the ground stations of the systems.

(5)

In order to enable the appropriate performance of tasks relating to security accreditation, it is crucial that the Commission provide all the information necessary to perform these tasks. It is also important for security accreditation activities to be coordinated with the work of the bodies responsible for managing the programmes in accordance with Regulation (EU) No 1285/2013 and other entities responsible for implementing security provisions.

(6)

The risk assessment and management approach to be applied should follow best practices. It should include applying security measures in accordance with the concept of defence-in-depth. It should take into consideration the likelihood of the occurrence of a risk or feared event. It should also be proportionate, appropriate and cost-effective, taking into account the cost of implementing measures to mitigate risk compared to the subsequent security benefit. Defence-in-depth aims to enhance the security of the systems by implementing technical and non-technical security measures organised as multiple layers of defence.

(7)

The development, including the relevant associated research activities, and the manufacture of PRS receivers and PRS security modules, constitute particularly sensitive activities. It is therefore essential that procedures be established to authorise the manufacturers of PRS receivers and PRS security modules.

(8)

Moreover, given the potentially high number of networks and equipment connected to the system established under the Galileo programme, in particular for the use of PRS, principles for the security accreditation of those networks and equipment should be defined in the security accreditation strategy, in order to ensure the homogeneity of the accreditation without encroaching on the competence of national entities of the Member States competent in security matters. The application of those principles would allow for consistent risk management and reduce the need to escalate all mitigation actions at system level, which would have a negative impact on cost, schedule, performance and service provision.

(9)

Products and measures which protect against electromagnetic emanations (i.e. against electronic eavesdropping) and cryptographic products used to provide security for the systems should be evaluated and approved by the national entities competent in security matters of the country where the company manufacturing such products is established. In relation to cryptographic products, that evaluation and approval should be complemented in accordance with the principles set out in points 26 to 30 of Annex IV to Council Decision 2013/488/EU (6). The authority responsible for the security accreditation of the systems should endorse the selection of those approved products and measures taking into account the overall security requirements of the systems.

(10)

Regulation (EU) No 912/2010, and in particular Chapter III thereof, expressly lays down the terms under which the Agency must perform its task concerning security accreditation of the systems. In particular, it stipulates, as a principle, that security accreditation decisions must be taken independently of the Commission and the bodies responsible for implementing the programmes and that the systems’ security accreditation authority should be an independent body within the Agency, that makes decisions independently.

(11)

In accordance with that principle, Regulation (EU) No 912/2010 establishes the Security Accreditation Board for European GNSS systems (the ‘Security Accreditation Board’) which, alongside the Administrative Board and the Executive Director, is one of the three bodies of the Agency. The Security Accreditation Board performs the tasks entrusted to the Agency concerning security accreditation and is authorised to make security accreditation decisions on behalf of the Agency. It should adopt its rules of procedure and appoint its chairperson.

(12)

Given that the Commission, in accordance with Regulation (EU) No 1285/2013, is to ensure the security of the programmes, including the security of the systems and their operation, the activities of the Security Accreditation Board should be limited to the security accreditation activities of the systems and should be without prejudice to the tasks and responsibilities of the Commission. This should apply in particular in relation to the tasks and responsibilities of the Commission under Article 13 of Regulation (EU) No 1285/2013 and Article 8 of Decision No 1104/2011/EU of the European Parliament and of the Council (7), including the adoption of any document relating to security by means of a delegated act, an implementing act or otherwise in accordance with those Articles. Without prejudice to those tasks and responsibilities of the Commission, in the light of its particular expertise, the Security Accreditation Board should however, within its field of competence, be entitled to advise the Commission on the drawing-up of the draft texts for the acts referred to in those Articles.

(13)

It should also be ensured that activities relating to security accreditation are carried out without prejudice to the national competences and prerogatives of Member States as regards security accreditation.

(14)

In relation to security, the terms ‘audits’ and ‘tests’ may include security assessments, inspections, reviews, audits and tests.

(15)

In order for it to carry out its activities efficiently and effectively, the Security Accreditation Board should be able to set up appropriate subordinate bodies acting on its instructions. It should in particular set up a panel that will assist in preparing its decisions.

(16)

A group of experts of the Member States should be set up under the supervision of the Security Accreditation Board to perform the tasks of the Crypto Distribution Authority (CDA) relating to the management of EU cryptographic material. That group should be established on a temporary basis to ensure the continuity of the management of communications security items during the deployment phase of the Galileo programme. A sustainable solution for performing such operational tasks should be applied in the longer term when the system established under the Galileo programme is fully operational.

(17)

Regulation (EU) No 1285/2013 defines the public governance arrangements for the programmes during the years 2014-2020. It confers overall responsibility for the programmes on the Commission. In addition, it extends the tasks entrusted to the Agency and provides, in particular, for the Agency to play a major role in the exploitation of the systems and in maximising their socioeconomic benefits.

(18)

In this new context, it is essential to ensure that the Security Accreditation Board be able to perform the tasks entrusted to it with complete independence, in particular vis-à-vis the other bodies and activities of the Agency and to avoid any conflicts of interest. It is therefore essential to further separate, within the Agency itself, the activities associated with security accreditation from its other activities, such as management of the Galileo Security Monitoring Centre, contribution to the commercialisation of the systems and any activities that the Commission might entrust to the Agency by way of delegation, in particular those associated with exploitation of the systems. To that end, the Security Accreditation Board and the Agency staff under its control should carry out their work in a manner ensuring their autonomy and independence with regard to the Agency’s other activities. A tangible and effective structural division should be set up within the Agency between its various activities by 1 January 2014. The Agency’s internal rules on staff should also ensure the autonomy and independence of the staff performing the security accreditation activities vis-à-vis staff carrying out other Agency activities.

(19)

Regulation (EU) No 912/2010 should therefore be amended in order to increase the independence and powers of the Security Accreditation Board and its chairperson and broadly to align that independence and those powers to the independence and powers of the Administrative Board and of the Executive Director of the Agency respectively, while providing for a cooperation requirement between the various bodies of the Agency.

(20)

When appointing members of the Boards and electing their Chairpersons and Deputy Chairpersons, the importance of balanced gender representation should be taken into account, where appropriate. Furthermore, relevant managerial, administrative and budgetary skills should also be taken into account.

(21)

The Security Accreditation Board, rather than the Administrative Board, should prepare and approve that part of the Agency’s work programmes describing the operational activities associated with the security accreditation of the systems, as well as that part of the annual report concerning the activities and prospects of the Agency with regard to the systems’ security accreditation activities. It should submit them in good time to the Administrative Board so that they can be incorporated in the Agency’s work programme and annual report. It should also exercise disciplinary authority over its Chairperson.

(22)

It is desirable to assign a role in relation to security accreditation activities to the Chairperson of the Security Accreditation Board comparable to that of the Executive Director in other Agency activities. Therefore, in addition to the function of representing the Agency, already provided for under Regulation (EU) No 912/2010, the Chairperson of the Security Accreditation Board should manage the security accreditation activities under the direction of the Security Accreditation Board and ensure the implementation of that part of the Agency’s work programmes associated with accreditation. At the request of the European Parliament or the Council, the Chairperson of the Security Accreditation Board should also submit a report on the performance of the tasks of the Security Accreditation Board and make a declaration before them.

(23)

Appropriate procedures should be established for the eventuality that the Administrative Board does not approve the Agency’s work programmes, in order to ensure that the security accreditation process is not affected and can be carried out without discontinuity.

(24)

Given the involvement of a number of third countries and the potential involvement of international organisations in the programmes, including in security matters, express provision should be made for representatives of international organisations and of third countries, in particular Switzerland — with which a cooperation agreement should be concluded (8) - to be able to participate, on an exceptional basis and under certain conditions, in the work of the Security Accreditation Board. Such conditions should be specified in an international agreement in accordance with Article 218 of the Treaty on the Functioning of the European Union (TFEU) to be concluded with the Union, taking into account security matters and, in particular, the protection of EU classified information. The Cooperation Agreement on Satellite Navigation between the European Union and its Member States and the Kingdom of Norway (9), as well as Protocols 31 and 37 to the EEA Agreement, already provide a framework for the participation of Norway. Considering its particular expertise, it should be possible to consult the Security Accreditation Board, within its field of competence, before or during the negotiation of such international agreements.

(25)

Regulation (EU) No 912/2010 should be aligned with the principles contained in the common approach of the European Parliament, the Council and of the Commission to the decentralised agencies, adopted by the three institutions on 5 July, 26 June and 12 June 2012 respectively, particularly with regard to the rules for adopting decisions of the Administrative Board, the terms of office of the members of the Administrative Board and of the Security Accreditation Board and those of their chairpersons, the existence of a multiannual work programme, the powers of the Administrative Board concerning staff management, assessment and revision of that Regulation, prevention and management of conflicts of interest and handling of non-classified but sensitive information. The process for the adoption of the multiannual work programme should be carried out in full compliance with the principles of sincere cooperation and taking into account the time constraints relating to such work programme.

(26)

With reference to the prevention and management of conflicts of interest, it is essential that the Agency establish and maintain a reputation for impartiality, integrity and high professional standards. There should never be any legitimate reason to suspect that decisions might be influenced by interests conflicting with the role of the Agency as a body serving the Union as a whole or by the private interests or affiliations of any member of the Agency staff, any seconded national expert or observer, or of any member of the Administrative Board or the Security Accreditation Board, which would create, or have the potential to create, a conflict with the proper performance of the official duties of the person concerned. The Administrative Board and the Security Accreditation Board should therefore adopt comprehensive rules on conflicts of interest that cover the entire Agency. Those rules should take account of the recommendations issued by the Court of Auditors in its Special Report No 15 of 2012 which was prepared at the request of the European Parliament, and of the need to avoid conflicts of interest between the Members of the Administrative Board and of the Security Accreditation Board.

(27)

In order to ensure the transparent operation of the Agency, its rules of procedure should be published. However, by way of exception, certain public and private interests should be protected. In order to ensure the smooth running of the programmes, the multiannual and the annual work programmes and the annual report should be as detailed as possible. As a consequence, they might contain material that is sensitive from the point of view of security or contractual relations. It would therefore be appropriate to publish only an executive summary of those documents. In the interests of transparency, those summaries should nevertheless be as complete as possible.

(28)

It should also be emphasised that the Agency’s work programmes should be established on the basis of a performance management process, including performance indicators, for effective and efficient assessment of the results achieved.

(29)

The work programmes of the Agency should also contain resource programming, including the human and financial resources assigned to each activity and taking into account the fact that the expenditure associated with the new staff requirements of the Agency should be partially offset by an appropriate reduction in the Commission’s establishment plan during the same period, that is from 2014 to 2020.

(30)

Without prejudice to the political decision regarding Union agencies’ seats, to the desirability of geographical spread and to the objectives set by Member States as regards new agencies’ seats, as contained in the conclusions of the Representatives of the Member States, meeting at Head of State or Government level in Brussels on 13 December 2003, and recalled in the European Council conclusions of June 2008, objective criteria should be taken into account in the decision-making process for choosing a location for the Agency’s local offices. Those criteria include the accessibility of the premises, the existence of suitable educational infrastructure for the children of members of staff and seconded national experts, access to the employment market, the social security system and healthcare for the families of members of staff and seconded national experts, as well as implementation and operating costs.

(31)

The hosting States should provide, through specific arrangements, the necessary conditions for the smooth operation of the Agency, such as appropriate education and transport facilities.

(32)

By Decision 2010/803/EU (10), the Representatives of the Governments of the Member States decided that the Agency would have its seat in Prague. The Host Agreement between the Czech Republic and the Agency was concluded on 16 December 2011 and entered into force on 9 August 2012. It is considered that the Host Agreement and other specific arrangements fulfil the requirements of Regulation (EU) No 912/2010.

(33)

The financial interests of the Union are to be protected using proportionate measures throughout the expenditure cycle, in particular, by means of prevention and detection of irregularities, carrying out surveys, recovering lost, unduly paid or poorly administered funds and, if necessary, applying penalties.

(34)

Given that Article 8 of Regulation (EU) No 1285/2013 allows the Member States to contribute extra funds in order to finance certain programme features, the Agency should be permitted to award contracts jointly with the Member States when appropriate for the performance of its tasks.

(35)

The Agency should apply the Commission’s rules as regards the security of EU classified information. It should also be able to establish rules for the handling of non-classified but sensitive information. Those rules should apply only to the handling of such information by the Agency. Non-classified but sensitive information is information or material that the Agency should protect because of legal obligations laid down in the Treaties and/or because of its sensitivity. It includes, but is not limited to, information or material covered by the obligation of professional secrecy, as referred to in Article 339 TFEU, information relating to issues referred to in Article 4 of Regulation (EC) No 1049/2001 of the European Parliament and of the Council (11) or information within the scope of Regulation (EC) No 45/2001 of the European Parliament and of the Council (12).

(36)

Regulation (EU) No 912/2010 should therefore be amended accordingly,

HAVE ADOPTED THIS REGULATION:

Article 1

Regulation (EU) No 912/2010 is amended as follows:

(1)

Articles 2 to 8 are replaced by the following:

‘Article 2

Tasks

The tasks of the Agency shall be as set out in Article 14 of Regulation (EU) No 1285/2013 of the European Parliament and of the Council (13).

Article 3

Bodies

1.   The bodies of the Agency shall be:

(a)

the Administrative Board;

(b)

the Executive Director;

(c)

the Security Accreditation Board for European GNSS systems (the “Security Accreditation Board”).

2.   The bodies of the Agency shall perform their tasks as specified in Articles 6, 8 and 11 respectively.

3.   The Administrative Board and the Executive Director, Security Accreditation Board and its Chairperson, shall cooperate to ensure the operation of the Agency and the coordination of its bodies in accordance with the procedures determined by the Agency’s internal rules, such as the rules of procedure of the Administrative Board, the rules of procedure of the Security Accreditation Board, the financial rules applicable to the Agency, the implementing rules for the status of staff and the rules governing access to documents.

Article 4

Legal status, local offices

1.   The Agency shall be a body of the Union. It shall have legal personality.

2.   In each of the Member States, the Agency shall enjoy the most extensive legal capacity accorded to legal persons under the law. It may, in particular, acquire or dispose of movable and immovable property and be a party to legal proceedings.

3.   The Agency may decide to establish local offices in the Member States, subject to their consent, or in third countries participating in the work of the Agency, in accordance with Article 23.

4.   The choice of the location of those offices shall be made on the basis of objective criteria defined to ensure the Agency’s smooth operation.

The provisions relating to the installation and operation of the Agency in the host Member States and host third countries and those relating to advantages accorded by them to the Executive Director, to members of the Administrative Board and the Security Accreditation Board and to Agency staff and members of their families are subject to specific arrangements made by the Agency with those Member States and countries. The specific arrangements shall be approved by the Administrative Board.

5.   The host Member States and host third countries shall provide, through the specific arrangements referred to in paragraph 4, the necessary conditions for the smooth operation of the Agency.

6.   Subject to point (f) of Article 11a(1), the Agency shall be represented by its Executive Director.

Article 5

Administrative Board

1.   An Administrative Board is hereby set up to perform the tasks listed in Article 6.

2.   The Administrative Board shall be composed of:

(a)

one representative appointed by each Member State;

(b)

four representatives appointed by the Commission;

(c)

one non-voting representative appointed by the European Parliament.

Members of the Administrative Board and of the Security Accreditation Board shall be appointed on the basis of their degree of relevant experience and expertise.

The term of office of the members of the Administrative Board shall be four years renewable once. The European Parliament, the Commission and the Member States shall endeavour to limit the turnover of their representatives on the Administrative Board.

The Chairperson or the Deputy Chairperson of the Security Accreditation Board, a representative of the High Representative of the Union for Foreign Affairs and Security Policy (the “HR”) and a representative of the European Space Agency (“ESA”) shall be invited to attend the meetings of the Administrative Board as observers, under the conditions laid down in the rules of procedure of the Administrative Board.

3.   Where appropriate, the participation of representatives of third countries or international organisations and the conditions therefor shall be established in the agreements referred to in Article 23(1) and shall comply with the rules of procedure of the Administrative Board.

4.   The Administrative Board shall elect a Chairperson and a Deputy Chairperson from among its members. The Deputy Chairperson shall automatically take the place of the Chairperson when the Chairperson is prevented from attending to his/her duties. The term of office of the Chairperson and of the Deputy Chairperson shall be two years, renewable once, and each term of office shall expire when that person ceases to be a member of the Administrative Board.

The Administrative Board shall have the power to dismiss the Chairperson, the Deputy Chairperson or both of them.

5.   The meetings of the Administrative Board shall be convened by its Chairperson.

The Executive Director shall normally take part in the deliberations, unless the Chairperson decides otherwise.

The Administrative Board shall hold an ordinary meeting twice a year. In addition, it shall meet on the initiative of its Chairperson or at the request of at least one third of its members.

The Administrative Board may invite any person whose opinion may be of interest to attend its meetings as an observer. The members of the Administrative Board may, subject to its rules of procedure, be assisted by advisers or experts.

The secretariat of the Administrative Board shall be provided by the Agency.

6.   Unless this Regulation provides otherwise, the Administrative Board shall take its decisions by an absolute majority of its voting members.

A majority of two-thirds of all voting members shall be required for the election and dismissal of the Chairperson and Deputy Chairperson of the Administrative Board as referred to in paragraph 4, and for the adoption of the budget and work programmes.

7.   Each representative of the Member States and of the Commission shall have one vote. The Executive Director shall not vote. Decisions based on points (a) and (b) of Article 6(2) and Article 6(5), except for matters covered by Chapter III, shall not be adopted without a favourable vote of the representatives of the Commission.

The rules of procedure of the Administrative Board shall establish more detailed voting arrangements, in particular the conditions for a member to act on behalf of another member.

Article 6

Tasks of the Administrative Board

1.   The Administrative Board shall ensure that the Agency performs the work entrusted to it, under the conditions set out in this Regulation, and shall take any necessary decision to that end, without prejudice to the competences entrusted to the Security Accreditation Board for the activities under Chapter III.

2.   The Administrative Board shall also:

(a)

adopt, by 30 June of the first year of the multiannual financial framework provided for under Article 312 of the Treaty on the Functioning of the European Union, the multiannual work programme of the Agency for the period covered by that multiannual financial framework after incorporating, without any change, the section drafted by the Security Accreditation Board in accordance with point (a) of Article 11(4) and after having received the Commission’s opinion. The European Parliament shall be consulted on this multiannual work programme, provided that the purpose of the consultation is an exchange of views and the outcome is not binding on the Agency;

(b)

adopt, by 15 November each year, the Agency’s work programme for the following year having incorporated, without any change, the section drafted by the Security Accreditation Board, in accordance with point (b) of Article 11(4) and after having received the Commission’s opinion;

(c)

perform the budgetary functions laid down in Article 13(5), (6), (10) and (11) and Article 14(5);

(d)

oversee the operation of the Galileo Security Monitoring Centre as referred to in point (a)(ii) of Article 14(1) of Regulation (EU) No 1285/2013;

(e)

adopt arrangements to implement Regulation (EC) No 1049/2001 of the European Parliament and of the Council (14), in accordance with Article 21 of this Regulation;

(f)

approve the arrangements referred to in Article 23(2), after consulting the Security Accreditation Board on those provisions of those arrangements concerning security accreditation;

(g)

adopt technical procedures necessary to perform its tasks;

(h)

adopt the annual report on the activities and prospects of the Agency, having incorporated without any change the section drafted by the Security Accreditation Board in accordance with point (c) of Article 11(4) and forward it, by 1 July, to the European Parliament, the Council, the Commission and the Court of Auditors;

(i)

ensure adequate follow-up to the findings and recommendations stemming from the evaluations and audits referred to in Article 26, as well as those arising from the investigations conducted by the European Anti-Fraud Office (OLAF) and all internal or external audit reports, and forward to the budgetary authority all information relevant to the outcome of the evaluation procedures;

(j)

be consulted by the Executive Director on the delegation agreements referred to in Article 14(2) of Regulation (EU) No 1285/2013 before they are signed;

(k)

approve, on the basis of a proposal from the Executive Director, the working arrangements between the Agency and ESA referred to in Article 14(4) of Regulation (EU) No 1285/2013;

(l)

approve, on the basis of a proposal from the Executive Director, an anti-fraud strategy;

(m)

approve, where necessary and on the basis of proposals from the Executive Director, the Agency’s organisational structures.

(n)

adopt and publish its rules of procedure.

3.   With regard to the Agency’s staff, the Administrative Board shall exercise the powers conferred by the Staff Regulations of Officials of the European Union (15) (“Staff Regulations”) on the appointing authority and by the Conditions of Employment of Other Servants on the authority empowered to conclude employment contracts (“the powers of the appointing authority”).

The Administrative Board shall adopt, in accordance with the procedure provided for in Article 110 of the Staff Regulations, a decision based on Article 2(1) of the Staff Regulations and on Article 6 of the Conditions of Employment of Other Servants delegating the relevant powers of the appointing authority to the Executive Director and defining the conditions under which this delegation of powers can be suspended. The Executive Director shall report back to the Administrative Board on the exercise of those delegated powers. The Executive Director shall be authorised to sub-delegate those powers.

In application of the second subparagraph of this paragraph, where exceptional circumstances so require, the Administrative Board may, by way of a decision, temporarily suspend the delegation of the powers of the appointing authority to the Executive Director and those sub-delegated by the latter and exercise them itself or delegate them to one of its members or to a staff member other than the Executive Director.

However, by way of derogation from the second subparagraph, the Administrative Board shall be required to delegate to the Chairperson of the Security Accreditation Board the powers referred to in the first subparagraph with regard to the recruitment, assessment and reclassification of staff involved in the activities covered by Chapter III and the disciplinary measures to be taken with regard to such staff.

The Administrative Board shall adopt the implementing measures of the Staff Regulations and the Conditions of Employment of Other Servants in accordance with the procedure laid down in Article 110 of the Staff Regulations. It shall first consult the Security Accreditation Board and duly take into account its observations with regard to recruitment, assessment, reclassification of the staff involved in the activities under Chapter III and the relevant disciplinary measures to be taken.

It shall also adopt a decision laying down rules on the secondment of national experts to the Agency. Before adopting that decision, the Administrative Board shall consult the Security Accreditation Board with regard to the secondment of national experts involved in the security accreditation activities referred to in Chapter III and shall duly take account of its observations.

4.   The Administrative Board shall appoint the Executive Director and may extend or end his/her term of office pursuant to Article 15b(3) and (4).

5.   The Administrative Board shall exercise disciplinary authority over the Executive Director in relation to his/her performance, in particular as regards security matters falling within the competence of the Agency, except in respect of activities undertaken in accordance with Chapter III.

Article 7

Executive Director

The Agency shall be managed by its Executive Director, who shall perform his/her duties under the supervision of the Administrative Board, without prejudice to the powers granted to the Security Accreditation Board and the Chairperson of the Security Accreditation Board in accordance with Articles 11 and 11a respectively.

Without prejudice to the powers of the Commission and the Administrative Board, the Executive Director shall be independent in the performance of his/her duties and shall neither seek nor take instructions from any government or from any other body.

Article 8

Tasks of the Executive Director

The Executive Director shall perform the following tasks:

(a)

representing the Agency, except in respect of activities and decisions undertaken in accordance with Chapters II and III and signing the delegation agreements referred to in Article 14(2)(of Regulation (EU) No 1285/2013, in accordance with point (j) of Article 6(2) of this Regulation;

(b)

preparing the working arrangements between the Agency and ESA referred to in Article 14(4) of Regulation (EU) No 1285/2013 submitting them to the Administrative Board in accordance with point (k) of Article 6(2) of this Regulation and signing them after receiving the approval of the Administrative Board;

(c)

preparing the work of the Administrative Board and participating, without having the right to vote, in the work of the Administrative Board, subject to the second subparagraph of Article 5(5);

(d)

implementing the decisions of the Administrative Board;

(e)

preparing the multiannual and the annual work programmes of the Agency and submitting them to the Administrative Board for approval, with the exception of the parts prepared and adopted by the Security Accreditation Board in accordance with points (a) and (b) of Article 11(4);

(f)

implementing the multiannual and the annual work programmes, with the exception of the parts implemented by the Chairperson of the Security Accreditation Board in accordance with point (b) of Article 11a(1);

(g)

preparing a progress report on the implementation of the annual work programme and, where relevant, of the multiannual work programme for each meeting of the Administrative Board, incorporating, without any change, the section prepared by the Chairperson of the Security Accreditation Board, in accordance with point (d) of Article 11a(1);

(h)

preparing the annual report on the activities and prospects of the Agency with the exception of the section prepared and approved by the Security Accreditation Board in accordance with point (c) of Article 11(4) concerning the activities covered by Chapter III, and submitting it to the Administrative Board for approval;

(i)

taking all necessary measures, including the adoption of internal administrative instructions and the publication of notices, to ensure the functioning of the Agency in accordance with this Regulation;

(j)

drawing up a draft statement of the Agency’s estimated revenue and expenditure in accordance with Article 13, and implementing the budget in accordance with Article 14;

(k)

ensuring that the Agency, as the operator of the Galileo Security Monitoring Centre, is able to respond to instructions provided under Council Joint Action 2004/552/CFSP (16) and to fulfil its role referred to in Article 6 of Decision No 1104/2011/EU of the European Parliament and of the Council (17);

(l)

ensuring the circulation of all relevant information, in particular as regards security, between the bodies of the Agency referred to in Article 3(1) of this Regulation;

(m)

communicating to the Commission the view of the Agency on the technical and operational specifications necessary to implement systems evolutions referred to in point (d) of Article 12(3) of Regulation (EU) No 1285/2013, including for the definition of acceptance and review procedures, and research activities in support of those evolutions;

(n)

preparing, in close cooperation with the Chairperson of the Security Accreditation Board for matters relating to security accreditation activities covered by Chapter III of this Regulation, the organisational structures of the Agency and submitting them for approval to the Administrative Board;

(o)

exercising, with regard to the Agency’s staff, the powers referred to in the first subparagraph of Article 6(3), to the extent that those powers shall be delegated to him/her in accordance with the second subparagraph thereof;

(p)

adopting, after approval by the Administrative Board, the measures necessary to establish local offices in Member States or in third countries in accordance with Article 4(3);

(q)

ensuring that the secretariat and all the resources necessary for its proper functioning are provided to the Security Accreditation Board, the bodies referred to in Article 11(11) and to the Chairperson of the Security Accreditation Board;

(r)

preparing an action plan for ensuring the follow up of the findings and recommendations of the evaluations and audits referred to in Article 26, with the exception of the section of the action plan concerning the activities covered by Chapter III, and submitting, after having incorporated, without any change, the section drafted by the Security Accreditation Board, a twice-yearly progress report to the Commission, which shall also be submitted to the Administrative Board for information;

(s)

taking the following measures to protect the financial interests of the Union:

(i)

preventive measures against fraud, corruption or any other illegal activity and making use of effective supervisory measures;

(ii)

recovering sums unduly paid where irregularities are detected and, where appropriate, applying effective, proportionate and dissuasive administrative and financial penalties;

(t)

drawing up an anti-fraud strategy for the Agency that is proportionate to the risk of fraud, having regard to a cost-benefit analysis of the measures to be implemented and taking into account findings and recommendations arising from OLAF investigations and submitting it to the Administrative Board for approval.

(2)

the following Article is inserted:

‘Article 8a

Work programmes and annual report

1.   The multiannual work programme of the Agency, referred to in point (a) of Article 6(2) shall lay down the actions to be performed by the Agency during the period covered by the multiannual financial framework provided for in Article 312 of the Treaty on the Functioning of the European Union, including actions associated with international relations and the communication for which it is responsible. That programme shall set out overall strategic programming, including objectives, milestones, expected results and performance indicators, and resource programming, including the human and financial resources assigned to each activity. It shall take into account the evaluations and audits referred to in Article 26 of this Regulation. For information purposes, the multiannual work programme shall also include a description of the transfer of tasks entrusted to the Agency by the Commission, including the programme management tasks referred to in Article 14(2) of Regulation (EU) No 1285/2013.

2.   The annual work programme referred to in point (b) of Article 6(2) of this Regulation shall be based on the multiannual work programme. It shall lay down the actions to be performed by the Agency during the year ahead, including actions associated with international relations and the communication for which it is responsible. The annual work programme shall comprise detailed objectives and expected results, including performance indicators. It shall clearly indicate which tasks have been added, changed or deleted in comparison to the previous financial year and changes in performance indicators and their targets values. The programme shall also set out the human and financial resources assigned to each activity. For information purposes, it shall include the tasks entrusted to the Agency by the Commission by means of a delegation agreement, as required, pursuant to Article 14(2) of Regulation (EU) No 1285/2013.

3.   The Executive Director shall, following adoption by the Administrative Board, forward the multiannual and the annual work programmes to the European Parliament, the Council, the Commission and the Member States and shall publish an executive summary thereof.

4.   The annual report referred to in Article 8(h) of this Regulation shall include information on:

(a)

the implementation of the multiannual and the annual work programmes, including with regard to the performance indicators;

(b)

the implementation of the budget and staff policy plan;

(c)

the Agency’s management and internal control systems and on progress made in implementing the project management systems and techniques referred to in Article 11(e) of Regulation (EU) No 1285/2013;

(d)

any measures to improve the Agency’s environmental performance;

(e)

internal and external audit findings and the follow-up to the audit recommendations and to the discharge recommendation;

(f)

the statement of assurance of the Executive Director.

An executive summary of the annual report shall be made public.’;

(3)

in Article 9, paragraph 1 is replaced by the following:

‘1.   In accordance with Article 16 of Regulation (EU) No 1285/2013, whenever the security of the Union or of the Member States may be affected by the operation of the systems, the procedures set out in Joint Action 2004/552/CFSP shall apply.’;

(4)

Articles 10 and 11 are replaced by the following:

‘Article 10

General principles

The security accreditation activities for European GNSS systems referred to in this Chapter shall be carried out in accordance with the following principles:

(a)

security accreditation activities and decisions shall be undertaken in a context of collective responsibility for the security of the Union and of the Member States;

(b)

efforts shall be made for decisions to be reached by consensus;

(c)

security accreditation activities shall be carried out using a risk assessment and management approach, considering risks to the security of the European GNSS systems as well as the impact on cost or schedule of any measure to mitigate the risks, taking into account the objective not to lower the general level of security of the systems;

(d)

security accreditation decisions shall be prepared and taken by professionals who are duly qualified in the field of accrediting complex systems, who have an appropriate level of security clearance, and who shall act objectively;

(e)

efforts shall be made to consult all relevant parties with an interest in security issues;

(f)

security accreditation activities shall be executed by all relevant stakeholders according to a security accreditation strategy without prejudice to the role of the European Commission defined in Regulation (EU) No 1285/2013;

(g)

security accreditation decisions shall, following the process defined in the relevant security accreditation strategy, be based on local security accreditation decisions taken by the respective national security accreditation authorities of the Member States;

(h)

a permanent, transparent and fully understandable monitoring process shall ensure that the security risks for European GNSS systems are known, that security measures are defined to reduce such risks to an acceptable level in view of the security needs of the Union and of its Member States and for the smooth running of the programmes and that those measures are applied in accordance with the concept of defence in depth. The effectiveness of such measures shall be continuously evaluated. The process relating to security risk assessment and management shall be conducted as an iterative process jointly by the stakeholders of the programmes;

(i)

security accreditation decisions shall be taken in a strictly independent manner, including with regard to the Commission and other bodies responsible for the implementation of the programmes and for service provision, as well as with regard to the Executive Director and the Administrative Board of the Agency;

(j)

security accreditation activities shall be carried out with due regard for the need for adequate coordination between the Commission and the authorities responsible for implementing security provisions;

(k)

EU classified information shall be handled and protected by all stakeholders involved in the implementation of the programmes in accordance with the basic principles and minimum standards set out in the Council’s and the Commission’s respective security rules on the protection of EU classified information.

Article 11

Security Accreditation Board

1.   A Security Accreditation Board for European GNSS systems (the “Security Accreditation Board”) is hereby set up to perform the tasks set out in this Article.

2.   The Security Accreditation Board shall perform its tasks without prejudice to the responsibility entrusted to the Commission by Regulation (EU) No 1285/2013, in particular for matters relating to security, and without prejudice to the competences of the Member States as regards security accreditation.

3.   As security accreditation authority, the Security Accreditation Board shall, with regard to security accreditation for the European GNSS systems, be responsible for:

(a)

defining and approving a security accreditation strategy setting out:

(i)

the scope of the activities necessary to perform and maintain the accreditation of the European GNSS systems and their potential interconnection with other systems;

(ii)

a security accreditation process for the European GNSS systems with a degree of detail commensurate with the required level of assurance and clearly stating the approval conditions; that process shall be performed in accordance with the relevant requirements, in particular those referred to in Article 13 of Regulation (EU) No 1285/2013;

(iii)

the role of relevant stakeholders involved in the accreditation process;

(iv)

an accreditation schedule compliant with the phases of the programmes, in particular as regards the deployment of infrastructure, service provision and evolution;

(v)

the principles of the security accreditation for networks connected to the systems and PRS equipment connected to the system established under the Galileo programme to be performed by national entities of the Member States competent in security matters;

(b)

taking security accreditation decisions, in particular on the approval of satellite launches, the authorisation to operate the systems in their different configurations and for the various services up to and including the signal in space, and the authorisation to operate the ground stations. As regards the networks and PRS equipment connected to the system established under the Galileo programme, the Security Accreditation Board shall take decisions only on the authorisation of bodies to develop and manufacture PRS receivers or PRS security modules, taking into account the advice provided by national entities competent in security matters and the overall security risks;

(c)

examining and, except as regards documents which the Commission is to adopt under Article 13 of Regulation (EU) No 1285/2013 and Article 8 of Decision No 1104/2011/EU, approving all documentation relating to security accreditation;

(d)

advising, within its field of competence, the Commission in the elaboration of draft texts for acts referred to in Article 13 of Regulation (EU) No 1285/2013 and Article 8 of Decision No 1104/2011/EU, including for the establishment of security operating procedures (SecOps), and providing a statement with its concluding position;

(e)

examining and approving the security risk assessment developed in accordance with the monitoring process referred to in Article 10(h), taking into account compliance with the documents referred to in point (c) of this paragraph and those developed in accordance with Article 13 of Regulation (EU) No 1285/2013 and Article 8 of Decision No 1104/2011/EU; cooperating with the Commission to define risk mitigation measures;

(f)

checking the implementation of security measures in relation to the security accreditation of the European GNSS systems by undertaking or sponsoring security assessments, inspections or reviews, in accordance with Article 12(b)of this Regulation;

(g)

endorsing the selection of approved products and measures which protect against electronic eavesdropping (TEMPEST) and of approved cryptographic products used to provide security for the European GNSS systems;

(h)

approving or, where relevant, participating in the joint approval of, together with the relevant entity competent in security matters, the interconnection of the European GNSS systems with other systems;

(i)

agreeing with the relevant Member State the template for access control referred to in Article 12(c);

(j)

on the basis of the risk reports referred to in paragraph 11 of this Article, informing the Commission of its risk assessment and providing advice to the Commission on residual risk treatment options for a given security accreditation decision;

(k)

assisting, in close liaison with the Commission, the Council in the implementation of Joint Action 2004/552/CFSP upon a specific request of the Council;

(l)

carrying out the consultations which are necessary to perform its tasks.

4.   The Security Accreditation Board shall also:

(a)

prepare and approve that part of the multiannual work programme referred to in Article 8a(1) concerning the operational activities covered by this Chapter and the financial and human resources needed to accomplish those activities, and submit it to the Administrative Board in good time so that it can be incorporated in the multiannual work programme;

(b)

prepare and approve that part of the annual work programme referred to in Article 8a(2) concerning the operational activities covered by this Chapter and the financial and human resources needed to accomplish those activities, and submit it to the Administrative Board in good time so that it can be incorporated in the annual work programme;

(c)

prepare and approve that part of the annual report referred to in point (h) of Article 6(2) concerning the Agency’s activities and prospects covered by this Chapter and the financial and human resources needed to accomplish those activities and prospects, and submit it to the Administrative Board in good time so that it can be incorporated in the annual report;

(d)

adopt and publish its rules of procedure.

5.   The Commission shall keep the Security Accreditation Board continuously informed of the impact of any decisions envisaged by the Security Accreditation Board on the proper conduct of the programmes and of the implementation of residual risk treatment plans. The Security Accreditation Board shall take note of any such opinion of the Commission.

6.   The decisions of the Security Accreditation Board shall be addressed to the Commission.

7.   The Security Accreditation Board shall be composed of one representative of each Member State, a representative of the Commission and a representative of the HR. The Member States, the Commission and the HR shall endeavour to limit the turnover of their respective representatives on the Security Accreditation Board. The term of office of the members of the Security Accreditation Board shall be four years and shall be renewable. A representative of ESA shall be invited to attend the meetings of the Security Accreditation Board as an observer. On an exceptional basis, representatives of third countries or international organisations may also be invited to attend meetings as observers for matters directly relating to those third countries or international organisations. Arrangements for such participation of representatives of third countries or international organisations and the conditions therefor shall be established in the agreements referred to in Article 23(1) and shall comply with the rules of procedure of the Security Accreditation Board.

8.   The Security Accreditation Board shall elect a Chairperson and Deputy Chairperson from among its members by a two-thirds majority of all members with the right to vote. The Deputy Chairperson shall automatically take the place of the Chairperson when the Chairperson is prevented from attending to his/her duties.

The Security Accreditation Board shall have the power to dismiss the Chairperson, the Deputy Chairperson or both of them. It shall adopt the decision to dismiss by a two-thirds majority.

The term of office of the Chairperson and of the Deputy Chairperson of the Security Accreditation Board shall be two years renewable once. The term of office of either person shall end if he or she ceases to be a member of the Security Accreditation Board.

9.   The Security Accreditation Board shall have access to all the human and material resources required to provide appropriate administrative support functions and to enable it, together with the bodies referred to in paragraph 11, to perform its tasks independently, in particular when handling files, initiating and monitoring the implementation of security procedures and performing system security audits, preparing decisions and organising its meetings. It shall also have access to any information needed for the performance of its tasks in the possession of the Agency, without prejudice to the principles of autonomy and independence referred to in Article 10(i).

10.   The Security Accreditation Board and the Agency staff under its supervision shall perform their work in a manner ensuring autonomy and independence in relation to the other activities of the Agency, in particular operational activities associated with the exploitation of the systems, in accordance with the objectives of the programmes. To that end, an effective organisational division shall be established within the Agency between the staff involved in activities covered by this Chapter and the other staff of the Agency. The Security Accreditation Board shall immediately inform the Executive Director, the Administrative Board and the Commission of any circumstances that could hamper its autonomy or independence. In the event that no remedy is found within the Agency, the Commission shall examine the situation, in consultation with the relevant parties. On the basis of the outcome of that examination, the Commission shall take appropriate mitigation measures to be implemented by the Agency, and shall inform the European Parliament and the Council thereof.

11.   The Security Accreditation Board shall set up special subordinate bodies, acting on its instructions, to deal with specific issues. In particular, while ensuring necessary continuity of work, it shall set up a panel to conduct security analysis reviews and tests to produce the relevant risk reports in order to assist it in preparing its decisions. The Security Accreditation Board may set up and disband expert groups to contribute to the work of the panel.

12.   Without prejudice to the competence of the Member States and of the task of the Agency referred to in point (a)(i) of Article 14(1) of Regulation (EU) No 1285/2013, during the deployment phase of the Galileo programme, a group of experts of the Member States shall be set up under the supervision of the Security Accreditation Board to perform the tasks of the Crypto Distribution Authority (CDA) relating to the management of EU cryptographic material in particular for:

(i)

the management of flights keys and other keys necessary for the functioning of the system established under the Galileo programme;

(ii)

the verification of the establishment and the enforcement of procedures for accounting, secure handling, storage and distribution of PRS keys.

13.   If consensus according to the general principles referred to in Article 10 of this Regulation cannot be reached, the Security Accreditation Board shall take decisions on the basis of majority voting, as provided for in Article 16 of the Treaty on European Union and without prejudice to Article 9 of this Regulation. The representative of the Commission and the representative of the HR shall not vote. The Chairperson of the Security Accreditation Board shall sign, on behalf of the Security Accreditation Board, the decisions adopted by the Security Accreditation Board.

14.   The Commission shall keep the European Parliament and the Council informed, without undue delay, of the impact of the adoption of the security accreditation decisions on the proper conduct of the programmes. If the Commission considers that a decision taken by the Security Accreditation Board may have a significant effect on the proper conduct of the programmes, for example in terms of costs, schedule or performance, it shall immediately inform the European Parliament and the Council.

15.   Taking into account the views of the European Parliament and of the Council, which should be expressed within one month, the Commission may adopt any adequate measures in accordance with Regulation (EU) No 1285/2013.

16.   The Administrative Board shall be periodically kept informed of the evolution of the work of the Security Accreditation Board.

17.   The timetable for the work of the Security Accreditation Board shall respect the annual work programme referred to in Article 27 of Regulation (EU) No 1285/2013.’;

(5)

the following Article is inserted:

‘Article 11a

Tasks of the Chairperson of the Security Accreditation Board

1.   The Chairperson of the Security Accreditation Board shall perform the following tasks:

(a)

managing security accreditation activities under the supervision of the Security Accreditation Board;

(b)

implementing the part of the Agency’s multiannual and annual work programmes covered by this Chapter under the supervision of the Security Accreditation Board;

(c)

cooperating with the Executive Director to help to draw up the draft establishment plan referred to in Article 13(3) and the organisational structures of the Agency;

(d)

preparing the section of the progress report referred to in Article 8(g) concerning the operational activities covered by this Chapter, and submitting it to the Security Accreditation Board and the Executive Director in good time so that it can be incorporated in the progress report;

(e)

preparing the section of the annual report and of the action plan referred to in Article 8(h) and (r) respectively, concerning the operational activities covered by this Chapter, and submitting it to the Executive Director in good time;

(f)

representing the Agency for the activities and decisions covered by this Chapter;

(g)

exercising, with regard to the Agency’s staff involved in the activities concerned by this Chapter, the powers referred to in first subparagraph of Article 6(3), delegated to him/her in accordance with the fourth subparagraph of Article 6(3).

2.   For activities covered by this Chapter, the European Parliament and the Council may call upon the Chairperson of the Security Accreditation Board for an exchange of views on the work and prospects of the Agency before those institutions, including with regard to the multiannual and the annual work programmes.’;

(6)

in Article 12, point (b) is replaced by the following:

‘(b)

permit duly authorised persons appointed by the Security Accreditation Board, in agreement with and under the supervision of national entities competent in security matters, to have access to any information and to any areas and/or sites related to the security of systems falling within their jurisdiction, in accordance with their national laws and regulations, and without any discrimination on ground of nationality of nationals of Member States, including for the purposes of security audits and tests as decided by the Security Accreditation Board and of the security risk monitoring process referred to in Article 10(h). These audits and tests shall be performed in accordance with the following principles:

(i)

the importance of security and effective risk management within the entities inspected shall be emphasised;

(ii)

countermeasures to mitigate the specific impact of loss of confidentiality, integrity or availability of classified information shall be recommended.’;

(7)

Article 13 is amended as follows:

(a)

paragraph 3 is replaced by the following:

‘3.   The Executive Director shall, in close collaboration with the Chairperson of the Security Accreditation Board for activities covered by Chapter III, draw up a draft estimate of expenditure and revenue of the Agency for the next financial year, making clear the distinction between those elements of the draft statement of estimates which relate to security accreditation activities and the other activities of the Agency. The Chairperson of the Security Accreditation Board may write a statement on that draft and the Executive Director shall forward both the draft estimate and the statement to the Administrative Board and the Security Accreditation Board, accompanied by a draft establishment plan.’;

(b)

paragraphs 5 and 6 are replaced by the following:

‘5.   Each year, the Administrative Board, based on the draft estimate of expenditure and revenue and in close cooperation with the Security Accreditation Board for activities covered by Chapter III, shall draw up the estimate of the Agency’s revenue and expenditure for the next financial year.

6.   The Administrative Board shall, by 31 March, forward the statement of estimates, which shall include a draft establishment plan together with the provisional annual work programme, to the Commission and to the third countries or international organisations with which the Union has concluded agreements in accordance with Article 23(1).’;

(8)

in Article 14, paragraph 10 is replaced by the following:

‘10.   The European Parliament, upon a recommendation from the Council acting by a qualified majority, shall, before 30 April of the year N + 2, grant discharge to the Executive Director in respect of the implementation of the budget for year N, with the exception of the part of the budget implementation covering tasks which are, where appropriate, entrusted to the Agency under Article 14(2) of Regulation (EU) No 1285/2013 to which the procedure referred to in Articles 164 and 165 of Regulation (EU, Euratom) No 966/2012 of the European Parliament and of the Council shall apply (18).

(9)

the following Chapter is inserted:

‘CHAPTER IVa

HUMAN RESOURCES

Article 15a

Staff

1.   The Staff Regulations of Officials of the European Union, the Conditions of Employment of Other Servants and the rules adopted jointly by the institutions of the Union for the purposes of the application of those Staff Regulations and Conditions of Employment shall apply to the staff employed by the Agency.

2.   The staff of the Agency shall consist of servants recruited by the Agency as necessary to perform its tasks. They shall have security clearances appropriate to the classification of the information they are handling.

3.   The Agency’s internal rules, such as the rules of procedure of the Administrative Board, the rules of procedure of the Security Accreditation Board, the financial rules applicable to the Agency, the rules for the application of the staff regulations and the rules for access to documents, shall ensure the autonomy and independence of staff performing the security accreditation activities vis-à-vis staff performing the other activities of the Agency, pursuant to Article 10(i).

Article 15b

Appointment and Term of Office of the Executive Director

1.   The Executive Director shall be recruited as a temporary member of staff of the Agency in accordance with Article 2(a) of the Conditions of Employment of Other Servants.

2.   The Executive Director shall be appointed by the Administrative Board on the grounds of merit and documented administrative and managerial skills, as well as relevant competence and experience, from a list of candidates proposed by the Commission, after an open and transparent competition, following the publication of a call for expressions of interest in the Official Journal of the European Union or elsewhere.

The candidate selected by the Administrative Board may be invited at the earliest opportunity to make a statement before the European Parliament and to answer questions from its Members.

The Chairperson of the Administrative Board shall represent the Agency for the purpose of concluding the Executive Director’s contract.

The Administrative Board shall take its decision to appoint the Executive Director by a two-thirds majority of its members.

3.   The term of office of the Executive Director shall be five years. At the end of that term of office, the Commission shall carry out an assessment of the Executive Director’s performance taking into account the future tasks and challenges of the Agency.

On the basis of a proposal from the Commission, taking into account the assessment referred to in the first subparagraph, the Administrative Board may extend the term of office of the Executive Director once for a period of up to four years.

Any decision to extend the term of office of the Executive Director shall be adopted by a two-thirds majority of members of the Administrative Board.

An Executive Director whose term of office has been extended may not thereafter take part in a selection procedure for the same post.

The Administrative Board shall inform the European Parliament of its intention to extend the Executive Director’s term of office. Before the extension, the Executive Director may be invited to make a statement before the relevant committees of the European Parliament and answer Members’ questions.

4.   The Administrative Board may dismiss the Executive Director, on the basis of a proposal of the Commission or of one third of its members, by means of a decision adopted by a two-thirds majority of its members.

5.   The European Parliament and the Council may call upon the Executive Director for an exchange of views on the work and prospects of the Agency before those institutions, including with regard to the multiannual and the annual work programme. That exchange of views shall not touch upon matters relating to the security accreditation activities covered by Chapter III.

Article 15c

Seconded national experts

The Agency may also use national experts. These experts shall have security clearances appropriate to the classification of the information they are handling. The Staff Regulations and the Conditions of Employments of Other Servants shall not apply to such staff.’;

(10)

Articles 16 and 17 are replaced by the following:

‘Article 16

Prevention of fraud

1.   In order to combat fraud, corruption and any other illegal activities, Regulation (EU, Euratom) No 883/2013 of the European Parliament and of the Council (19) shall apply to the Agency without restriction. To that end, the Agency shall accede to the Interinstitutional Agreement of 25 May 1999 between the European Parliament, the Council and the Commission of the European Communities concerning internal investigations by the European Anti-Fraud Office (OLAF) (20) and shall issue the appropriate provisions to the staff of the Agency and to seconded national experts using the model decision in the Annex to that Agreement.

2.   The Court of Auditors shall have the authority to supervise beneficiaries of the Agency’s funding as well as contractors and sub-contractors who have received Union funds through the Agency, on the basis of documents provided to it or using on-the-spot checks.

3.   With regard to grants financed or contracts awarded by the Agency, OLAF may carry out investigations, including on-the-spot checks and inspections in accordance with Regulation (EU, Euratom) No 883/2013 and Council Regulation (Euratom, EC) No 2185/96 (21), in order to combat fraud, corruption and any other illegal activity detrimental to the Union’s financial interests.

4.   Without prejudice to paragraphs 1, 2 and 3 of this Article, the cooperation agreements concluded by the Agency with third countries or international organisations, contracts and grant agreements concluded by the Agency with third parties, and any financing decision taken by the Agency shall provide expressly that the Court of Auditors and OLAF may carry out checks and investigations in accordance with their respective powers.

Article 17

Privileges and immunities

Protocol No 7 on the Privileges and Immunities of the European Union annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union shall apply to the Agency and to its staff referred to in Article 15a.

(11)

Article 18 is deleted;

(12)

Articles 22 and 23 are replaced by the following:

‘Article 22

Security rules on the protection of classified or sensitive information

1.   The Agency shall apply the Commission’s security rules regarding the protection of EU classified information.

2.   The Agency may establish, in its internal rules, provisions for the handling of non-classified but sensitive information. Such provisions shall cover, inter alia, the exchange, handling and storage thereof.

Article 22a

Conflicts of interest

1.   Members of the Administrative Board and of the Security Accreditation Board, the Executive Director, as well as seconded national experts and observers, shall make a declaration of commitments and a declaration of interests indicating the absence or existence of any direct or indirect interests which might be considered prejudicial to their independence. Those declarations shall be accurate and complete. They shall be made in writing upon their entry into service and shall be renewed annually. They shall be updated whenever necessary, in particular in the event of relevant changes in the personal circumstances of the persons concerned.

2.   Before any meeting which they are to attend, Members of the Administrative Board and of the Security Accreditation Board, the Executive Director, as well as seconded national experts and observers and external experts participating in ad hoc working groups shall accurately and completely declare the absence or existence of any interest which might be considered prejudicial to their independence in relation to any items on the agenda, and shall abstain from participating in the discussion of and voting upon such points.

3.   The Administrative Board and the Security Accreditation Board shall lay down, in their rules of procedure, the practical arrangements for the rule on declaration of interest referred to in paragraphs 1 and 2 and for the prevention and the management of conflict of interest.

Article 23

Participation of third countries and international organisations

1.   The Agency shall be open to the participation of third countries and international organisations. Such participation and the conditions therefor shall be established in an agreement between the Union and that third country or international organisation, in accordance with the procedure laid down in Article 218 of the Treaty on the Functioning of the European Union.

2.   In accordance with the relevant provisions of those agreements, practical arrangements shall be developed for the participation of third countries or international organisations in the work of the Agency, including arrangements relating to their participation in the initiatives undertaken by the Agency, to financial contributions and to staff.

Article 23a

Joint procurement with the Member States

For the performance of its tasks, the Agency shall be authorised to award contracts jointly with the Member States in accordance with Commission Delegated Regulation (EU) No 1268/2012 (22).

(13)

Article 26 is replaced by the following:

‘Article 26

Revision, evaluation and audit

1.   By 31 December 2016, and every five years thereafter, the Commission shall evaluate the Agency concerning, in particular, its impact, effectiveness, smooth running, working methods, requirements and use of the resources entrusted to it. The evaluation shall include, in particular, an assessment of any change in the scope or nature of the Agency’s tasks and the financial impact thereof. It shall address the application of the Agency’s policy on conflicts of interest and it shall also reflect any circumstances that may have impaired the independence and autonomy of the Security Accreditation Board.

2.   The Commission shall submit a report on the evaluation and its conclusions to the European Parliament, the Council, the Administrative Board and the Security Accreditation Board of the Agency. The results of the evaluation shall be made available to the public.

3.   One evaluation in two shall include an inspection of the Agency’s balance sheet in terms of its objectives and tasks. If the Commission considers that the continuation of the Agency is no longer justified with regard to the objectives and tasks assigned to it, the Commission may, where appropriate, propose that this Regulation be repealed.

4.   External audits on the performance of the Agency may be carried out at the request of the Administrative Board or the Commission.’.

Article 2

Entry into force

This Regulation shall enter into force on the third day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Strasbourg, 16 April 2014.

For the European Parliament

The President

M. SCHULZ

For the Council

The President

D. KOURKOULAS


(1)  OJ C 198, 10.7.2013, p. 67.

(2)  Position of the European Parliament of 12 March 2014 (not yet published in the Official Journal) and decision of the Council of 14 April 2014.

(3)  Regulation (EU) No 1285/2013 of the European Parliament and of the Council of 11 December 2013 on the implementation and exploitation of European satellite navigation systems and repealing Council Regulation (EC) No 876/2002 and Regulation (EC) No 683/2008 of the European Parliament and of the Council (OJ L 347, 20.12.2013, p. 1).

(4)  Regulation (EU) No 912/2010 of the European Parliament and of the Council of 22 September 2010 setting up the European GNSS Agency, repealing Council Regulation (EC) No 1321/2004 on the establishment of structures for the management of the European satellite radio navigation programmes and amending Regulation (EC) No 683/2008 of the European Parliament and of the Council (OJ L 276, 20.10.2010, p. 11).

(5)  Council Joint Action 2004/552/CFSP of 12 July 2004 on aspects of the operation of the European satellite radio-navigation system affecting the security of the European Union (OJ L 246, 20.7.2004, p. 30).

(6)  Council Decision 2013/488/EU of 23 September 2013 on the security rules for protecting EU classified information (OJ L 274, 15.10.2013, p. 1).

(7)  Decision No 1104/2011/EU of the European Parliament and of the Council of 25 October 2011 on the rules for access to the public regulated service provided by the global navigation satellite system established under the Galileo programme (OJ L 287, 4.11.2011, p. 1).

(8)  OJ L 15, 20.1.2014, p. 1.

(9)  OJ L 283, 29.10.2010, p. 12.

(10)  Decision 2010/803/EU taken by common accord between the Representatives of the Governments of the Member States of 10 December 2010 on the location of the seat of the European GNSS Agency (OJ L 342, 28.12.2010, p. 15).

(11)  Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ L 145, 31.5.2001, p. 43).

(12)  Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (OJ L 8, 12.1.2001, p. 1).

(13)  Regulation (EU) No 1285/2013 of the European Parliament and of the Council of 11 December 2013 on the implementation and exploitation of European satellite navigation systems and repealing Council Regulation (EC) No 876/2002 and Regulation (EC) No 683/2008 of the European Parliament and of the Council (OJ L 347, 20.12.2013, p. 1).

(14)  Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ L 145, 31.5.2001, p. 43).

(15)  Staff Regulations of Officials and the Conditions of Employment of Other Servants of the European Union, laid down in Council Regulation (EEC, Euratom, ECSC) No 259/68 (OJ L 56, 4.3.1968, p. 1).

(16)  Council Joint Action 2004/552/CFSP of 12 July 2004 on aspects of the operation of the European satellite radio-navigation system affecting the security of the European Union (OJ L 246, 20.7.2004, p. 30).

(17)  Decision No 1104/2011/EU of the European Parliament and of the Council of 25 October 2011 on the rules for access to the public regulated service provided by the global navigation satellite system established under the Galileo programme (OJ L 287, 4.11.2011, p. 1).’;

(18)  Regulation (EU, Euratom) No 966/2012 of the European Parliament and of the Council of 25 October 2012 on the financial rules applicable to the general budget of the Union and repealing Council Regulation (EC, Euratom) No 1605/2002 (OJ L 298, 26.10.2012, p. 1).’;

(19)  Regulation (EU, Euratom) No 883/2013 of the European Parliament and of the Council of 11 September 2013 concerning investigations conducted by the European Anti-Fraud Office (OLAF) and repealing Regulation (EC) No 1073/1999 of the European Parliament and of the Council and Council Regulation (Euratom) No 1074/1999 (OJ L 248, 18.9.2013, p. 1).

(20)  OJ L 136, 31.5.1999, p. 15.

(21)  Council Regulation (Euratom, EC) No 2185/96 of 11 November 1996 concerning on-the-spot checks and inspections carried out by the Commission in order to protect the European Communities’ financial interests against fraud and other irregularities (OJ L 292, 15.11.1996, p. 2).’;

(22)  Commission Delegated Regulation (EU) No 1268/2012 of 29 October 2012 on the rules of application of Regulation (EU, Euratom) No 966/2012 of the European Parliament and of the Council on the financial rules applicable to the general budget of the Union (OJ L 362, 31.12.2012, p. 1).’;