52002PC0425

Proposal for a COUNCIL DECISION adopting a multi-annual programme (2003-2005) for the monitoring of eEurope, dissemination of good practices and the improvement of network and information security (MODINIS)

(presented by the Commission)

EXPLANATORY MEMORANDUM

1. The 5 year PROMISE programme [1] was initiated in 1998 with a budget of EUR25m to promote the information society in Europe. The importance of PROMISE activities greatly increased following the Lisbon European Council on 23 and 24 March 2000. This Council, set the objective for the Union to become the most competitive and dynamic knowledge-based economy in the world within a decade. The Council recognised the importance of exploiting the opportunities of the new economy, and in particular the Internet for Europe. The Feira European Council on 19 and 20 June 2000 endorsed the eEurope 2002 Action Plan containing specific measures, initiatives and proposals addressed to the European Institutions, Member States and the private sector.

[1] Council Decision of the 30 March 1998, adopting a multiannual Community programme to stimulate the establishment of the Information Society in Europe (98/253/EC, OJ L 107, 7.4.1998).

2. Initially, PROMISE activities were rather general and grouped around the following objectives: Firstly, awareness-raising activities, focussing on information services such as newsletters, web-sites, studies and surveys, in particular Eurobarometer surveys, and targeted actions towards opinion leaders and special groups (SMEs). Secondly, optimising the socio-economic benefits, relying mostly on pilot projects studies and surveys on on-going activities in the Member States. Thirdly, enhancing Europe's role in the global dimension, concentrating on the facilitation of networking and the exchange of views via workshops and conferences.

An intermediate evaluation of the PROMISE programme concluded that it was effective, in particular its web activities and data collection. It also underlined the usefulness of initiatives for the development of good practices targeted at SMEs. Furthermore, at the beginning of 2001 and in the light of the Lisbon and Feira European Council conclusions, the PROMISE programme was reoriented to support the eEurope Action plan and, in particular, benchmarking. This activity has produced good results.

3. The eEurope 2002 Action Plan set 64 targets in 11 action areas to be achieved by the end of 2002. These actions targeted 3 overall objectives:

- cheaper, faster, secure Internet;

- investing in people and skills;

- stimulate the use of the Internet.

The methodology of this Action Plan and its extension eEurope 2005 could be classified into 3 broad areas: i) accelerating legal measures and initiatives taken in national and European level (e.g. unbundling the local loop and the adoption of the new telecoms regulatory package), ii) re-focusing existing support programmes including the Community Support Frameworks in the context of the regional policy. As in the past, the new IST priority in the 6th Framework Programme will finance research and demonstration projects in relevant fields, iii) benchmarking.

4. Benchmarking is used to measure progress towards the achievement of the objectives in each Member State and to compare its performance with the best performing countries in the world. A set of 23 benchmarking indicators was agreed by the Internal Market Council of 30 November 2000. Two of these (Internet penetration, government services on-line) are also part of the Structural Indicators within the open method of co-ordination as defined by the Lisbon Council. The Structural indicators will be monitored for 10 years.

The eEurope benchmarking web site [2] now has some of the most recent data on a wide range of indicators measured on a consistent basis in all countries participating in the programme. A comprehensive report on benchmarking has been adopted by the Commission in February 2002. This benchmarking data accompany national efforts by enabling Member States to analyse performances and to review progress in relation to eEurope targets. This allows Member-States to better exploit the economic and industrial potential of the technological development and in particular of the information society. It also identifies examples of good practice for policy development.

[2] http://europa.eu.int/information_society/europe/benchmarking/index_en.htm

5. Over the course of 2001, as Internet usage grew rapidly in Europe, it became clear that network and information security is a key factor in economic and societal development. Ensuring the security of transactions and data has become essential for the supply of all electronic services. Network availability is also critical for other infrastructures.

Governments world-wide are increasingly realising that broadband access will be central to the economic development of their countries. Broadband connections significantly increase the speed and the quality of Internet access enabling the full scope of multimedia applications and increasing networks efficiency. The importance of 'widespread availability and use of broadband networks throughout the Union by 2005' has been recognised by the Barcelona European Council.

6. The eEurope 2002 Action Plan and the PROMISE programme will expire by the end of 2002. However, the objective of the Lisbon European Council extends to 2010. Therefore, the European Council can be expected to continue supporting the transformation towards the Information Society beyond 2002. In response to the request of the Barcelona European Council, the Commission adopted a new eEurope 2005 Action Plan on the 28th of May 2002. Its objectives are to stimulate secure services, applications and content, based on a widely available broadband infrastructure. The key to achieve these objectives is the creation of a favourable environment for the private investors to and to facilitate the adjustment of industry to the knowledge-based economy.

7. Against this background the following guidelines and objectives emerge for the new programme:

a. Many eEurope 2005 policy changes have only long-term effects. The Commission should therefore continue to monitor their impact on the basis of a new list of indicators modified according to the new priorities (modern on-line public services, e-government, e-learning, e-health e-business environment) and to identify and disseminate good practices. This exercise should also include the candidate countries. In the medium term, benchmarking and the work on good practices could be transformed into a policy mechanism in order to enable every European Union country to take advantage of the Information Society. Furthermore, these activities pursue the objectives of promoting synergies and co-operation between Member States, EFTA and candidate countries and of promoting the exchange of expertise on good practices at European level.

In this context and in addition to workshops and studies the Information Society Forum could operate as an expert network and provide recommendation with respect to the challenges to be overcome for the development of the Information Society.

b. Security of transactions and data (supply of electronic services, including e-commerce and on-line public services) has increasingly been recognised as crucial by services providers and customers. The Commission has recognised the importance of security in general and network and information security in particular and has defined it as one of its priorities for 2003. The Commission Communications on network and information security [3] and cybercrime [4] describe the broad policy lines where specific action is needed. As a first result of these Communications, the Council adopted a Resolution on network and information security in December 2001 and on 19 April 2002 the Commission presented a proposal for a Council Framework Decision on attacks against information systems [5]. One central element is the future creation of a Cyber-security task force which will enhance Member States' ability to respond to major network and information security problems. Member States welcomed the initiative of the Commission to submit a proposal in this regard. Action in the field of network and information security will focus on:

[3] COM(2001) 298 final of 6.6.2001.

[4] Creating a Safer Information Society by Improving the Security of Information Infrastructures and Combating Computer-related Crime, COM(2000) 890 of 22 January 2001.

[5] http://europa.eu.int/comm/dgs/justice_home/index_en.htm

- supporting awareness raising actions of Members States designed to increase networks and information security;

- data collection and analysis of security risks.

The actions could be directly linked to the activity of the cyber-security task-force. To support security activities in the future, an executive task-force could be created on the basis of a Commission proposal for a Council decision laying down the procedures in matters of network and information security, which will take into due account the cross-pillar dimension of this issue.

c. Wide availability of broadband communications would have a significant positive impact on the economy, and several EU Member States have started accelerating its development. The Commission supports the deployment of broadband access especially in the less favoured regions and will encourage the exchange of local and regional experiences within the European Union.

The Proposal

It is proposed that a financial support programme be adopted to accompany national efforts for the transformation of Europe into a knowledge-based economy. This programme will contribute substantially to the Lisbon strategy and have the following objectives:

i) to monitor performance of and within Member States and to compare them with the best in the world and carry out appropriate policies by using where possible official statistics, which have evolved considerably in this sector over the past few years;

ii) to support efforts made by Member States in the framework of eEurope at national or regional level by analysis of eEurope specific good practices and by developing mechanisms to exchange experiences;

iii) to analyse the economic and societal consequences of the Information Society with a view to appropriate policy responses, particularly in terms of industrial competitiveness and cohesion;

iv) to enhance national and European efforts for improving network and information security and to foster the development of broadband rollout.

In order to achieve these objectives, the programme will finance the following types of actions:

- data collection and analysis concerning a revised set of benchmarking indicators;

- studies to identify good practices in Europe;

- workshops and studies to analyse the adjustment of industry to the structural change generated by digital technologies and the transformation of society;

- support of the Information Society Forum consisting of web-based experts representing a broad range of interests advising the Commission on challenges for the development of the Information Society;

- support of targeted conferences, seminars or workshops in order to promote co-operation and exchange of experiences and good practices between interested parties and Member States;

- financing of specific surveys, studies and expertise gathering activities in the area of network and information security (e.g. security mechanisms and their interoperability, network reliability and protection, advanced cryptography, confidentiality and security in wireless communications), in particular on existing or emerging threats and also with a view to prepare the activities of the network security task force.

The duration of the programme shall be 3 years (2003-2005) with a budget of EUR25m. Each year a specific work programme will be published containing the year's priorities. During its last year of execution the programme will be evaluated in order to assess its cost-effectiveness and to decide its usefulness for the future.

2002/0187 (CNS)

Proposal for a COUNCIL DECISION adopting a multi-annual programme (2003-2005) for the monitoring of eEurope, dissemination of good practices and the improvement of network and information security (MODINIS)

(Text with EEA relevance)

THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty establishing the European Community, and in particular Article 157(3) thereof,

Having regard to the proposal from the Commission [6],

[6] OJ C[...],[...],p.[...].

Having regard to the opinion of the European Parliament [7],

[7] OJ C[...],[...],p.[...].

Having regard to the opinion of the Economic and Social Committee [8],

[8] OJ C[...],[...],p.[...].

Whereas:

(1) The Lisbon European Council on 23/24 March 2000 [9] set the objective to become the most competitive and dynamic knowledge-based economy in the World and stated the need to use an open method for the co-ordination of measurement of progress.

[9] Presidency Conclusions: http://ue.eu.int/en/Info/eurocouncil/index.htm

(2) The Feira European Council on 19/20 June 2000 [10] endorsed the eEurope action plan 2002 and especially underlined the necessity to prepare longer term perspectives for the knowledge based economy encouraging the access of all citizens to the new technologies and the Internal Market Council on the 30 November 2000 [11] defined a list of 23 indicators to measure progress of the eEurope 2002 Action plan.

[10] Presidency Conclusions: http://ue.eu.int/en/Info/eurocouncil/index.htm

[11] http://europa.eu.int/information_society/eeurope/benchmarking/indicator_list.pdf

(3) The Communication of the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions eEurope 2005:An information society for all of 28 May 2002 [12].

[12] COM(2002)263 final of the 28.5.2002.

(4) The Communication of the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions "Creating a Safer Information Society by Improving the Security of Information Infrastructures and Combating Computer-related Crime", of 22 January 2001.

(5) The Conclusions of the Stockholm European Council of 23/24 March 2001 [13] requested the Council together with the Commission to develop a comprehensive strategy on the security of electronic networks including practical implementing action. The communication on Network and Information Security: "Proposal for a European Policy Approach" of 6th June 2001, was the initial Commission response to this request.

[13] http://ue.eu.int/en/Info/eurocouncil/index.htm

(6) The Council Resolution of 30 May 2001-eEurope Action Plan: Information and Network Security and the Council Resolution of 6 December 2001 on "a common approach and specific actions in the area of network and information security" called upon Member-States to launch specific actions to enhance the security of electronic communication networks and information systems. It further welcomed the intentions of the Commission to develop amongst others a strategy for a more stable and secure operation of the Internet infrastructure and to make a proposal for the establishment of a cyber-security task force.

(7) The move to the Information Society can, by introducing new forms of economic, political and social relations, help the European Union to cope with the challenges of this century, and can contribute to growth, competitiveness and job creation.

The Information Society gradually reorganises the nature of economic and social activity and has important cross-sectoral effects in areas of activity to date independent. The measures necessary for its implementation should take into account the economic and social cohesion of the Community and the risks associated with a two-tier society as well as the efficient functioning of the Internal market.

(8) There is a need for the establishment of a mechanism for monitoring and the exchange of experiences which enables Member States to compare and analyse performances and review progress in relation to the eEurope Action plan. Such a mechanism will allow Member States to better exploit the economic and industrial potential of the technological development, in particular in the area of the Information Society.

(9) Benchmarking allows Member States to assess whether the national initiatives that they have taken in the framework of the eEurope Action Plan are producing results comparable to those in other Member States and are fully exploiting the potential of the technologies.

(10) Action by Member States in the framework of the eEurope Action Plan can be further supported by disseminating good practices The European added value in the area of benchmarking and good practices consists in the comparative evaluation of results of alternative decisions, measured by a common methodology of monitoring and analysis.

(11) Wide availability of broadband communications is expected to have a significant impact on economic activity. Member States' initiatives to accelerate broadband deployment include among others the funding of city governments for projects focusing on development of local infrastructures, public-private partnerships on broadband deployment and aggregation of demand. In order to avoid that these experiences remain fragmented and isolated, the Commission should encourage and support the exchange of local and regional experiences in order to disseminate good practices.

(12) Network and information security has become a prerequisite for further progress of a secure business environment. The complex nature of network and information security implies that, in developing policy measures in this field, local, national and where appropriate European authorities should take into account a range of political, economic, organisational and technical aspects, and be aware of the decentralised and global character of communication networks.

(13) To be more effective the security policy measures should be part of a European approach, respect the effective functioning of the Internal Market, build on increased co-operation between Member States and third countries, and support innovation and the ability of European enterprises to compete at global level. Support should be given to the awareness raising actions of Member States designed to increase network and information security, in particular by organising at European level the data collection, analysis and the dissemination of good practices on forward-looking responses to existing and emerging security threats.

(14) Since the measures necessary for the implementation of this Decision are management measures within the meaning of the Article 2 of the Council Decision 1999/468/EC of 28 June 1999 laying down the procedures of implementing powers conferred on the Commission, they should be adopted by use of the management procedure provided for in the Article 4 of that Decision [14].

[14] Council Decision 1999/468/EC, laying down the procedures for the exercise of implementation powers conferred to the Commission OJ L 184, 17.7.1999, p.23.

(15) The progress of this programme should be continuously monitored.

HAS ADOPTED THIS DECISION:

Article 1

A multi-annual programme (2003-2005) for the monitoring of the eEurope 2005 Action Plan, dissemination of good practices and improvement of network and information security (hereafter referred to as 'the programme') is hereby adopted:

The programme has the following objectives:

a) to monitor performance of and within Member States and to compare them with the best in the world and carry out appropriate policy conclusions by using, where possible, official statistics;

b) to support efforts made by Members-States in the framework of eEurope, at national or regional level by analysis of eEurope good practices and by the development of mechanisms of exchange of experiences;

c) to analyse the economic and societal consequences of the Information Society with the view to appropriate policy responses particularly in terms of industrial competitiveness and cohesion;

d) to enhance national and European efforts for improving network and information security and to foster the development of broadband rollout.

The activities of the programme are actions of a cross-sectoral nature, complementing Community actions in other fields. None of these actions shall duplicate the work being carried out in these fields under other Community programmes.

The programme should also provide a common framework for complementary interaction at European level of the various national, regional, local levels.

Article 2

In order to attain the objectives referred to in Article 1, the following categories of actions shall be undertaken:

a) data collection and analysis on the basis of a new set of benchmarking indicators including regional indicators where appropriate. A special focus should be laid on data related to the key targets of the eEurope 2005 Action plan;

b) studies to identify good practices at national and regional level, notably those serving to a successful implementation of the eEurope 2005 action Plan;

c) support of targeted conferences, seminars or workshops in order to promote co-operation and exchange of experiences and good practices in the sense of the common framework of complementary interaction as defined in the article1;

d) support of the Information Society Forum consisting of web-based experts representing a broad range of interests advising the Commission on challenges for the development of the Information Society;

e) financing surveys, studies, workshops in the area of network and information security (e.g. security mechanisms and their interoperability, network reliability and protection, advanced cryptography, privacy and security in wireless communications), in particular on existing or emerging threats and also with the view to prepare the activities of the networks security task-force;

f) support the enhancement of national and European efforts for improving network and information security and the development of broadband rollout through workshops, meetings and exchange of experiences.

Article 3

In carrying out the objectives set out in Article 1 and the actions set out in Article 2, the Commission shall use the appropriate and relevant means, and in particular:

a) the award of contracts for the execution of tasks relating to surveys, exploratory studies, detailed studies on specific fields, demonstration actions of limited size including workshops and conferences;

b) the collection, publication and dissemination of the information and development of web based services;

c) the granting of support for meetings of experts, conferences, seminars;

d) the preparatory work related to an information and warning system in the area of network and information security (data collection, relations with national and international emergency response teams).

Article 4

The programme shall cover a period from 1 January 2003 to 31 December 2005.

The financial reference amount for the implementation of this programme will be EUR 25million Euros.

The Budgetary Authority shall authorise the appropriations within the framework of the annual budgetary procedure and in compliance with the financial regulations.

Article 5

The Commission will be responsible for the implementation of the programme and its co-ordination with other Community programmes. The Commission will draw up a work programme every year on the basis of this Decision.

For the adoption of the work programme, including the overall budgetary breakdown, and of the measures for programme evaluation the Commission shall act in accordance with the procedures referred in the article 6 of the present Decision.

Article 6

1. The Commission shall be assisted by a Committee composed of representatives of the Member States and chaired by the representative of the Commission.

2. Where reference is made to this paragraph, the management procedure laid down in Articles 4 of Decision 1999/468/EC shall apply in compliance with Article 7(3) thereof.

3. The period provided for in Article 4(3) of Decision 1999/468/EC shall be set at three months.

Article 7

1. In case of granting of Community aid and in order to ensure that it is used efficiently, the Commission shall ensure that actions under this Decision are subject to effective prior appraisal, monitoring and subsequent evaluation.

2. During implementation of actions and after their completion the Commission will evaluate the manner in which they have been carried out in order to assess whether the original objectives have been achieved.

3. The Commission will regularly inform the committee of progress with the implementation of the programme as a whole.

4. At the end of the programme, the Commission will submit to the European Parliament, to the Council and to the Economic and Social Committee an evaluation report on the results obtained in implementing the actions referred in the article 2.

Article 8

This Decision is addressed to the Member States.

Done at Brussels,

For the Council

The President

LEGISLATIVE FINANCIAL STATEMENT

Policy area(s): Information Society

Activity(ies): eEurope and communications services policy

Title of action: Information Society

BUDGET LINE(S) + HEADING(S)

B5-331 - Multi-annual programme (2003-2005) for the monitoring of eEurope, dissemination of good practices and improvement of network and information security.

OVERALL FIGURES

2.1 Total allocation for action (Part B): EUR million for commitment

EUR25m

2.2. Period of application:

- 3 years starting the 1.1.2003 and expiring the 31.12.2005

2.3. Overall multi-annual estimate on expenditure:

a) Schedule of commitment appropriations/payment appropriations (financial intervention) (see point 6.1.1)

MEUR (to 3rd decimal place)

>TABLE POSITION>

b) Technical and administrative assistance and support expenditure(see point 6.1.2)

>TABLE POSITION>

>TABLE POSITION>

c) Overall financial impact of human resources and other administrative expenditure (see points 7.2 and 7.3).

>TABLE POSITION>

>TABLE POSITION>

2.4. Compatibility with the financial programming and the financial perspective

|X| Proposal compatible with the existing financial programming. This compatibility will be obtained by the redeployment of the existing budgetary lines.

| | This proposal will entail reprogramming of the relevant heading in the financial perspective

| | This may entail application of the provisions of the Interinstitutional Agreement.

BUDGET CHARACTERISTICS

>TABLE POSITION>

LEGAL BASIS

Article 157(3) of the Treaty

DESCRIPTION AND GROUNDS

5.1. Need for Community intervention

Objectives pursued

The initial eEurope 2002 action plan expires at the end of 2002. However, the objective of the Lisbon European Council for 2010 will require continuing efforts in the area of the e-economy. In response to the conclusions request of the Barcelona European Council, the Commission adopted a new eEurope 2005 Action Plan on the 28th of May 2002. Its objectives are to stimulate secure services, applications and content, based on a widely available broadband infrastructure. In order to monitor the activities of this Action Plan there is a need to continue benchmarking and good practices activities notably in relation to the structural indicators exercise decided in the framework of the 2010 objective for the Union to become the most competitive knowledge-based economy in the world.

Even though the level of penetration of the Internet has increased substantially, there is further need to stimulate the use of the Internet and foster structural reform in order to reap the full benefits of the new economy. There also remain important differences between Member States. The value of the network will be greatly increased by developing penetration and usage in areas where it is still low.

The programme could provide the framework to compare efforts, to develop mechanisms of collaboration, to indicate strength and weaknesses in European countries following the open method of co-ordination and benchmarking of performances against the best in the world.

Furthermore, it will also address security of electronic transactions and data which has become essential for the supply of electronic services, including e-commerce and on-line public services. Security added a new dimension since 11 of September and this issue became one of the Commissions priorities.

Measures taken in connection with ex ante evaluation

An ex ante evaluation report has been prepared and accompanies the present Decision proposal. This report also takes into consideration the mid-term evaluation report for the PROMISE programme, which financed these activities in the past.

5.2. Actions envisaged and arrangements for budget intervention

i) to monitor Member States performances and compare them against the best in the world by using where possible official statistics;

ii) to support and analyse eEurope specific best practices and develop mechanisms to exchange experiences;

iii) to analyse the economic and societal consequences of the Information Society with the view to appropriate policy responses;

iv) to support the enhancement of network and information security and the development of broadband rollout.

These orientations will be specified with the following activities:

- Data collection and analysis on the basis of a new set of benchmarking indicators including regional indicators where appropriate. A special focus should be laid on data related to the key targets of the eEurope Action Plan;

- studies to identify good practices at national and regional level, notably those serving to a successful implementation of the eEurope

- support for the Information Society Forum consisting of web-based experts representing a broad range of interests advising the Commission on challenges for the development of the Information Society;

- support of targeted conferences, seminars or workshops in order to promote co-operation and good practices between economic operators and Member States;

- finance of specific surveys, studies and expertise gathering activities in the area of network and information security and in particular on existing or emerging threats (eg. security mechanisms and interoperability, network reliability and protection etc.) with the view to prepare the activities of a network and communication task-force;

5.3. Methods of implementation

Direct management by the Commission not using external staff

6. FINANCIAL IMPACT

6.1. Total financial impact on Part B - (over the entire programming period)

6.1.1. Financial intervention

Commitments in EUR million (to the 3rd decimal place)

>TABLE POSITION>

6.2. Calculation of costs by measure envisaged in Part B (over the entire programming period)

Commitments in EUR million (to the 3rd decimal place)

>TABLE POSITION>

7. IMPACT ON STAFF AND ADMINISTRATIVE EXPENDITURE

7.1. Impact on human resources

>TABLE POSITION>

7.2. Overall financial impact of human resources

>TABLE POSITION>

The amounts are total expenditure for twelve months.

7.3. Other administrative expenditure deriving from the action

>TABLE POSITION>

The amounts are total expenditure for twelve months.

(1) Specify the type of committee and the group to which it belongs.

>TABLE POSITION>

8. FOLLOW-UP AND EVALUATION

8.1. Follow-up arrangements

In order to ensure that Community funds are used efficiently, the Commission shall ensure that activities under this Decision are only engaged upon following public procurement procedures, and that the activities are properly monitored and evaluated.

8.2. Arrangements and schedule for the planned evaluation

The programme will be evaluated at the end of its execution period at the end of 2005. The evaluation of the programme will be commended to an external team of evaluators after an open call for tenders.

9. ANTI-FRAUD MEASURES

(Article 3(4) of the Financial Regulation: "In order to prevent risk of fraud or irregularity, the Commission shall record in the financial statement any information regarding existing and planned fraud prevention and protection measures.")

The control of payments for any service, or studies requested is carried out by the Commission's services prior to payment, taking into account any contractual obligations, economic principles and good financial or management practice. Anti-fraud provisions (supervision, reporting requirements etc.) will included in all agreements and contracts made between the Commission and recipients of any payments.