ISSN 1977-0677 |
||
Official Journal of the European Union |
L 6 |
|
![]() |
||
English edition |
Legislation |
Volume 60 |
Contents |
|
II Non-legislative acts |
page |
|
|
INTERNATIONAL AGREEMENTS |
|
|
* |
||
|
* |
||
|
|
REGULATIONS |
|
|
* |
||
|
|
||
|
|
DECISIONS |
|
|
* |
EN |
Acts whose titles are printed in light type are those relating to day-to-day management of agricultural matters, and are generally valid for a limited period. The titles of all other Acts are printed in bold type and preceded by an asterisk. |
II Non-legislative acts
INTERNATIONAL AGREEMENTS
11.1.2017 |
EN |
Official Journal of the European Union |
L 6/1 |
Information relating to the entry into force of the Agreement between the European Union and the Republic of Colombia on the short-stay visa waiver
The Agreement between the European Union and the Republic of Colombia on the short-stay visa waiver will enter into force on 1 December 2016, the procedure provided for in Article 8(1) of the Agreement having been completed on 19 October 2016.
11.1.2017 |
EN |
Official Journal of the European Union |
L 6/2 |
COUNCIL DECISION (EU) 2017/43
of 12 December 2016
on the position to be adopted, on behalf of the European Union, in the Association Committee in Trade configuration established by the Association Agreement between the European Union and the European Atomic Energy Community and their Member States, of the one part, and Ukraine, of the other part, in relation to the update of Annexes XXI-A to XXI-P on regulatory approximation in the area of public procurement
THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular the first paragraph of Article 207(4) in conjunction with Article 218(9) thereof,
Having regard to the proposal from the European Commission,
Whereas:
(1) |
Article 486 of the Association Agreement between the European Union and the European Atomic Energy Community, and their Member States of the one part, and Ukraine, of the other part (1) (‘the Agreement’), provides for the provisional application of the Agreement in part, as specified by the Union. |
(2) |
Article 1 of Council Decision 2014/668/EU (2) specifies the provisions of the Agreement to be applied provisionally, including the provisions on public procurement, and Annex XXI to the Agreement. The provisional application of those provisions is effective from 1 January 2016. |
(3) |
Article 153 of the Agreement provides that Ukraine is to ensure that its public procurement legislation is gradually made compatible with the relevant Union acquis, in line with the schedule provided in Annex XXI to the Agreement. |
(4) |
Several Union acts listed in Annexe XXI to the Agreement have been amended or repealed since the initialling of the Agreement on 30 March 2012. |
(5) |
Article 149 of the Agreement provides that the value thresholds for public procurement contracts provided for in Annex XXI-P to the Agreement are to be revised regularly, beginning in the first even year following the entry into force of the Agreement. |
(6) |
It is furthermore appropriate to take into account the progress made by Ukraine in the process of approximation to the Union acquis by amending certain deadlines. |
(7) |
It is therefore necessary to update Annex XXI in order to reflect the developments to the Union acquis listed therein, and revise the value thresholds for public procurement contracts provided for in Annex XXI-P to the Agreement. |
(8) |
Article 149 of the Agreement provides that the revision of the thresholds provided for in Annex XXI-P to the Agreement shall be adopted by decision of the Association Committee in Trade configuration. |
(9) |
Article 463(3) of the Agreement provides that the Association Council shall have the power to update or amend the Annexes to the Agreement. |
(10) |
Article 1 of the Association Council Decision No 3/2014 (3) delegates the power to update or amend the trade-related annexes of the Agreement to the Association Committee in Trade configuration, including Annex XXI pertaining to Chapter 8 (Public Procurement) of Title IV (Trade and trade-related matters). |
(11) |
It is therefore appropriate to establish the position to be adopted on behalf of the Union in relation to the update of Annex XXI to the Agreement to be adopted by the Association Committee in Trade configuration. |
(12) |
Article 152(1) of the Agreement stipulates that Ukraine shall submit to the Association Committee in Trade configuration a comprehensive roadmap for the implementation of the legislation related to public procurement with time schedules and milestones which should include all reforms in terms of legislative approximation and institutional capacity building. This roadmap shall comply with the phases and time schedules set out in Annex XXI-A to the Agreement. |
(13) |
Article 152(3) specifies that a favourable opinion by the Association Committee in Trade configuration is needed in order for the comprehensive roadmap to become a reference document for the process of implementation i.e. for the legislative approximation of the public procurement related legislation to the Union acquis. |
(14) |
It is therefore appropriate to establish the position to be adopted on behalf of the Union in relation to a favourable opinion regarding the comprehensive roadmap to be adopted by the Association Committee in Trade configuration, |
HAS ADOPTED THIS DECISION:
Article 1
1. The position to be adopted on behalf of the European Union in the Association Committee in Trade configuration established by Article 465 of the Association Agreement between the European Union and the European Atomic Energy Community and their Member States, of the one part, and Ukraine, of the other part (‘the Agreement’), in relation to the update of Annex XXI of the Agreement shall be based on the draft Decision of that Committee, attached to this Decision.
2. Minor technical corrections to the draft Decision may be agreed to by the representatives of the Union in the Association Committee in Trade configuration without further decision of the Council of the European Union.
Article 2
The position to be adopted on behalf of the Union within the Association Committee in Trade configuration established by Article 465 of the Agreement, in relation to the favourable opinion regarding the comprehensive roadmap shall be based on the draft Decision of that Committee referred to in Article 1(1).
Article 3
The Decisions of the Association Committee in Trade configuration shall be published in the Official Journal of the European Union after their adoption.
Article 4
This Decision shall enter into force on the date of its adoption.
Done at Brussels, 12 December 2016.
For the Council
The President
F. MOGHERINI
(1) OJ L 161, 29.5.2014, p. 3.
(2) Council Decision 2014/668/EU of 23 June 2014 on the signing, on behalf of the European Union, and provisional application of the Association Agreement between the European Union and the European Atomic Energy Community and their Member States, of the one part, and Ukraine, of the other part, as regards Title III (with the exception of the provisions relating to the treatment of third-country nationals legally employed as workers in the territory of the other Party) and Titles IV, V, VI and VII thereof, as well as the related Annexes and Protocols (OJ L 278, 20.9.2014, p. 1).
(3) Decision No 3/2014 of the EU-Ukraine Association Council of 15 December 2014 on the delegation of certain powers by the Association Council to the Association Committee in Trade configuration [2015/980] (OJ L 158, 24.6.2015, p. 4).
DRAFT
DECISION No 1/2016 OF THE EU-UKRAINE ASSOCIATION COMMITTEE IN TRADE CONFIGURATION
of …
updating Annex XXI to the Association Agreement and giving a favourable opinion regarding the comprehensive roadmap on public procurement
THE ASSOCIATION COMMITTEE IN TRADE CONFIGURATION,
Having regard to the Association Agreement between the European Union and the European Atomic Energy Community and their Member States, of the one part, and Ukraine, of the other part (1) (‘the Agreement’), and in particular Article 149, Article 153 and Article 463 thereof,
Whereas:
(1) |
In accordance with Article 486 of the Agreement, parts of the Agreement, including provisions on public procurement, are applied provisionally as of 1 January 2016. |
(2) |
Article 149 of the Agreement provides that the value thresholds for public procurement contracts provided for in Annex XXI-P are to be revised regularly, beginning in the first even year following the entry into force of the Agreement and such revision is to be adopted by decision of the Association Committee in Trade configuration, as set out in Article 465(4) of the Agreement. |
(3) |
Article 153 of the Agreement provides that Ukraine is to ensure that its public procurement legislation is gradually made compatible with the relevant Union acquis, in line with the schedule provided in Annex XXI to the Agreement. |
(4) |
Several Union acts listed in Annex XXI to the Agreement have been recast or repealed and replaced by a new Union act since the initialling of the Agreement on 30 March 2012. In particular, the Union adopted and notified to Ukraine the following acts:
|
(5) |
The above-mentioned Directives amended the value thresholds for public procurement contracts provided for in Annex XXI-P, which were subsequently amended by Commission Delegated Regulations (EU) 2015/2170 (5), (EU) 2015/2171 (6) and (EU) 2015/2172 (7), respectively. |
(6) |
Article 463(3) of the Agreement provides that the Association Council shall have the power to update or amend the Annexes to the Agreement. |
(7) |
It is necessary to update Annex XXI to the Agreement in order to reflect the changes made to the Union acquis listed in that Annex, in accordance with Articles 149, 153 and 463 of the Agreement. |
(8) |
The new Union acquis on public procurement has a new structure. It is appropriate to reflect this new structure in Annex XXI. In the interest of clarity, Annex XXI should be updated in its entirety and replaced by the Annex as set out in the Appendix to this Decision. It is furthermore appropriate to take into account the progress made by Ukraine in the process of approximation to the Union acquis. |
(9) |
Article 465(2) of the Agreement specifies that the Association Council may delegate to the Association Committee in Trade configuration any of its powers, including the power to take binding decisions. |
(10) |
The EU-Ukraine Association Council empowered the Association Committee in Trade configuration in its Decision No 3/2014 (8) of 15 December 2014 to update or amend certain trade-related annexes. |
(11) |
Article 152(1) of the Agreement stipulates that Ukraine shall submit to the Association Committee in Trade configuration a comprehensive roadmap for the implementation of the legislation related to public procurement with time schedules and milestones which should include all reforms in terms of legislative approximation to the Union acquis. |
(12) |
Article 152(3) specifies that a favourable opinion by the Association Committee in Trade configuration is needed in order for the comprehensive roadmap to become a reference document for the process of implementation, namely for the legislative approximation of the public procurement related legislation to the Union acquis. |
(13) |
It is therefore appropriate for the Association Committee in Trade configuration to adopt a decision giving favourable opinion regarding the comprehensive roadmap, |
HAS ADOPTED THIS DECISION:
Article 1
Annex XXI to the Association Agreement between the European Union and the European Atomic Energy Community and their Member States of the one part, and Ukraine, of the other part, is hereby replaced by the updated version of the Annex, which is attached to this Decision.
Article 2
A favourable opinion is given regarding the comprehensive roadmap approved by the Ordinance of the Cabinet of Ministers of Ukraine of 24 February 2016 (number 175-p) adopted by the government of Ukraine on 24 February 2016.
Article 3
This Decision shall enter into force on the date of its adoption.
Done at …,
For the Association Committee in Trade configuration
The Chair
(1) OJ L 161, 29.5.2014, p. 3.
(2) Directive 2014/23/EU of the European Parliament and of the Council of 26 February 2014 on the award of concession contracts (OJ L 94, 28.3.2014, p. 1).
(3) Directive 2014/24/EU of the European Parliament and of the Council of 26 February 2014 on public procurement and repealing Directive 2004/18/EC (OJ L 94, 28.3.2014, p. 65).
(4) Directive 2014/25/EU of the European Parliament and of the Council of 26 February 2014 on procurement by entities operating in the water, energy, transport and postal services sectors and repealing Directive 2004/17/EC (OJ L 94, 28.3.2014, p. 243).
(5) Commission Delegated Regulation (EU) 2015/2170 of 24 November 2015 amending Directive 2014/24/EU of the European Parliament and of the Council in respect of the application thresholds for the procedures for the award of contracts (OJ L 307, 25.11.2015, p. 5).
(6) Commission Delegated Regulation (EU) 2015/2171 of 24 November 2015 amending Directive 2014/25/EU of the European Parliament and of the Council in respect of the application thresholds for the procedures for the award of contracts (OJ L 307, 25.11.2015, p. 7).
(7) Commission Delegated Regulation (EU) 2015/2172 of 24 November 2015 amending Directive 2014/23/EU of the European Parliament and of the Council in respect of the application thresholds for the procedures for the award of contracts (OJ L 307, 25.11.2015, p. 9).
(8) Decision No 3/2014 of the EU-Ukraine Association Council of 15 December 2014 on the delegation of certain powers by the Association Council to the Association Committee in Trade configuration [2015/980] (OJ L 158, 24.6.2015, p. 4).
ANNEX XXI-A TO CHAPTER 8
INDICATIVE TIME SCHEDULE FOR INSTITUTIONAL REFORM, LEGISLATIVE APPROXIMATION AND MARKET ACCESS
Phase |
|
Indicative time schedule |
Market access granted to the EU by Ukraine |
Market access granted to Ukraine by the EU |
|
1. |
Implementation of Articles 150(2) and 151 of this Agreement Agreement of the Reform Strategy set out in Article 152 of this Agreement |
6 months after the entry into force of this Agreement |
Supplies for central government authorities |
Supplies for central government authorities |
|
2. |
Approximation and implementation of basic elements of Directive 2014/24/EU and of Directive 89/665/EEC |
3 years after the entry into force of this Agreement |
Supplies for state, regional and local authorities and bodies governed by public law |
Supplies for state, regional and local authorities and bodies governed by public law |
Annexes XXI-B and XXI-C |
3. |
Approximation and implementation of basic elements of Directive 2014/25/EU and of Directive 92/13/EEC |
4 years after the entry into force of this Agreement |
Supplies for all contracting entities in the utilities sector |
Supplies for all contracting entities |
Annexes XXI-D and XXI-E |
4. |
Approximation and implementation of other elements of Directive 2014/24/EU. Approximation and implementation of Directive 2014/23/EU |
6 years after the entry into force of this Agreement |
Service and works contracts and concessions for all contracting authorities |
Service and works contracts and concessions for all contracting authorities |
Annexes XXI-F, XXI-G, and XXI-H |
5. |
Approximation and implementation of other elements of Directive 2014/25/EU |
8 years after the entry into force of this Agreement |
Service and works contracts for all contracting entities in the utilities sector |
Service and works contracts for all contracting entities in the utilities sector |
Annexes XXI-I and XXI-J |
ANNEX XXI-B TO CHAPTER 8
BASIC ELEMENTS OF DIRECTIVE 2014/24/EU
of 26 February 2014 on public procurement
(Phase 2)
TITLE I
Scope, definitions and general principles
CHAPTER I
Scope and definitions
Section 1 |
Subject-matter and definitions |
Article 1 |
Subject-matter and scope: paragraphs 1, 2, 5 and 6 |
Article 2 |
Definitions: paragraph 1, points (1), (4), (5), (6), (7), (8), (9), (10), (11), (12), (13), (18), (19), (20), (22), (23), (24) |
Article 3 |
Mixed procurement |
Section 2 |
Thresholds |
Article 4 |
Threshold amounts |
Article 5 |
Methods for calculating the estimated value of procurement |
Section 3 |
Exclusions |
Article 7 |
Contracts in the water, energy, transport and postal services sectors |
Article 8 |
Specific exclusions in the field of electronic communications |
Article 9 |
Public contracts awarded and design contests organised pursuant to international rules |
Article 10 |
Specific exclusions for service contracts |
Article 11 |
Service contracts awarded on the basis of an exclusive right |
Article 12 |
Public contracts between entities within the public sector |
Section 4 |
Specific situations |
Subsection 1 |
Subsidised contracts and research and development services |
Article 13 |
Contracts subsidised by contracting authorities |
Article 14 |
Research and development services |
Subsection 2 |
Procurement involving defence and security aspects |
Article 15 |
Defence and security |
Article 16 |
Mixed procurement involving defence or security aspects |
Article 17 |
Public contracts and design contests involving defence or security aspects which are awarded or organised pursuant to international rules |
CHAPTER II
General Rules
Article 18 |
Principles of procurement |
Article 19 |
Economic operators |
Article 21 |
Confidentiality |
Article 22 |
Rules applicable to communication: paragraphs 2-6 |
Article 23 |
Nomenclatures |
Article 24 |
Conflicts of interest |
TITLE II
Rules on public contracts
CHAPTER I
Procedures
Article 26 |
Choice of procedures: paragraphs 1, 2, first alternative of paragraph 4, 5, 6 |
Article 27 |
Open procedure |
Article 28 |
Restricted procedure |
Article 29 |
Competitive procedure with negotiation |
Article 32 |
Use of the negotiated procedure without prior publication |
CHAPTER III
Conduct of the procedure
Section 1 |
Preparation |
Article 40 |
Preliminary market consultations |
Article 41 |
Prior involvement of candidates or tenderers |
Article 42 |
Technical specifications |
Article 43 |
Labels |
Article 44 |
Test reports, certification and other means of proof: paragraphs 1, 2 |
Article 45 |
Variants |
Article 46 |
Division of contracts into lots |
Article 47 |
Setting time limits |
Section 2 |
Publication and transparency |
Article 48 |
Prior information notices |
Article 49 |
Contract notices |
Article 50 |
Contract award notices: paragraphs 1 and 4 |
Article 51 |
Form and manner of publication of notices: first subparagraph of paragraph 1, first subparagraph of paragraph 5 |
Article 53 |
Electronic availability of procurement documents |
Article 54 |
Invitations to candidates |
Article 55 |
Informing candidates and tenderers |
Section 3 |
Choice of participants and award of contracts |
Article 56 |
General principles |
Subsection 1 |
Criteria for qualitative selection |
Article 57 |
Exclusion grounds |
Article 58 |
Selection criteria |
Article 59 |
European Single Procurement Document: paragraph 1 mutatis mutandis, paragraph 4 |
Article 60 |
Means of proof |
Article 62 |
Quality assurance standards and environmental management standards: paragraphs 1 and 2 |
Article 63 |
Reliance on the capacities of other entities |
Subsection 2 |
Reduction of numbers of candidates, tenders and solutions |
Article 65 |
Reduction of the number of otherwise qualified candidates to be invited to participate |
Article 66 |
Reduction of the number of tenders and solutions |
Subsection 3 |
Award of the contract |
Article 67 |
Contract award criteria |
Article 68 |
Life-cycle costing: paragraphs 1 and 2 |
Article 69 |
Abnormally low tenders: paragraphs 1 to 4 |
CHAPTER IV
Contract performance
Article 70 |
Conditions for performance of contracts |
Article 71 |
Subcontracting |
Article 72 |
Modification of contracts during their term |
Article 73 |
Termination of contracts |
TITLE III
Particular procurement regimes
CHAPTER I
Social and other specific services
Article 74 |
Award of contracts for social and other specific services |
Article 75 |
Publication of notices |
Article 76 |
Principles of awarding contracts |
ANNEXES
ANNEX II |
LIST OF THE ACTIVITIES REFFERED TO IN POINT 6(a) OF ARTICLE 2(1) |
ANNEX III |
LIST OF PRODUCTS REFFERED TO IN ARTICLE 4(b) WITH REGARD TO CONTRACTS AWARDED CONTRACTING AUTHORITIES IN THE FIELD OF DEFENCE |
ANNEX IV |
REQUIREMENTS RELATING TO TOOLS AND DEVICES FOR THE ELECTRONIC RECEIPT OF TENDERS, REQUESTS FOR PARTICIPATION AS WELL AS PLANS AND PROJECTS IN CONTESTS |
ANNEX V |
INFORMATION TO BE INCLUDED IN NOTICES |
Part A: |
INFORMATION TO BE INCLUDED IN NOTICES OF THE PUBLICATION OF A PRIOR INFORMATION NOTICE ON A BUYER PROFILE |
Part B: |
INFORMATION TO BE INCLUDED IN PRIOR INFORMATION NOTICES (as referred to in Article 48) |
Part C: |
INFORMATION TO BE INCLUDED IN CONTRACT NOTICES (as referred to in Article 49) |
Part D: |
INFORMATION TO BE INCLUDED IN CONTRACT AWARD NOTICES (as referred to in Article 50) |
Part G: |
INFORMATION TO BE INCLUDED IN NOTICES OF MODIFICATIONS OF A CONTRACT DURING ITS TERM (as referred to in Article 72(1)) |
Part H: |
INFORMATION TO BE INCLUDED IN CONTRACT NOTICES CONCERNING CONTRACTS FOR SOCIAL AND OTHER SPECIFIC SERVICES (as referred to in Article 75(1)) |
Part I: |
INFORMATION TO BE INCLUDED IN PRIOR INFORMATION NOTICES FOR SOCIAL AND OTHER SPECIFIC SERVICES (as referred to in Article 75(1)) |
Part J: |
INFORMATION TO BE INCLUDED IN CONTRACT AWARD NOTICES CONCERNING CONTRACTS FOR SOCIAL AND OTHER SPECIFIC SERVICES (as referred to in Article 75(2)) |
ANNEX VII |
DEFINITION OF CERTAIN TECHNICAL SPECIFICATIONS |
ANNEX IX |
CONTENTS OF THE INVITATIONS TO SUBMIT A TENDER, TO PARTICIPATE IN THE DIALOGUE OR TO CONFIRM INTEREST PROVIDED FOR UNDER ARTICLE 54 |
ANNEX X |
LIST OF INTERNATIONAL SOCIAL AND ENVIRONMENTAL CONVENTIONS REFERRED TO IN ARTICLE 18(2) |
ANNEX XII |
MEANS OF PROOF OF SELECTION CRITERIA |
ANNEX XIV |
SERVICES REFFERED TO IN ARTICLE 74 |
ANNEX XXI-C TO CHAPTER 8
BASIC ELEMENTS OF DIRECTIVE 89/665/EEC
of 21 December 1989 on the coordination of the laws, regulations and administrative provisions relating to the application of review procedures to the award of public supply and public works contracts (Directive 89/665/EEC)
as amended by Directive 2007/66/EC of the European Parliament and of the Council of 11 December 2007 amending Council Directives 89/665/EEC and 92/13/EEC with regard to improving the effectiveness of review procedures concerning the award of public contracts (Directive 2007/66/EC) and by Directive 2014/23/EU of the European Parliament and of the Council of 26 February 2014 on the award of concession contracts (Directive 2014/23/EU)
(Phase 2)
Article 1 |
Scope and availability of review procedures |
Article 2 |
Requirements for review procedures |
Article 2a |
Standstill period |
Article 2b |
Derogations from the standstill period Point (b) of the first paragraph of Article 2b |
Article 2c |
Time limits for applying for review |
Article 2d |
Ineffectiveness Paragraph 1(b) Paragraphs 2 and 3 |
Article 2e |
Infringements of this Directive and alternative penalties |
Article 2f |
Time limits |
ANNEX XXI-D TO CHAPTER 8
BASIC ELEMENTS OF DIRECTIVE 2014/25/EU
of 26 February 2014 on procurement by entities operating in the water, energy, transport and postal services sectors
(Phase 3)
TITLE I
Scope, definitions and general principles
CHAPTER I
Subject-matter and definitions
Article 1 |
Subject-matter and scope: paragraphs 1, 2, 5 and 6 |
Article 2 |
Definitions: points 1 to 9, 13 to 16 and 18 to 20 |
Article 3 |
Contracting authorities (paragraphs 1 and 4) |
Article 4 |
Contracting entities: paragraphs 1 to 3 |
Article 5 |
Mixed procurement covering the same activity |
Article 6 |
Procurement covering several activities |
CHAPTER II
Activities
Article 7 |
Common provisions |
Article 8 |
Gas and heat |
Article 9 |
Electricity |
Article 10 |
Water |
Article 11 |
Transport services |
Article 12 |
Ports and airports |
Article 13 |
Postal services |
Article 14 |
Extraction of oil and gas and exploration for, or extraction of, coal or other solid fuels |
CHAPTER III
Material scope
Section 1 |
Thresholds |
Article 15 |
Threshold amounts |
Article 16 |
Methods for calculating the estimated value of procurement: paragraphs 1 to 4 and 7 to 14 |
Section 2 |
Excluded contracts and design contests: Special provisions for procurement involving defence and security aspects |
Subsection 1 |
Exclusions applicable to all contracting entities and special exclusions for the water and energy sector |
Article 18 |
Contracts awarded for purposes of resale or lease to third parties: paragraph 1 |
Article 19 |
Contracts and design contests awarded or organised for purposes other than the pursuit of a covered activity or for the pursuit of such an activity in a third country: paragraph 1 |
Article 20 |
Contracts awarded and design contests organised pursuant to international rules |
Article 21 |
Specific exclusions for service contracts |
Article 22 |
Service contracts awarded on the basis of an exclusive right |
Article 23 |
Contracts awarded by certain contracting entities for the purchase of water and for the supply of energy or of fuels for the production of energy |
Subsection 2 |
Procurement involving defence and security aspects |
Article 24 |
Defence and security |
Article 25 |
Mixed procurement covering the same activity and involving defence or security aspects |
Article 26 |
Procurement covering several activities and involving defence or security aspects |
Article 27 |
Contracts and design contests involving defence or security aspects which are awarded or organised pursuant to international rules |
Subsection 3 |
Special relations (cooperation, affiliated undertakings and joint ventures) |
Article 28 |
Contracts between contracting authorities |
Article 29 |
Contracts awarded to an affiliated undertaking |
Article 30 |
Contracts awarded to a joint venture or to a contracting entity forming part of a joint venture |
Subsection 4 |
Specific situations |
Article 32 |
Research and development services |
CHAPTER IV
General principles
Article 36 |
Principles of procurement |
Article 37 |
Economic operators |
Article 39 |
Confidentiality |
Article 40 |
Rules applicable to communication |
Article 41 |
Nomenclatures |
Article 42 |
Conflicts of interest |
TITLE II
Rules applicable to contracts
CHAPTER I
Procedures
Article 44 |
Choice of procedures: paragraphs 1, 2 and 4 |
Article 45 |
Open procedure |
Article 46 |
Restricted procedure |
Article 47 |
Negotiated procedure with prior call for competition |
Article 50 |
Use of the negotiated procedure without prior call for competition: points (a) to (i) |
CHAPTER III
Conduct of the procedure
Section 1 |
Preparation |
Article 58 |
Preliminary market consultations |
Article 59 |
Prior involvement of candidates or tenderers |
Article 60 |
Technical specifications |
Article 61 |
Labels |
Article 62 |
Test reports, certification and other means of proof |
Article 63 |
Communication of technical specifications |
Article 64 |
Variants |
Article 65 |
Division of contracts into lots |
Article 66 |
Setting time limits |
Section 2 |
Publication and transparency |
Article 67 |
Periodic indicative notices |
Article 68 |
Notices on the existence of a qualification system |
Article 69 |
Contract notices |
Article 70 |
Contract award notices: paragraphs 1, 3 and 4 |
Article 71 |
Form and manner of publication of notices: paragraph 1, first subparagraph of paragraph 5 |
Article 73 |
Electronic availability of procurement documents |
Article 74 |
Invitations to candidates |
Article 75 |
Informing applicants for qualification, candidates and tenderers |
Section 3 |
Choice of participants and award of contract |
Article 76 |
General principles |
Subsection 1 |
Qualification and qualitative selection |
Article 78 |
Criteria for qualitative selection |
Article 79 |
Reliance on the capacities of other entities: paragraph 2 |
Article 80 |
Use of exclusion grounds and selection criteria provided for under Directive 2014/24/EU |
Article 81 |
Quality assurance standards and environmental management standards: paragraphs 1 and 2 |
Subsection 2 |
Award of the contract |
Article 82 |
Contract award criteria |
Article 83 |
Life-cycle costing: paragraphs 1 and 2 |
Article 84 |
Abnormally low tenders: paragraphs 1 to 4 |
CHAPTER IV
Contract performance
Article 87 |
Conditions for performance of contracts |
Article 88 |
Subcontracting |
Article 89 |
Modification of contracts during their term |
Article 90 |
Termination of contracts |
TITLE III
Particular procurement regimes
CHAPTER I
Social and other specific services
Article 91 |
Award of contracts for social and other specific services |
Article 92 |
Publication of notices |
Article 93 |
Principles of awarding contracts |
ANNEXES
ANNEX I |
List of activities as set out in point (a) of point 2 of Article 2 |
ANNEX V |
Requirement relating to tools and devices for the electronic receipt of tenders, requests to participate, applications for qualification as well as plans and projects in contests |
ANNEX VI A |
Information to be included in the periodic indicative notice (as referred to in Article 67) |
ANNEX VI B |
Information to be included in notices of publication of a periodic indicative notice on a buyer profile not used as a means of calling for competition (as referred to in Article 67(1)) |
ANNEX VIII |
Definition of certain technical specifications |
ANNEX IX |
Features concerning publication |
ANNEX X |
Information to be included in the notice on the existence of a qualification system (as referred to in point (b) of Article 44(4) and in Article 68) |
ANNEX XI |
Information to be included in contract notices (as referred to in Article 69) |
ANNEX XII |
Information to be included in the contract award notice (as referred to in Article 70) |
ANNEX XIII |
Contents of the invitation to submit a tender, to participate in the dialogue, to negotiate or to confirm interest provided for under Article 74 |
ANNEX XIV |
List of International Social and Environmental Conventions referred to in Article 36(2) |
ANNEX XVI |
Information to be included in notices of modifications of a contract during its term (as referred to in Article 89(1)) |
ANNEX XVII |
Services referred to in Article 91 |
ANNEX XVIII |
Information to be included in notices concerning contracts for social and other specific services (as referred to in Article 92) |
ANNEX XXI-E TO CHAPTER 8
BASIC ELEMENTS OF COUNCIL DIRECTIVE 92/13/EEC
of 25 February 1992 coordinating the laws, regulations and administrative provisions relating to the application of Community rules on the procurement procedures of entities operating in the water, energy, transport and telecommunications sectors (Directive 92/13/EEC)
as amended by Directive 2007/66/EC and Directive 2014/23/EU
(Phase 3)
Article 1 |
Scope and availability of review procedures |
Article 2 |
Requirements for review procedures |
Article 2a |
Standstill period |
Article 2b |
Derogations from the standstill period Point (b) of the first paragraph of Article 2b |
Article 2c |
Time limits for applying for review |
Article 2d |
Ineffectiveness Paragraphs 1(b), 2 and 3 |
Article 2e |
Infringements of this Directive and alternative penalties |
Article 2f |
Time limits |
ANNEX XXI-F TO CHAPTER 8
I. OTHER NON-MANDATORY ELEMENTS OF DIRECTIVE 2014/24/EU(Phase 4)
The elements of Directive 2014/24/EU set out in this Annex are not mandatory but recommended for approximation. Ukraine may approximate these elements within the time-frame set in Annex XXI-B
TITLE I
Scope, definitions and general principles
CHAPTER I
Scope and definitions
Section 1 |
Subject-matter and definitions |
Article 2 |
Definitions (paragraph 1, points (14) and (16)) |
Article 20 |
Reserved contracts |
TITLE II
Rules on public contracts
CHAPTER II
Techniques and instruments for electronic and aggregated procurement
Article 37 |
Centralised purchasing activities and central purchasing bodies |
CHAPTER III
Conduct of the procedure
Section 3 |
Choice of participants and award of contracts |
Article 64 |
Official lists of approved economic operators and certification by bodies established under public or private law |
TITLE III
Particular procurement regimes
CHAPTER I
Article 77 |
Reserved contracts for certain services |
(Phase 4)
The elements of Directive 2014/23/EU set out in this Annex are not mandatory but recommended for approximation. Ukraine may approximate these elements within the time-frame set in Annex XXI-B
TITLE I
Subject matter, scope, principles and definitions
CHAPTER I
Scope, general principles and definitions
Section IV |
Specific situations |
Article 24 |
Reserved Concessions |
ANNEX XXI-G TO CHAPTER 8
I. OTHER MANDATORY ELEMENTS OF DIRECTIVE 2014/24/EU(Phase 4)
TITLE I
Scope, definitions and general principles
CHAPTER I
Scope and definitions
Section 1 |
Subject-matter and definitions |
Article 2 |
Definitions (paragraph 1, point (21)) |
Article 22 |
Rules applicable to communication: paragraph 1 |
TITLE II
Rules on public contracts
CHAPTER I
Procedures
Article 26 |
Choice of procedures: paragraph 3, second alternative of paragraph 4 |
Article 30 |
Competitive dialogue |
Article 31 |
Innovation Partnership |
CHAPTER II
Techniques and instruments for electronic and aggregated procurement
Article 33 |
Framework agreements |
Article 34 |
Dynamic purchasing systems |
Article 35 |
Electronic auctions |
Article 36 |
Electronic catalogues |
Article 38 |
Occasional joint procurement |
CHAPTER III
Conduct of the procedure
Section 2 |
Publication and Transparency |
Article 50 |
Contract award notices: paragraphs 2 and 3 |
TITLE III
Particular procurement regimes
CHAPTER II
Rules governing design contests
Article 78 |
Scope |
Article 79 |
Notices |
Article 80 |
Rules on the organisation of design contests and the selection of participants |
Article 81 |
Composition of the jury |
Article 82 |
Decisions of the jury |
ANNEXES
ANNEX V |
INFORMATION TO BE INCLUDED IN NOTICES |
Part E: |
INFORMATION TO BE INCLUDED IN DESIGN CONTEST NOTICES (as referred to in Article 79(1)) |
Part F: |
INFORMATION TO BE INCLUDED IN NOTICES OF THE RESULTS OF A CONTEST (as referred to in Article 79(2)) |
ANNEX VI |
INFORMATION TO BE INCLUDED IN THE PROCUREMENT DOCUMENTS RELATING TO ELECTRONIC AUCTIONS (ARTICLE 35(4)) |
(Phase 4)
TITLE I
Subject matter, scope, principles and definitions
CHAPTER I
Scope, general principles and definitions
Section I |
Subject-matter, scope, general principles, definitions and threshold |
Article 1 |
Subject-matter and scope: paragraphs 1, 2 and 4 |
Article 2 |
Principle of free administration by public authorities |
Article 3 |
Principle of equal treatment, non-discrimination and transparency |
Article 4 |
Freedom to define services of general economic interest |
Article 5 |
Definitions |
Article 6 |
Contracting authorities: paragraphs 1 and 4 |
Article 7 |
Contracting entities |
Article 8 |
Threshold and methods for calculating the estimated value of concessions |
Section II |
Exclusions |
Article 10 |
Exclusions applicable to concessions awarded by contracting authorities and contracting entities |
Article 11 |
Specific exclusions in the field of electronic communications |
Article 12 |
Specific exclusions in the field of water |
Article 13 |
Concessions awarded to an affiliated undertaking |
Article 14 |
Concessions awarded to a joint venture or to a contracting entity forming part of a joint venture |
Article 17 |
Concessions between entities within the public sector |
Section III |
General provisions |
Article 18 |
Duration of the concession |
Article 19 |
Social and other specific services |
Article 20 |
Mixed contracts |
Article 21 |
Mixed procurement contracts involving defence or security aspects |
Article 22 |
Contracts covering both activities referred to in Annex II and other activities |
Article 23 |
Concessions covering both activities referred to in Annex II and activities involving defence or security aspects |
Article 25 |
Research and development services |
CHAPTER II
Principles
Article 26 |
Economic operators |
Article 27 |
Nomenclatures |
Article 28 |
Confidentiality |
Article 29 |
Rules applicable to communication |
TITLE II
Rules on the award of concessions: General principles and procedural guarantees
CHAPTER I
General principles
Article 30 |
General principles: paragraphs 1, 2 and 3 |
Article 31 |
Concession notices |
Article 32 |
Concession award notices |
Article 33 |
Form and manner of publication of notices: first subparagraph of paragraph 1 |
Article 34 |
Electronic availability of concession documents |
Article 35 |
Combating corruption and preventing conflicts of interest |
CHAPTER II
Procedural guarantees
Article 36 |
Technical and functional requirements |
Article 37 |
Procedural guarantees |
Article 38 |
Selection of and qualitative assessment of candidates |
Article 39 |
Time limits for receipt of applications and tenders for the concession |
Article 40 |
Provision of information to candidates and tenderers |
Article 41 |
Award criteria |
TITLE III
Rules on performance of concessions
Article 42 |
Subcontracting |
Article 43 |
Modification of contracts during their term |
Article 44 |
Termination of concessions |
Article 45 |
Monitoring and Reporting |
ANNEXES
ANNEX I |
LIST OF THE ACTIVITIES REFERRED TO IN POINT (7) OF ARTICLE 5 |
ANNEX II |
ACTIVITIES EXERCISED BY CONTRACTING ENTITIES AS REFERRED TO IN ARTICLE 7 |
ANNEX III |
LIST OF LEGAL ACTS OF THE UNION REFERRED TO IN POINT (B) OF ARTICLE 7(2) |
ANNEX IV |
SERVICES REFERRED TO IN ARTICLE 19 |
ANNEX V |
INFORMATION TO BE INCLUDED IN CONCESSION NOTICES REFERRED TO IN ARTICLE 31 |
ANNEX VI |
INFORMATION TO BE INCLUDED IN PRIOR INFORMATION NOTICES CONCERNING CONCESSIONS FOR SOCIAL AND OTHER SPECIFIC SERVICES, AS REFERRED TO IN ARTICLE 31(3) |
ANNEX VII |
INFORMATION TO BE INCLUDED IN CONCESSION AWARD NOTICES, AS REFERRED TO IN ARTICLE 32 |
ANNEX VIII |
INFORMATION TO BE INCLUDED IN CONCESSION AWARD NOTICES CONCERNING CONCESSIONS FOR SOCIAL AND OTHER SPECIFIC SERVICES, AS REFERRED TO IN ARTICLE 32 |
ANNEX IX |
FEATURES CONCERNING PUBLICATION |
ANNEX X |
LIST OF INTERNATIONAL SOCIAL AND ENVIRONMENTAL CONVENTIONS REFERRED TO IN ARTICLE 30(3) |
ANNEX XI |
INFORMATION TO BE INCLUDED IN NOTICES OF MODIFICATIONS OF A CONCESSION DURING ITS TERM ACCORDING TO ARTICLE 43 |
ANNEX XXI-H TO CHAPTER 8
OTHER ELEMENTS OF DIRECTIVE 89/665/EEC
as amended by Directive 2007/66/EC and Directive 2014/23/EU
(Phase 4)
Article 2b |
Derogations from the standstill period Point (c) of the first paragraph of Article 2b |
Article 2d |
Ineffectiveness Point (c) of the first paragraph of Article 2d Paragraph 5 |
ANNEX XXI-I TO CHAPTER 8
(Phase 5)
I. OTHER MANDATORY ELEMENTS OF DIRECTIVE 2014/25/EU
TITLE I
Scope, definitions and general principles
CHAPTER I
Subject-matter and definitions
Article 2 |
Definitions: point 17 |
CHAPTER III
Material scope
Section 1 |
Thresholds |
Article 16 |
Methods for calculating the estimated value of procurement: paragraphs 5, 6 |
TITLE II
Rules applicable to contracts
CHAPTER I
Procedures
Article 44 |
Choice of procedures: paragraph 3 |
Article 48 |
Competitive dialogue |
Article 49 |
Innovation Partnership |
Article 50 |
Use of the negotiated procedure without prior call for competition: point (j) |
CHAPTER II
Techniques and instruments for electronic and aggregated procurement
Article 51 |
Framework agreements |
Article 52 |
Dynamic purchasing systems |
Article 53 |
Electronic auctions |
Article 54 |
Electronic catalogues |
Article 56 |
Occasional joint procurement |
CHAPTER III
Conduct of the procedure
Section 2 |
Publication and transparency |
Article 70 |
Contract award notices: paragraph 2 |
Section 3 |
Choice of participants and award of contract |
Subsection 1 |
Qualification and qualitative selection |
Article 77 |
Qualification systems |
Article 79 |
Reliance on the capacities of other entities: paragraph 1 |
TITLE III
Particular procurement regimes
CHAPTER II
Rules governing design contests
Article 95 |
Scope |
Article 96 |
Notices |
Article 97 |
Rules on the organisation of design contests, the selection of participants and the jury |
Article 98 |
Decision of the jury |
ANNEXES
ANNEX VII |
Information to be included in the procurement documents relating to electronic auctions (Article 53(4)) |
ANNEX XIX |
Information to be included in the design contest notice (as referred to in Article 96(1)) |
ANNEX XX |
Information to be included in the results of design contest notices (as referred to in Article 96(1)) |
II. OTHER NON-MANDATORY ELEMENTS OF DIRECTIVE 2014/25/EU
The further elements of Directive 2014/25/EU set out in this Annex are not mandatory but recommended for approximation. Ukraine may approximate these elements within the time-frame set in Annex XXI-B.
TITLE I
Scope, definitions and general principles
CHAPTER I
Subject-matter and definitions
Article 2 |
Definitions: points 10 to 12 |
CHAPTER IV
General principles
Article 38 |
Reserved contracts |
TITLE II
Rules applicable to contracts
CHAPTER I
Procedures
Article 55 |
Centralised purchasing activities and central purchasing bodies |
TITLE III
Particular procurement regimes
CHAPTER I
Social and other specific services
Article 94 |
Reserved contracts for certain services |
ANNEX XXI-J TO CHAPTER 8
OTHER ELEMENTS OF DIRECTIVE 92/13/EEC
as amended by Directive 2007/66/EC and Directive 2014/23/EU
(Phase 5)
Article 2b |
Derogations from the standstill period Point (c) of the first paragraph of Article 2b |
Article 2d |
Ineffectiveness Point (c) of paragraph 1 of Article 2d, Paragraph 5 |
ANNEX XXI-K TO CHAPTER 8
I. PROVISIONS OF DIRECTIVE 2014/24/EU OUTSIDE THE SCOPE OF APPROXIMATION
The elements of Directive 2014/24/EU listed in this Annex are not subject to the process of approximation.
TITLE I
Scope, definitions and general principles
CHAPTER I
Scope and definitions
Section 1 |
Subject-matter and definitions |
Article 1 |
Subject-matter and scope: paragraphs 3 and 4 |
Article 2 |
Definitions: paragraph 2 |
Section 2 |
Thresholds |
Article 6 |
Revision of the thresholds and of the list of central government authorities |
TITLE II
Rules on public contracts
CHAPTER I
Procedures
Article 25 |
Conditions relating to the GPA and other international agreements |
CHAPTER II
Techniques and instruments for electronic and aggregated procurement
Article 39 |
Procurement involving contracting authorities from different Member States |
CHAPTER III
Conduct of the procedure
Section 1 |
Preparation |
Article 44 |
Test reports, certification and other means of proof: paragraph 3 |
Section 2 |
Publication and transparency |
Article 51 |
Form and manner of publication of notices: second subparagraph of paragraph 1, paragraphs 2, 3, 4, second subparagraph of paragraph 5, paragraph 6 |
Article 52 |
Publication at national level |
Section 3 |
Choice of participants and award of contracts |
Article 61 |
Online repository of certificates (e-Certis) |
Article 62 |
Quality assurance standards and environmental management standards: paragraph 3 |
Article 68 |
Life-cycle costing: paragraph 3 |
Article 69 |
Abnormally low tender: paragraph 5 |
TITLE IV
Governance
Article 83 |
Enforcement |
Article 84 |
Individual reports on procedures for the award of contracts |
Article 85 |
National reporting and statistical information |
Article 86 |
Administrative Cooperation |
TITLE V
Delegated powers, implementing powers and final provisions
Article 87 |
Exercise of the delegation of powers |
Article 88 |
Urgency procedure |
Article 89 |
Committee procedure |
Article 90 |
Transposition and transitional provisions |
Article 91 |
Repeals |
Article 92 |
Review |
Article 93 |
Entry into force |
Article 94 |
Addressees |
ANNEXES
ANNEX I |
CENTRAL GOVERNMENT AUTHORITIES |
ANNEX VIII |
FEATURES CONCERNING PUBLICATION |
ANNEX XI |
REGISTERS |
ANNEX XIII |
LIST OF EU LEGISLATION REFERRED TO IN ARTICLE 68(3) |
ANNEX XV |
CORRELATION TABLE |
II. PROVISIONS OF DIRECTIVE 2014/23/EU OUTSIDE THE SCOPE OF APPROXIMATION
The elements of Directive 2014/23/EU listed in this Annex are not subject to the process of approximation.
TITLE I
Subject matter, scope, principles and definitions
CHAPTER I
Scope, general principles and definitions
Section I |
Subject-matter, scope, general principles, definitions and threshold |
Article 1 |
Subject-matter and scope: paragraph 3 |
Article 6 |
Contracting authorities: paragraphs 2 and 3 |
Article 9 |
Revision of the threshold |
Section II |
Exclusions |
Article 15 |
Notification of information by contracting entities |
Article 16 |
Exclusion of activities which are directly exposed to competition |
TITLE II
Rules on the award of concessions: General principles and procedural guarantees
CHAPTER I
General principles
Article 30 |
General principles: paragraph 4 |
Article 33 |
Form and manner of publication of notices: second subparagraph of paragraph 1, paragraphs 2, 3 and 4 |
TITLE IV
Amendments to Directive 89/665/EEC and 92/13/EEC
Article 46 |
Amendments to Directive 89/665/EEC |
Article 47 |
Amendments to Directive 92/13/EEC |
TITLE V
Delegated powers, implementing powers and final provisions
Article 48 |
Exercise of the delegation |
Article 49 |
Urgency procedure |
Article 50 |
Committee procedure |
Article 51 |
Transposition |
Article 52 |
Transitional provisions |
Article 53 |
Monitoring and reporting |
Article 54 |
Entry into force |
Article 55 |
Addressees |
ANNEX XXI-L TO CHAPTER 8
PROVISIONS OF DIRECTIVE 2014/25/EU OUTSIDE THE SCOPE OF APPROXIMATION
The elements listed in this Annex are not subject to the process of approximation.
TITLE I
Scope, definitions and general principles
CHAPTER I
Subject-matter and definitions
Article 1 |
Subject matter and scope: paragraphs 3 and 4 |
Article 3 |
Contracting authorities: paragraphs 2 and 3 |
Article 4 |
Contracting entities: paragraph 4 |
CHAPTER III
Material scope
Section 1 |
Thresholds |
Article 17 |
Revision of the thresholds |
Section 2 |
Excluded contracts and design contests: Special provisions for procurement involving defence and security aspects |
Subsection 1 |
Exclusions applicable to all contracting entities and special exclusions for the water and energy sector |
Article 18 |
Contracts awarded for purposes of resale or lease to third parties: paragraph 2 |
Article 19 |
Contracts and design contests awarded or organised for purposes other than the pursuit of a covered activity or for the pursuit of such an activity in a third country: paragraph 2 |
Subsection 3 |
Special relations (cooperation, affiliated undertakings and joint ventures) |
Article 31 |
Notification of information |
Subsection 4 |
Specific situations |
Article 33 |
Contracts subject to special arrangements |
Subsection 5 |
Activities directly exposed to competition and procedural provisions relating thereto |
Article 34 |
Activities directly exposed to competition |
Article 35 |
Procedure for establishing whether Article 34 is applicable |
TITLE II
Rules applicable to contracts
CHAPTER I
Procedures
Article 43 |
Conditions relating to the GPA and other international agreements |
CHAPTER II
Techniques and instruments for electronic and aggregated procurement
Article 57 |
Procurement involving contracting entities from different Member States |
CHAPTER III
Conduct of the procedure
Section 2 |
Publication and transparency |
Article 71 |
Form and manner of publication of notices: paragraphs 2, 3, 4, second subparagraph of paragraph 5, paragraph 6 |
Article 72 |
Publication at national level |
Section 3 |
Choice of participants and award of contract |
Article 81 |
Quality assurance standards and environmental management standards: paragraph 3 |
Article 83 |
Life-cycle costing: paragraph 3 |
Section 4 |
Tenders comprising products originating in third countries and relations with those countries |
Article 85 |
Tenders comprising products originating in third countries |
Article 86 |
Relations with third countries as regards works, supplies and service contracts |
TITLE IV
Governance
Article 99 |
Enforcement |
Article 100 |
Individual reports on procedures for the award of contracts |
Article 101 |
National reporting and statistical information |
Article 102 |
Administrative cooperation |
TITLE V
Delegated powers, implementing powers and final provisions
Article 103 |
Exercise of the delegation |
Article 104 |
Urgency procedure |
Article 105 |
Committee procedure |
Article 106 |
Transposition and transitional provisions |
Article 107 |
Repeal |
Article 108 |
Review |
Article 109 |
Entry into force |
Article 110 |
Addressees |
ANNEXES
ANNEX II |
List of Union legal acts referred to in Article 4(3) |
ANNEX III |
List of Union legal acts referred to in Article 34(3) |
ANNEX IV |
Deadlines for the adoption of the implementing acts referred to in Article 35 |
ANNEX XV |
List of Union legal acts referred to in Article 83(3) |
ANNEX XXI-M TO CHAPTER 8
PROVISIONS OF DIRECTIVE 89/665/EEC AS AMENDED BY DIRECTIVE 2007/66/EC AND DIRECTIVE 2014/23/EU OUTSIDE THE SCOPE OF APPROXIMATION
The elements listed in this Annex are not subject to the process of approximation.
Article 2b |
Derogations from the standstill period Point (a) of the first paragraph of Article 2b |
Article 2d |
Ineffectiveness Point (a) of paragraph 1 of Article 2d, Paragraph 4 |
Article 3 |
Corrective Mechanisms |
Article 3a |
Content of the notice for voluntary ex ante transparency |
Article 3b |
Committee Procedure |
Article 4 |
Implementation |
Article 4a |
Review |
ANNEX XXI-N TO CHAPTER 8
PROVISIONS OF DIRECTIVE 92/13/EEC AS AMENDED BY DIRECTIVE 2007/66/EC AND DIRECTIVE 2014/23/EU OUTSIDE THE SCOPE OF APPROXIMATION
The elements listed in this Annex are not subject to the process of approximation.
Article 2b |
Derogations from the standstill period Point (a) of the first paragraph of Article 2b |
Article 2d |
Ineffectiveness Point (a) of paragraph 1 of Article 2d, Paragraph 4 |
Article 3a |
Content of the notice for voluntary ex ante transparency |
Article 3b |
Committee Procedure |
Article 8 |
Corrective Mechanisms |
Article 12 |
Implementation |
Article 12a |
Review |
ANNEX XXI-O TO CHAPTER 8
UKRAINE: INDICATIVE LIST OF ISSUES FOR COOPERATION
1. |
Training, in Ukraine and EU countries, of Ukrainian officials from government bodies engaged in public procurement; |
2. |
Training of suppliers interested participating in public procurement; |
3. |
Exchange of information and experience on best practice and regulatory rules in the sphere of public procurement; |
4. |
Enhancement of the functionality of the public procurement website and establishment of a system of public procurement monitoring; |
5. |
Consultations and methodological assistance from the EU Party in application of modern electronic technologies in the sphere of public procurement; |
6. |
Strengthening the bodies charged with guaranteeing a coherent policy in all areas related to public procurement and the independent and impartial consideration (review) of contracting authorities' decisions. (Cf. Article 150 paragraph 2 of this Agreement) |
ANNEX XXI-P TO CHAPTER 8
THRESHOLDS
1. |
The value thresholds mentioned in Article 149(3) of this Agreement shall be for both Parties:
|
2. |
The EUR thresholds quoted in paragraph 1 shall be adapted to reflect the thresholds applicable under the EU Directives at the moment of the entry into force of this Agreement. |
REGULATIONS
11.1.2017 |
EN |
Official Journal of the European Union |
L 6/36 |
COMMISSION IMPLEMENTING REGULATION (EU) 2017/44
of 10 January 2017
amending Council Regulation (EC) No 1210/2003 concerning certain specific restrictions on economic and financial relations with Iraq
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Council Regulation (EC) No 1210/2003 of 7 July 2003 concerning certain specific restrictions on economic and financial relations with Iraq and repealing Regulation (EC) No 2465/96 (1), and in particular Article 11(b) thereof,
Whereas:
(1) |
Annex III to Regulation (EC) No 1210/2003 lists public bodies, corporations and agencies and natural and legal persons, bodies and entities of the previous government of Iraq covered by the freezing of funds and economic resources that were located outside Iraq on the date of 22 May 2003 under that Regulation. |
(2) |
On 28 December 2016, the Sanctions Committee of the United Nations Security Council decided to remove 2 entries from the list of persons or entities to whom the freezing of funds and economic resources should apply. |
(3) |
Annex III to Regulation (EC) No 1210/2003 should therefore be amended accordingly, |
HAS ADOPTED THIS REGULATION:
Article 1
Annex III to Regulation (EC) No 1210/2003 is amended as set out in the Annex to this Regulation.
Article 2
This Regulation shall enter into force on the day following that of its publication in the Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, 10 January 2017.
For the Commission,
On behalf of the President,
Acting Head of the Service for Foreign Policy Instruments
ANNEX
In Annex III to Council Regulation (EC) No 1210/2003, the following entries are deleted:
‘78. |
MEDICAL CITY ESTABLISHMENT. Address: Baghdad, Iraq. |
115. |
STATE COMPANY FOR DRUGS AND MEDICAL APPLIANCES (alias (a) GENERAL ESTABLISHMENT FOR DRUGS & MEDICAL APPLICANCES, (b) KIMADIA), Address: Mansour City, P.O. Box 6138, Baghdad, Iraq.’ |
11.1.2017 |
EN |
Official Journal of the European Union |
L 6/38 |
COMMISSION IMPLEMENTING REGULATION (EU) 2017/45
of 10 January 2017
establishing the standard import values for determining the entry price of certain fruit and vegetables
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) No 1308/2013 of the European Parliament and of the Council of 17 December 2013 establishing a common organisation of the markets in agricultural products and repealing Council Regulations (EEC) No 922/72, (EEC) No 234/79, (EC) No 1037/2001 and (EC) No 1234/2007 (1),
Having regard to Commission Implementing Regulation (EU) No 543/2011 of 7 June 2011 laying down detailed rules for the application of Council Regulation (EC) No 1234/2007 in respect of the fruit and vegetables and processed fruit and vegetables sectors (2), and in particular Article 136(1) thereof,
Whereas:
(1) |
Implementing Regulation (EU) No 543/2011 lays down, pursuant to the outcome of the Uruguay Round multilateral trade negotiations, the criteria whereby the Commission fixes the standard values for imports from third countries, in respect of the products and periods stipulated in Annex XVI, Part A thereto. |
(2) |
The standard import value is calculated each working day, in accordance with Article 136(1) of Implementing Regulation (EU) No 543/2011, taking into account variable daily data. Therefore this Regulation should enter into force on the day of its publication in the Official Journal of the European Union, |
HAS ADOPTED THIS REGULATION:
Article 1
The standard import values referred to in Article 136 of Implementing Regulation (EU) No 543/2011 are fixed in the Annex to this Regulation.
Article 2
This Regulation shall enter into force on the day of its publication in the Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, 10 January 2017.
For the Commission,
On behalf of the President,
Jerzy PLEWA
Director-General
Directorate-General for Agriculture and Rural Development
ANNEX
Standard import values for determining the entry price of certain fruit and vegetables
(EUR/100 kg) |
||
CN code |
Third country code (1) |
Standard import value |
0702 00 00 |
IL |
261,0 |
MA |
110,4 |
|
SN |
204,0 |
|
TR |
102,4 |
|
ZZ |
169,5 |
|
0707 00 05 |
MA |
85,5 |
TR |
213,8 |
|
ZZ |
149,7 |
|
0709 91 00 |
EG |
144,1 |
ZZ |
144,1 |
|
0709 93 10 |
MA |
238,8 |
TR |
213,8 |
|
ZZ |
226,3 |
|
0805 10 20 |
EG |
42,5 |
IL |
126,4 |
|
MA |
55,6 |
|
TR |
71,5 |
|
ZZ |
74,0 |
|
0805 20 10 |
IL |
166,4 |
MA |
85,6 |
|
ZZ |
126,0 |
|
0805 20 30 , 0805 20 50 , 0805 20 70 , 0805 20 90 |
IL |
136,2 |
JM |
125,6 |
|
TR |
96,4 |
|
ZZ |
119,4 |
|
0805 50 10 |
TR |
71,8 |
ZZ |
71,8 |
|
0808 10 80 |
CN |
144,5 |
US |
105,5 |
|
ZZ |
125,0 |
|
0808 30 90 |
CL |
282,6 |
CN |
99,5 |
|
TR |
133,1 |
|
ZZ |
171,7 |
(1) Nomenclature of countries laid down by Commission Regulation (EU) No 1106/2012 of 27 November 2012 implementing Regulation (EC) No 471/2009 of the European Parliament and of the Council on Community statistics relating to external trade with non-member countries, as regards the update of the nomenclature of countries and territories (OJ L 328, 28.11.2012, p. 7). Code ‘ZZ’ stands for ‘of other origin’.
DECISIONS
11.1.2017 |
EN |
Official Journal of the European Union |
L 6/40 |
COMMISSION DECISION (EU, Euratom) 2017/46
of 10 January 2017
on the security of communication and information systems in the European Commission
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 249 thereof,
Having regard to the Treaty establishing the European Atomic Energy Community,
Whereas:
(1) |
The Commission's communication and information systems are an integral part of the functioning of the Commission and IT security incidents can have a serious impact on the Commission's operations as well as on third parties, including individuals, businesses and Member States. |
(2) |
There are many threats that can harm the confidentiality, integrity or availability of the Commission's communication and information systems and of the information processed therein. These threats include accidents, errors, deliberate attacks and natural events, and need to be recognised as operational risks. |
(3) |
Communication and information systems need to be provided with a level of protection commensurate with the likelihood, impact and nature of the risks to which they are exposed. |
(4) |
IT security in the Commission should ensure that the Commission's CISs protect the information they process and they function as they need to, when they need to, under the control of legitimate users. |
(5) |
The IT security policy of the Commission should be implemented in a manner which is consistent with the policies on security in the Commission. |
(6) |
The Security Directorate of the Directorate-General for Human Resources and Security has the general responsibility for security in the Commission under the authority and responsibility of the Member of the Commission responsible for security. |
(7) |
The Commission's approach should take into account EU policy initiatives and legislation on network and information security, industry standards and good practices, to comply with all relevant legislation and to allow interoperability and compatibility. |
(8) |
Appropriate measures should be developed and implemented by the Commission departments responsible for communication and information systems and IT security measures for protecting communication and information systems should be coordinated across the Commission to ensure efficiency and effectiveness. |
(9) |
Rules and procedures for access to information in the context of IT security, including IT security incident handling, should be proportionate to the threat to the Commission or its staff and compliant with the principles laid down in Regulation (EC) No 45/2001 of the European Parliament and of the Council (1), on the protection of individuals with regard to the processing of personal data by the Union institutions and bodies and on the free movement of such data and taking account of the principle of professional secrecy, as provided in Article 339 of the TFEU. |
(10) |
The policies and rules for communication and information systems processing EU classified information (EUCI), sensitive non-classified information, and unclassified information are to be fully in line with Commission Decisions (EU, Euratom) 2015/443 (2) and (EU, Euratom) 2015/444 (3). |
(11) |
There is a need for the Commission to review and update the provisions on the security of communication and information systems used by the Commission. |
(12) |
The Commission Decision C(2006) 3602 should therefore be repealed, |
HAS ADOPTED THIS DECISION:
CHAPTER 1
GENERAL PROVISIONS
Article 1
Subject matter and scope
1. This decision applies to all communication and information systems (CISs) which are owned, procured, managed or operated by or on behalf of the Commission and all usage of those CISs by the Commission.
2. This decision sets out the basic principles, objectives, organisation and responsibilities regarding the security of those CISs, and in particular for Commission departments owning, procuring, managing or operating CISs and including CISs provided by an internal IT service provider. When a CIS is provided, owned, managed or operated by an external party on the basis of a bilateral agreement or contract with the Commission, the terms of the agreement or contract shall comply with this decision.
3. This decision applies to all Commission departments and Executive Agencies. When a Commission CIS is used by other bodies and institutions on the basis of a bilateral agreement with the Commission, the terms of the agreement shall comply with this decision.
4. Notwithstanding any specific indications concerning particular groups of staff, this decision shall apply to the Members of the Commission, to Commission staff falling under the scope of the Staff Regulations of Officials of the European Union (the ‘Staff Regulations’) and the Conditions of Employment of Other Servants of the Union (the ‘CEOS’) (4), to national experts seconded to the Commission (‘SNEs’) (5), to external service providers and their staff, to trainees and to any individual with access to CIS in the scope of this decision.
5. This Decision shall apply to the European Anti-Fraud Office (OLAF) in so far as this is compatible with Union legislation and Commission Decision 1999/352/EC, ECSC, Euratom (6). In particular, measures provided for in this Decision, including instructions, inspections, inquiries and equivalent measures, may not apply to the CIS of the Office where this is not compatible with the independence of the Office's investigative function and/or the confidentiality of information obtained by the Office in the exercise of this function.
Article 2
Definitions
For the purposes of this Decision the following definitions shall apply:
(1) |
‘Accountable’ means to be answerable for actions, decisions and performance. |
(2) |
‘CERT-EU’ is the Computer Emergency Response Team for the EU institutions and agencies. Its mission is to support the European Institutions to protect themselves against intentional and malicious attacks that would hamper the integrity of their IT assets and harm the interests of the EU. The scope of CERT-EU's activities covers prevention, detection, response and recovery. |
(3) |
‘Commission department’ means any Commission Directorate-General or service, or any Cabinet of a Member of the Commission. |
(4) |
‘Commission Security Authority’ refers to the role laid down in Decision (EU, Euratom) 2015/444. |
(5) |
‘Communication and information system’ or ‘CIS’ means any system enabling the handling of information in electronic form, including all assets required for its operation, as well as infrastructure, organisation, personnel and information resources. This definition includes business applications, shared IT services, outsourced systems, and end-user devices. |
(6) |
‘Corporate Management Board’ (CMB) provides the highest level of corporate management oversight for operational and administrative issues in the Commission. |
(7) |
‘Data owner’ means the individual responsible for ensuring the protection and use of a specific data set handled by a CIS. |
(8) |
‘Data set’ means a set of information which serves a specific business process or activity of the Commission. |
(9) |
‘Emergency procedure’ means a predefined set of methods and responsibilities for responding to urgent situations in order to prevent a major impact on the Commission. |
(10) |
‘Information security policy’ means a set of information security objectives, which are or have to be established, implemented and checked. It comprises, but is not limited to, Decisions (EU, Euratom) 2015/444 and (EU, Euratom) 2015/443. |
(11) |
‘Information Security Steering Board’ (ISSB) means the governance body that supports the Corporate Management Board in its IT-security-related tasks. |
(12) |
‘Internal IT service provider’ means a Commission department providing shared IT services. |
(13) |
‘IT security’ or ‘security of CIS’ means the preservation of confidentiality, integrity and availability of CISs and the data sets that they process. |
(14) |
‘IT security guidelines’ consist of recommended but voluntary measures that help support IT security standards or serve as a reference when no applicable standard is in place. |
(15) |
‘IT security incident’ means an event that could adversely affect the confidentiality, integrity or availability of a CIS. |
(16) |
‘IT security measure’ means a technical or organisational measure aimed at mitigating IT security risks, |
(17) |
‘IT security need’ means a precise and unambiguous definition of the levels of confidentiality, integrity and availability associated with a piece of information or an IT system with a view to determining the level of protection required. |
(18) |
‘IT security objective’ means a statement of intent to counter specified threats and/or satisfy specified organisational security requirements or assumptions. |
(19) |
‘IT security plan’ means the documentation of the IT security measures required to meet the IT security needs of a CIS. |
(20) |
‘IT security policy’ means a set of IT security objectives, which are or have to be established, implemented and checked. It comprises this decision and its implementing rules. |
(21) |
‘IT security requirement’ means a formalised IT security need through a predefined process. |
(22) |
‘IT security risk’ means an effect that an IT security threat might induce on a CIS by exploiting a vulnerability. As such, an IT security risk is characterised by two factors: (1) uncertainty, i.e. the likelihood of an IT security threat to cause an unwanted event; and (2) impact, i.e. the consequences that such an unwanted event may have on a CIS. |
(23) |
‘IT security standards’ means specific mandatory IT security measures that help enforce and support the IT security policy. |
(24) |
‘IT security strategy’ means a set of projects and activities which are designed to achieve the objectives of the Commission and which have to be established, implemented and checked. |
(25) |
‘IT security threat’ means a factor that can potentially lead to an unwanted event which may result in harm to a CIS. Such threats may be accidental or deliberate and are characterised by threatening elements, potential targets and attack methods. |
(26) |
‘Local Informatics Security Officer’ or ‘LISO’ means the officer who is responsible for IT security liaison for a Commission department. |
(27) |
‘Personal data’, ‘processing of personal data’, ‘controller’ and ‘personal data filing system’ shall have the same meaning as in Regulation (EC) No 45/2001, and in particular Article 2 thereof. |
(28) |
‘Processing of information’ means all functions of a CIS with respect to data sets, including creation, modification, display, storage, transmission, deletion and archiving of information. Processing of information can be provided by a CIS as a set of functionalities to users and as IT services to other CIS. |
(29) |
‘Professional secrecy’ means the protection of business data information of the kind covered by the obligation of professional secrecy, in particular information about undertakings, their business relations or their cost components as laid down in Article 339 of the TFEU. |
(30) |
‘Responsible’ means having the obligation to act and take decisions to achieve required outcomes. |
(31) |
‘Security in the Commission’ means the security of persons, assets and information in the Commission, and in particular the physical integrity of persons and assets, the integrity, confidentiality and availability of information and communication and information systems, as well as the unobstructed functioning of Commission operations. |
(32) |
‘Shared IT service’ means the service a CIS provides to other CISs in the processing of information. |
(33) |
‘System owner’ is the individual responsible for the overall procurement, development, integration, modification, operation, maintenance, and retirement of a CIS. |
(34) |
‘User’ means any individual who uses functionality provided by a CIS, whether inside or outside the Commission. |
Article 3
Principles for IT security in the Commission
1. IT security in the Commission shall be based on the principles of legality, transparency, proportionality and accountability.
2. IT security issues shall be taken into account from the start of the development and implementation of Commission CISs. In order to do so, the Directorate-General for Informatics and the Directorate-General for Human Resources and Security shall be involved for their respective areas of responsibility.
3. Effective IT security shall ensure appropriate levels of:
(a) |
authenticity: the guarantee that information is genuine and from bona fide sources; |
(b) |
availability: the property of being accessible and usable upon request by an authorised entity; |
(c) |
confidentiality: the property that information is not disclosed to unauthorised individuals, entities or processes. |
(d) |
integrity: the property of safeguarding the accuracy and completeness of assets and information; |
(e) |
non-repudiation: the ability to prove an action or event has taken place, so that this event or action cannot subsequently be denied; |
(f) |
protection of personal data: the provision of appropriate safeguards in regard to personal data in full compliance with Regulation (EC) No 45/2001; |
(g) |
professional secrecy: the protection of information of the kind covered by the obligation of professional secrecy, in particular information about undertakings, their business relations or their cost components as laid down in Article 339 of the TFEU. |
4. IT security shall be based on a risk management process. This process shall aim at determining the levels of IT security risks and defining security measures to reduce such risks to an appropriate level and at a proportionate cost.
5. All CIS shall be identified, assigned to a system owner and recorded in an inventory.
6. The security requirements of all CIS shall be determined on the basis of their security needs and of the security needs of the information they process. CIS that provide services to other CIS may be designed to support specified levels of security needs.
7. IT security plans and IT security measures shall be proportionate to the security needs of the CIS.
The processes related to these principles and activities shall be further detailed in implementing rules.
CHAPTER 2
ORGANISATION AND RESPONSIBILITIES
Article 4
Corporate Management Board
The Corporate Management Board shall take the overall responsibility for the governance of IT security as a whole within the Commission.
Article 5
Information Security Steering Board (ISSB)
1. The ISSB shall be chaired by the Deputy Secretary-General responsible for IT security governance in the Commission. Its members shall represent business, technology and security interests across the Commission departments and include representatives of the Directorate-General for Informatics, the Directorate-General for Human Resources and Security, the Directorate-General for Budget, and, on a 2-year rotating basis, representatives of four other Commission departments involved where IT security is a major concern for their operations. Membership is at senior management level.
2. The ISSB shall support the Corporate Management Board in its IT-security-related tasks. The ISSB shall take the operational responsibility for the governance of IT security as a whole within the Commission.
3. The ISSB shall recommend the Commission's IT security policy for adoption by the Commission.
4. The ISSB shall review and report biannually to the Corporate Management Board on governance matters as well as on IT-security-related issues, including serious IT security incidents.
5. The ISSB shall monitor and review the overall implementation of this decision and report on it to the Corporate Management Board.
6. On the proposal of the Directorate-General for Informatics, the ISSB shall review, approve and monitor the implementation of the rolling IT security strategy. The ISSB shall report on it to the Corporate Management Board.
7. The ISSB shall monitor, evaluate and control the corporate information risk treatment landscape and shall have the power to issue formal requirements for improvements wherever necessary.
The processes related to these responsibilities and activities shall be further detailed in implementing rules.
Article 6
The Directorate-General for Human Resources and Security
In relation to IT security, the Directorate-General for Human Resources and Security has the following responsibilities. It shall:
(1) |
assure alignment between the IT security policy and the Commission's information security policy; |
(2) |
establish a framework for the authorisation of the use of encrypting technologies for the storage and communication of information by CISs; |
(3) |
inform the Directorate-General for Informatics about specific threats which could have a significant impact on the security of CISs and the data sets that they process; |
(4) |
perform IT security inspections to assess the compliance of the Commission's CISs with the security policy, and report the results to the ISSB; |
(5) |
establish a framework for the authorisation of access and the associated appropriate security rules to Commission CISs from external networks and develop the related IT security standards and guidelines in close cooperation with the Directorate-General for Informatics; |
(6) |
propose principles and rules for the outsourcing of CISs in order to maintain appropriate control of security of the information; |
(7) |
develop the related IT security standards and guidelines in relation to Article 6, in close cooperation with the Directorate-General for Informatics. |
The processes related to these responsibilities and activities shall be further detailed in implementing rules.
Article 7
The Directorate-General for Informatics
In relation to the overall IT security of the Commission, the Directorate-General for Informatics has the following responsibilities. It shall:
(1) |
develop IT security standards and guidelines, except as provided in Article 6, in close cooperation with the Directorate-General for Human Resources and Security, in order to assure consistency between the IT security policy and the Commission's information security policy, and propose them to the ISSB; |
(2) |
assess the IT security risk management methods, processes and outcomes of all Commission departments and report on this regularly to the ISSB; |
(3) |
propose a rolling IT security strategy for revision and approval by the ISSB and further adoption by the Corporate Management Board, and propose a programme, including the planning of projects and activities implementing the IT security strategy; |
(4) |
monitor the execution of the Commission's IT security strategy and report on this regularly to the ISSB; |
(5) |
monitor the IT security risks and IT security measures implemented in CISs and report on this regularly to the ISSB; |
(6) |
report regularly on the overall implementation and compliance with this decision to the ISSB; |
(7) |
after consulting with the Directorate-General for Human Resources and Security, request system owners to take specific IT security measures in order to mitigate IT security risks to Commission's CISs; |
(8) |
ensure that there is an adequate catalogue of the Directorate-General for Informatics IT security services available for the system owners and data owners to fulfil their responsibilities for IT security and to comply with the IT security policy and standards; |
(9) |
provide adequate documentation to system and data owners and consult with them, as appropriate, on the IT security measures implemented for their IT services in order to facilitate compliance with the IT security policy and support the system owners in IT risk management; |
(10) |
organise regular meetings of the LISOs network and supporting LISOs in carrying out their duties; |
(11) |
define the training needs and coordinate training programmes on IT security in cooperation with the Commission departments, and develop, implement and coordinate awareness-raising campaigns on IT security in close cooperation with the Directorate-General for Human Resources; |
(12) |
ensure that system owners, data owners and other roles with IT security responsibilities in Commission departments are made aware of the IT security policy; |
(13) |
inform the Directorate-General for Human Resources and Security on specific IT security threats, incidents and exceptions to the Commission's IT security policy notified by the system owners which could have a significant impact on security in the Commission; |
(14) |
in respect of its role as an internal IT service provider, deliver to the Commission a catalogue of shared IT services that provide defined levels of security. This shall be done by systematically assessing, managing and monitoring IT security risks to implement the security measures in order to reach the defined security level. |
The related processes and more detailed responsibilities shall be further defined in implementing rules.
Article 8
Commission departments
In relation to IT security in their department, each Head of Commission department shall:
(1) |
formally appoint a system owner, who is an official or a temporary agent, for each CIS who will be responsible for IT security of that CIS and formally appoint a data owner for each data set handled in a CIS who should belong to the same administrative entity which is the Data Controller for data sets subject to Regulation (EC) No 45/2001; |
(2) |
formally designate a Local Informatics Security Officer (LISO) who can perform the responsibilities independently from system owners and data owners. A LISO can be designated for one or more Commission departments |
(3) |
ensure that appropriate IT security risk assessments and IT security plans have been made and implemented |
(4) |
ensure that a summary of IT security risks and measures is reported on a regular basis to the Directorate-General for Informatics; |
(5) |
ensure, with the support of the Directorate-General for Informatics, that appropriate processes, procedures and solutions are in place to ensure efficient detection, reporting and resolution of IT security incidents relating to their CISs; |
(6) |
launch an emergency procedure in case of IT security emergencies; |
(7) |
hold ultimate accountability for IT security including the responsibilities of the system owner and data owner; |
(8) |
own the risks relating to their CISs and data sets; |
(9) |
resolve any disagreements between data owners and system owners and in case of continued disagreement bring the issue before the ISSB for resolution; |
(10) |
ensure that IT security plans and IT security measures are implemented and the risks are adequately covered. |
The processes related to these responsibilities and activities shall be further detailed in implementing rules.
Article 9
System owners
1. The system owner is responsible for the IT security of the CIS, and reports to the Head of the Commission department.
2. In relation to IT security, the system owner shall:
(a) |
ensure the compliance of the CIS with the IT security policy; |
(b) |
ensure that the CIS is accurately recorded in the relevant inventory; |
(c) |
assess IT security risks and determine the IT security needs for each CIS, in collaboration with the data owners and in consultation with the Directorate-General for Informatics; |
(d) |
prepare a security plan, including, where appropriate, details of the assessed risks and any additional security measures required; |
(e) |
implement appropriate IT security measures, proportionate to the IT security risks identified and follow recommendations endorsed by the ISSB; |
(f) |
identify any dependencies on other CISs or shared IT services and implement security measures as appropriate based on the security levels proposed by those CISs or shared IT services; |
(g) |
manage and monitor IT security risks; |
(h) |
report regularly to the head of the Commission department on the IT security risk profile of their CIS and report to the Directorate-General for Informatics on the related risks, risk management activities and security measures taken; |
(i) |
consult the LISO of the relevant Commission department(s) on aspects of IT Security; |
(j) |
issue instructions for users on the use of the CIS and associated data as well as on the responsibilities of users related to CIS; |
(k) |
request authorisation from the Directorate-General for Human Resources and Security, acting as the Crypto Authority, for any CIS that uses encrypting technology. |
(l) |
consult the Commission Security Authority in advance concerning any system processing EU classified information; |
(m) |
ensure that back-ups of any decryption keys are stored in an escrow account. The recovery of encrypted data shall be carried out only when authorised in accordance with the framework defined by the Directorate-General for Human Resources and Security; |
(n) |
respect any instructions from the relevant Data Controller(s) concerning the protection of personal data and the application of data protection rules on security of the processing; |
(o) |
notify the Directorate-General for Informatics of any exceptions to the Commission's IT security policy including relevant justifications; |
(p) |
report any unresolvable disagreements between the data owner and the system owner to the head of the Commission department, communicate IT security incidents to the relevant stakeholders in a timely manner as appropriate according to their severity as laid down in Article 15; |
(q) |
for outsourced systems, ensure that appropriate IT security provisions are included in the outsourcing contracts and that IT security incidents occurring in the outsourced CIS are reported in accordance with Article 15; |
(r) |
for CIS providing shared IT services, ensure that a defined security level is provided, clearly documented and security measures are implemented for that CIS in order to reach the defined security level. |
3. System owners may formally delegate some or all of their IT security tasks but they remain responsible for the IT security of their CIS
The processes related to these responsibilities and activities shall be further detailed in implementing rules.
Article 10
Data owners
1. The data owner is responsible for the IT security of a specific data set to the Head of the Commission department and is accountable for the confidentiality, integrity and availability of the data set.
2. In relation to this data set, the data owner shall:
(a) |
ensure that all data sets under his or her responsibility are appropriately classified in accordance with Decision (EU, Euratom) 2015/443 and (EU, Euratom) 2015/444; |
(b) |
define the information security needs and inform the relevant system owners of these needs; |
(c) |
participate in the CIS risk assessment; |
(d) |
report any unresolvable disagreements between the data owner and the system owner to the head of the Commission department; |
(e) |
communicate IT security incidents as provided for in Article 15. |
3. Data owners may formally delegate some or all of their IT security tasks but they maintain their responsibilities as defined in this Article.
The processes related to these responsibilities and activities shall be further detailed in implementing rules.
Article 11
Local Informatics Security Officers (LISOs)
In relation to IT security, the LISO shall:
(a) |
proactively identify and inform system owners, data owners and other roles with IT security responsibilities in Commission department(s) about the IT security policy; |
(b) |
liaise on IT-security-related issues in Commission department(s) with the Directorate-General for Informatics as part of the LISO network; |
(c) |
attend the regular LISO meetings; |
(d) |
maintain an overview of the information security risk management process and of the development and implementation of information system security plans; |
(e) |
advise data owners, system owners and heads of Commission departments on IT-security-related issues; |
(f) |
cooperate with the Directorate-General for Informatics in disseminating good IT security practices and propose specific awareness-raising and training programmes; |
(g) |
report on IT security, identify shortfalls and improvements to the Head of the Commission department(s). |
The processes related to these responsibilities and activities shall be further detailed in implementing rules.
Article 12
Users
1. In relation to IT security, users shall:
(a) |
comply with the IT security policy and the instructions issued by the system owner on the use of each CIS; |
(b) |
communicate IT security incidents as provided for in Article 15. |
2. Use of the Commission's CIS in breach of the IT security policy or instructions issued by the system owner may give rise to disciplinary proceedings.
The processes related to these responsibilities and activities shall be further detailed in implementing rules
CHAPTER 3
SECURITY REQUIREMENTS AND OBLIGATIONS
Article 13
Implementation of this Decision
1. The adoption of the implementing rules on Article 6, and of the related standards and guidelines, will be subject to an empowerment decision by the Commission in favour of the Member of the Commission responsible for security matters.
2. The adoption of all other implementing rules in relation to this decision, and of the related IT security standards and guidelines, will be subject to an empowerment decision by the Commission in favour of the Member of the Commission responsible for informatics.
3. The ISSB shall approve the implementing rules, standards and guidelines mentioned under paragraphs 1 and 2 above prior to their adoption.
Article 14
Obligation to comply
1. Compliance with the provisions outlined in the IT security policy and standards is mandatory.
2. Non-compliance with the IT security policy and standards may trigger liability to disciplinary action in accordance with the Treaties, the Staff Regulations and the CEOS, to contractual sanctions and/or to legal action under national laws and regulations.
3. The Directorate-General for Informatics shall be notified of any exceptions to the IT security policy.
4. In the event the ISSB decides there is a persistent unacceptable risk to a CIS of the Commission, the Directorate-General for Informatics in cooperation with the system owner shall propose mitigating measures to the ISSB for approval. These measures may, amongst others, include reinforced monitoring and reporting, service limitations and disconnection.
5. The ISSB shall impose the implementation of approved mitigating measures wherever necessary. The ISSB may also recommend to the Director-General of the Directorate-General for Human Resources and Security to open an administrative enquiry. The Directorate-General for Informatics shall report to the ISSB on every situation when mitigating measures are imposed.
The processes related to these responsibilities and activities shall be further detailed in implementing rules
Article 15
IT security incident handling
1. The Directorate-General for Informatics is responsible for providing the principal operational IT security incident response capability within the European Commission.
2. The Directorate-General for Human Resources and Security as contributing stakeholders to the IT security incident response shall:
(a) |
have the right to access summary information for all incident records and full records upon request; |
(b) |
participate in IT security incidents crisis management groups and IT security emergency procedures; |
(c) |
be in charge of relations with law enforcement and intelligence services; |
(d) |
perform forensic analysis regarding cyber-security in accordance with Article 11 of Decision (EU, Euratom) 2015/443; |
(e) |
decide on the need to launch a formal inquiry; |
(f) |
inform the Directorate-General for Informatics of any IT security incidents that may present a risk to other CISs. |
3. Regular communications shall take place between the Directorate-General for Informatics and the Directorate-General for Human Resources and Security to exchange information and coordinate the handling of security incidents, in particular any IT security incident that may require a formal inquiry.
4. The incident coordination services of Computer Emergency Response Team for the European institutions, bodies and agencies (‘CERT-EU’) may be used to support the incident handling process when appropriate and for knowledge sharing with other EU institutions and agencies that may be affected.
5. System owners involved in an IT security incident shall:
(a) |
immediately notify their Head of Commission Departments, the Directorate-General for Informatics, the Directorate-General for Human Resources, the LISO and, where appropriate, the data owner of any major IT security incidents, in particular those involving a breach of data confidentiality; |
(b) |
cooperate and follow the instructions of the relevant Commission authorities on incident communication, response and remediation. |
6. Users shall report all actual or suspected IT security incidents to the relevant IT helpdesk in a timely manner.
7. Data owners shall report all actual or suspected IT security incidents to the relevant IT security incident response team in a timely manner.
8. The Directorate-General for Informatics, with support from the other contributing stakeholders, is responsible for handling any IT security incident detected in relation to Commission CISs that are not outsourced systems.
9. The Directorate-General for Informatics shall inform affected Commission departments about IT security incidents, the relevant LISOs and, where appropriate, the CERT-EU on a need-to-know basis.
10. The Directorate-General for Informatics shall regularly report on major IT security incidents affecting the Commission's CIS to the ISSB.
11. The relevant LISO shall, upon request, have access to IT security incident records concerning the CIS of the Commission department.
12. In case of a major IT security incident, the Directorate-General for Informatics shall be the contact point for the management of the crisis situations by coordinating the IT security incidents crisis management groups.
13. In case of an emergency the Director-General of the Directorate-General for Informatics can decide to launch an IT security emergency procedure. The Directorate-General for Informatics shall develop emergency procedures to be approved by the ISSB.
14. The Directorate-General for Informatics shall report on the execution of emergency procedures to the ISSB and the heads of Commission departments affected.
The processes related to these responsibilities and activities shall be further detailed in implementing rules.
CHAPTER 4
FINAL PROVISIONS
Article 16
Transparency
This Decision shall be brought to the attention of Commission staff and to all individuals to whom it applies, and published in the Official Journal of the European Union.
Article 17
Relation to other acts
The provisions of this decision are without prejudice to Decision (EU, Euratom) 2015/443, Decision (EU, Euratom) 2015/444, Regulation (EC) No 45/2001, Regulation (EC) No 1049/2001 of the European Parliament and of the Council (7), Commission Decision 2002/47/EC, ECSC, Euratom (8), Regulation (EU, Euratom) No 883/2013 of the European Parliament and of the Council (9), Decision 1999/352/EC, ECSC, Euratom.
Article 18
Repeal and transitional measures
Decision C(2006) 3602 of 16 August 2006 is repealed.
The implementing rules and IT security standards adopted pursuant to Article 10 of Decision C(2006) 3602 shall remain in effect insofar as they do not conflict with this decision, until they are replaced by the implementing rules and standards to be adopted under Article 13 of this decision. Any reference to Article 10 of Decision C(2006)3602 shall be read as a reference to Article 13 of this decision.
Article 19
Entry into force
This decision shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
Done at Brussels, 10 January 2017.
For the Commission
The president
Jean-Claude JUNCKER
(1) Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (OJ L 8, 12.1.2001, p. 1).
(2) Commission Decision (EU, Euratom) 2015/443 of 13 March 2015 on Security in the Commission (OJ L 72, 17.3.2015, p. 41).
(3) Commission Decision (EU, Euratom) 2015/444 of 13 March 2015 on the security rules for protecting EU classified information (OJ L 72, 17.3.2015, p. 53).
(4) Laid down by Council Regulation (EEC, Euratom, ECSC) No 259/68 of 29 February 1968 laying down the Staff Regulations of Officials and the Conditions of Employment of Other Servants of the European Communities and instituting special measures temporarily applicable to officials of the Commission (Conditions of Employment of Other Servants) (OJ L 56, 4.3.1968, p. 1).
(5) Commission Decision of 12 November 2008 laying down rules on the secondment to the Commission of national experts and national experts in professional training (C(2008) 6866 final).
(6) Commission Decision 1999/352/EC, ECSC, Euratom of 28 April 1999 establishing the European Anti-fraud Office (OLAF) (OJ L 136, 31.5.1999, p. 20).
(7) Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ L 145, 31.5.2001, p. 43).
(8) Commission Decision 2002/47/EC, ECSC, Euratom of 23 January 2002 amending its Rules of Procedure (OJ L 21, 24.1.2002, p. 23).
(9) Regulation (EU, Euratom) No 883/2013 of the European Parliament and of the Council of 11 September 2013 concerning investigations conducted by the European Anti-Fraud Office (OLAF) and repealing Regulation (EC) No 1073/1999 of the European Parliament and of the Council and Council Regulation (Euratom) No 1074/1999 (OJ L 248, 18.9.2013, p. 1).