This document is an excerpt from the EUR-Lex website
Document 52004PC0076
Proposal for a Directive of the European Parliament and of the Council on enhancing port security
Proposal for a Directive of the European Parliament and of the Council on enhancing port security
Proposal for a Directive of the European Parliament and of the Council on enhancing port security
/* COM/2004/0076 final - COD 2004/0031 */
52004PC0076
Proposal for a Directive of the European Parliament and of the Council on enhancing port security /* COM/2004/0076 final - COD 2004/0031 */
Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on enhancing port security (presented by the Commission) EXPLANATORY MEMORANDUM GENERAL INTRODUCTION The communication on Maritime Security (COM(2003) 229 final) which incorporated a proposal for ship and ship/port interface security, currently going through the legislative process and referred to in this document as Regulation (EC) Nr. .../..., identified port security as a necessary second step which should secure both the port and the interface between the port and the hinterland. The need for protection extends to people working in or passing through ports, infrastructure and equipment, including means of transport. This proposal builds on to that earlier communication. WHY ARE PORTS AT RISK? Ports are an essential link within the total transport chain, linking up maritime with landside trade and passenger flows. Ports are often the focal point for shipments of dangerous cargo, for major chemical and petrochemical production centres, and/or situated near cities. It is clear that terrorist attacks in ports can easily result in serious disruptions to transport systems and trigger knock-on effects on the surrounding industry as well as directly harming people in the port and the neighbouring population. It is within this context that the Commission is proposing to develop a comprehensive port security policy. INTERNATIONAL FOCUS Work in the IMO [1] has led to the development of amendments to SOLAS [2] and the ISPS [3] Code. The Commission has proposed a regulation aimed at incorporating these measures into binding community law (COM(2003) 229 final). The legislative process is currently on-going. [1] IMO: International Maritime Organisation. [2] SOLAS: Safety Of Life At Sea. [3] ISPS: International Ship and Port Facility Security. Although an IMO-ILO [4] Working Group is currently working on a Code of Practice on Port Security, it appears unrealistic to expect results soon. It is to be noted that such a code would not be legally binding. In the light of this the Commission believes that the EU should go ahead with an own port security scheme. This proposal complements the work of the IMO-ILO. [4] ILO: International Labour Organisation. NEED FOR A PORT SECURITY DIRECTIVE The SOLAS amendments, ISPS Code and the proposed regulation, will enhance maritime security by developing security measures on ships and in port facilities [5]. Regulation (EC) Nr. .../... stops at that part of the port which represents the ship/port interface, i.e. the terminal. [6] There is a dual purpose to this proposal: to enhance security in those areas of ports not covered by Regulation (EC) Nr. .../... and to ensure that security measures implemented in application of Regulation (EC) Nr. .../... benefit from enhanced security in adjacent port areas. This proposal does not create new obligations in areas already covered by Regulation (EC) Nr. .../.... [5] In this context "port facility" means a location where the ship/port interface takes place; this includes areas such as anchorages, waiting berths and approaches from seaward, as appropriate". "Ship/port interface" means the interactions that occur when a ship is directly and immediately affected by actions involving the movement of persons or goods or the provision of port services to or from the ship. [6] Although it would theoretically be possible for Member States to interpret 'port facility' extensively so as to include the entire port, thus extending application of the ISPS Code to the entire port, it is understood that such interpretation is unlikely to be given. The Commission therefore considers that this directive achieves the following: - Guaranteeing and monitoring at Community level the achievement of a sufficient level of port security, by complementing and supporting the security measures applying to the ship/port interface. - Ensuring harmonised implementation and equal conditions throughout the European Union so as not to create differences for the commercial port users. - Ensuring that necessary security measures covering the entire port can be implemented as far as possible by relying on already existing tools introduced by Regulation (EC) Nr. .../..., thereby achieving maximum security results through minimum additional burden for the ports. Against the background of the significant variety of Community ports (large-small, privately-publicly owned, etc.), as well as in view of the diverse activities co-existing within Community-ports (cargo handling, industry, warehousing, transport, environmental areas, conurbations, and many more) a directive is the most appropriate legal instrument to introduce the required flexibility while establishing the necessary common port security level throughout the Community. It is recognised that a number of port security regimes are already being applied in Member States. This directive allows existing security measures and structures to be maintained provided they comply with the rules of the directive. Accordingly, the Commission: - Proposes that the European Parliament and the Council should adopt as soon as possible this directive on enhancing Port Security. The proposal complements the security measures introduced by the regulation on enhancing ship and port facility security (Regulation (EC) Nr. .../...) by ensuring that, as a result, the entire port is covered by a security regime. This new proposal covers any port housing one or more of the port facilities which are covered by Regulation (EC) Nr. .../.... CONTENT OF THE PORT SECURITY DIRECTIVE The measures required for enhancing port security would follow these principles: - Port security complements maritime and ship/port interface security and ensures that these security measures are reinforced by security measures in the entire port area; - A port security assessment decides what measures are required, where and when; - Security levels distinguish between normal, heightened or imminent threats; - A port security plan outlines all measures and details for enhancing port security; - A port security authority is responsible for the identifying and implementing appropriate port security measures by means of the above mentioned assessment and plan; - A port security officer coordinates development and implementation of the port security plan; - A port security committee provides advice to the responsible authority; - Training and control will support implementation of the required measures. GENERAL PRINCIPLES OF THE PROPOSAL - The proposal relies on the same security structures and bodies (security assessments, officers, etc.) as Regulation (EC) Nr. .../... so as to ensure a comprehensive security regime for the entire maritime logistics chain from the vessel to the ship/port interface to the entire port to the port/hinterland interface. This approach allows a simplification of procedures as well as synergies in security. In particular, the proposed directive: - calls upon Member States to define the boundaries of their ports for the purpose of this directive; - calls upon Member States to ensure that proper port security assessments and port security plans are developed; - calls upon Member States to determine and communicate the security levels in use and changes thereto; - calls upon Member States to designate a port security authority for every port or for groups of ports. This is this public authority that will be responsible for the appropriate identification and implementation of port security measures; - establishes the need to appoint a port security officer for each individual port to ensure proper coordination when port security assessments and plans are established, updated and followed up; - establishes the general requirement of an advisory security committee, bringing together representatives of all relevant operational and government functions in a port; - puts forward minimum requirements for security assessments and plans; - calls for the appointment of focal points in the Member States to provide the necessary communication both to other member states and to the Commission; - provide for inspection procedures to monitor the implementation of port security measures; - lays down a procedure for the adaptation of its provisions. Legal considerations The Commission proposes to base the directive on Article 80(2) of the EC Treaty, without prejudice to member states' national security legislation and any measures that might be taken on the basis of Title VI of the Treaty on European Union. Special Considerations Article 1: This article sets out the subject-matter of the directive. Article 2: This article sets out the scope of the directive. Article 3: This article contains the definitions of the main terms used in the directive. Article 4: This article imposes upon Member States the obligation to closely co-ordinate the port security measures with those taken in application of the Regulation on maritime and port facility security. Article 5: This article imposes upon Member States the obligation to designate a port security authority. This port security authority will be responsible for the identification and implementation of appropriate port security measures. Article 6: This article contains the obligation for Member States to ensure that port security assessments are performed for all their ports covered by this directive. Such assessments will take into account the specificities of different sections of the port, as well as the security assessments developed for port facilities within the port boundaries as a result of the provisions of the regulation on maritime security. The detailed requirements of a port security assessment are contained in Annex I. Article 7: This article contains the obligation for Member States to ensure that port security plans are established for all their ports covered by this directive. Such plans will take into account the specificities of different sections of the port, as well as the security plans in place for the port facilities within the port boundaries as a result of the provisions of the regulation on maritime security. The detailed requirements of a port security plan are contained in Annex II. This Article also encompasses the need for adequate training and exercises. For this purpose it refers to Annex III, containing basic training requirements. Article 8: The directive imposes the use of three distinct security levels. Member States are required to introduce such system of levels to their relevant ports, determine and communicate the security levels in use in the different parts of their ports and any changes thereto. Communication will be based on a 'need-to-know' basis. Article 9: Article 9 contains the obligation to designate a port security officer for each port covered by this directive, who should have sufficient local knowledge and authority to adequately ensure and coordinate the establishment, update and follow up of port security assessments and plans in their respective ports. Article 10: Recognising the need for optimal cooperation between the operational and public authority functions in a port, this article provides for the establishment of an advisory port security committee regrouping these port security stakeholders. Article 11: This article contains the requirement to review regularly port security assessments. Article 12: Article 12 provides for the possibility for Member States to appoint recognised port security organisations, provided these organisations comply with the conditions set out in Annex IV. Article 13: This article provides for the setting up of a focal point for port security, which will be the Commission's contact point for implementation of this directive. Article 14: This article encompasses the obligation of Member States to establish an adequate and regular control system concerning port security plans and their implementation. This article also contains the process whereby inspections supervised by the Commission are put in place to check the effectiveness of port security implementation monitoring and measures. Article 15: This article indicates that provisions may be adopted in order to define harmonised procedures for the application of the details related to the Annexes to this directive. Such adaptations will be guided by the Committee procedure, as defined in Article 14. Article 16: The Commission is assisted by the same committee set up by Regulation (EC) Nr. .../.... This committee acts in accordance with the regulatory procedure (Articles 5 and 7 of Council Decision 1999/468/EC of 28 June 1999 laying down the procedures for the exercise of implementing powers conferred on the Commission [7]). [7] OJ L 184, 17.7.1999, p. 23. Article 17: These articles are concerned with the confidentiality of security related information, in particular of inspection reports and answers of Member States. Article 18: This article calls upon Member States to institute effective, proportionate and dissuasive penalties for infringement of this directive. Article 19: This article contains the obligation upon Member States to bring into force the laws, regulations and administrative provisions necessary to comply with this directive and this not later than one year from the date of its entrance into force. Article 20: Contains the entry into force details. Article 21: Deals with the addressees of this directive. Annex I: Contains the detailed requirements for establishing a port security assessment. Annex II: Contains the detailed requirements for establishing a port security plan. Annex III: Contains the basic training requirements. Annex IV: Contains the detailed conditions to be fulfilled by a recognised port security organisation. 2004/0031 (COD) Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on enhancing port security (Text with EEA relevance) THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION, Having regard to the Treaty establishing the European Community, and in particular Article 80(2) thereof, Having regard to the proposal from the Commission [8], [8] OJ C ..., ..., p. ... Having regard to the opinion of the European Economic and Social Committee [9], [9] OJ C ..., ..., p. ... Having regard to the opinion of the Committee of the Regions [10], [10] OJ C ..., ..., p. ... Acting in accordance with the procedure laid down in Article 251 of the Treaty [11], [11] OJ C ..., ..., p. ... Whereas: (1) Unlawful acts and terrorism are among the greatest threats to the ideals of democracy and freedom and to the values of peace, which are the very essence of the European Union. (2) The security of people, infrastructure and equipment, including means of transport, in ports as well as in relevant adjacent areas should be protected against unlawful acts and their devastating effects. Such protection would benefit transport users, the economy and society as a whole. (3) On Day/Month/2003 the European Parliament and the Council of the European Union adopted Regulation (EC) Nr. .../.... on maritime security. The maritime security measures imposed by this regulation constitute only part of the measures necessary to achieve an adequate level of security throughout maritime linked transport chains. This regulation is limited in scope to security measures onboard vessels and the immediate ship/port interface. (4) In order to achieve the fullest protection possible for maritime and port industries, port security measures should be introduced. They should extend beyond the ship/port interface and cover the entire port thus both protecting the port areas and ensuring that security measures taken in application of Regulation (EC) Nr. .../.... benefit from enhanced security in adjacent areas. These measures should apply to all those ports in which one or more port facilities are situated which are covered by Regulation (EC) Nr. .../.... . (5) Without prejudice to the rules of the Member States in the field of national security and measures which might be taken on the basis of Title VI of the Treaty on the European Union, the security objective described in recital 2 should be achieved by adopting appropriate measures in the field of port policy establishing joint standards for establishing a sufficient port security level throughout Community ports. (6) Member States should rely upon detailed security assessments to identify the exact boundaries of the security-relevant port area, as well as the different measures required to ensure appropriate port security. Such measures shall be different according to the security level in place and will reflect differences in the risk profile of different subareas in the port. (7) Member States should establish port security plans which thoroughly transpose the findings of the port security assessment. The efficient working of security measures also requires clear task divisions between all parties involved as well as regular exercise of measures. The retention of task divisions and exercise procedures in the format of the port security plan is considered to contribute strongly to the effectiveness of both preventive and remedial port security measures. (8) Member States should ensure that responsibilities in port security are clearly recognised by all parties involved. Member States shall monitor the compliance with security rules and establish a clear responsible authority for all its ports, approve all security assessments and plans for its ports, set and communicate security levels, ensure that measures are well communicated, implemented and coordinated, and provide for enhancing the effectiveness of security measures and alertness by means of a platform for advice within the port community. (9) Member States should approve assessments and plans and monitor the implementation in their ports. The effectiveness of the implementation monitoring should be the subject of inspections supervised by the Commission. (10) Member States should ensure that a focal point takes up the role of contact point between the Commission and Member States. (11) This directive respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union. (12) The measures needed to implement this directive should be adopted in accordance with Council Decision 1999/468/EC of 28 June 1999 laying down the procedures for the exercise of implementing powers conferred on the Commission [12]. A procedure should be defined for the adaptation of this directive to take account of developments in international instruments and, in the light of experience, to adapt or complement the detailed provisions of the Annexes to this directive, without widening the scope of this directive. [12] OJ L 184, 17.7.1999, p. 23. (13) Since the objectives of the proposed action, namely the balanced introduction and application of appropriate measures in the field of maritime transport and port policy, cannot be sufficiently achieved by the Member States and can therefore, by reason of the European scale of this directive, be better achieved at Community level, the Community may adopt measures in accordance with the principle of subsidiarity set out in Article 5 of the Treaty. In accordance with the principle of proportionality set out in that Article, this directive is limited to the basic joint standards required to achieve the objectives of port security and does not go beyond what is necessary for that purpose, HAVE ADOPTED THIS DIRECTIVE: Article 1 Subject-matter 1. The main objective of this directive is to introduce and implement Community measures aimed at enhancing port security in the face of threats of intentional unlawful acts. It shall also ensure that security measures taken in application of Regulation (EC) Nr. .../.... benefit from enhanced security in adjacent port areas. 2. The measures referred to in paragraph 1 shall consist of: a) The setting of common basic rules on port security measures; b) The setting up of an implementation mechanism for these rules; c) The setting up of appropriate compliance monitoring mechanisms. Article 2 Scope 1. This directive addresses security measures which need to be observed by or affect people, infrastructure and equipment, including means of transport, in ports as well as in adjacent areas where these have a direct or indirect impact on security in the port. 2. The measures laid down in this directive shall apply to any port located in the territory of a Member State in which one or more port facilities are situated which are covered by Regulation (EC) Nr. .../.... . 3. Member States shall identify for each port the boundaries for the purposes of this directive, appropriately taking into account the information from the port security assessment. 4. Where the boundaries of a port facility within the meaning of Regulation (EC) Nr. .../.... have been defined by the Member State as effectively covering the port, the relevant provisions of Regulation (EC) Nr. .../.... take precedence over those of this directive. Article 3 Definitions For the purpose of this directive: 1. "port" or "seaport" means an area of land and water made up of such works and equipment as to permit principally, the reception of ships, their loading and unloading, the storage of goods, the receipt and delivery of these goods, and the embarkation and disembarkation of passengers. 2. "ship/port interface" means the interactions that occur when a ship is directly and immediately affected by actions involving the movement of persons, goods or the provisions of port services to or from the ship. 3. "port facility" means a location where the ship/port interface takes place; this includes areas such as anchorages, waiting berths and approaches from seaward, as appropriate. 4. "focal point for maritime security" means the body designated by each Member State to serve as contact point for the Commission and other Member States and to facilitate, follow and inform on the application of the maritime security measures laid down in this directive, as well as of those laid down in Regulation (EC) Nr. .../.... . 5. "port security authority" means the authority responsible for security matters in a given port. Article 4 Coordination with measures taken in application of Regulation (EC) Nr. .../.... Member States shall ensure that port security measures introduced by this directive are closely coordinated with measures taken in application of Regulation (EC) Nr. .../..... Article 5 Port security authority 1. Member States shall designate a port security authority for each port covered by this directive. A port security authority may be appointed for more than one port. 2. The port security authority shall be responsible for the identification and implementation of appropriate port security measures by means of port security assessments and plans. 3. Member States may appoint a 'competent authority for maritime security' under Regulation (EC) Nr. .../.... as port security authority. Article 6 Port security assessment 1. Member States shall ensure that port security assessments are made for the ports covered by this directive. These assessments should take due account of the specificities of different sections of a port and shall take into account the assessments for port facilities within their boundaries as carried out in application of Regulation (EC) Nr. .../.... . Port security assessments have to be approved by the Member State. 2. Each port security assessment shall be performed according to the detailed requirements provided in Annex I to this directive. 3. Port security assessments may be made by a recognised port security organisation, as referred to in Article 12. Article 7 Port security plan 1. Member States shall ensure that, as a result of port security assessments, port security plans are developed, maintained and updated. Port security plans should adequately address the specificities of different sections of a port and shall integrate the security plans for port facilities within their boundaries established in application of Regulation (EC) Nr. .../.... . Port security plans must to be approved by the Member State. They can only be implemented once that approval has been given. 2. Port security plans shall identify, for each of the different security levels referred to in Article 8: a) the procedures to be followed; b) the measures to be put in place; c) the actions to be undertaken. 3. Each port security plan shall be established in accordance with the detailed requirements provided in Annex II to this directive. 4. Port security plans may be developed by a recognised port security organisation as referred to in Article 12. 5. Member States shall ensure that the implementation of port security plans is coordinated with other control activities carried out in the port. 6. Member States shall ensure that adequate training and exercises are performed, taking into account the basic training requirements listed in Annex III. Article 8 Security levels 1. Member States shall introduce a system of port security levels. 2. There shall be 3 security levels, as defined in Regulation (EC) Nr. .../....: - Security level 1 means the level for which minimum appropriate protective security measures shall be maintained at all times; - Security level 2 means the level for which appropriate additional protective security measures shall be maintained for a period of time as a result of heightened risk of security incident; - Security level 3 means the level for which further specific protective security measures shall be maintained for a limited period of time when a security incident is probable or imminent, although it may not be possible to identify the specific target. 3. Member States shall determine the security levels in use. At each security level, a Member State may determine that different security measures are to be implemented in different parts of the port depending on the outcome of the port security assessment. 4. Member States shall communicate the security level in force for each port as well as any changes thereto. Security levels should be made known on a 'need-to-know' basis in accordance with the port security plan. Article 9 Port security officer 1. A port security officer shall be designated for each port. Each port shall have a different port security officer. Small adjacent ports may have a shared security officer. 2. The port security officers shall fulfil the role of point of contact for port security related issues and should have sufficient authority and local knowledge to adequately ensure and coordinate the establishment, update and follow-up of port security assessments and port security plans. 3. Where the port security officer is not the same as the port facility(ies) security officer(s) under Regulation (EC) Nr. .../.... , close cooperation between them must be ensured. Article 10 Port security committee 1. Member States shall ensure that port security committees are established to provide practical advice in the ports covered by this directive, unless the specificity of a port renders such committees superfluous. 2. The membership of the port security committee may vary between ports, but should always reflect the operational and public authority functions in a port. It shall function on a 'need to know basis'. Article 11 Reviews 1. Member States shall ensure that port security assessments and port security plans are reviewed every time security-relevant changes occur. They must be reviewed at least every five years. Upon review the port security assessments and port security plans must be approved by the Member State. A reviewed plan can only be implemented once thate approval has been given. 2. Reviews of port security assessments and port security plans may be developed by a recognised port security organisation, as referred to in Article 12. Article 12 Recognised port security organisation Member States may appoint recognised port security organisations for the purposes specified in this directive. Recognised port security organisations must fulfil the conditions set out in Annex IV. Article 13 Focal point for port security Member States shall appoint for port security aspects the focal point appointed under Regulation (EC) Nr. .../.... for maritime and port facility security. The focal point for port security shall communicate to the Commission the list of ports concerned by this directive. The focal point for port security shall establish and maintain a list of the contact details of the authorities for port security, as well as the port security officers. This list shall be communicated to the Commission and updated upon changes. Article 14 Implementation and conformity checking 1. Member States shall set up a system ensuring adequate and regular supervision of the port security plans and their implementation. 2. Six months after the date referred to in Article 19, the Commission, in co-operation with the focal points referred to in Article 13, shall start a series of inspections, including inspections of a suitable sample of ports, to monitor the application by Member States of this directive. These inspections shall take account of the data supplied by the focal points, including monitoring reports. The procedures for conducting such inspections shall be adopted in accordance with the procedure referred to in Article 16 (2). 3. The officials mandated by the Commission to conduct such inspections in accordance with paragraph 2 shall exercise their powers upon production of an authorisation in writing issued by the Commission and specifying the subject-matter, the purpose of the inspection and the date on which it is to begin. The Commission shall in good time before inspections inform the Member States concerned of the inspections. The Member State concerned shall submit to such inspections and shall ensure that bodies or persons concerned also submit to those inspections. 4. The Commission shall communicate the inspection reports to the Member State concerned, which within three months of receipt of the report shall indicate sufficient details of the measures taken to remedy any shortcomings. The report and the answers shall be communicated to the Committee referred to in Article 16. Article 15 Adaptations The provisions of Annexes I to IV may be amended in accordance with the procedure referred to in Article 16 (2), without broadening the scope of this directive. Article 16 Committee procedure 1. The Commission shall be assisted by the committee set up by Regulation (EC) Nr. .../.... and comprising representatives of the Member States, chaired by a Commission representative. 2. Where reference is made to this paragraph, Articles 5 and 7 of Decision 1999/468/EC [13] shall apply, having regard to the provisions of Article 8 thereof. [13] OJ L 184, 17.7.1999, p. 23. The period laid down in Article 5(6) of Decision 1999/468/EC shall be set at one month. Article 17 Confidentiality and dissemination of information 1. In applying this directive, the Commission shall take, in accordance with the provisions of Commission Decision 2001/844/EC, ECSC, Euratom [14], appropriate measures to protect information subject to the requirement of confidentiality to which it has access or which is communicated to it by Member States. [14] OJ L 317, 3.12.2001, p. 1. The Member States shall take equivalent measures in accordance with relevant national legislation. 2. Any personnel carrying out security inspections, or handling confidential information related to this directive, must have an appropriate level of security vetting by the Member State of which the personnel concerned has the nationality. 3. Without prejudice to the public right of access to documents as laid down in Regulation (EC) Nr. 1049/2001 of the European Parliament and of the Council [15], the inspection reports and the answers of the Member States referred to in Article 14 (4) shall be secret and not be published. They shall only be available to the relevant authorities, which shall communicate them only to interested parties on a need-to-know basis, in accordance with applicable national rules for dissemination of sensitive information. [15] OJ L 145, 31.5.2001, p. 43. 4. Member States shall as far as possible and in accordance with applicable national law treat as confidential information arising from inspection reports and answers of Member States when it relates to other Member States. 5. Unless it is clear that the inspection reports and answers shall or shall not be disclosed, Member States or the Commission shall consult with the Member State concerned. Article 18 Sanctions The Member States shall ensure that effective, proportionate and dissuasive sanctions are introduced for infringements of the national provisions adopted pursuant to this directive. Article 19 Implementation 1. Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with this directive not later than [...] [one year from the date of its entry into force]. They shall forthwith inform the Commission thereof. When Member States adopt those provisions, they shall contain a reference to this directive or be accompanied by such a reference on the occasion of their official publication. Member States shall determine how such reference is to be made. 2. Member States shall communicate to the Commission the text of the main provisions of national law which they adopt in the field covered by this directive. Article 20 Entry into force This directive shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union. Article 21 Addressees This Directive is addressed to the Member States. Done at Brussels, For the European Parliament For the Council The President The President ANNEX I Port security assessment The port security assessment is the basis for the work on the port security plan and its eventual implementation. The port security assessment shall at least look into the following elements: - Identification and evaluation of important assets and infrastructure it is important to protect; - Identification of possible threats to the assets and infrastructure and the likelihood of their occurrence, in order to establish and prioritise security measures; - Identification, selection and prioritisation of counter-measures and procedural changes and their level of effectiveness in reducing vulnerability; and - Identification of weaknesses, including human factors in the infrastructure, policies and procedures. For this purpose the assessment shall at least cover the following aspects: - identify all areas which are relevant for port security, thus also identifying the port boundaries. This includes port facilities which are already covered by Regulation (EC) Nr. .../.... and whose risk assessment will serve as a basis; - identify security issues deriving from the interface between port facility and other port security measures; - identify risk groups among personnel working in a port; - subdivide, if useful, the port according to the likelihood of becoming a target of intentional unlawful acts. Areas will not only be judged upon their direct profile as a potential target, but also upon their potential role of passage when neighbouring areas are targeted; - identify risk variations, e.g. those based on seasonality; - identify the specific characteristics of each sub-area, such as location, accesses, power supply, communication system, ownership and users and other elements considered security-relevant; - identify potential threat scenarios for each identified sub-area. A sub-area, infrastructure, cargo, baggage, people or transport equipment within this area can be a direct target of an identified threat, or it can be part of a wider area developed in the threat scenario; - identify the specific consequences of a threat scenario. Consequences can impact on one or more sub-areas. Both direct and indirect consequences should be identified. Special attention should be given to the risk of human casualties; - identify the possibility of cluster effects of acts of unlawful interference; - identify the vulnerabilities of each sub-area; - identify all organisational aspects relevant to overall port security, including the division of all security-related authorities, existing rules and procedures; - identify vulnerabilities of the overarching port security related to organisational, legislative and procedural aspects; - identify measures, procedures and actions aimed at reducing critical vulnerabilities. Specific attention should be paid to the need for, and the means of, access control or restrictions to the entire port or to specific parts of a port, including identification of passengers, port employees or other workers, visitors and ship crews, area or activity monitoring requirements, cargo and luggage control. Measures, procedures and actions should be in line with the perceived risk, which may vary between port areas; - identify an organisational structure supporting the enhancement of port security; - identify how measures, procedures and actions should be reinforced in the event of an increase of security level; - identify specific requirements for dealing with established security concerns, such as 'suspect' cargo, luggage, bunker, provisions or persons, unknown parcels, known dangers (e.g. bomb). These requirements should analyse desirability conditions for either clearing it on site or clearing it upon transport towards a secure area; - identify measures, procedures and actions aimed at limiting and mitigating consequences; - identify task divisions allowing for the appropriate and correct implementation of the measures, procedures and actions identified; - pay specific attention, where appropriate, to the relationship with other security plans (e.g. port facility security plans) and other already existing security measures. Attention should also be paid to the relationship with other response plans (e.g. oil spill response plan, port contingency plan, medical intervention plan, nuclear disaster plan, etc.); - identify communication requirements for the implementation of the measures and procedures; - pay specific attention to measures to protect security-sensitive information from disclosure. Identify the need-to-know requirements of all those directly involved as well as, where appropriate, the general public. ANNEX II Port security plan The port security plan sets out the port's security arrangements. It will be based on the findings of the port security assessment. It will clearly set out detailed measures. It will contain a control mechanism allowing, where necessary, for appropriate corrective measures to be taken. The port security plan will be based on the following general aspects: - Define all areas relevant for port security. Depending on the port security assessment, measures, procedures and actions may vary from sub-area to sub-area. Indeed, some sub-areas may require stronger preventive measures than others. Special attention should be paid to the interfaces between sub-areas, as identified in the port security assessment; - Ensure coordination between security measures for areas with different security characteristics; - Provide, where necessary, for varying measures both with regard to different parts of the port, changing security levels, and specific intelligence. Based on these general aspects the port security plan shall attribute tasks and specify work plans in the following fields: - access requirements. For some areas, requirements will only enter into force when security levels exceed minimal thresholds. All requirements and thresholds should be comprehensively included in the port security plan; - ID, luggage and cargo control requirements. Requirements may or may not apply to sub-areas; requirements may or may not apply in full to different sub-areas. Persons entering or within a sub-area may be liable to control. The port security plan will appropriately respond to the findings of the port security assessment, which is the tool by which the security requirements of each sub-area and at each security level will be identified. When dedicated identification cards are developed for port security purposes, clear procedures should be established for the issue, the use-control and the return of such documents. Such procedures should take into account the specificities of certain groups of port users allowing for dedicated measures in order to limit the negative impact of access control requirements. Categories should at least include seafarers, authority officials, people permanently working in the port, people regularly working or visiting the port, residents living in the port and people occasionally working or visiting the port; - liaison with cargo control, baggage and passenger control authorities. Where necessary, the plan is to provide for the linking up of the information and clearance systems of these authorities, including possible pre-arrival clearance systems. - procedures and measures for dealing with suspect cargo, luggage, bunker, provisions or persons, including identification of a secure area; as well as for other security concerns and breaches of port security; - monitoring requirements for sub-areas or activities within sub-areas. Both the need for and possible technical solutions will be derived from the port security assessment; - signposting. Areas with any requirements (access and/or control), should be properly signposted. Control and access requirements shall appropriately take into account all relevant existing law and practices. Monitoring of activities should be appropriately indicated if national legislation so requires; - communication and security clearance. All relevant security information must be properly communicated according to security clearance standards included in the plan. In view of the sensitivity of some information, communication will be based on a need-to-know basis, but it will include where necessary procedures for communications addressed to the general public. Security clearance standards will form part of the plan and are aimed at protecting security sensitive information against unauthorised disclosure. - reporting of security incidents. With a view to ensure a rapid response the port security plan should set out clear reporting requirements to the port security officer of all security incidents and/or to the competent authority for port security. - integration with other preventive plans or activities. The plan should specifically deal with integration with other preventive and control activities in force in the port. - integration with other response plans and/or inclusion of specific response measures, procedures and actions. The plan should detail the interaction and coordination with other response and emergency plans. Where necessary conflicts and shortcomings should be resolved. - training and exercise requirements. - operational port security organisation and working procedures. The port security plan will detail the port security organisation, its task division and working procedures. It will also detail the coordination with port facility and ship security officers, where appropriate. It will delineate the tasks of the port security committee, if this exists. - procedures for adapting and updating the port security plan. ANNEX III Basic training requirements Various types of exercises which may include participation of port facility security officers, in conjunction with relevant authorities of Member States, company security officers, or ship security officers, if available, should be carried out at least once each calendar year with no more than 18 months between the exercises. Requests for the participation of company security officers or ships security officers in joint exercises should be made bearing in mind the security and work implications for the ship. These exercises should test communication, coordination, resource availability and response. These exercises may be: (1) full scale or live; (2) tabletop simulation or seminar; or (3) combined with other exercises held such as emergency response or other port State authority exercises. ANNEX IV Conditions to be fulfilled by a recognised port security organisation A recognised port security organisation should be able to demonstrate: (1) expertise in relevant aspects of port security; (2) an appropriate knowledge of port operations, including knowledge of port design and construction; (3) an appropriate knowledge of other security relevant operations potentially affecting port security; (4) the capability to assess the likely port security risks; (5) the ability to maintain and improve the port security expertise of its personnel; (6) the ability to monitor the continuing trustworthiness of its personnel; (7) the ability to maintain appropriate measures to avoid unauthorised disclosure of, or access to, security-sensitive material; (8) the knowledge of relevant national and international legislation and security requirements; (9) the knowledge of current security threats and patterns; (10) the knowledge of recognition and detection of weapons, dangerous substances and devices; (11) the knowledge of recognition, on a non-discriminatory basis, of characteristics and behavioural patterns of persons who are likely to threaten port security; (12) the knowledge of techniques used to circumvent security measures; (13) the knowledge of security and surveillance equipment and systems and their operational limitations. (4) A recognised port security organisation which has made a port security assessment or review of such an assessment for a port is not allowed to establish or review the port security plan for the same port. (4) LEGISLATIVE FINANCIAL STATEMENT Policy area(s): Inland, air and maritime transport policy Activit(y/ies): Implementation of port security measures and the monitoring thereof Title of action: Directive of the European Parliament and of the Council on enhancing port security 1. BUDGET LINE(S) + HEADING(S) 06 02 03 02 Transport security 06 02 11 03 Committees 2. OVERALL FIGURES 2.1 Total allocation for action (Part B): See point 6.1 2.2 Period of application: Indefinite, starting in 2006 2.3 Overall multi-annual estimate of expenditure (a) Schedule of commitment appropriations/payment appropriations (financial intervention) (see point 6.1.1) EUR million (to three decimal places) >TABLE POSITION> b) Technical and administrative assistance and support expenditure (see point 6.1.2) >TABLE POSITION> >TABLE POSITION> (c) Overall financial impact of human resources and other administrative expenditure (see points 7.2 and 7.3) >TABLE POSITION> >TABLE POSITION> 2.4 Compatibility with financial programming and financial perspective New action [X] Proposal is compatible with existing financial programming. [...] Proposal will entail reprogramming of the relevant heading in the financial perspective. [...] Proposal may require application of the provisions of the Interinstitutional Agreement. 2.5 Financial impact on revenue [16] [16] For further information, see separate explanatory note. [X] Proposal has no financial implications (involves technical aspects regarding implementation of a measure). 3. BUDGET CHARACTERISTICS >TABLE POSITION> 4. LEGAL BASIS Article 80(2) of the EC Treaty 5. DESCRIPTION AND GROUNDS 5.1 Need for Community intervention [17] [17] For further information, see separate explanatory note. 5.1.1 Objectives pursued After the events of September 11th 2001, the European Union reiterated its support to the global community in developing all necessary means of dealing with the terrorist threat. Consequently, the EU developed legislation on aviation security and turned to the problem of terrorist gateways through international maritime transport. A recent document of the OECD [18] summarises the terrorist threat to which maritime transport, including ports, is exposed. [18] OECD, Directorate for Science, Technology and Industry, Maritime Transport Committee, Security in Maritime Transport: Risk Factors and Economic Impact, July 2003. The IMO Diplomatic Conference on 12 December 2002 adopted amendments to the SOLAS Convention and the related ISPS-Code on a security regime for international maritime shipping and the ship/port interface. The results of the IMO Diplomatic Conference are in the process of being incorporated into EU legislation in the form of a regulation to ensure a uniform application. Parts of the non-mandatory elements of the ISPS Code will be made mandatory and there will be fine-tuning of the IMO texts to address the specific conditions in the EU. However, the scope of IMO rules limits the field of application to international shipping and the ship/port interface. Although already a significant breakthrough, this limited scope leaves an unwanted void in security since the areas beyond the ship/port interface fall outside the coverage. This is the inevitable consequence of the way these new security rules were adopted: they were tailored as amendments to an existing international convention. It was equally recognised that considerable additional work was required to address the issue of port security beyond the ship/port interface. A joint IMO/ILO working group is working on detailed guidance on port security; it may take time to develop. Elsewhere this temporary void is already being addressed. This is done by applying all new IMO rules to the entire port (US approach), or by adopting additional security measures with a direct or indirect impact on ports (national port security measures in EU Member States, the US rules like the Container Security Initiative-CSI, Container Trade Partnership-CTPAT, 24 hour advance notification rule, etc.). In view of the above, a community directive on port security is considered necessary to: - provide the Member States with a uniform framework to enhance security in ports; - establish a uniform approach to integrate key maritime and non-maritime port areas in an overarching port security framework; - support Member States in developing secure ports both towards maritime transport and towards landside population, as well as vis-à-vis the marine and land environment; - ensure uniform conditions throughout the European Union for access to and control of markets and activities associated with the port sector. 5.1.2 Measures taken in connection with ex ante evaluation Between February and December 2002 the Member States and the Commission participated in three IMO technical sessions and a diplomatic conference devoted to urgent consideration of the security of international maritime transport. The community considers that this requires priority action. During this lead period it became clear that security does not start or end in the vicinity of the ship (the ship/port interface). For optimal effectiveness, transport security should ultimately cover the entire supply chain from seller to purchaser. Within this supply chain port security has been repeatedly emphasised as being critical to overall transport security (Commission communication on enhancing maritime transport security, WCO, US Maritime Security Bill, CTPAT). Most notably: - Without security in the port area adjacent to the ship/port interface, the risk of 'contamination' of the secured port facility is considered to be high. Therefore, one can consider that saving on costs for basic preventive port security measures would be strongly outweighed by the cost of having to add costly additional security checks at the ship/port interface. - Industry has indicated on several occasions that it will have invested considerable amounts by July 2004 in the development of ship and port facility security measures. Consequently there is a wish to eliminate clear security voids (such as insufficient or non-existing port security measures) which could lessen the effectiveness of these investments. In view of the geographic mix of facilities and non ship/shore areas within ports, voids in general port security could indeed pose problems to the security of the ship/port interfaces. In other parts of the world satisfactory port security is already considered to be part of the requirements for securing maritime trade. Satisfactory levels of port security may, in addition to compliance with the ISPS Code, develop into preconditions for unrestricted trade flows from these ports. Irrespective of the negative signal the EU would send out if it were to neglect its own ports' security beyond the ship/port interface, the costs of 'doing nothing' may well, in case of a successful terrorist attack, rise to alarming levels. Firstly, the preservation of human lives is an aim in itself. Secondly, the terrorist threat and the resulting fear directly impacts on the efficiency of the global economy. Thirdly, in case of a successful attack it is likely that, as a reaction, many ports could be closed temporarily to reassess their security level and the actual threat. The port in which an attack was carried out may obviously incur enormous damage to installations and trade image. The economic costs strictu senso can be illustrated by a few examples given by the OECD: [19] [19] OECD, op.cit. A labour dispute in US western coast ports resulted in a 10 day lock out in these ports. A moderate estimate calculated the resulting costs at US$ 467 million.Shippers indicated their intent to change their entire logistic chains, with rocketing costs, had the lock out continued. - US average stock levels have been reduced over the 1990s from 1.57 months to 1.36 months in 2001. In 2002 average stocks rose to 1.43 months. This evolution, due to uncertainty and fear for supply stability, has eliminated the progress of half a decade and represents for the US an extra capital cost of US$ 50-80 bn. [20] [20] The Friction Economy, in: Fortune, February 2003; Bowserbox, D and Closs, D., Supply Chain Sustainability and Cost in the New War Economy, in: Traffic World, April 2002. - A full scale simulation of container bombs entering the US, partly caught in port, partly slipping through in the logistic chain, resulted in a total estimated cost of US$ 58 bn. [21] It would also take up to 92 days before port backlogs were completely eliminated. This estimate takes only into account costs arising in the US, and therefore neglects the resulting costs elsewhere. [21] Conference Board, Booz Allen Hamilton, October 2002. A uniform port security framework in all EU ports will reduce security related inter-port competition within EU boundaries. As regards third countries, it will remove any incentive to compare EU ports with regard to their respective security. Hence a port security directive will minimise or eliminate undesirable competitive distortions. Finally, it should be mentioned that additional labour can be expected. The bulk of this additional labour will be related to implementing the ISPS Code. However also in port security, new labour opportunities might arise. 5.1.3 Measures taken following ex post evaluation None/Not applicable. 5.2 Actions envisaged and budget intervention arrangements The directive requires each Member State to identify the boundaries of the ports subject to the directive. Member States should outline a security policy for these areas and ensure that security assessments and appropriate security plans are established and updated. The introduction and implementation of each national port's security policy must be monitored by a national central authority. For the purposes of reaching a desired common level of implementation, the directive includes priority issues in its Annex for the port security assessment and the port security plan. As the overall scheme must be consistent to ensure its reliability at EU level the Commission is called on to carry out inspections to verify implementation of the national plans adopted pursuant to this directive. 5.3 Methods of implementation Direct management by the Commission using regular or outside staff. Since any compliance monitoring would begin only 18 months after the compliance monitoring carried out under the maritime security regulation, and given the inevitable link between the monitoring of maritime security and of port security, it is proposed to use the expertise gained by the compliance monitors to carry out the monitoring under this Directive. However, in order to introduce into the monitoring process the necessary element of specific port security expertise, eight additional port security inspectors would be required (see 7.1 below). 6. FINANCIAL IMPACT 6.1 Total financial impact on Part B (over the entire programming period) The cost of this scheme is calculated by adding up the individual costs on an annual basis, starting in 2006, when the proposed Community action is estimated to have fully become operational. 6.1.1 Financial intervention The directive provides for a monitoring and inspection exercise to be carried out by the Commission. It is expected that, as from 2006, approximately 84 inspection visits will be carried out each year (5 days per port * EUR1500). Monitoring and inspection will be accompanied by meetings of experts. A study on implementation and possible future initiatives should be carried out in 2008 (i.e. two years after the directive has become operational). The Commission also intends to commission a study to evaluate the impact and the effectiveness of the measures adopted. Such a study should be conducted in 2008, and then every three years. Such regular evaluation is necessary to enable the Commission to propose, via the committee procedure, any adjustments to the proposed system which might prove necessary. The unit cost of each study is estimated at EUR150 000. Inspection visits: for the calculation of the number of inspection visits, see 7.1. In the first year an additional cost for on-site working equipment (laptop PCs) is expected. >TABLE POSITION> (If necessary, explain the method of calculation.) >TABLE POSITION> (If necessary, explain the method of calculation.) 7. IMPACT ON STAFF AND ADMINISTRATIVE EXPENDITURE 7.1 Impact on human resources This directive requires compliance monitoring. It is proposed that this be based on the experience gained from similar monitoring carried out pursuant to the maritime security regulation. In order to identify the required number of Inspectors six parameters are relevant: - Inspections should be performed by two inspectors together; - Compliance monitoring should include the inspection of national security monitoring systems at a rate of one third per annum. Since ports are operated in a maximum of 20 Member States (present and accession countries), the present estimate is foreseen 7 inspections per year; - A study on port security measures in EU ports identifies 769 ports in the EU and Accession countries, based upon Lloyds Fairplay data. Compliance monitoring of the application of this directive should be performed by means of spot checks in ports at a rate of 10% p.a. of all identified ports; - Compliance monitoring, preparation, travel and follow-up is expected to represent a workload of 1 working week per inspection; - Inspectors will perform their inspections every second week This results in about 20 inspections per year per inspector (assuming 40 working weeks a year). For inspections, teams of 2 inspectors are required thus resulting in 2 inspectors performing 20 inspections per annum. 10% of 769 ports is about 77 ports a year. 1/3rd of all national security systems represents 7 inspections a year; bringing the total to at least 84 inspections a year. As a consequence 8 inspectors are required for these inspections. As working equipment, 8 laptops are required, at a unit price of EUR 2000. One administrator will be in charge of the entire process. >TABLE POSITION> 7.2 Overall financial impact of human resources >TABLE POSITION> The amounts are total expenditure for twelve months. 7.3 Other administrative expenditure deriving from the action Committee of experts: one-day meetings with experts from the sector concerned to enable the Commission to draw up the adaptations to the rules provided for in Article 15 of the proposal for a Directive. It is expected that in the first year three meetings would be required and afterwards one meeting a year should suffice. >TABLE POSITION> The amounts are total expenditure for twelve months. (1) Specify the type of committee and the group to which it belongs. I. Annual total (7.2 + 7.3) II. Duration of action III. Total cost of action (I x II) // EUR 1 028 250 (first year) EUR 990 750 (subsequent years) Indefinite Indefinite The needs in terms of human and administrative resources will be covered within the allocation granted to the managing DG in the framework of the annual allocation procedure. 8. FOLLOW-UP AND EVALUATION 8.1 Follow-up arrangements Follow-up arrangements will be adopted involving inspections in the Member States and periodic impact studies. 8.2 Arrangements and schedule for the planned evaluation The Commission intends to launch a study to evaluate the impact and the effectiveness of the measures adopted. Such a study should be conducted in year N+2, and then every three years. Six months after the date of application of the proposed directive, the Commission, in cooperation with the national authorities, will start a series of inspections to verify the means of monitoring implementation of the national plans adopted pursuant to the directive. These inspections will take account of the data supplied by the national authorities, including the monitoring reports. 9. ANTI-FRAUD MEASURES The activities of the commission's maritime security inspectors will be subject to the commission's normal audit procedures. IMPACT ASSESSMENT FORM THE IMPACT OF THE PROPOSAL ON BUSINESS WITH SPECIAL REFERENCE TO SMALL AND MEDIUM-SIZED ENTERPRISES( SMEs) Title of proposal Directive of the European Parliament and of the Council on enhancing port security Document reference number COM (2003) XXXX The proposal 1. Taking account of the principle of subsidiarity, why is Community legislation necessary in this area and what are its main aims? Community legislation has already been developed for ship and port facility security, which is intended to be complemented by this Directive on port security. Hence, also the measures covered by this proposal must be applied consistently throughout the Community in order not to offset the EU wide consistency of the measures it intends to complement. Moreover, uniform application avoids security related distortions of competition. The impact on business 2. Who will be affected by the proposal? - Which business sectors? Shippers, agents, port managers, companies set up within the port boundaries. - What sizes of company (share of small and medium-sized businesses)? All sizes of company active in these sectors. - Are there particular geographical areas of the Community where these businesses are found? No, thirteen Member States are concerned as port states. Upon accession of the accession countries this further increases to 20. 3. What will business have to do to comply with the proposal? Where not already in place, introduce appropriate security procedures and, where appropriate, acquire the necessary equipment. Ensure that staff receive training on security requirements. Additional staff may be needed. 4. What economic effects is the proposal likely to have: - on employment? Jobs may be created to perform port related security tasks, and probably also at specialised security firms. - on investment and the creation of new businesses? Companies active in the port may have to acquire security equipment. Specialised security firms may expand. - on the competitiveness of businesses? None, in that all will be subject to the same requirements. 5. Does the proposal contain measures to take account of the specific situation of small and medium-sized enterprises (reduced or different requirements, etc.)? Not directly, but requirements are based upon a case by case assessment and will therefore have optimal adaptation to specific concern, within the limits of a minimal security threshold. Consultation 6. List the organisations which have been consulted about the proposal and outline their main views. - The Commission has consulted all Member States and candidate countries, and all interested industry representatives. The replies clearly show that the sector recognises the need for port security measures. There is wide acknowledgement for a Community approach, provided that the measures sufficiently take into account the various structures of and in ports (on organisational level, in terms of risk level). - All European organisations representing this sector participated as observers in the work of the IMO on maritime security. Employers, employees and government representatives are participating in the work of the joint IMO-ILO Working Group developing detailed guidance for port security. The Commission has commissioned a study of the impact of these measures. The consultant associated the European Sea Ports Organisation (ESPO), the Federation of European Private Port Operators (FEPORT) and the European Community Shipowners' Association (ECSA) with its work. While the industry has to invest in developing ship and port facility security measures, there is concern of eliminating clear security voids (such as minor or non-existing port security measures) which may render these investments idle. In view of the geographic mix of facilities and non ship/shore areas security voids in general port security may indeed pose problems to the security of the ship/port interfaces.