ISSN 1977-0677

Official Journal

of the European Union

L 6

European flag  

English edition

Legislation

Volume 60
11 January 2017


Contents

 

II   Non-legislative acts

page

 

 

INTERNATIONAL AGREEMENTS

 

*

Information relating to the entry into force of the Agreement between the European Union and the Republic of Colombia on the short-stay visa waiver

1

 

*

Council Decision (EU) 2017/43 of 12 December 2016 on the position to be adopted, on behalf of the European Union, in the Association Committee in Trade configuration established by the Association Agreement between the European Union and the European Atomic Energy Community and their Member States, of the one part, and Ukraine, of the other part, in relation to the update of Annexes XXI-A to XXI-P on regulatory approximation in the area of public procurement

2

 

 

REGULATIONS

 

*

Commission Implementing Regulation (EU) 2017/44 of 10 January 2017 amending Council Regulation (EC) No 1210/2003 concerning certain specific restrictions on economic and financial relations with Iraq

36

 

 

Commission Implementing Regulation (EU) 2017/45 of 10 January 2017 establishing the standard import values for determining the entry price of certain fruit and vegetables

38

 

 

DECISIONS

 

*

Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission

40

EN

Acts whose titles are printed in light type are those relating to day-to-day management of agricultural matters, and are generally valid for a limited period.

The titles of all other Acts are printed in bold type and preceded by an asterisk.


II Non-legislative acts

INTERNATIONAL AGREEMENTS

11.1.2017   

EN

Official Journal of the European Union

L 6/1


Information relating to the entry into force of the Agreement between the European Union and the Republic of Colombia on the short-stay visa waiver

The Agreement between the European Union and the Republic of Colombia on the short-stay visa waiver will enter into force on 1 December 2016, the procedure provided for in Article 8(1) of the Agreement having been completed on 19 October 2016.


11.1.2017   

EN

Official Journal of the European Union

L 6/2


COUNCIL DECISION (EU) 2017/43

of 12 December 2016

on the position to be adopted, on behalf of the European Union, in the Association Committee in Trade configuration established by the Association Agreement between the European Union and the European Atomic Energy Community and their Member States, of the one part, and Ukraine, of the other part, in relation to the update of Annexes XXI-A to XXI-P on regulatory approximation in the area of public procurement

THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular the first paragraph of Article 207(4) in conjunction with Article 218(9) thereof,

Having regard to the proposal from the European Commission,

Whereas:

(1)

Article 486 of the Association Agreement between the European Union and the European Atomic Energy Community, and their Member States of the one part, and Ukraine, of the other part (1) (‘the Agreement’), provides for the provisional application of the Agreement in part, as specified by the Union.

(2)

Article 1 of Council Decision 2014/668/EU (2) specifies the provisions of the Agreement to be applied provisionally, including the provisions on public procurement, and Annex XXI to the Agreement. The provisional application of those provisions is effective from 1 January 2016.

(3)

Article 153 of the Agreement provides that Ukraine is to ensure that its public procurement legislation is gradually made compatible with the relevant Union acquis, in line with the schedule provided in Annex XXI to the Agreement.

(4)

Several Union acts listed in Annexe XXI to the Agreement have been amended or repealed since the initialling of the Agreement on 30 March 2012.

(5)

Article 149 of the Agreement provides that the value thresholds for public procurement contracts provided for in Annex XXI-P to the Agreement are to be revised regularly, beginning in the first even year following the entry into force of the Agreement.

(6)

It is furthermore appropriate to take into account the progress made by Ukraine in the process of approximation to the Union acquis by amending certain deadlines.

(7)

It is therefore necessary to update Annex XXI in order to reflect the developments to the Union acquis listed therein, and revise the value thresholds for public procurement contracts provided for in Annex XXI-P to the Agreement.

(8)

Article 149 of the Agreement provides that the revision of the thresholds provided for in Annex XXI-P to the Agreement shall be adopted by decision of the Association Committee in Trade configuration.

(9)

Article 463(3) of the Agreement provides that the Association Council shall have the power to update or amend the Annexes to the Agreement.

(10)

Article 1 of the Association Council Decision No 3/2014 (3) delegates the power to update or amend the trade-related annexes of the Agreement to the Association Committee in Trade configuration, including Annex XXI pertaining to Chapter 8 (Public Procurement) of Title IV (Trade and trade-related matters).

(11)

It is therefore appropriate to establish the position to be adopted on behalf of the Union in relation to the update of Annex XXI to the Agreement to be adopted by the Association Committee in Trade configuration.

(12)

Article 152(1) of the Agreement stipulates that Ukraine shall submit to the Association Committee in Trade configuration a comprehensive roadmap for the implementation of the legislation related to public procurement with time schedules and milestones which should include all reforms in terms of legislative approximation and institutional capacity building. This roadmap shall comply with the phases and time schedules set out in Annex XXI-A to the Agreement.

(13)

Article 152(3) specifies that a favourable opinion by the Association Committee in Trade configuration is needed in order for the comprehensive roadmap to become a reference document for the process of implementation i.e. for the legislative approximation of the public procurement related legislation to the Union acquis.

(14)

It is therefore appropriate to establish the position to be adopted on behalf of the Union in relation to a favourable opinion regarding the comprehensive roadmap to be adopted by the Association Committee in Trade configuration,

HAS ADOPTED THIS DECISION:

Article 1

1.   The position to be adopted on behalf of the European Union in the Association Committee in Trade configuration established by Article 465 of the Association Agreement between the European Union and the European Atomic Energy Community and their Member States, of the one part, and Ukraine, of the other part (‘the Agreement’), in relation to the update of Annex XXI of the Agreement shall be based on the draft Decision of that Committee, attached to this Decision.

2.   Minor technical corrections to the draft Decision may be agreed to by the representatives of the Union in the Association Committee in Trade configuration without further decision of the Council of the European Union.

Article 2

The position to be adopted on behalf of the Union within the Association Committee in Trade configuration established by Article 465 of the Agreement, in relation to the favourable opinion regarding the comprehensive roadmap shall be based on the draft Decision of that Committee referred to in Article 1(1).

Article 3

The Decisions of the Association Committee in Trade configuration shall be published in the Official Journal of the European Union after their adoption.

Article 4

This Decision shall enter into force on the date of its adoption.

Done at Brussels, 12 December 2016.

For the Council

The President

F. MOGHERINI


(1)  OJ L 161, 29.5.2014, p. 3.

(2)  Council Decision 2014/668/EU of 23 June 2014 on the signing, on behalf of the European Union, and provisional application of the Association Agreement between the European Union and the European Atomic Energy Community and their Member States, of the one part, and Ukraine, of the other part, as regards Title III (with the exception of the provisions relating to the treatment of third-country nationals legally employed as workers in the territory of the other Party) and Titles IV, V, VI and VII thereof, as well as the related Annexes and Protocols (OJ L 278, 20.9.2014, p. 1).

(3)  Decision No 3/2014 of the EU-Ukraine Association Council of 15 December 2014 on the delegation of certain powers by the Association Council to the Association Committee in Trade configuration [2015/980] (OJ L 158, 24.6.2015, p. 4).


DRAFT

DECISION No 1/2016 OF THE EU-UKRAINE ASSOCIATION COMMITTEE IN TRADE CONFIGURATION

of …

updating Annex XXI to the Association Agreement and giving a favourable opinion regarding the comprehensive roadmap on public procurement

THE ASSOCIATION COMMITTEE IN TRADE CONFIGURATION,

Having regard to the Association Agreement between the European Union and the European Atomic Energy Community and their Member States, of the one part, and Ukraine, of the other part (1) (‘the Agreement’), and in particular Article 149, Article 153 and Article 463 thereof,

Whereas:

(1)

In accordance with Article 486 of the Agreement, parts of the Agreement, including provisions on public procurement, are applied provisionally as of 1 January 2016.

(2)

Article 149 of the Agreement provides that the value thresholds for public procurement contracts provided for in Annex XXI-P are to be revised regularly, beginning in the first even year following the entry into force of the Agreement and such revision is to be adopted by decision of the Association Committee in Trade configuration, as set out in Article 465(4) of the Agreement.

(3)

Article 153 of the Agreement provides that Ukraine is to ensure that its public procurement legislation is gradually made compatible with the relevant Union acquis, in line with the schedule provided in Annex XXI to the Agreement.

(4)

Several Union acts listed in Annex XXI to the Agreement have been recast or repealed and replaced by a new Union act since the initialling of the Agreement on 30 March 2012. In particular, the Union adopted and notified to Ukraine the following acts:

(a)

Directive 2014/23/EU of the European Parliament and of the Council (2);

(b)

Directive 2014/24/EU of the European Parliament and of the Council (3);

(c)

Directive 2014/25/EU of the European Parliament and of the Council (4).

(5)

The above-mentioned Directives amended the value thresholds for public procurement contracts provided for in Annex XXI-P, which were subsequently amended by Commission Delegated Regulations (EU) 2015/2170 (5), (EU) 2015/2171 (6) and (EU) 2015/2172 (7), respectively.

(6)

Article 463(3) of the Agreement provides that the Association Council shall have the power to update or amend the Annexes to the Agreement.

(7)

It is necessary to update Annex XXI to the Agreement in order to reflect the changes made to the Union acquis listed in that Annex, in accordance with Articles 149, 153 and 463 of the Agreement.

(8)

The new Union acquis on public procurement has a new structure. It is appropriate to reflect this new structure in Annex XXI. In the interest of clarity, Annex XXI should be updated in its entirety and replaced by the Annex as set out in the Appendix to this Decision. It is furthermore appropriate to take into account the progress made by Ukraine in the process of approximation to the Union acquis.

(9)

Article 465(2) of the Agreement specifies that the Association Council may delegate to the Association Committee in Trade configuration any of its powers, including the power to take binding decisions.

(10)

The EU-Ukraine Association Council empowered the Association Committee in Trade configuration in its Decision No 3/2014 (8) of 15 December 2014 to update or amend certain trade-related annexes.

(11)

Article 152(1) of the Agreement stipulates that Ukraine shall submit to the Association Committee in Trade configuration a comprehensive roadmap for the implementation of the legislation related to public procurement with time schedules and milestones which should include all reforms in terms of legislative approximation to the Union acquis.

(12)

Article 152(3) specifies that a favourable opinion by the Association Committee in Trade configuration is needed in order for the comprehensive roadmap to become a reference document for the process of implementation, namely for the legislative approximation of the public procurement related legislation to the Union acquis.

(13)

It is therefore appropriate for the Association Committee in Trade configuration to adopt a decision giving favourable opinion regarding the comprehensive roadmap,

HAS ADOPTED THIS DECISION:

Article 1

Annex XXI to the Association Agreement between the European Union and the European Atomic Energy Community and their Member States of the one part, and Ukraine, of the other part, is hereby replaced by the updated version of the Annex, which is attached to this Decision.

Article 2

A favourable opinion is given regarding the comprehensive roadmap approved by the Ordinance of the Cabinet of Ministers of Ukraine of 24 February 2016 (number 175-p) adopted by the government of Ukraine on 24 February 2016.

Article 3

This Decision shall enter into force on the date of its adoption.

Done at …,

For the Association Committee in Trade configuration

The Chair


(1)  OJ L 161, 29.5.2014, p. 3.

(2)  Directive 2014/23/EU of the European Parliament and of the Council of 26 February 2014 on the award of concession contracts (OJ L 94, 28.3.2014, p. 1).

(3)  Directive 2014/24/EU of the European Parliament and of the Council of 26 February 2014 on public procurement and repealing Directive 2004/18/EC (OJ L 94, 28.3.2014, p. 65).

(4)  Directive 2014/25/EU of the European Parliament and of the Council of 26 February 2014 on procurement by entities operating in the water, energy, transport and postal services sectors and repealing Directive 2004/17/EC (OJ L 94, 28.3.2014, p. 243).

(5)  Commission Delegated Regulation (EU) 2015/2170 of 24 November 2015 amending Directive 2014/24/EU of the European Parliament and of the Council in respect of the application thresholds for the procedures for the award of contracts (OJ L 307, 25.11.2015, p. 5).

(6)  Commission Delegated Regulation (EU) 2015/2171 of 24 November 2015 amending Directive 2014/25/EU of the European Parliament and of the Council in respect of the application thresholds for the procedures for the award of contracts (OJ L 307, 25.11.2015, p. 7).

(7)  Commission Delegated Regulation (EU) 2015/2172 of 24 November 2015 amending Directive 2014/23/EU of the European Parliament and of the Council in respect of the application thresholds for the procedures for the award of contracts (OJ L 307, 25.11.2015, p. 9).

(8)  Decision No 3/2014 of the EU-Ukraine Association Council of 15 December 2014 on the delegation of certain powers by the Association Council to the Association Committee in Trade configuration [2015/980] (OJ L 158, 24.6.2015, p. 4).

ANNEX XXI-A TO CHAPTER 8

INDICATIVE TIME SCHEDULE FOR INSTITUTIONAL REFORM, LEGISLATIVE APPROXIMATION AND MARKET ACCESS

Phase

 

Indicative time schedule

Market access granted to the EU by Ukraine

Market access granted to Ukraine by the EU

 

1.

Implementation of Articles 150(2) and 151 of this Agreement

Agreement of the Reform Strategy set out in Article 152 of this Agreement

6 months after the entry into force of this Agreement

Supplies for central government authorities

Supplies for central government authorities

 

2.

Approximation and implementation of basic elements of Directive 2014/24/EU and of Directive 89/665/EEC

3 years after the entry into force of this Agreement

Supplies for state, regional and local authorities and bodies governed by public law

Supplies for state, regional and local authorities and bodies governed by public law

Annexes XXI-B and XXI-C

3.

Approximation and implementation of basic elements of Directive 2014/25/EU and of Directive 92/13/EEC

4 years after the entry into force of this Agreement

Supplies for all contracting entities in the utilities sector

Supplies for all contracting entities

Annexes XXI-D and XXI-E

4.

Approximation and implementation of other elements of Directive 2014/24/EU. Approximation and implementation of Directive 2014/23/EU

6 years after the entry into force of this Agreement

Service and works contracts and concessions for all contracting authorities

Service and works contracts and concessions for all contracting authorities

Annexes XXI-F, XXI-G, and XXI-H

5.

Approximation and implementation of other elements of Directive 2014/25/EU

8 years after the entry into force of this Agreement

Service and works contracts for all contracting entities in the utilities sector

Service and works contracts for all contracting entities in the utilities sector

Annexes XXI-I and XXI-J

ANNEX XXI-B TO CHAPTER 8

BASIC ELEMENTS OF DIRECTIVE 2014/24/EU

of 26 February 2014 on public procurement

(Phase 2)

TITLE I

Scope, definitions and general principles

CHAPTER I

Scope and definitions

Section 1

Subject-matter and definitions

Article 1

Subject-matter and scope: paragraphs 1, 2, 5 and 6

Article 2

Definitions: paragraph 1, points (1), (4), (5), (6), (7), (8), (9), (10), (11), (12), (13), (18), (19), (20), (22), (23), (24)

Article 3

Mixed procurement

Section 2

Thresholds

Article 4

Threshold amounts

Article 5

Methods for calculating the estimated value of procurement

Section 3

Exclusions

Article 7

Contracts in the water, energy, transport and postal services sectors

Article 8

Specific exclusions in the field of electronic communications

Article 9

Public contracts awarded and design contests organised pursuant to international rules

Article 10

Specific exclusions for service contracts

Article 11

Service contracts awarded on the basis of an exclusive right

Article 12

Public contracts between entities within the public sector

Section 4

Specific situations

Subsection 1

Subsidised contracts and research and development services

Article 13

Contracts subsidised by contracting authorities

Article 14

Research and development services

Subsection 2

Procurement involving defence and security aspects

Article 15

Defence and security

Article 16

Mixed procurement involving defence or security aspects

Article 17

Public contracts and design contests involving defence or security aspects which are awarded or organised pursuant to international rules

CHAPTER II

General Rules

Article 18

Principles of procurement

Article 19

Economic operators

Article 21

Confidentiality

Article 22

Rules applicable to communication: paragraphs 2-6

Article 23

Nomenclatures

Article 24

Conflicts of interest

TITLE II

Rules on public contracts

CHAPTER I

Procedures

Article 26

Choice of procedures: paragraphs 1, 2, first alternative of paragraph 4, 5, 6

Article 27

Open procedure

Article 28

Restricted procedure

Article 29

Competitive procedure with negotiation

Article 32

Use of the negotiated procedure without prior publication

CHAPTER III

Conduct of the procedure

Section 1

Preparation

Article 40

Preliminary market consultations

Article 41

Prior involvement of candidates or tenderers

Article 42

Technical specifications

Article 43

Labels

Article 44

Test reports, certification and other means of proof: paragraphs 1, 2

Article 45

Variants

Article 46

Division of contracts into lots

Article 47

Setting time limits

Section 2

Publication and transparency

Article 48

Prior information notices

Article 49

Contract notices

Article 50

Contract award notices: paragraphs 1 and 4

Article 51

Form and manner of publication of notices: first subparagraph of paragraph 1, first subparagraph of paragraph 5

Article 53

Electronic availability of procurement documents

Article 54

Invitations to candidates

Article 55

Informing candidates and tenderers

Section 3

Choice of participants and award of contracts

Article 56

General principles

Subsection 1

Criteria for qualitative selection

Article 57

Exclusion grounds

Article 58

Selection criteria

Article 59

European Single Procurement Document: paragraph 1 mutatis mutandis, paragraph 4

Article 60

Means of proof

Article 62

Quality assurance standards and environmental management standards: paragraphs 1 and 2

Article 63

Reliance on the capacities of other entities

Subsection 2

Reduction of numbers of candidates, tenders and solutions

Article 65

Reduction of the number of otherwise qualified candidates to be invited to participate

Article 66

Reduction of the number of tenders and solutions

Subsection 3

Award of the contract

Article 67

Contract award criteria

Article 68

Life-cycle costing: paragraphs 1 and 2

Article 69

Abnormally low tenders: paragraphs 1 to 4

CHAPTER IV

Contract performance

Article 70

Conditions for performance of contracts

Article 71

Subcontracting

Article 72

Modification of contracts during their term

Article 73

Termination of contracts

TITLE III

Particular procurement regimes

CHAPTER I

Social and other specific services

Article 74

Award of contracts for social and other specific services

Article 75

Publication of notices

Article 76

Principles of awarding contracts

ANNEXES

ANNEX II

LIST OF THE ACTIVITIES REFFERED TO IN POINT 6(a) OF ARTICLE 2(1)

ANNEX III

LIST OF PRODUCTS REFFERED TO IN ARTICLE 4(b) WITH REGARD TO CONTRACTS AWARDED CONTRACTING AUTHORITIES IN THE FIELD OF DEFENCE

ANNEX IV

REQUIREMENTS RELATING TO TOOLS AND DEVICES FOR THE ELECTRONIC RECEIPT OF TENDERS, REQUESTS FOR PARTICIPATION AS WELL AS PLANS AND PROJECTS IN CONTESTS

ANNEX V

INFORMATION TO BE INCLUDED IN NOTICES

Part A:

INFORMATION TO BE INCLUDED IN NOTICES OF THE PUBLICATION OF A PRIOR INFORMATION NOTICE ON A BUYER PROFILE

Part B:

INFORMATION TO BE INCLUDED IN PRIOR INFORMATION NOTICES (as referred to in Article 48)

Part C:

INFORMATION TO BE INCLUDED IN CONTRACT NOTICES (as referred to in Article 49)

Part D:

INFORMATION TO BE INCLUDED IN CONTRACT AWARD NOTICES (as referred to in Article 50)

Part G:

INFORMATION TO BE INCLUDED IN NOTICES OF MODIFICATIONS OF A CONTRACT DURING ITS TERM (as referred to in Article 72(1))

Part H:

INFORMATION TO BE INCLUDED IN CONTRACT NOTICES CONCERNING CONTRACTS FOR SOCIAL AND OTHER SPECIFIC SERVICES (as referred to in Article 75(1))

Part I:

INFORMATION TO BE INCLUDED IN PRIOR INFORMATION NOTICES FOR SOCIAL AND OTHER SPECIFIC SERVICES (as referred to in Article 75(1))

Part J:

INFORMATION TO BE INCLUDED IN CONTRACT AWARD NOTICES CONCERNING CONTRACTS FOR SOCIAL AND OTHER SPECIFIC SERVICES (as referred to in Article 75(2))

ANNEX VII

DEFINITION OF CERTAIN TECHNICAL SPECIFICATIONS

ANNEX IX

CONTENTS OF THE INVITATIONS TO SUBMIT A TENDER, TO PARTICIPATE IN THE DIALOGUE OR TO CONFIRM INTEREST PROVIDED FOR UNDER ARTICLE 54

ANNEX X

LIST OF INTERNATIONAL SOCIAL AND ENVIRONMENTAL CONVENTIONS REFERRED TO IN ARTICLE 18(2)

ANNEX XII

MEANS OF PROOF OF SELECTION CRITERIA

ANNEX XIV

SERVICES REFFERED TO IN ARTICLE 74

ANNEX XXI-C TO CHAPTER 8

BASIC ELEMENTS OF DIRECTIVE 89/665/EEC

of 21 December 1989 on the coordination of the laws, regulations and administrative provisions relating to the application of review procedures to the award of public supply and public works contracts (Directive 89/665/EEC)

as amended by Directive 2007/66/EC of the European Parliament and of the Council of 11 December 2007 amending Council Directives 89/665/EEC and 92/13/EEC with regard to improving the effectiveness of review procedures concerning the award of public contracts (Directive 2007/66/EC) and by Directive 2014/23/EU of the European Parliament and of the Council of 26 February 2014 on the award of concession contracts (Directive 2014/23/EU)

(Phase 2)

Article 1

Scope and availability of review procedures

Article 2

Requirements for review procedures

Article 2a

Standstill period

Article 2b

Derogations from the standstill period

Point (b) of the first paragraph of Article 2b

Article 2c

Time limits for applying for review

Article 2d

Ineffectiveness

Paragraph 1(b)

Paragraphs 2 and 3

Article 2e

Infringements of this Directive and alternative penalties

Article 2f

Time limits

ANNEX XXI-D TO CHAPTER 8

BASIC ELEMENTS OF DIRECTIVE 2014/25/EU

of 26 February 2014 on procurement by entities operating in the water, energy, transport and postal services sectors

(Phase 3)

TITLE I

Scope, definitions and general principles

CHAPTER I

Subject-matter and definitions

Article 1

Subject-matter and scope: paragraphs 1, 2, 5 and 6

Article 2

Definitions: points 1 to 9, 13 to 16 and 18 to 20

Article 3

Contracting authorities (paragraphs 1 and 4)

Article 4

Contracting entities: paragraphs 1 to 3

Article 5

Mixed procurement covering the same activity

Article 6

Procurement covering several activities

CHAPTER II

Activities

Article 7

Common provisions

Article 8

Gas and heat

Article 9

Electricity

Article 10

Water

Article 11

Transport services

Article 12

Ports and airports

Article 13

Postal services

Article 14

Extraction of oil and gas and exploration for, or extraction of, coal or other solid fuels

CHAPTER III

Material scope

Section 1

Thresholds

Article 15

Threshold amounts

Article 16

Methods for calculating the estimated value of procurement: paragraphs 1 to 4 and 7 to 14

Section 2

Excluded contracts and design contests: Special provisions for procurement involving defence and security aspects

Subsection 1

Exclusions applicable to all contracting entities and special exclusions for the water and energy sector

Article 18

Contracts awarded for purposes of resale or lease to third parties: paragraph 1

Article 19

Contracts and design contests awarded or organised for purposes other than the pursuit of a covered activity or for the pursuit of such an activity in a third country: paragraph 1

Article 20

Contracts awarded and design contests organised pursuant to international rules

Article 21

Specific exclusions for service contracts

Article 22

Service contracts awarded on the basis of an exclusive right

Article 23

Contracts awarded by certain contracting entities for the purchase of water and for the supply of energy or of fuels for the production of energy

Subsection 2

Procurement involving defence and security aspects

Article 24

Defence and security

Article 25

Mixed procurement covering the same activity and involving defence or security aspects

Article 26

Procurement covering several activities and involving defence or security aspects

Article 27

Contracts and design contests involving defence or security aspects which are awarded or organised pursuant to international rules

Subsection 3

Special relations (cooperation, affiliated undertakings and joint ventures)

Article 28

Contracts between contracting authorities

Article 29

Contracts awarded to an affiliated undertaking

Article 30

Contracts awarded to a joint venture or to a contracting entity forming part of a joint venture

Subsection 4

Specific situations

Article 32

Research and development services

CHAPTER IV

General principles

Article 36

Principles of procurement

Article 37

Economic operators

Article 39

Confidentiality

Article 40

Rules applicable to communication

Article 41

Nomenclatures

Article 42

Conflicts of interest

TITLE II

Rules applicable to contracts

CHAPTER I

Procedures

Article 44

Choice of procedures: paragraphs 1, 2 and 4

Article 45

Open procedure

Article 46

Restricted procedure

Article 47

Negotiated procedure with prior call for competition

Article 50

Use of the negotiated procedure without prior call for competition: points (a) to (i)

CHAPTER III

Conduct of the procedure

Section 1

Preparation

Article 58

Preliminary market consultations

Article 59

Prior involvement of candidates or tenderers

Article 60

Technical specifications

Article 61

Labels

Article 62

Test reports, certification and other means of proof

Article 63

Communication of technical specifications

Article 64

Variants

Article 65

Division of contracts into lots

Article 66

Setting time limits

Section 2

Publication and transparency

Article 67

Periodic indicative notices

Article 68

Notices on the existence of a qualification system

Article 69

Contract notices

Article 70

Contract award notices: paragraphs 1, 3 and 4

Article 71

Form and manner of publication of notices: paragraph 1, first subparagraph of paragraph 5

Article 73

Electronic availability of procurement documents

Article 74

Invitations to candidates

Article 75

Informing applicants for qualification, candidates and tenderers

Section 3

Choice of participants and award of contract

Article 76

General principles

Subsection 1

Qualification and qualitative selection

Article 78

Criteria for qualitative selection

Article 79

Reliance on the capacities of other entities: paragraph 2

Article 80

Use of exclusion grounds and selection criteria provided for under Directive 2014/24/EU

Article 81

Quality assurance standards and environmental management standards: paragraphs 1 and 2

Subsection 2

Award of the contract

Article 82

Contract award criteria

Article 83

Life-cycle costing: paragraphs 1 and 2

Article 84

Abnormally low tenders: paragraphs 1 to 4

CHAPTER IV

Contract performance

Article 87

Conditions for performance of contracts

Article 88

Subcontracting

Article 89

Modification of contracts during their term

Article 90

Termination of contracts

TITLE III

Particular procurement regimes

CHAPTER I

Social and other specific services

Article 91

Award of contracts for social and other specific services

Article 92

Publication of notices

Article 93

Principles of awarding contracts

ANNEXES

ANNEX I

List of activities as set out in point (a) of point 2 of Article 2

ANNEX V

Requirement relating to tools and devices for the electronic receipt of tenders, requests to participate, applications for qualification as well as plans and projects in contests

ANNEX VI A

Information to be included in the periodic indicative notice (as referred to in Article 67)

ANNEX VI B

Information to be included in notices of publication of a periodic indicative notice on a buyer profile not used as a means of calling for competition (as referred to in Article 67(1))

ANNEX VIII

Definition of certain technical specifications

ANNEX IX

Features concerning publication

ANNEX X

Information to be included in the notice on the existence of a qualification system (as referred to in point (b) of Article 44(4) and in Article 68)

ANNEX XI

Information to be included in contract notices (as referred to in Article 69)

ANNEX XII

Information to be included in the contract award notice (as referred to in Article 70)

ANNEX XIII

Contents of the invitation to submit a tender, to participate in the dialogue, to negotiate or to confirm interest provided for under Article 74

ANNEX XIV

List of International Social and Environmental Conventions referred to in Article 36(2)

ANNEX XVI

Information to be included in notices of modifications of a contract during its term (as referred to in Article 89(1))

ANNEX XVII

Services referred to in Article 91

ANNEX XVIII

Information to be included in notices concerning contracts for social and other specific services (as referred to in Article 92)

ANNEX XXI-E TO CHAPTER 8

BASIC ELEMENTS OF COUNCIL DIRECTIVE 92/13/EEC

of 25 February 1992 coordinating the laws, regulations and administrative provisions relating to the application of Community rules on the procurement procedures of entities operating in the water, energy, transport and telecommunications sectors (Directive 92/13/EEC)

as amended by Directive 2007/66/EC and Directive 2014/23/EU

(Phase 3)

Article 1

Scope and availability of review procedures

Article 2

Requirements for review procedures

Article 2a

Standstill period

Article 2b

Derogations from the standstill period

Point (b) of the first paragraph of Article 2b

Article 2c

Time limits for applying for review

Article 2d

Ineffectiveness

Paragraphs 1(b), 2 and 3

Article 2e

Infringements of this Directive and alternative penalties

Article 2f

Time limits

ANNEX XXI-F TO CHAPTER 8

I.   OTHER NON-MANDATORY ELEMENTS OF DIRECTIVE 2014/24/EU

(Phase 4)

The elements of Directive 2014/24/EU set out in this Annex are not mandatory but recommended for approximation. Ukraine may approximate these elements within the time-frame set in Annex XXI-B

TITLE I

Scope, definitions and general principles

CHAPTER I

Scope and definitions

Section 1

Subject-matter and definitions

Article 2

Definitions (paragraph 1, points (14) and (16))

Article 20

Reserved contracts

TITLE II

Rules on public contracts

CHAPTER II

Techniques and instruments for electronic and aggregated procurement

Article 37

Centralised purchasing activities and central purchasing bodies

CHAPTER III

Conduct of the procedure

Section 3

Choice of participants and award of contracts

Article 64

Official lists of approved economic operators and certification by bodies established under public or private law

TITLE III

Particular procurement regimes

CHAPTER I

Article 77

Reserved contracts for certain services
II.   NON-MANDATORY ELEMENTS OF DIRECTIVE 2014/23/EU

(Phase 4)

The elements of Directive 2014/23/EU set out in this Annex are not mandatory but recommended for approximation. Ukraine may approximate these elements within the time-frame set in Annex XXI-B

TITLE I

Subject matter, scope, principles and definitions

CHAPTER I

Scope, general principles and definitions

Section IV

Specific situations

Article 24

Reserved Concessions

ANNEX XXI-G TO CHAPTER 8

I.   OTHER MANDATORY ELEMENTS OF DIRECTIVE 2014/24/EU

(Phase 4)

TITLE I

Scope, definitions and general principles

CHAPTER I

Scope and definitions

Section 1

Subject-matter and definitions

Article 2

Definitions (paragraph 1, point (21))

Article 22

Rules applicable to communication: paragraph 1

TITLE II

Rules on public contracts

CHAPTER I

Procedures

Article 26

Choice of procedures: paragraph 3, second alternative of paragraph 4

Article 30

Competitive dialogue

Article 31

Innovation Partnership

CHAPTER II

Techniques and instruments for electronic and aggregated procurement

Article 33

Framework agreements

Article 34

Dynamic purchasing systems

Article 35

Electronic auctions

Article 36

Electronic catalogues

Article 38

Occasional joint procurement

CHAPTER III

Conduct of the procedure

Section 2

Publication and Transparency

Article 50

Contract award notices: paragraphs 2 and 3

TITLE III

Particular procurement regimes

CHAPTER II

Rules governing design contests

Article 78

Scope

Article 79

Notices

Article 80

Rules on the organisation of design contests and the selection of participants

Article 81

Composition of the jury

Article 82

Decisions of the jury

ANNEXES

ANNEX V

INFORMATION TO BE INCLUDED IN NOTICES

Part E:

INFORMATION TO BE INCLUDED IN DESIGN CONTEST NOTICES (as referred to in Article 79(1))

Part F:

INFORMATION TO BE INCLUDED IN NOTICES OF THE RESULTS OF A CONTEST (as referred to in Article 79(2))

ANNEX VI

INFORMATION TO BE INCLUDED IN THE PROCUREMENT DOCUMENTS RELATING TO ELECTRONIC AUCTIONS (ARTICLE 35(4))
II.   MANDATORY ELEMENTS OF DIRECTIVE 2014/23/EU

(Phase 4)

TITLE I

Subject matter, scope, principles and definitions

CHAPTER I

Scope, general principles and definitions

Section I

Subject-matter, scope, general principles, definitions and threshold

Article 1

Subject-matter and scope: paragraphs 1, 2 and 4

Article 2

Principle of free administration by public authorities

Article 3

Principle of equal treatment, non-discrimination and transparency

Article 4

Freedom to define services of general economic interest

Article 5

Definitions

Article 6

Contracting authorities: paragraphs 1 and 4

Article 7

Contracting entities

Article 8

Threshold and methods for calculating the estimated value of concessions

Section II

Exclusions

Article 10

Exclusions applicable to concessions awarded by contracting authorities and contracting entities

Article 11

Specific exclusions in the field of electronic communications

Article 12

Specific exclusions in the field of water

Article 13

Concessions awarded to an affiliated undertaking

Article 14

Concessions awarded to a joint venture or to a contracting entity forming part of a joint venture

Article 17

Concessions between entities within the public sector

Section III

General provisions

Article 18

Duration of the concession

Article 19

Social and other specific services

Article 20

Mixed contracts

Article 21

Mixed procurement contracts involving defence or security aspects

Article 22

Contracts covering both activities referred to in Annex II and other activities

Article 23

Concessions covering both activities referred to in Annex II and activities involving defence or security aspects

Article 25

Research and development services

CHAPTER II

Principles

Article 26

Economic operators

Article 27

Nomenclatures

Article 28

Confidentiality

Article 29

Rules applicable to communication

TITLE II

Rules on the award of concessions: General principles and procedural guarantees

CHAPTER I

General principles

Article 30

General principles: paragraphs 1, 2 and 3

Article 31

Concession notices

Article 32

Concession award notices

Article 33

Form and manner of publication of notices: first subparagraph of paragraph 1

Article 34

Electronic availability of concession documents

Article 35

Combating corruption and preventing conflicts of interest

CHAPTER II

Procedural guarantees

Article 36

Technical and functional requirements

Article 37

Procedural guarantees

Article 38

Selection of and qualitative assessment of candidates

Article 39

Time limits for receipt of applications and tenders for the concession

Article 40

Provision of information to candidates and tenderers

Article 41

Award criteria

TITLE III

Rules on performance of concessions

Article 42

Subcontracting

Article 43

Modification of contracts during their term

Article 44

Termination of concessions

Article 45

Monitoring and Reporting

ANNEXES

ANNEX I

LIST OF THE ACTIVITIES REFERRED TO IN POINT (7) OF ARTICLE 5

ANNEX II

ACTIVITIES EXERCISED BY CONTRACTING ENTITIES AS REFERRED TO IN ARTICLE 7

ANNEX III

LIST OF LEGAL ACTS OF THE UNION REFERRED TO IN POINT (B) OF ARTICLE 7(2)

ANNEX IV

SERVICES REFERRED TO IN ARTICLE 19

ANNEX V

INFORMATION TO BE INCLUDED IN CONCESSION NOTICES REFERRED TO IN ARTICLE 31

ANNEX VI

INFORMATION TO BE INCLUDED IN PRIOR INFORMATION NOTICES CONCERNING CONCESSIONS FOR SOCIAL AND OTHER SPECIFIC SERVICES, AS REFERRED TO IN ARTICLE 31(3)

ANNEX VII

INFORMATION TO BE INCLUDED IN CONCESSION AWARD NOTICES, AS REFERRED TO IN ARTICLE 32

ANNEX VIII

INFORMATION TO BE INCLUDED IN CONCESSION AWARD NOTICES CONCERNING CONCESSIONS FOR SOCIAL AND OTHER SPECIFIC SERVICES, AS REFERRED TO IN ARTICLE 32

ANNEX IX

FEATURES CONCERNING PUBLICATION

ANNEX X

LIST OF INTERNATIONAL SOCIAL AND ENVIRONMENTAL CONVENTIONS REFERRED TO IN ARTICLE 30(3)

ANNEX XI

INFORMATION TO BE INCLUDED IN NOTICES OF MODIFICATIONS OF A CONCESSION DURING ITS TERM ACCORDING TO ARTICLE 43

ANNEX XXI-H TO CHAPTER 8

OTHER ELEMENTS OF DIRECTIVE 89/665/EEC

as amended by Directive 2007/66/EC and Directive 2014/23/EU

(Phase 4)

Article 2b

Derogations from the standstill period

Point (c) of the first paragraph of Article 2b

Article 2d

Ineffectiveness

Point (c) of the first paragraph of Article 2d

Paragraph 5

ANNEX XXI-I TO CHAPTER 8

(Phase 5)

I.   OTHER MANDATORY ELEMENTS OF DIRECTIVE 2014/25/EU

TITLE I

Scope, definitions and general principles

CHAPTER I

Subject-matter and definitions

Article 2

Definitions: point 17

CHAPTER III

Material scope

Section 1

Thresholds

Article 16

Methods for calculating the estimated value of procurement: paragraphs 5, 6

TITLE II

Rules applicable to contracts

CHAPTER I

Procedures

Article 44

Choice of procedures: paragraph 3

Article 48

Competitive dialogue

Article 49

Innovation Partnership

Article 50

Use of the negotiated procedure without prior call for competition: point (j)

CHAPTER II

Techniques and instruments for electronic and aggregated procurement

Article 51

Framework agreements

Article 52

Dynamic purchasing systems

Article 53

Electronic auctions

Article 54

Electronic catalogues

Article 56

Occasional joint procurement

CHAPTER III

Conduct of the procedure

Section 2

Publication and transparency

Article 70

Contract award notices: paragraph 2

Section 3

Choice of participants and award of contract

Subsection 1

Qualification and qualitative selection

Article 77

Qualification systems

Article 79

Reliance on the capacities of other entities: paragraph 1

TITLE III

Particular procurement regimes

CHAPTER II

Rules governing design contests

Article 95

Scope

Article 96

Notices

Article 97

Rules on the organisation of design contests, the selection of participants and the jury

Article 98

Decision of the jury

ANNEXES

ANNEX VII

Information to be included in the procurement documents relating to electronic auctions (Article 53(4))

ANNEX XIX

Information to be included in the design contest notice (as referred to in Article 96(1))

ANNEX XX

Information to be included in the results of design contest notices (as referred to in Article 96(1))

II.   OTHER NON-MANDATORY ELEMENTS OF DIRECTIVE 2014/25/EU

The further elements of Directive 2014/25/EU set out in this Annex are not mandatory but recommended for approximation. Ukraine may approximate these elements within the time-frame set in Annex XXI-B.

TITLE I

Scope, definitions and general principles

CHAPTER I

Subject-matter and definitions

Article 2

Definitions: points 10 to 12

CHAPTER IV

General principles

Article 38

Reserved contracts

TITLE II

Rules applicable to contracts

CHAPTER I

Procedures

Article 55

Centralised purchasing activities and central purchasing bodies

TITLE III

Particular procurement regimes

CHAPTER I

Social and other specific services

Article 94

Reserved contracts for certain services

ANNEX XXI-J TO CHAPTER 8

OTHER ELEMENTS OF DIRECTIVE 92/13/EEC

as amended by Directive 2007/66/EC and Directive 2014/23/EU

(Phase 5)

Article 2b

Derogations from the standstill period

Point (c) of the first paragraph of Article 2b

Article 2d

Ineffectiveness

Point (c) of paragraph 1 of Article 2d,

Paragraph 5

ANNEX XXI-K TO CHAPTER 8

I.   PROVISIONS OF DIRECTIVE 2014/24/EU OUTSIDE THE SCOPE OF APPROXIMATION

The elements of Directive 2014/24/EU listed in this Annex are not subject to the process of approximation.

TITLE I

Scope, definitions and general principles

CHAPTER I

Scope and definitions

Section 1

Subject-matter and definitions

Article 1

Subject-matter and scope: paragraphs 3 and 4

Article 2

Definitions: paragraph 2

Section 2

Thresholds

Article 6

Revision of the thresholds and of the list of central government authorities

TITLE II

Rules on public contracts

CHAPTER I

Procedures

Article 25

Conditions relating to the GPA and other international agreements

CHAPTER II

Techniques and instruments for electronic and aggregated procurement

Article 39

Procurement involving contracting authorities from different Member States

CHAPTER III

Conduct of the procedure

Section 1

Preparation

Article 44

Test reports, certification and other means of proof: paragraph 3

Section 2

Publication and transparency

Article 51

Form and manner of publication of notices: second subparagraph of paragraph 1, paragraphs 2, 3, 4, second subparagraph of paragraph 5, paragraph 6

Article 52

Publication at national level

Section 3

Choice of participants and award of contracts

Article 61

Online repository of certificates (e-Certis)

Article 62

Quality assurance standards and environmental management standards: paragraph 3

Article 68

Life-cycle costing: paragraph 3

Article 69

Abnormally low tender: paragraph 5

TITLE IV

Governance

Article 83

Enforcement

Article 84

Individual reports on procedures for the award of contracts

Article 85

National reporting and statistical information

Article 86

Administrative Cooperation

TITLE V

Delegated powers, implementing powers and final provisions

Article 87

Exercise of the delegation of powers

Article 88

Urgency procedure

Article 89

Committee procedure

Article 90

Transposition and transitional provisions

Article 91

Repeals

Article 92

Review

Article 93

Entry into force

Article 94

Addressees

ANNEXES

ANNEX I

CENTRAL GOVERNMENT AUTHORITIES

ANNEX VIII

FEATURES CONCERNING PUBLICATION

ANNEX XI

REGISTERS

ANNEX XIII

LIST OF EU LEGISLATION REFERRED TO IN ARTICLE 68(3)

ANNEX XV

CORRELATION TABLE

II.   PROVISIONS OF DIRECTIVE 2014/23/EU OUTSIDE THE SCOPE OF APPROXIMATION

The elements of Directive 2014/23/EU listed in this Annex are not subject to the process of approximation.

TITLE I

Subject matter, scope, principles and definitions

CHAPTER I

Scope, general principles and definitions

Section I

Subject-matter, scope, general principles, definitions and threshold

Article 1

Subject-matter and scope: paragraph 3

Article 6

Contracting authorities: paragraphs 2 and 3

Article 9

Revision of the threshold

Section II

Exclusions

Article 15

Notification of information by contracting entities

Article 16

Exclusion of activities which are directly exposed to competition

TITLE II

Rules on the award of concessions: General principles and procedural guarantees

CHAPTER I

General principles

Article 30

General principles: paragraph 4

Article 33

Form and manner of publication of notices: second subparagraph of paragraph 1, paragraphs 2, 3 and 4

TITLE IV

Amendments to Directive 89/665/EEC and 92/13/EEC

Article 46

Amendments to Directive 89/665/EEC

Article 47

Amendments to Directive 92/13/EEC

TITLE V

Delegated powers, implementing powers and final provisions

Article 48

Exercise of the delegation

Article 49

Urgency procedure

Article 50

Committee procedure

Article 51

Transposition

Article 52

Transitional provisions

Article 53

Monitoring and reporting

Article 54

Entry into force

Article 55

Addressees

ANNEX XXI-L TO CHAPTER 8

PROVISIONS OF DIRECTIVE 2014/25/EU OUTSIDE THE SCOPE OF APPROXIMATION

The elements listed in this Annex are not subject to the process of approximation.

TITLE I

Scope, definitions and general principles

CHAPTER I

Subject-matter and definitions

Article 1

Subject matter and scope: paragraphs 3 and 4

Article 3

Contracting authorities: paragraphs 2 and 3

Article 4

Contracting entities: paragraph 4

CHAPTER III

Material scope

Section 1

Thresholds

Article 17

Revision of the thresholds

Section 2

Excluded contracts and design contests: Special provisions for procurement involving defence and security aspects

Subsection 1

Exclusions applicable to all contracting entities and special exclusions for the water and energy sector

Article 18

Contracts awarded for purposes of resale or lease to third parties: paragraph 2

Article 19

Contracts and design contests awarded or organised for purposes other than the pursuit of a covered activity or for the pursuit of such an activity in a third country: paragraph 2

Subsection 3

Special relations (cooperation, affiliated undertakings and joint ventures)

Article 31

Notification of information

Subsection 4

Specific situations

Article 33

Contracts subject to special arrangements

Subsection 5

Activities directly exposed to competition and procedural provisions relating thereto

Article 34

Activities directly exposed to competition

Article 35

Procedure for establishing whether Article 34 is applicable

TITLE II

Rules applicable to contracts

CHAPTER I

Procedures

Article 43

Conditions relating to the GPA and other international agreements

CHAPTER II

Techniques and instruments for electronic and aggregated procurement

Article 57

Procurement involving contracting entities from different Member States

CHAPTER III

Conduct of the procedure

Section 2

Publication and transparency

Article 71

Form and manner of publication of notices: paragraphs 2, 3, 4, second subparagraph of paragraph 5, paragraph 6

Article 72

Publication at national level

Section 3

Choice of participants and award of contract

Article 81

Quality assurance standards and environmental management standards: paragraph 3

Article 83

Life-cycle costing: paragraph 3

Section 4

Tenders comprising products originating in third countries and relations with those countries

Article 85

Tenders comprising products originating in third countries

Article 86

Relations with third countries as regards works, supplies and service contracts

TITLE IV

Governance

Article 99

Enforcement

Article 100

Individual reports on procedures for the award of contracts

Article 101

National reporting and statistical information

Article 102

Administrative cooperation

TITLE V

Delegated powers, implementing powers and final provisions

Article 103

Exercise of the delegation

Article 104

Urgency procedure

Article 105

Committee procedure

Article 106

Transposition and transitional provisions

Article 107

Repeal

Article 108

Review

Article 109

Entry into force

Article 110

Addressees

ANNEXES

ANNEX II

List of Union legal acts referred to in Article 4(3)

ANNEX III

List of Union legal acts referred to in Article 34(3)

ANNEX IV

Deadlines for the adoption of the implementing acts referred to in Article 35

ANNEX XV

List of Union legal acts referred to in Article 83(3)

ANNEX XXI-M TO CHAPTER 8

PROVISIONS OF DIRECTIVE 89/665/EEC AS AMENDED BY DIRECTIVE 2007/66/EC AND DIRECTIVE 2014/23/EU OUTSIDE THE SCOPE OF APPROXIMATION

The elements listed in this Annex are not subject to the process of approximation.

Article 2b

Derogations from the standstill period

Point (a) of the first paragraph of Article 2b

Article 2d

Ineffectiveness

Point (a) of paragraph 1 of Article 2d,

Paragraph 4

Article 3

Corrective Mechanisms

Article 3a

Content of the notice for voluntary ex ante transparency

Article 3b

Committee Procedure

Article 4

Implementation

Article 4a

Review

ANNEX XXI-N TO CHAPTER 8

PROVISIONS OF DIRECTIVE 92/13/EEC AS AMENDED BY DIRECTIVE 2007/66/EC AND DIRECTIVE 2014/23/EU OUTSIDE THE SCOPE OF APPROXIMATION

The elements listed in this Annex are not subject to the process of approximation.

Article 2b

Derogations from the standstill period

Point (a) of the first paragraph of Article 2b

Article 2d

Ineffectiveness

Point (a) of paragraph 1 of Article 2d,

Paragraph 4

Article 3a

Content of the notice for voluntary ex ante transparency

Article 3b

Committee Procedure

Article 8

Corrective Mechanisms

Article 12

Implementation

Article 12a

Review

ANNEX XXI-O TO CHAPTER 8

UKRAINE: INDICATIVE LIST OF ISSUES FOR COOPERATION

1.

Training, in Ukraine and EU countries, of Ukrainian officials from government bodies engaged in public procurement;

2.

Training of suppliers interested participating in public procurement;

3.

Exchange of information and experience on best practice and regulatory rules in the sphere of public procurement;

4.

Enhancement of the functionality of the public procurement website and establishment of a system of public procurement monitoring;

5.

Consultations and methodological assistance from the EU Party in application of modern electronic technologies in the sphere of public procurement;

6.

Strengthening the bodies charged with guaranteeing a coherent policy in all areas related to public procurement and the independent and impartial consideration (review) of contracting authorities' decisions. (Cf. Article 150 paragraph 2 of this Agreement)

ANNEX XXI-P TO CHAPTER 8

THRESHOLDS

1.

The value thresholds mentioned in Article 149(3) of this Agreement shall be for both Parties:

(a)

EUR 135 000 for public supply and service contracts awarded by central government authorities and design contests awarded by such authorities;

(b)

EUR 209 000 in the case of public supply and public service contracts not covered by point (a);

(c)

EUR 5 225 000 in the case of public works contracts;

(d)

EUR 5 225 000 in the case of works contracts in the utilities sector;

(e)

EUR 5 225 000 in the case of concessions;

(f)

EUR 418 000 in the case of supply and service contracts in the utilities sector;

(g)

EUR 750 000 for public service contracts for social and other specific services;

(h)

EUR 1 000 000 for service contracts for social and other specific services in the utilities sector.

2.

The EUR thresholds quoted in paragraph 1 shall be adapted to reflect the thresholds applicable under the EU Directives at the moment of the entry into force of this Agreement.


REGULATIONS

11.1.2017   

EN

Official Journal of the European Union

L 6/36


COMMISSION IMPLEMENTING REGULATION (EU) 2017/44

of 10 January 2017

amending Council Regulation (EC) No 1210/2003 concerning certain specific restrictions on economic and financial relations with Iraq

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Council Regulation (EC) No 1210/2003 of 7 July 2003 concerning certain specific restrictions on economic and financial relations with Iraq and repealing Regulation (EC) No 2465/96 (1), and in particular Article 11(b) thereof,

Whereas:

(1)

Annex III to Regulation (EC) No 1210/2003 lists public bodies, corporations and agencies and natural and legal persons, bodies and entities of the previous government of Iraq covered by the freezing of funds and economic resources that were located outside Iraq on the date of 22 May 2003 under that Regulation.

(2)

On 28 December 2016, the Sanctions Committee of the United Nations Security Council decided to remove 2 entries from the list of persons or entities to whom the freezing of funds and economic resources should apply.

(3)

Annex III to Regulation (EC) No 1210/2003 should therefore be amended accordingly,

HAS ADOPTED THIS REGULATION:

Article 1

Annex III to Regulation (EC) No 1210/2003 is amended as set out in the Annex to this Regulation.

Article 2

This Regulation shall enter into force on the day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels, 10 January 2017.

For the Commission,

On behalf of the President,

Acting Head of the Service for Foreign Policy Instruments


(1)  OJ L 169, 8.7.2003, p. 6.


ANNEX

In Annex III to Council Regulation (EC) No 1210/2003, the following entries are deleted:

‘78.

MEDICAL CITY ESTABLISHMENT. Address: Baghdad, Iraq.

115.

STATE COMPANY FOR DRUGS AND MEDICAL APPLIANCES (alias (a) GENERAL ESTABLISHMENT FOR DRUGS & MEDICAL APPLICANCES, (b) KIMADIA), Address: Mansour City, P.O. Box 6138, Baghdad, Iraq.’


11.1.2017   

EN

Official Journal of the European Union

L 6/38


COMMISSION IMPLEMENTING REGULATION (EU) 2017/45

of 10 January 2017

establishing the standard import values for determining the entry price of certain fruit and vegetables

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) No 1308/2013 of the European Parliament and of the Council of 17 December 2013 establishing a common organisation of the markets in agricultural products and repealing Council Regulations (EEC) No 922/72, (EEC) No 234/79, (EC) No 1037/2001 and (EC) No 1234/2007 (1),

Having regard to Commission Implementing Regulation (EU) No 543/2011 of 7 June 2011 laying down detailed rules for the application of Council Regulation (EC) No 1234/2007 in respect of the fruit and vegetables and processed fruit and vegetables sectors (2), and in particular Article 136(1) thereof,

Whereas:

(1)

Implementing Regulation (EU) No 543/2011 lays down, pursuant to the outcome of the Uruguay Round multilateral trade negotiations, the criteria whereby the Commission fixes the standard values for imports from third countries, in respect of the products and periods stipulated in Annex XVI, Part A thereto.

(2)

The standard import value is calculated each working day, in accordance with Article 136(1) of Implementing Regulation (EU) No 543/2011, taking into account variable daily data. Therefore this Regulation should enter into force on the day of its publication in the Official Journal of the European Union,

HAS ADOPTED THIS REGULATION:

Article 1

The standard import values referred to in Article 136 of Implementing Regulation (EU) No 543/2011 are fixed in the Annex to this Regulation.

Article 2

This Regulation shall enter into force on the day of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels, 10 January 2017.

For the Commission,

On behalf of the President,

Jerzy PLEWA

Director-General

Directorate-General for Agriculture and Rural Development


(1)  OJ L 347, 20.12.2013, p. 671.

(2)  OJ L 157, 15.6.2011, p. 1.


ANNEX

Standard import values for determining the entry price of certain fruit and vegetables

(EUR/100 kg)

CN code

Third country code (1)

Standard import value

0702 00 00

IL

261,0

MA

110,4

SN

204,0

TR

102,4

ZZ

169,5

0707 00 05

MA

85,5

TR

213,8

ZZ

149,7

0709 91 00

EG

144,1

ZZ

144,1

0709 93 10

MA

238,8

TR

213,8

ZZ

226,3

0805 10 20

EG

42,5

IL

126,4

MA

55,6

TR

71,5

ZZ

74,0

0805 20 10

IL

166,4

MA

85,6

ZZ

126,0

0805 20 30 , 0805 20 50 , 0805 20 70 , 0805 20 90

IL

136,2

JM

125,6

TR

96,4

ZZ

119,4

0805 50 10

TR

71,8

ZZ

71,8

0808 10 80

CN

144,5

US

105,5

ZZ

125,0

0808 30 90

CL

282,6

CN

99,5

TR

133,1

ZZ

171,7


(1)  Nomenclature of countries laid down by Commission Regulation (EU) No 1106/2012 of 27 November 2012 implementing Regulation (EC) No 471/2009 of the European Parliament and of the Council on Community statistics relating to external trade with non-member countries, as regards the update of the nomenclature of countries and territories (OJ L 328, 28.11.2012, p. 7). Code ‘ZZ’ stands for ‘of other origin’.


DECISIONS

11.1.2017   

EN

Official Journal of the European Union

L 6/40


COMMISSION DECISION (EU, Euratom) 2017/46

of 10 January 2017

on the security of communication and information systems in the European Commission

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 249 thereof,

Having regard to the Treaty establishing the European Atomic Energy Community,

Whereas:

(1)

The Commission's communication and information systems are an integral part of the functioning of the Commission and IT security incidents can have a serious impact on the Commission's operations as well as on third parties, including individuals, businesses and Member States.

(2)

There are many threats that can harm the confidentiality, integrity or availability of the Commission's communication and information systems and of the information processed therein. These threats include accidents, errors, deliberate attacks and natural events, and need to be recognised as operational risks.

(3)

Communication and information systems need to be provided with a level of protection commensurate with the likelihood, impact and nature of the risks to which they are exposed.

(4)

IT security in the Commission should ensure that the Commission's CISs protect the information they process and they function as they need to, when they need to, under the control of legitimate users.

(5)

The IT security policy of the Commission should be implemented in a manner which is consistent with the policies on security in the Commission.

(6)

The Security Directorate of the Directorate-General for Human Resources and Security has the general responsibility for security in the Commission under the authority and responsibility of the Member of the Commission responsible for security.

(7)

The Commission's approach should take into account EU policy initiatives and legislation on network and information security, industry standards and good practices, to comply with all relevant legislation and to allow interoperability and compatibility.

(8)

Appropriate measures should be developed and implemented by the Commission departments responsible for communication and information systems and IT security measures for protecting communication and information systems should be coordinated across the Commission to ensure efficiency and effectiveness.

(9)

Rules and procedures for access to information in the context of IT security, including IT security incident handling, should be proportionate to the threat to the Commission or its staff and compliant with the principles laid down in Regulation (EC) No 45/2001 of the European Parliament and of the Council (1), on the protection of individuals with regard to the processing of personal data by the Union institutions and bodies and on the free movement of such data and taking account of the principle of professional secrecy, as provided in Article 339 of the TFEU.

(10)

The policies and rules for communication and information systems processing EU classified information (EUCI), sensitive non-classified information, and unclassified information are to be fully in line with Commission Decisions (EU, Euratom) 2015/443 (2) and (EU, Euratom) 2015/444 (3).

(11)

There is a need for the Commission to review and update the provisions on the security of communication and information systems used by the Commission.

(12)

The Commission Decision C(2006) 3602 should therefore be repealed,

HAS ADOPTED THIS DECISION:

CHAPTER 1

GENERAL PROVISIONS

Article 1

Subject matter and scope

1.   This decision applies to all communication and information systems (CISs) which are owned, procured, managed or operated by or on behalf of the Commission and all usage of those CISs by the Commission.

2.   This decision sets out the basic principles, objectives, organisation and responsibilities regarding the security of those CISs, and in particular for Commission departments owning, procuring, managing or operating CISs and including CISs provided by an internal IT service provider. When a CIS is provided, owned, managed or operated by an external party on the basis of a bilateral agreement or contract with the Commission, the terms of the agreement or contract shall comply with this decision.

3.   This decision applies to all Commission departments and Executive Agencies. When a Commission CIS is used by other bodies and institutions on the basis of a bilateral agreement with the Commission, the terms of the agreement shall comply with this decision.

4.   Notwithstanding any specific indications concerning particular groups of staff, this decision shall apply to the Members of the Commission, to Commission staff falling under the scope of the Staff Regulations of Officials of the European Union (the ‘Staff Regulations’) and the Conditions of Employment of Other Servants of the Union (the ‘CEOS’) (4), to national experts seconded to the Commission (‘SNEs’) (5), to external service providers and their staff, to trainees and to any individual with access to CIS in the scope of this decision.

5.   This Decision shall apply to the European Anti-Fraud Office (OLAF) in so far as this is compatible with Union legislation and Commission Decision 1999/352/EC, ECSC, Euratom (6). In particular, measures provided for in this Decision, including instructions, inspections, inquiries and equivalent measures, may not apply to the CIS of the Office where this is not compatible with the independence of the Office's investigative function and/or the confidentiality of information obtained by the Office in the exercise of this function.

Article 2

Definitions

For the purposes of this Decision the following definitions shall apply:

(1)

‘Accountable’ means to be answerable for actions, decisions and performance.

(2)

‘CERT-EU’ is the Computer Emergency Response Team for the EU institutions and agencies. Its mission is to support the European Institutions to protect themselves against intentional and malicious attacks that would hamper the integrity of their IT assets and harm the interests of the EU. The scope of CERT-EU's activities covers prevention, detection, response and recovery.

(3)

‘Commission department’ means any Commission Directorate-General or service, or any Cabinet of a Member of the Commission.

(4)

‘Commission Security Authority’ refers to the role laid down in Decision (EU, Euratom) 2015/444.

(5)

‘Communication and information system’ or ‘CIS’ means any system enabling the handling of information in electronic form, including all assets required for its operation, as well as infrastructure, organisation, personnel and information resources. This definition includes business applications, shared IT services, outsourced systems, and end-user devices.

(6)

‘Corporate Management Board’ (CMB) provides the highest level of corporate management oversight for operational and administrative issues in the Commission.

(7)

‘Data owner’ means the individual responsible for ensuring the protection and use of a specific data set handled by a CIS.

(8)

‘Data set’ means a set of information which serves a specific business process or activity of the Commission.

(9)

‘Emergency procedure’ means a predefined set of methods and responsibilities for responding to urgent situations in order to prevent a major impact on the Commission.

(10)

‘Information security policy’ means a set of information security objectives, which are or have to be established, implemented and checked. It comprises, but is not limited to, Decisions (EU, Euratom) 2015/444 and (EU, Euratom) 2015/443.

(11)

‘Information Security Steering Board’ (ISSB) means the governance body that supports the Corporate Management Board in its IT-security-related tasks.

(12)

‘Internal IT service provider’ means a Commission department providing shared IT services.

(13)

‘IT security’ or ‘security of CIS’ means the preservation of confidentiality, integrity and availability of CISs and the data sets that they process.

(14)

‘IT security guidelines’ consist of recommended but voluntary measures that help support IT security standards or serve as a reference when no applicable standard is in place.

(15)

‘IT security incident’ means an event that could adversely affect the confidentiality, integrity or availability of a CIS.

(16)

‘IT security measure’ means a technical or organisational measure aimed at mitigating IT security risks,

(17)

‘IT security need’ means a precise and unambiguous definition of the levels of confidentiality, integrity and availability associated with a piece of information or an IT system with a view to determining the level of protection required.

(18)

‘IT security objective’ means a statement of intent to counter specified threats and/or satisfy specified organisational security requirements or assumptions.

(19)

‘IT security plan’ means the documentation of the IT security measures required to meet the IT security needs of a CIS.

(20)

‘IT security policy’ means a set of IT security objectives, which are or have to be established, implemented and checked. It comprises this decision and its implementing rules.

(21)

‘IT security requirement’ means a formalised IT security need through a predefined process.

(22)

‘IT security risk’ means an effect that an IT security threat might induce on a CIS by exploiting a vulnerability. As such, an IT security risk is characterised by two factors: (1) uncertainty, i.e. the likelihood of an IT security threat to cause an unwanted event; and (2) impact, i.e. the consequences that such an unwanted event may have on a CIS.

(23)

‘IT security standards’ means specific mandatory IT security measures that help enforce and support the IT security policy.

(24)

‘IT security strategy’ means a set of projects and activities which are designed to achieve the objectives of the Commission and which have to be established, implemented and checked.

(25)

‘IT security threat’ means a factor that can potentially lead to an unwanted event which may result in harm to a CIS. Such threats may be accidental or deliberate and are characterised by threatening elements, potential targets and attack methods.

(26)

‘Local Informatics Security Officer’ or ‘LISO’ means the officer who is responsible for IT security liaison for a Commission department.

(27)

‘Personal data’, ‘processing of personal data’, ‘controller’ and ‘personal data filing system’ shall have the same meaning as in Regulation (EC) No 45/2001, and in particular Article 2 thereof.

(28)

‘Processing of information’ means all functions of a CIS with respect to data sets, including creation, modification, display, storage, transmission, deletion and archiving of information. Processing of information can be provided by a CIS as a set of functionalities to users and as IT services to other CIS.

(29)

‘Professional secrecy’ means the protection of business data information of the kind covered by the obligation of professional secrecy, in particular information about undertakings, their business relations or their cost components as laid down in Article 339 of the TFEU.

(30)

‘Responsible’ means having the obligation to act and take decisions to achieve required outcomes.

(31)

‘Security in the Commission’ means the security of persons, assets and information in the Commission, and in particular the physical integrity of persons and assets, the integrity, confidentiality and availability of information and communication and information systems, as well as the unobstructed functioning of Commission operations.

(32)

‘Shared IT service’ means the service a CIS provides to other CISs in the processing of information.

(33)

‘System owner’ is the individual responsible for the overall procurement, development, integration, modification, operation, maintenance, and retirement of a CIS.

(34)

‘User’ means any individual who uses functionality provided by a CIS, whether inside or outside the Commission.

Article 3

Principles for IT security in the Commission

1.   IT security in the Commission shall be based on the principles of legality, transparency, proportionality and accountability.

2.   IT security issues shall be taken into account from the start of the development and implementation of Commission CISs. In order to do so, the Directorate-General for Informatics and the Directorate-General for Human Resources and Security shall be involved for their respective areas of responsibility.

3.   Effective IT security shall ensure appropriate levels of:

(a)

authenticity: the guarantee that information is genuine and from bona fide sources;

(b)

availability: the property of being accessible and usable upon request by an authorised entity;

(c)

confidentiality: the property that information is not disclosed to unauthorised individuals, entities or processes.

(d)

integrity: the property of safeguarding the accuracy and completeness of assets and information;

(e)

non-repudiation: the ability to prove an action or event has taken place, so that this event or action cannot subsequently be denied;

(f)

protection of personal data: the provision of appropriate safeguards in regard to personal data in full compliance with Regulation (EC) No 45/2001;

(g)

professional secrecy: the protection of information of the kind covered by the obligation of professional secrecy, in particular information about undertakings, their business relations or their cost components as laid down in Article 339 of the TFEU.

4.   IT security shall be based on a risk management process. This process shall aim at determining the levels of IT security risks and defining security measures to reduce such risks to an appropriate level and at a proportionate cost.

5.   All CIS shall be identified, assigned to a system owner and recorded in an inventory.

6.   The security requirements of all CIS shall be determined on the basis of their security needs and of the security needs of the information they process. CIS that provide services to other CIS may be designed to support specified levels of security needs.

7.   IT security plans and IT security measures shall be proportionate to the security needs of the CIS.

The processes related to these principles and activities shall be further detailed in implementing rules.

CHAPTER 2

ORGANISATION AND RESPONSIBILITIES

Article 4

Corporate Management Board

The Corporate Management Board shall take the overall responsibility for the governance of IT security as a whole within the Commission.

Article 5

Information Security Steering Board (ISSB)

1.   The ISSB shall be chaired by the Deputy Secretary-General responsible for IT security governance in the Commission. Its members shall represent business, technology and security interests across the Commission departments and include representatives of the Directorate-General for Informatics, the Directorate-General for Human Resources and Security, the Directorate-General for Budget, and, on a 2-year rotating basis, representatives of four other Commission departments involved where IT security is a major concern for their operations. Membership is at senior management level.

2.   The ISSB shall support the Corporate Management Board in its IT-security-related tasks. The ISSB shall take the operational responsibility for the governance of IT security as a whole within the Commission.

3.   The ISSB shall recommend the Commission's IT security policy for adoption by the Commission.

4.   The ISSB shall review and report biannually to the Corporate Management Board on governance matters as well as on IT-security-related issues, including serious IT security incidents.

5.   The ISSB shall monitor and review the overall implementation of this decision and report on it to the Corporate Management Board.

6.   On the proposal of the Directorate-General for Informatics, the ISSB shall review, approve and monitor the implementation of the rolling IT security strategy. The ISSB shall report on it to the Corporate Management Board.

7.   The ISSB shall monitor, evaluate and control the corporate information risk treatment landscape and shall have the power to issue formal requirements for improvements wherever necessary.

The processes related to these responsibilities and activities shall be further detailed in implementing rules.

Article 6

The Directorate-General for Human Resources and Security

In relation to IT security, the Directorate-General for Human Resources and Security has the following responsibilities. It shall:

(1)

assure alignment between the IT security policy and the Commission's information security policy;

(2)

establish a framework for the authorisation of the use of encrypting technologies for the storage and communication of information by CISs;

(3)

inform the Directorate-General for Informatics about specific threats which could have a significant impact on the security of CISs and the data sets that they process;

(4)

perform IT security inspections to assess the compliance of the Commission's CISs with the security policy, and report the results to the ISSB;

(5)

establish a framework for the authorisation of access and the associated appropriate security rules to Commission CISs from external networks and develop the related IT security standards and guidelines in close cooperation with the Directorate-General for Informatics;

(6)

propose principles and rules for the outsourcing of CISs in order to maintain appropriate control of security of the information;

(7)

develop the related IT security standards and guidelines in relation to Article 6, in close cooperation with the Directorate-General for Informatics.

The processes related to these responsibilities and activities shall be further detailed in implementing rules.

Article 7

The Directorate-General for Informatics

In relation to the overall IT security of the Commission, the Directorate-General for Informatics has the following responsibilities. It shall:

(1)

develop IT security standards and guidelines, except as provided in Article 6, in close cooperation with the Directorate-General for Human Resources and Security, in order to assure consistency between the IT security policy and the Commission's information security policy, and propose them to the ISSB;

(2)

assess the IT security risk management methods, processes and outcomes of all Commission departments and report on this regularly to the ISSB;

(3)

propose a rolling IT security strategy for revision and approval by the ISSB and further adoption by the Corporate Management Board, and propose a programme, including the planning of projects and activities implementing the IT security strategy;

(4)

monitor the execution of the Commission's IT security strategy and report on this regularly to the ISSB;

(5)

monitor the IT security risks and IT security measures implemented in CISs and report on this regularly to the ISSB;

(6)

report regularly on the overall implementation and compliance with this decision to the ISSB;

(7)

after consulting with the Directorate-General for Human Resources and Security, request system owners to take specific IT security measures in order to mitigate IT security risks to Commission's CISs;

(8)

ensure that there is an adequate catalogue of the Directorate-General for Informatics IT security services available for the system owners and data owners to fulfil their responsibilities for IT security and to comply with the IT security policy and standards;

(9)

provide adequate documentation to system and data owners and consult with them, as appropriate, on the IT security measures implemented for their IT services in order to facilitate compliance with the IT security policy and support the system owners in IT risk management;

(10)

organise regular meetings of the LISOs network and supporting LISOs in carrying out their duties;

(11)

define the training needs and coordinate training programmes on IT security in cooperation with the Commission departments, and develop, implement and coordinate awareness-raising campaigns on IT security in close cooperation with the Directorate-General for Human Resources;

(12)

ensure that system owners, data owners and other roles with IT security responsibilities in Commission departments are made aware of the IT security policy;

(13)

inform the Directorate-General for Human Resources and Security on specific IT security threats, incidents and exceptions to the Commission's IT security policy notified by the system owners which could have a significant impact on security in the Commission;

(14)

in respect of its role as an internal IT service provider, deliver to the Commission a catalogue of shared IT services that provide defined levels of security. This shall be done by systematically assessing, managing and monitoring IT security risks to implement the security measures in order to reach the defined security level.

The related processes and more detailed responsibilities shall be further defined in implementing rules.

Article 8

Commission departments

In relation to IT security in their department, each Head of Commission department shall:

(1)

formally appoint a system owner, who is an official or a temporary agent, for each CIS who will be responsible for IT security of that CIS and formally appoint a data owner for each data set handled in a CIS who should belong to the same administrative entity which is the Data Controller for data sets subject to Regulation (EC) No 45/2001;

(2)

formally designate a Local Informatics Security Officer (LISO) who can perform the responsibilities independently from system owners and data owners. A LISO can be designated for one or more Commission departments

(3)

ensure that appropriate IT security risk assessments and IT security plans have been made and implemented

(4)

ensure that a summary of IT security risks and measures is reported on a regular basis to the Directorate-General for Informatics;

(5)

ensure, with the support of the Directorate-General for Informatics, that appropriate processes, procedures and solutions are in place to ensure efficient detection, reporting and resolution of IT security incidents relating to their CISs;

(6)

launch an emergency procedure in case of IT security emergencies;

(7)

hold ultimate accountability for IT security including the responsibilities of the system owner and data owner;

(8)

own the risks relating to their CISs and data sets;

(9)

resolve any disagreements between data owners and system owners and in case of continued disagreement bring the issue before the ISSB for resolution;

(10)

ensure that IT security plans and IT security measures are implemented and the risks are adequately covered.

The processes related to these responsibilities and activities shall be further detailed in implementing rules.

Article 9

System owners

1.   The system owner is responsible for the IT security of the CIS, and reports to the Head of the Commission department.

2.   In relation to IT security, the system owner shall:

(a)

ensure the compliance of the CIS with the IT security policy;

(b)

ensure that the CIS is accurately recorded in the relevant inventory;

(c)

assess IT security risks and determine the IT security needs for each CIS, in collaboration with the data owners and in consultation with the Directorate-General for Informatics;

(d)

prepare a security plan, including, where appropriate, details of the assessed risks and any additional security measures required;

(e)

implement appropriate IT security measures, proportionate to the IT security risks identified and follow recommendations endorsed by the ISSB;

(f)

identify any dependencies on other CISs or shared IT services and implement security measures as appropriate based on the security levels proposed by those CISs or shared IT services;

(g)

manage and monitor IT security risks;

(h)

report regularly to the head of the Commission department on the IT security risk profile of their CIS and report to the Directorate-General for Informatics on the related risks, risk management activities and security measures taken;

(i)

consult the LISO of the relevant Commission department(s) on aspects of IT Security;

(j)

issue instructions for users on the use of the CIS and associated data as well as on the responsibilities of users related to CIS;

(k)

request authorisation from the Directorate-General for Human Resources and Security, acting as the Crypto Authority, for any CIS that uses encrypting technology.

(l)

consult the Commission Security Authority in advance concerning any system processing EU classified information;

(m)

ensure that back-ups of any decryption keys are stored in an escrow account. The recovery of encrypted data shall be carried out only when authorised in accordance with the framework defined by the Directorate-General for Human Resources and Security;

(n)

respect any instructions from the relevant Data Controller(s) concerning the protection of personal data and the application of data protection rules on security of the processing;

(o)

notify the Directorate-General for Informatics of any exceptions to the Commission's IT security policy including relevant justifications;

(p)

report any unresolvable disagreements between the data owner and the system owner to the head of the Commission department, communicate IT security incidents to the relevant stakeholders in a timely manner as appropriate according to their severity as laid down in Article 15;

(q)

for outsourced systems, ensure that appropriate IT security provisions are included in the outsourcing contracts and that IT security incidents occurring in the outsourced CIS are reported in accordance with Article 15;

(r)

for CIS providing shared IT services, ensure that a defined security level is provided, clearly documented and security measures are implemented for that CIS in order to reach the defined security level.

3.   System owners may formally delegate some or all of their IT security tasks but they remain responsible for the IT security of their CIS

The processes related to these responsibilities and activities shall be further detailed in implementing rules.

Article 10

Data owners

1.   The data owner is responsible for the IT security of a specific data set to the Head of the Commission department and is accountable for the confidentiality, integrity and availability of the data set.

2.   In relation to this data set, the data owner shall:

(a)

ensure that all data sets under his or her responsibility are appropriately classified in accordance with Decision (EU, Euratom) 2015/443 and (EU, Euratom) 2015/444;

(b)

define the information security needs and inform the relevant system owners of these needs;

(c)

participate in the CIS risk assessment;

(d)

report any unresolvable disagreements between the data owner and the system owner to the head of the Commission department;

(e)

communicate IT security incidents as provided for in Article 15.

3.   Data owners may formally delegate some or all of their IT security tasks but they maintain their responsibilities as defined in this Article.

The processes related to these responsibilities and activities shall be further detailed in implementing rules.

Article 11

Local Informatics Security Officers (LISOs)

In relation to IT security, the LISO shall:

(a)

proactively identify and inform system owners, data owners and other roles with IT security responsibilities in Commission department(s) about the IT security policy;

(b)

liaise on IT-security-related issues in Commission department(s) with the Directorate-General for Informatics as part of the LISO network;

(c)

attend the regular LISO meetings;

(d)

maintain an overview of the information security risk management process and of the development and implementation of information system security plans;

(e)

advise data owners, system owners and heads of Commission departments on IT-security-related issues;

(f)

cooperate with the Directorate-General for Informatics in disseminating good IT security practices and propose specific awareness-raising and training programmes;

(g)

report on IT security, identify shortfalls and improvements to the Head of the Commission department(s).

The processes related to these responsibilities and activities shall be further detailed in implementing rules.

Article 12

Users

1.   In relation to IT security, users shall:

(a)

comply with the IT security policy and the instructions issued by the system owner on the use of each CIS;

(b)

communicate IT security incidents as provided for in Article 15.

2.   Use of the Commission's CIS in breach of the IT security policy or instructions issued by the system owner may give rise to disciplinary proceedings.

The processes related to these responsibilities and activities shall be further detailed in implementing rules

CHAPTER 3

SECURITY REQUIREMENTS AND OBLIGATIONS

Article 13

Implementation of this Decision

1.   The adoption of the implementing rules on Article 6, and of the related standards and guidelines, will be subject to an empowerment decision by the Commission in favour of the Member of the Commission responsible for security matters.

2.   The adoption of all other implementing rules in relation to this decision, and of the related IT security standards and guidelines, will be subject to an empowerment decision by the Commission in favour of the Member of the Commission responsible for informatics.

3.   The ISSB shall approve the implementing rules, standards and guidelines mentioned under paragraphs 1 and 2 above prior to their adoption.

Article 14

Obligation to comply

1.   Compliance with the provisions outlined in the IT security policy and standards is mandatory.

2.   Non-compliance with the IT security policy and standards may trigger liability to disciplinary action in accordance with the Treaties, the Staff Regulations and the CEOS, to contractual sanctions and/or to legal action under national laws and regulations.

3.   The Directorate-General for Informatics shall be notified of any exceptions to the IT security policy.

4.   In the event the ISSB decides there is a persistent unacceptable risk to a CIS of the Commission, the Directorate-General for Informatics in cooperation with the system owner shall propose mitigating measures to the ISSB for approval. These measures may, amongst others, include reinforced monitoring and reporting, service limitations and disconnection.

5.   The ISSB shall impose the implementation of approved mitigating measures wherever necessary. The ISSB may also recommend to the Director-General of the Directorate-General for Human Resources and Security to open an administrative enquiry. The Directorate-General for Informatics shall report to the ISSB on every situation when mitigating measures are imposed.

The processes related to these responsibilities and activities shall be further detailed in implementing rules

Article 15

IT security incident handling

1.   The Directorate-General for Informatics is responsible for providing the principal operational IT security incident response capability within the European Commission.

2.   The Directorate-General for Human Resources and Security as contributing stakeholders to the IT security incident response shall:

(a)

have the right to access summary information for all incident records and full records upon request;

(b)

participate in IT security incidents crisis management groups and IT security emergency procedures;

(c)

be in charge of relations with law enforcement and intelligence services;

(d)

perform forensic analysis regarding cyber-security in accordance with Article 11 of Decision (EU, Euratom) 2015/443;

(e)

decide on the need to launch a formal inquiry;

(f)

inform the Directorate-General for Informatics of any IT security incidents that may present a risk to other CISs.

3.   Regular communications shall take place between the Directorate-General for Informatics and the Directorate-General for Human Resources and Security to exchange information and coordinate the handling of security incidents, in particular any IT security incident that may require a formal inquiry.

4.   The incident coordination services of Computer Emergency Response Team for the European institutions, bodies and agencies (‘CERT-EU’) may be used to support the incident handling process when appropriate and for knowledge sharing with other EU institutions and agencies that may be affected.

5.   System owners involved in an IT security incident shall:

(a)

immediately notify their Head of Commission Departments, the Directorate-General for Informatics, the Directorate-General for Human Resources, the LISO and, where appropriate, the data owner of any major IT security incidents, in particular those involving a breach of data confidentiality;

(b)

cooperate and follow the instructions of the relevant Commission authorities on incident communication, response and remediation.

6.   Users shall report all actual or suspected IT security incidents to the relevant IT helpdesk in a timely manner.

7.   Data owners shall report all actual or suspected IT security incidents to the relevant IT security incident response team in a timely manner.

8.   The Directorate-General for Informatics, with support from the other contributing stakeholders, is responsible for handling any IT security incident detected in relation to Commission CISs that are not outsourced systems.

9.   The Directorate-General for Informatics shall inform affected Commission departments about IT security incidents, the relevant LISOs and, where appropriate, the CERT-EU on a need-to-know basis.

10.   The Directorate-General for Informatics shall regularly report on major IT security incidents affecting the Commission's CIS to the ISSB.

11.   The relevant LISO shall, upon request, have access to IT security incident records concerning the CIS of the Commission department.

12.   In case of a major IT security incident, the Directorate-General for Informatics shall be the contact point for the management of the crisis situations by coordinating the IT security incidents crisis management groups.

13.   In case of an emergency the Director-General of the Directorate-General for Informatics can decide to launch an IT security emergency procedure. The Directorate-General for Informatics shall develop emergency procedures to be approved by the ISSB.

14.   The Directorate-General for Informatics shall report on the execution of emergency procedures to the ISSB and the heads of Commission departments affected.

The processes related to these responsibilities and activities shall be further detailed in implementing rules.

CHAPTER 4

FINAL PROVISIONS

Article 16

Transparency

This Decision shall be brought to the attention of Commission staff and to all individuals to whom it applies, and published in the Official Journal of the European Union.

Article 17

Relation to other acts

The provisions of this decision are without prejudice to Decision (EU, Euratom) 2015/443, Decision (EU, Euratom) 2015/444, Regulation (EC) No 45/2001, Regulation (EC) No 1049/2001 of the European Parliament and of the Council (7), Commission Decision 2002/47/EC, ECSC, Euratom (8), Regulation (EU, Euratom) No 883/2013 of the European Parliament and of the Council (9), Decision 1999/352/EC, ECSC, Euratom.

Article 18

Repeal and transitional measures

Decision C(2006) 3602 of 16 August 2006 is repealed.

The implementing rules and IT security standards adopted pursuant to Article 10 of Decision C(2006) 3602 shall remain in effect insofar as they do not conflict with this decision, until they are replaced by the implementing rules and standards to be adopted under Article 13 of this decision. Any reference to Article 10 of Decision C(2006)3602 shall be read as a reference to Article 13 of this decision.

Article 19

Entry into force

This decision shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

Done at Brussels, 10 January 2017.

For the Commission

The president

Jean-Claude JUNCKER


(1)  Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (OJ L 8, 12.1.2001, p. 1).

(2)  Commission Decision (EU, Euratom) 2015/443 of 13 March 2015 on Security in the Commission (OJ L 72, 17.3.2015, p. 41).

(3)  Commission Decision (EU, Euratom) 2015/444 of 13 March 2015 on the security rules for protecting EU classified information (OJ L 72, 17.3.2015, p. 53).

(4)  Laid down by Council Regulation (EEC, Euratom, ECSC) No 259/68 of 29 February 1968 laying down the Staff Regulations of Officials and the Conditions of Employment of Other Servants of the European Communities and instituting special measures temporarily applicable to officials of the Commission (Conditions of Employment of Other Servants) (OJ L 56, 4.3.1968, p. 1).

(5)  Commission Decision of 12 November 2008 laying down rules on the secondment to the Commission of national experts and national experts in professional training (C(2008) 6866 final).

(6)  Commission Decision 1999/352/EC, ECSC, Euratom of 28 April 1999 establishing the European Anti-fraud Office (OLAF) (OJ L 136, 31.5.1999, p. 20).

(7)  Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ L 145, 31.5.2001, p. 43).

(8)  Commission Decision 2002/47/EC, ECSC, Euratom of 23 January 2002 amending its Rules of Procedure (OJ L 21, 24.1.2002, p. 23).

(9)  Regulation (EU, Euratom) No 883/2013 of the European Parliament and of the Council of 11 September 2013 concerning investigations conducted by the European Anti-Fraud Office (OLAF) and repealing Regulation (EC) No 1073/1999 of the European Parliament and of the Council and Council Regulation (Euratom) No 1074/1999 (OJ L 248, 18.9.2013, p. 1).