Presentation on theme: "Work programme 2009 – Info Day European Commission – DG Enterprise & Industry E-M. Engdahl Information Day 16th September 2009 REA - Brussels Seventh Framework."— Presentation transcript:
Work programme 2009 – Info Day European Commission – DG Enterprise & Industry E-M. Engdahl Information Day 16th September 2009 REA - Brussels Seventh Framework Programme 2007-2013 Security Research
A “Sensitive” Project is handling: – Data or information requiring protection against unauthorised disclosure: classified information – Information or materials subject to security restrictions – Material subject to export- or transfer-control No “Classified” Proposals are allowed in the call (no classified information in a proposal) BUT: a Proposal could lead to a “Sensitive” Project (project that could use classified/sensitive background and/or produce classified/sensitive foreground) “Sensitive” Projects: What is a sensitive project?
Security issues: Principles and legal base Originator consent Need to know 2001/844/EC amended by 2006/548/EC OJ L215, 5.8.2006 National laws rules for submission, evaluation, etc…
“Sensitive” Projects: Sensitive proposals with non-EU participants EU classification is limited to EU Member States Sensitive projects can include participants from associated or third countries Countries having a security agreement with the EU (Council level) could refer to that security agreement for handling sensitive information and material Special MoU (Memorandum of Understanding) could be agreed between the countries involved in the handling of sensitive information/material of a project limited to that project No restriction for the participation to sensitive projects for associated countries and from third countries if no access foreseen to sensitive information/material
“Sensitive” Projects: Use of classified information No classified information to be used in the proposal However, the project could use classified/sensitive background and/or produce classified/sensitive foreground In that case, The proposal should be flagged on page 1 of the part B of the proposal as security sensitive The table of deliverables must specify the level of classification for each deliverable A Security Aspect Letter (SAL) + a Security Classification Guide (SCG) must be attached to the proposal
“Sensitive” Projects: Security Scrutiny Procedure For each sensitive project proposal of the selection list: The Security Committee Members/Observers will be requested (via their national security authority representative) to verify that all security aspects are properly addressed and to reach an agreement among themselves the scrutiny procedure is done, in a 2 months period, following the evaluation and before the start of the negotiation of the projects The results of the scrutiny could be: go ahead with negotiation; recommendations for the negotiation without classification; recommendations for the negotiation with classification; Recommendation not to finance the proposal Proposers receive the conclusions of the scrutiny procedure with the “Invitation letter” (negotiation mandate)
“Sensitive” Projects: Some recommendations Be serious about the sensitivity declaration Consider carefully the requirements for accessing sensitive information/material in a project (limit it as far as possible) Get reference of all applicable EU and national legislation Contact your National Contact Point (NCP) – see CORDIS Contact your NSA for sensitive proposals (OJ L193 of 23.7.2005 p.31-36) For non-EU countries find out if there are some security agreement between your country and EU
“Sensitive” Projects: Grant specificities Core Grant Agreement: the main special clauses 21 and 22 Annex 1 (DoW) SAL (Security Aspect Letter SCG (Security Classification Guide) Guideline for handling classified information in FP7 project (Draft)
“Sensitive” Projects: Grant specificities Core Grant Agreement : special clause 21 When classified information is used as background, or is planned to be generated as foreground, or is actually generated as foreground, or if export or transfer licences are required for the transfer of dangerous materials or substances or where a topic is subject to specific national or European security related legal restrictions, a Security Aspect Letter (SAL) is annexed to this grant agreement as an integral part of Annex I. Core Grant Agreement : special clause 22 1.Each beneficiary shall comply with any security requirements prescribed by the Security Aspect Letter (SAL) attached to Annex I of this grant agreement. The Commission may terminate the grant agreement or the participation of the beneficiary(ies), in accordance with Article II.38, in case of non compliance with this obligation. Such action shall be without prejudice to any further legal action. 2.This SAL is valid throughout the duration of the project. 3.The beneficiaries of this grant agreement shall via the Coordinator inform the Commission of any change of security requirements emerging during the performance of the project. Any such change shall be introduced in the SAL by means of an amendment following the rules on amendments of Annex I. 4.In cases where a beneficiary cannot comply with increased security requirements, the grant agreement shall be terminated. 5.The beneficiaries shall ensure that any subcontractor or other third party complies with the security requirements set out in the SAL.
“Sensitive” Projects: Grant specificities Annex 1 (DoW) : SAL (Security Aspect Letter) The performance of the grant agreement will involve information classified CONFIDENTIAL UE. [A Facility Security Clearance is required]. Persons who need to access EU classified information must [have an EU personal security clearance and] be briefed as to their responsibility for security. The beneficiaries concerned shall take all measures prescribed by the National Security Authority/Designated Security Authority (NSA/DSA) for safeguarding EUCI. The beneficiaries concerned shall appoint a Facility Security Officer (FSO). The beneficiaries concerned, through the FSO, shall maintain a continuing relationship with his NSA/DSA. The beneficiaries concerned shall maintain a record of his employees taking part in the project and who have been cleared for access to EUCI. EU classified information for the purpose of these instructions is to be understood as information classified and marked CONFIDENTIAL UE or its equivalent national classification. Information generated by the beneficiaries concerned will require EU classification and marking. Continued on next slide
“Sensitive” Projects: Grant specificities Annex 1 (DoW) : SAL (Security Aspect Letter – continued) The beneficiaries concerned must obtain the approval of the Contracting Authority before beginning negotiations with a view to subcontract. The Commission Security Directorate may - in co-ordination with the responsible NSA/DSA - conduct inspections at beneficiaries’ facilities concerned to verify the implementation of the security requirements for the handling of EUCI. The beneficiaries concerned shall report all cases of unauthorised disclosure or loss of EUCI to the responsible NSA/DSA, the Commission Security Directorate and the Contracting Authority. All EUCI provided or generated under this grant agreement shall continue to be protected in the event of termination of the grant agreement. The beneficiaries concerned shall undertake not to utilise the EUCI provided or generated, other than for the specific purpose of the grant agreement XXXXXX Handling and storage instructions for information classified CONFIDENTIAL UE   Commission Decision 2001/844/EC, Rules on Security Section 19.1  Idem above note 1
Guideline for handling CONFIDENTIEL EU classified information in FP7 project (Draft) Introduction Production of a classified document Anatomy of a classified document Stamping Classified digital media The Classified Document Register – Receipt The Classified Document register – Disposal Filing & storage Maintenance of files and folders Personal retention of documents Reproduction Downgrading Declassification Destruction Transmission Receipting Packaging Transmission methods Returned receipts “Sensitive” Projects: Guidelines. WORK IN PROGRESS Comment welcome
Further information CORDIS site: http://cordis.europa.eu/fp7/security/home_en.htmlhttp://cordis.europa.eu/fp7/security/home_en.html Work Programme Call for proposals Guide for applicants etc. All topics (but 7.0-4): REAemail@example.com REAfirstname.lastname@example.org Demos phase 1 and 2; topic 7.0-4; Security issues: email@example.com