Legal provisions of COM(2013)40 - Amendment of Regulation (EU) No 912/2010 setting up the European GNSS Agency

Please note

This page contains a limited version of this dossier in the EU Monitor.

dossier COM(2013)40 - Amendment of Regulation (EU) No 912/2010 setting up the European GNSS Agency.
document COM(2013)40 EN
date April 16, 2014

Contents

Article 1

Regulation (EU) No 912/2010 is amended as follows:

(1)Articles 2 to 8 are replaced by the following:

‘Article 2

Tasks

The tasks of the Agency shall be as set out in Article 14 of Regulation (EU) No 1285/2013 of the European Parliament and of the Council (13).

Article 3 - Bodies

1. The bodies of the Agency shall be:

(a)the Administrative Board;

(b)the Executive Director;

(c)the Security Accreditation Board for European GNSS systems (the “Security Accreditation Board”).

2. The bodies of the Agency shall perform their tasks as specified in Articles 6, 8 and 11 respectively.

3. The Administrative Board and the Executive Director, Security Accreditation Board and its Chairperson, shall cooperate to ensure the operation of the Agency and the coordination of its bodies in accordance with the procedures determined by the Agency’s internal rules, such as the rules of procedure of the Administrative Board, the rules of procedure of the Security Accreditation Board, the financial rules applicable to the Agency, the implementing rules for the status of staff and the rules governing access to documents.

Article 4 - Legal status, local offices

1. The Agency shall be a body of the Union. It shall have legal personality.

2. In each of the Member States, the Agency shall enjoy the most extensive legal capacity accorded to legal persons under the law. It may, in particular, acquire or dispose of movable and immovable property and be a party to legal proceedings.

3. The Agency may decide to establish local offices in the Member States, subject to their consent, or in third countries participating in the work of the Agency, in accordance with Article 23.

4. The choice of the location of those offices shall be made on the basis of objective criteria defined to ensure the Agency’s smooth operation.

The provisions relating to the installation and operation of the Agency in the host Member States and host third countries and those relating to advantages accorded by them to the Executive Director, to members of the Administrative Board and the Security Accreditation Board and to Agency staff and members of their families are subject to specific arrangements made by the Agency with those Member States and countries. The specific arrangements shall be approved by the Administrative Board.

5. The host Member States and host third countries shall provide, through the specific arrangements referred to in paragraph 4, the necessary conditions for the smooth operation of the Agency.

6. Subject to point (f) of Article 11a(1), the Agency shall be represented by its Executive Director.

Article 5 - Administrative Board

1. An Administrative Board is hereby set up to perform the tasks listed in Article 6.

2. The Administrative Board shall be composed of:

(a)one representative appointed by each Member State;

(b)four representatives appointed by the Commission;

(c)one non-voting representative appointed by the European Parliament.

Members of the Administrative Board and of the Security Accreditation Board shall be appointed on the basis of their degree of relevant experience and expertise.

The term of office of the members of the Administrative Board shall be four years renewable once. The European Parliament, the Commission and the Member States shall endeavour to limit the turnover of their representatives on the Administrative Board.

The Chairperson or the Deputy Chairperson of the Security Accreditation Board, a representative of the High Representative of the Union for Foreign Affairs and Security Policy (the “HR”) and a representative of the European Space Agency (“ESA”) shall be invited to attend the meetings of the Administrative Board as observers, under the conditions laid down in the rules of procedure of the Administrative Board.

3. Where appropriate, the participation of representatives of third countries or international organisations and the conditions therefor shall be established in the agreements referred to in Article 23(1) and shall comply with the rules of procedure of the Administrative Board.

4. The Administrative Board shall elect a Chairperson and a Deputy Chairperson from among its members. The Deputy Chairperson shall automatically take the place of the Chairperson when the Chairperson is prevented from attending to his/her duties. The term of office of the Chairperson and of the Deputy Chairperson shall be two years, renewable once, and each term of office shall expire when that person ceases to be a member of the Administrative Board.

The Administrative Board shall have the power to dismiss the Chairperson, the Deputy Chairperson or both of them.

5. The meetings of the Administrative Board shall be convened by its Chairperson.

The Executive Director shall normally take part in the deliberations, unless the Chairperson decides otherwise.

The Administrative Board shall hold an ordinary meeting twice a year. In addition, it shall meet on the initiative of its Chairperson or at the request of at least one third of its members.

The Administrative Board may invite any person whose opinion may be of interest to attend its meetings as an observer. The members of the Administrative Board may, subject to its rules of procedure, be assisted by advisers or experts.

The secretariat of the Administrative Board shall be provided by the Agency.

6. Unless this Regulation provides otherwise, the Administrative Board shall take its decisions by an absolute majority of its voting members.

A majority of two-thirds of all voting members shall be required for the election and dismissal of the Chairperson and Deputy Chairperson of the Administrative Board as referred to in paragraph 4, and for the adoption of the budget and work programmes.

7. Each representative of the Member States and of the Commission shall have one vote. The Executive Director shall not vote. Decisions based on points (a) and (b) of Article 6(2) and Article 6(5), except for matters covered by Chapter III, shall not be adopted without a favourable vote of the representatives of the Commission.

The rules of procedure of the Administrative Board shall establish more detailed voting arrangements, in particular the conditions for a member to act on behalf of another member.

Article 6 - Tasks of the Administrative Board

1. The Administrative Board shall ensure that the Agency performs the work entrusted to it, under the conditions set out in this Regulation, and shall take any necessary decision to that end, without prejudice to the competences entrusted to the Security Accreditation Board for the activities under Chapter III.

2. The Administrative Board shall also:

(a)adopt, by 30 June of the first year of the multiannual financial framework provided for under Article 312 of the Treaty on the Functioning of the European Union, the multiannual work programme of the Agency for the period covered by that multiannual financial framework after incorporating, without any change, the section drafted by the Security Accreditation Board in accordance with point (a) of Article 11(4) and after having received the Commission’s opinion. The European Parliament shall be consulted on this multiannual work programme, provided that the purpose of the consultation is an exchange of views and the outcome is not binding on the Agency;

(b)adopt, by 15 November each year, the Agency’s work programme for the following year having incorporated, without any change, the section drafted by the Security Accreditation Board, in accordance with point (b) of Article 11(4) and after having received the Commission’s opinion;

(c)perform the budgetary functions laid down in Article 13(5), (6), (10) and (11) and Article 14(5);

(d)oversee the operation of the Galileo Security Monitoring Centre as referred to in point (a)(ii) of Article 14(1) of Regulation (EU) No 1285/2013;

(e)adopt arrangements to implement Regulation (EC) No 1049/2001 of the European Parliament and of the Council (14), in accordance with Article 21 of this Regulation;

(f)approve the arrangements referred to in Article 23(2), after consulting the Security Accreditation Board on those provisions of those arrangements concerning security accreditation;

(g)adopt technical procedures necessary to perform its tasks;

(h)adopt the annual report on the activities and prospects of the Agency, having incorporated without any change the section drafted by the Security Accreditation Board in accordance with point (c) of Article 11(4) and forward it, by 1 July, to the European Parliament, the Council, the Commission and the Court of Auditors;

(i)ensure adequate follow-up to the findings and recommendations stemming from the evaluations and audits referred to in Article 26, as well as those arising from the investigations conducted by the European Anti-Fraud Office (OLAF) and all internal or external audit reports, and forward to the budgetary authority all information relevant to the outcome of the evaluation procedures;

(j)be consulted by the Executive Director on the delegation agreements referred to in Article 14(2) of Regulation (EU) No 1285/2013 before they are signed;

(k)approve, on the basis of a proposal from the Executive Director, the working arrangements between the Agency and ESA referred to in Article 14(4) of Regulation (EU) No 1285/2013;

(l)approve, on the basis of a proposal from the Executive Director, an anti-fraud strategy;

(m)approve, where necessary and on the basis of proposals from the Executive Director, the Agency’s organisational structures.

(n)adopt and publish its rules of procedure.

3. With regard to the Agency’s staff, the Administrative Board shall exercise the powers conferred by the Staff Regulations of Officials of the European Union (15) (“Staff Regulations”) on the appointing authority and by the Conditions of Employment of Other Servants on the authority empowered to conclude employment contracts (“the powers of the appointing authority”).

The Administrative Board shall adopt, in accordance with the procedure provided for in Article 110 of the Staff Regulations, a decision based on Article 2(1) of the Staff Regulations and on Article 6 of the Conditions of Employment of Other Servants delegating the relevant powers of the appointing authority to the Executive Director and defining the conditions under which this delegation of powers can be suspended. The Executive Director shall report back to the Administrative Board on the exercise of those delegated powers. The Executive Director shall be authorised to sub-delegate those powers.

In application of the second subparagraph of this paragraph, where exceptional circumstances so require, the Administrative Board may, by way of a decision, temporarily suspend the delegation of the powers of the appointing authority to the Executive Director and those sub-delegated by the latter and exercise them itself or delegate them to one of its members or to a staff member other than the Executive Director.

However, by way of derogation from the second subparagraph, the Administrative Board shall be required to delegate to the Chairperson of the Security Accreditation Board the powers referred to in the first subparagraph with regard to the recruitment, assessment and reclassification of staff involved in the activities covered by Chapter III and the disciplinary measures to be taken with regard to such staff.

The Administrative Board shall adopt the implementing measures of the Staff Regulations and the Conditions of Employment of Other Servants in accordance with the procedure laid down in Article 110 of the Staff Regulations. It shall first consult the Security Accreditation Board and duly take into account its observations with regard to recruitment, assessment, reclassification of the staff involved in the activities under Chapter III and the relevant disciplinary measures to be taken.

It shall also adopt a decision laying down rules on the secondment of national experts to the Agency. Before adopting that decision, the Administrative Board shall consult the Security Accreditation Board with regard to the secondment of national experts involved in the security accreditation activities referred to in Chapter III and shall duly take account of its observations.

4. The Administrative Board shall appoint the Executive Director and may extend or end his/her term of office pursuant to Article 15b(3) and (4).

5. The Administrative Board shall exercise disciplinary authority over the Executive Director in relation to his/her performance, in particular as regards security matters falling within the competence of the Agency, except in respect of activities undertaken in accordance with Chapter III.

Article 7 - Executive Director

The Agency shall be managed by its Executive Director, who shall perform his/her duties under the supervision of the Administrative Board, without prejudice to the powers granted to the Security Accreditation Board and the Chairperson of the Security Accreditation Board in accordance with Articles 11 and 11a respectively.

Without prejudice to the powers of the Commission and the Administrative Board, the Executive Director shall be independent in the performance of his/her duties and shall neither seek nor take instructions from any government or from any other body.

Article 8 - Tasks of the Executive Director

The Executive Director shall perform the following tasks:

(a)representing the Agency, except in respect of activities and decisions undertaken in accordance with Chapters II and III and signing the delegation agreements referred to in Article 14(2)(of Regulation (EU) No 1285/2013, in accordance with point (j) of Article 6(2) of this Regulation;

(b)preparing the working arrangements between the Agency and ESA referred to in Article 14(4) of Regulation (EU) No 1285/2013 submitting them to the Administrative Board in accordance with point (k) of Article 6(2) of this Regulation and signing them after receiving the approval of the Administrative Board;

(c)preparing the work of the Administrative Board and participating, without having the right to vote, in the work of the Administrative Board, subject to the second subparagraph of Article 5(5);

(d)implementing the decisions of the Administrative Board;

(e)preparing the multiannual and the annual work programmes of the Agency and submitting them to the Administrative Board for approval, with the exception of the parts prepared and adopted by the Security Accreditation Board in accordance with points (a) and (b) of Article 11(4);

(f)implementing the multiannual and the annual work programmes, with the exception of the parts implemented by the Chairperson of the Security Accreditation Board in accordance with point (b) of Article 11a(1);

(g)preparing a progress report on the implementation of the annual work programme and, where relevant, of the multiannual work programme for each meeting of the Administrative Board, incorporating, without any change, the section prepared by the Chairperson of the Security Accreditation Board, in accordance with point (d) of Article 11a(1);

(h)preparing the annual report on the activities and prospects of the Agency with the exception of the section prepared and approved by the Security Accreditation Board in accordance with point (c) of Article 11(4) concerning the activities covered by Chapter III, and submitting it to the Administrative Board for approval;

(i)taking all necessary measures, including the adoption of internal administrative instructions and the publication of notices, to ensure the functioning of the Agency in accordance with this Regulation;

(j)drawing up a draft statement of the Agency’s estimated revenue and expenditure in accordance with Article 13, and implementing the budget in accordance with Article 14;

(k)ensuring that the Agency, as the operator of the Galileo Security Monitoring Centre, is able to respond to instructions provided under Council Joint Action 2004/552/CFSP (16) and to fulfil its role referred to in Article 6 of Decision No 1104/2011/EU of the European Parliament and of the Council (17);

(l)ensuring the circulation of all relevant information, in particular as regards security, between the bodies of the Agency referred to in Article 3(1) of this Regulation;

(m)communicating to the Commission the view of the Agency on the technical and operational specifications necessary to implement systems evolutions referred to in point (d) of Article 12(3) of Regulation (EU) No 1285/2013, including for the definition of acceptance and review procedures, and research activities in support of those evolutions;

(n)preparing, in close cooperation with the Chairperson of the Security Accreditation Board for matters relating to security accreditation activities covered by Chapter III of this Regulation, the organisational structures of the Agency and submitting them for approval to the Administrative Board;

(o)exercising, with regard to the Agency’s staff, the powers referred to in the first subparagraph of Article 6(3), to the extent that those powers shall be delegated to him/her in accordance with the second subparagraph thereof;

(p)adopting, after approval by the Administrative Board, the measures necessary to establish local offices in Member States or in third countries in accordance with Article 4(3);

(q)ensuring that the secretariat and all the resources necessary for its proper functioning are provided to the Security Accreditation Board, the bodies referred to in Article 11(11) and to the Chairperson of the Security Accreditation Board;

(r)preparing an action plan for ensuring the follow up of the findings and recommendations of the evaluations and audits referred to in Article 26, with the exception of the section of the action plan concerning the activities covered by Chapter III, and submitting, after having incorporated, without any change, the section drafted by the Security Accreditation Board, a twice-yearly progress report to the Commission, which shall also be submitted to the Administrative Board for information;

(s)taking the following measures to protect the financial interests of the Union:

(i)preventive measures against fraud, corruption or any other illegal activity and making use of effective supervisory measures;

(ii)recovering sums unduly paid where irregularities are detected and, where appropriate, applying effective, proportionate and dissuasive administrative and financial penalties;

(t)drawing up an anti-fraud strategy for the Agency that is proportionate to the risk of fraud, having regard to a cost-benefit analysis of the measures to be implemented and taking into account findings and recommendations arising from OLAF investigations and submitting it to the Administrative Board for approval.

(2)the following Article is inserted:

‘Article 8a

Work programmes and annual report

1. The multiannual work programme of the Agency, referred to in point (a) of Article 6(2) shall lay down the actions to be performed by the Agency during the period covered by the multiannual financial framework provided for in Article 312 of the Treaty on the Functioning of the European Union, including actions associated with international relations and the communication for which it is responsible. That programme shall set out overall strategic programming, including objectives, milestones, expected results and performance indicators, and resource programming, including the human and financial resources assigned to each activity. It shall take into account the evaluations and audits referred to in Article 26 of this Regulation. For information purposes, the multiannual work programme shall also include a description of the transfer of tasks entrusted to the Agency by the Commission, including the programme management tasks referred to in Article 14(2) of Regulation (EU) No 1285/2013.

2. The annual work programme referred to in point (b) of Article 6(2) of this Regulation shall be based on the multiannual work programme. It shall lay down the actions to be performed by the Agency during the year ahead, including actions associated with international relations and the communication for which it is responsible. The annual work programme shall comprise detailed objectives and expected results, including performance indicators. It shall clearly indicate which tasks have been added, changed or deleted in comparison to the previous financial year and changes in performance indicators and their targets values. The programme shall also set out the human and financial resources assigned to each activity. For information purposes, it shall include the tasks entrusted to the Agency by the Commission by means of a delegation agreement, as required, pursuant to Article 14(2) of Regulation (EU) No 1285/2013.

3. The Executive Director shall, following adoption by the Administrative Board, forward the multiannual and the annual work programmes to the European Parliament, the Council, the Commission and the Member States and shall publish an executive summary thereof.

4. The annual report referred to in Article 8(h) of this Regulation shall include information on:

(a)the implementation of the multiannual and the annual work programmes, including with regard to the performance indicators;

(b)the implementation of the budget and staff policy plan;

(c)the Agency’s management and internal control systems and on progress made in implementing the project management systems and techniques referred to in Article 11(e) of Regulation (EU) No 1285/2013;

(d)any measures to improve the Agency’s environmental performance;

(e)internal and external audit findings and the follow-up to the audit recommendations and to the discharge recommendation;

(f)the statement of assurance of the Executive Director.

An executive summary of the annual report shall be made public.’;

(3)in Article 9, paragraph 1 is replaced by the following:

‘1.   In accordance with Article 16 of Regulation (EU) No 1285/2013, whenever the security of the Union or of the Member States may be affected by the operation of the systems, the procedures set out in Joint Action 2004/552/CFSP shall apply.’;

(4)Articles 10 and 11 are replaced by the following:

‘Article 10

General principles

The security accreditation activities for European GNSS systems referred to in this Chapter shall be carried out in accordance with the following principles:

(a)security accreditation activities and decisions shall be undertaken in a context of collective responsibility for the security of the Union and of the Member States;

(b)efforts shall be made for decisions to be reached by consensus;

(c)security accreditation activities shall be carried out using a risk assessment and management approach, considering risks to the security of the European GNSS systems as well as the impact on cost or schedule of any measure to mitigate the risks, taking into account the objective not to lower the general level of security of the systems;

(d)security accreditation decisions shall be prepared and taken by professionals who are duly qualified in the field of accrediting complex systems, who have an appropriate level of security clearance, and who shall act objectively;

(e)efforts shall be made to consult all relevant parties with an interest in security issues;

(f)security accreditation activities shall be executed by all relevant stakeholders according to a security accreditation strategy without prejudice to the role of the European Commission defined in Regulation (EU) No 1285/2013;

(g)security accreditation decisions shall, following the process defined in the relevant security accreditation strategy, be based on local security accreditation decisions taken by the respective national security accreditation authorities of the Member States;

(h)a permanent, transparent and fully understandable monitoring process shall ensure that the security risks for European GNSS systems are known, that security measures are defined to reduce such risks to an acceptable level in view of the security needs of the Union and of its Member States and for the smooth running of the programmes and that those measures are applied in accordance with the concept of defence in depth. The effectiveness of such measures shall be continuously evaluated. The process relating to security risk assessment and management shall be conducted as an iterative process jointly by the stakeholders of the programmes;

(i)security accreditation decisions shall be taken in a strictly independent manner, including with regard to the Commission and other bodies responsible for the implementation of the programmes and for service provision, as well as with regard to the Executive Director and the Administrative Board of the Agency;

(j)security accreditation activities shall be carried out with due regard for the need for adequate coordination between the Commission and the authorities responsible for implementing security provisions;

(k)EU classified information shall be handled and protected by all stakeholders involved in the implementation of the programmes in accordance with the basic principles and minimum standards set out in the Council’s and the Commission’s respective security rules on the protection of EU classified information.

Article 11 - Security Accreditation Board

1. A Security Accreditation Board for European GNSS systems (the “Security Accreditation Board”) is hereby set up to perform the tasks set out in this Article.

2. The Security Accreditation Board shall perform its tasks without prejudice to the responsibility entrusted to the Commission by Regulation (EU) No 1285/2013, in particular for matters relating to security, and without prejudice to the competences of the Member States as regards security accreditation.

3. As security accreditation authority, the Security Accreditation Board shall, with regard to security accreditation for the European GNSS systems, be responsible for:

(a)defining and approving a security accreditation strategy setting out:

(i)the scope of the activities necessary to perform and maintain the accreditation of the European GNSS systems and their potential interconnection with other systems;

(ii)a security accreditation process for the European GNSS systems with a degree of detail commensurate with the required level of assurance and clearly stating the approval conditions; that process shall be performed in accordance with the relevant requirements, in particular those referred to in Article 13 of Regulation (EU) No 1285/2013;

(iii)the role of relevant stakeholders involved in the accreditation process;

(iv)an accreditation schedule compliant with the phases of the programmes, in particular as regards the deployment of infrastructure, service provision and evolution;

(v)the principles of the security accreditation for networks connected to the systems and PRS equipment connected to the system established under the Galileo programme to be performed by national entities of the Member States competent in security matters;

(b)taking security accreditation decisions, in particular on the approval of satellite launches, the authorisation to operate the systems in their different configurations and for the various services up to and including the signal in space, and the authorisation to operate the ground stations. As regards the networks and PRS equipment connected to the system established under the Galileo programme, the Security Accreditation Board shall take decisions only on the authorisation of bodies to develop and manufacture PRS receivers or PRS security modules, taking into account the advice provided by national entities competent in security matters and the overall security risks;

(c)examining and, except as regards documents which the Commission is to adopt under Article 13 of Regulation (EU) No 1285/2013 and Article 8 of Decision No 1104/2011/EU, approving all documentation relating to security accreditation;

(d)advising, within its field of competence, the Commission in the elaboration of draft texts for acts referred to in Article 13 of Regulation (EU) No 1285/2013 and Article 8 of Decision No 1104/2011/EU, including for the establishment of security operating procedures (SecOps), and providing a statement with its concluding position;

(e)examining and approving the security risk assessment developed in accordance with the monitoring process referred to in Article 10(h), taking into account compliance with the documents referred to in point (c) of this paragraph and those developed in accordance with Article 13 of Regulation (EU) No 1285/2013 and Article 8 of Decision No 1104/2011/EU; cooperating with the Commission to define risk mitigation measures;

(f)checking the implementation of security measures in relation to the security accreditation of the European GNSS systems by undertaking or sponsoring security assessments, inspections or reviews, in accordance with Article 12(b)of this Regulation;

(g)endorsing the selection of approved products and measures which protect against electronic eavesdropping (TEMPEST) and of approved cryptographic products used to provide security for the European GNSS systems;

(h)approving or, where relevant, participating in the joint approval of, together with the relevant entity competent in security matters, the interconnection of the European GNSS systems with other systems;

(i)agreeing with the relevant Member State the template for access control referred to in Article 12(c);

(j)on the basis of the risk reports referred to in paragraph 11 of this Article, informing the Commission of its risk assessment and providing advice to the Commission on residual risk treatment options for a given security accreditation decision;

(k)assisting, in close liaison with the Commission, the Council in the implementation of Joint Action 2004/552/CFSP upon a specific request of the Council;

(l)carrying out the consultations which are necessary to perform its tasks.

4. The Security Accreditation Board shall also:

(a)prepare and approve that part of the multiannual work programme referred to in Article 8a(1) concerning the operational activities covered by this Chapter and the financial and human resources needed to accomplish those activities, and submit it to the Administrative Board in good time so that it can be incorporated in the multiannual work programme;

(b)prepare and approve that part of the annual work programme referred to in Article 8a(2) concerning the operational activities covered by this Chapter and the financial and human resources needed to accomplish those activities, and submit it to the Administrative Board in good time so that it can be incorporated in the annual work programme;

(c)prepare and approve that part of the annual report referred to in point (h) of Article 6(2) concerning the Agency’s activities and prospects covered by this Chapter and the financial and human resources needed to accomplish those activities and prospects, and submit it to the Administrative Board in good time so that it can be incorporated in the annual report;

(d)adopt and publish its rules of procedure.

5. The Commission shall keep the Security Accreditation Board continuously informed of the impact of any decisions envisaged by the Security Accreditation Board on the proper conduct of the programmes and of the implementation of residual risk treatment plans. The Security Accreditation Board shall take note of any such opinion of the Commission.

6. The decisions of the Security Accreditation Board shall be addressed to the Commission.

7. The Security Accreditation Board shall be composed of one representative of each Member State, a representative of the Commission and a representative of the HR. The Member States, the Commission and the HR shall endeavour to limit the turnover of their respective representatives on the Security Accreditation Board. The term of office of the members of the Security Accreditation Board shall be four years and shall be renewable. A representative of ESA shall be invited to attend the meetings of the Security Accreditation Board as an observer. On an exceptional basis, representatives of third countries or international organisations may also be invited to attend meetings as observers for matters directly relating to those third countries or international organisations. Arrangements for such participation of representatives of third countries or international organisations and the conditions therefor shall be established in the agreements referred to in Article 23(1) and shall comply with the rules of procedure of the Security Accreditation Board.

8. The Security Accreditation Board shall elect a Chairperson and Deputy Chairperson from among its members by a two-thirds majority of all members with the right to vote. The Deputy Chairperson shall automatically take the place of the Chairperson when the Chairperson is prevented from attending to his/her duties.

The Security Accreditation Board shall have the power to dismiss the Chairperson, the Deputy Chairperson or both of them. It shall adopt the decision to dismiss by a two-thirds majority.

The term of office of the Chairperson and of the Deputy Chairperson of the Security Accreditation Board shall be two years renewable once. The term of office of either person shall end if he or she ceases to be a member of the Security Accreditation Board.

9. The Security Accreditation Board shall have access to all the human and material resources required to provide appropriate administrative support functions and to enable it, together with the bodies referred to in paragraph 11, to perform its tasks independently, in particular when handling files, initiating and monitoring the implementation of security procedures and performing system security audits, preparing decisions and organising its meetings. It shall also have access to any information needed for the performance of its tasks in the possession of the Agency, without prejudice to the principles of autonomy and independence referred to in Article 10(i).

10. The Security Accreditation Board and the Agency staff under its supervision shall perform their work in a manner ensuring autonomy and independence in relation to the other activities of the Agency, in particular operational activities associated with the exploitation of the systems, in accordance with the objectives of the programmes. To that end, an effective organisational division shall be established within the Agency between the staff involved in activities covered by this Chapter and the other staff of the Agency. The Security Accreditation Board shall immediately inform the Executive Director, the Administrative Board and the Commission of any circumstances that could hamper its autonomy or independence. In the event that no remedy is found within the Agency, the Commission shall examine the situation, in consultation with the relevant parties. On the basis of the outcome of that examination, the Commission shall take appropriate mitigation measures to be implemented by the Agency, and shall inform the European Parliament and the Council thereof.

11. The Security Accreditation Board shall set up special subordinate bodies, acting on its instructions, to deal with specific issues. In particular, while ensuring necessary continuity of work, it shall set up a panel to conduct security analysis reviews and tests to produce the relevant risk reports in order to assist it in preparing its decisions. The Security Accreditation Board may set up and disband expert groups to contribute to the work of the panel.

12. Without prejudice to the competence of the Member States and of the task of the Agency referred to in point (a)(i) of Article 14(1) of Regulation (EU) No 1285/2013, during the deployment phase of the Galileo programme, a group of experts of the Member States shall be set up under the supervision of the Security Accreditation Board to perform the tasks of the Crypto Distribution Authority (CDA) relating to the management of EU cryptographic material in particular for:

(i)the management of flights keys and other keys necessary for the functioning of the system established under the Galileo programme;

(ii)the verification of the establishment and the enforcement of procedures for accounting, secure handling, storage and distribution of PRS keys.

13. If consensus according to the general principles referred to in Article 10 of this Regulation cannot be reached, the Security Accreditation Board shall take decisions on the basis of majority voting, as provided for in Article 16 of the Treaty on European Union and without prejudice to Article 9 of this Regulation. The representative of the Commission and the representative of the HR shall not vote. The Chairperson of the Security Accreditation Board shall sign, on behalf of the Security Accreditation Board, the decisions adopted by the Security Accreditation Board.

14. The Commission shall keep the European Parliament and the Council informed, without undue delay, of the impact of the adoption of the security accreditation decisions on the proper conduct of the programmes. If the Commission considers that a decision taken by the Security Accreditation Board may have a significant effect on the proper conduct of the programmes, for example in terms of costs, schedule or performance, it shall immediately inform the European Parliament and the Council.

15. Taking into account the views of the European Parliament and of the Council, which should be expressed within one month, the Commission may adopt any adequate measures in accordance with Regulation (EU) No 1285/2013.

16. The Administrative Board shall be periodically kept informed of the evolution of the work of the Security Accreditation Board.

17. The timetable for the work of the Security Accreditation Board shall respect the annual work programme referred to in Article 27 of Regulation (EU) No 1285/2013.’;

(5)the following Article is inserted:

‘Article 11a

Tasks of the Chairperson of the Security Accreditation Board

1. The Chairperson of the Security Accreditation Board shall perform the following tasks:

(a)managing security accreditation activities under the supervision of the Security Accreditation Board;

(b)implementing the part of the Agency’s multiannual and annual work programmes covered by this Chapter under the supervision of the Security Accreditation Board;

(c)cooperating with the Executive Director to help to draw up the draft establishment plan referred to in Article 13(3) and the organisational structures of the Agency;

(d)preparing the section of the progress report referred to in Article 8(g) concerning the operational activities covered by this Chapter, and submitting it to the Security Accreditation Board and the Executive Director in good time so that it can be incorporated in the progress report;

(e)preparing the section of the annual report and of the action plan referred to in Article 8(h) and (r) respectively, concerning the operational activities covered by this Chapter, and submitting it to the Executive Director in good time;

(f)representing the Agency for the activities and decisions covered by this Chapter;

(g)exercising, with regard to the Agency’s staff involved in the activities concerned by this Chapter, the powers referred to in first subparagraph of Article 6(3), delegated to him/her in accordance with the fourth subparagraph of Article 6(3).

2. For activities covered by this Chapter, the European Parliament and the Council may call upon the Chairperson of the Security Accreditation Board for an exchange of views on the work and prospects of the Agency before those institutions, including with regard to the multiannual and the annual work programmes.’;

(6)in Article 12, point (b) is replaced by the following:

‘(b)permit duly authorised persons appointed by the Security Accreditation Board, in agreement with and under the supervision of national entities competent in security matters, to have access to any information and to any areas and/or sites related to the security of systems falling within their jurisdiction, in accordance with their national laws and regulations, and without any discrimination on ground of nationality of nationals of Member States, including for the purposes of security audits and tests as decided by the Security Accreditation Board and of the security risk monitoring process referred to in Article 10(h). These audits and tests shall be performed in accordance with the following principles:

(i)the importance of security and effective risk management within the entities inspected shall be emphasised;

(ii)countermeasures to mitigate the specific impact of loss of confidentiality, integrity or availability of classified information shall be recommended.’;

(7)Article 13 is amended as follows:

(a)paragraph 3 is replaced by the following:

‘3.   The Executive Director shall, in close collaboration with the Chairperson of the Security Accreditation Board for activities covered by Chapter III, draw up a draft estimate of expenditure and revenue of the Agency for the next financial year, making clear the distinction between those elements of the draft statement of estimates which relate to security accreditation activities and the other activities of the Agency. The Chairperson of the Security Accreditation Board may write a statement on that draft and the Executive Director shall forward both the draft estimate and the statement to the Administrative Board and the Security Accreditation Board, accompanied by a draft establishment plan.’;

(b)paragraphs 5 and 6 are replaced by the following:

‘5.   Each year, the Administrative Board, based on the draft estimate of expenditure and revenue and in close cooperation with the Security Accreditation Board for activities covered by Chapter III, shall draw up the estimate of the Agency’s revenue and expenditure for the next financial year.

6. The Administrative Board shall, by 31 March, forward the statement of estimates, which shall include a draft establishment plan together with the provisional annual work programme, to the Commission and to the third countries or international organisations with which the Union has concluded agreements in accordance with Article 23(1).’;

(8)in Article 14, paragraph 10 is replaced by the following:

‘10.   The European Parliament, upon a recommendation from the Council acting by a qualified majority, shall, before 30 April of the year N + 2, grant discharge to the Executive Director in respect of the implementation of the budget for year N, with the exception of the part of the budget implementation covering tasks which are, where appropriate, entrusted to the Agency under Article 14(2) of Regulation (EU) No 1285/2013 to which the procedure referred to in Articles 164 and 165 of Regulation (EU, Euratom) No 966/2012 of the European Parliament and of the Council shall apply (18).

(9)the following Chapter is inserted:

‘CHAPTER IVa

HUMAN RESOURCES

Article 15 - a Staff

1. The Staff Regulations of Officials of the European Union, the Conditions of Employment of Other Servants and the rules adopted jointly by the institutions of the Union for the purposes of the application of those Staff Regulations and Conditions of Employment shall apply to the staff employed by the Agency.

2. The staff of the Agency shall consist of servants recruited by the Agency as necessary to perform its tasks. They shall have security clearances appropriate to the classification of the information they are handling.

3. The Agency’s internal rules, such as the rules of procedure of the Administrative Board, the rules of procedure of the Security Accreditation Board, the financial rules applicable to the Agency, the rules for the application of the staff regulations and the rules for access to documents, shall ensure the autonomy and independence of staff performing the security accreditation activities vis-à-vis staff performing the other activities of the Agency, pursuant to Article 10(i).

Article 15 - b Appointment and Term of Office of the Executive Director

1. The Executive Director shall be recruited as a temporary member of staff of the Agency in accordance with Article 2(a) of the Conditions of Employment of Other Servants.

2. The Executive Director shall be appointed by the Administrative Board on the grounds of merit and documented administrative and managerial skills, as well as relevant competence and experience, from a list of candidates proposed by the Commission, after an open and transparent competition, following the publication of a call for expressions of interest in the Official Journal of the European Union or elsewhere.

The candidate selected by the Administrative Board may be invited at the earliest opportunity to make a statement before the European Parliament and to answer questions from its Members.

The Chairperson of the Administrative Board shall represent the Agency for the purpose of concluding the Executive Director’s contract.

The Administrative Board shall take its decision to appoint the Executive Director by a two-thirds majority of its members.

3. The term of office of the Executive Director shall be five years. At the end of that term of office, the Commission shall carry out an assessment of the Executive Director’s performance taking into account the future tasks and challenges of the Agency.

On the basis of a proposal from the Commission, taking into account the assessment referred to in the first subparagraph, the Administrative Board may extend the term of office of the Executive Director once for a period of up to four years.

Any decision to extend the term of office of the Executive Director shall be adopted by a two-thirds majority of members of the Administrative Board.

An Executive Director whose term of office has been extended may not thereafter take part in a selection procedure for the same post.

The Administrative Board shall inform the European Parliament of its intention to extend the Executive Director’s term of office. Before the extension, the Executive Director may be invited to make a statement before the relevant committees of the European Parliament and answer Members’ questions.

4. The Administrative Board may dismiss the Executive Director, on the basis of a proposal of the Commission or of one third of its members, by means of a decision adopted by a two-thirds majority of its members.

5. The European Parliament and the Council may call upon the Executive Director for an exchange of views on the work and prospects of the Agency before those institutions, including with regard to the multiannual and the annual work programme. That exchange of views shall not touch upon matters relating to the security accreditation activities covered by Chapter III.

Article 15 - c Seconded national experts

The Agency may also use national experts. These experts shall have security clearances appropriate to the classification of the information they are handling. The Staff Regulations and the Conditions of Employments of Other Servants shall not apply to such staff.’;

(10)Articles 16 and 17 are replaced by the following:

‘Article 16

Prevention of fraud

1. In order to combat fraud, corruption and any other illegal activities, Regulation (EU, Euratom) No 883/2013 of the European Parliament and of the Council (19) shall apply to the Agency without restriction. To that end, the Agency shall accede to the Interinstitutional Agreement of 25 May 1999 between the European Parliament, the Council and the Commission of the European Communities concerning internal investigations by the European Anti-Fraud Office (OLAF) (20) and shall issue the appropriate provisions to the staff of the Agency and to seconded national experts using the model decision in the Annex to that Agreement.

2. The Court of Auditors shall have the authority to supervise beneficiaries of the Agency’s funding as well as contractors and sub-contractors who have received Union funds through the Agency, on the basis of documents provided to it or using on-the-spot checks.

3. With regard to grants financed or contracts awarded by the Agency, OLAF may carry out investigations, including on-the-spot checks and inspections in accordance with Regulation (EU, Euratom) No 883/2013 and Council Regulation (Euratom, EC) No 2185/96 (21), in order to combat fraud, corruption and any other illegal activity detrimental to the Union’s financial interests.

4. Without prejudice to paragraphs 1, 2 and 3 of this Article, the cooperation agreements concluded by the Agency with third countries or international organisations, contracts and grant agreements concluded by the Agency with third parties, and any financing decision taken by the Agency shall provide expressly that the Court of Auditors and OLAF may carry out checks and investigations in accordance with their respective powers.

Article 17 - Privileges and immunities

Protocol No 7 on the Privileges and Immunities of the European Union annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union shall apply to the Agency and to its staff referred to in Article 15a.

(11)Article 18 is deleted;

(12)Articles 22 and 23 are replaced by the following:

‘Article 22

Security rules on the protection of classified or sensitive information

1. The Agency shall apply the Commission’s security rules regarding the protection of EU classified information.

2. The Agency may establish, in its internal rules, provisions for the handling of non-classified but sensitive information. Such provisions shall cover, inter alia, the exchange, handling and storage thereof.

Article 22 - a Conflicts of interest

1. Members of the Administrative Board and of the Security Accreditation Board, the Executive Director, as well as seconded national experts and observers, shall make a declaration of commitments and a declaration of interests indicating the absence or existence of any direct or indirect interests which might be considered prejudicial to their independence. Those declarations shall be accurate and complete. They shall be made in writing upon their entry into service and shall be renewed annually. They shall be updated whenever necessary, in particular in the event of relevant changes in the personal circumstances of the persons concerned.

2. Before any meeting which they are to attend, Members of the Administrative Board and of the Security Accreditation Board, the Executive Director, as well as seconded national experts and observers and external experts participating in ad hoc working groups shall accurately and completely declare the absence or existence of any interest which might be considered prejudicial to their independence in relation to any items on the agenda, and shall abstain from participating in the discussion of and voting upon such points.

3. The Administrative Board and the Security Accreditation Board shall lay down, in their rules of procedure, the practical arrangements for the rule on declaration of interest referred to in paragraphs 1 and 2 and for the prevention and the management of conflict of interest.

Article 23 - Participation of third countries and international organisations

1. The Agency shall be open to the participation of third countries and international organisations. Such participation and the conditions therefor shall be established in an agreement between the Union and that third country or international organisation, in accordance with the procedure laid down in Article 218 of the Treaty on the Functioning of the European Union.

2. In accordance with the relevant provisions of those agreements, practical arrangements shall be developed for the participation of third countries or international organisations in the work of the Agency, including arrangements relating to their participation in the initiatives undertaken by the Agency, to financial contributions and to staff.

Article 23 - a Joint procurement with the Member States

For the performance of its tasks, the Agency shall be authorised to award contracts jointly with the Member States in accordance with Commission Delegated Regulation (EU) No 1268/2012 (22).

(13)Article 26 is replaced by the following:

‘Article 26

Revision, evaluation and audit

1. By 31 December 2016, and every five years thereafter, the Commission shall evaluate the Agency concerning, in particular, its impact, effectiveness, smooth running, working methods, requirements and use of the resources entrusted to it. The evaluation shall include, in particular, an assessment of any change in the scope or nature of the Agency’s tasks and the financial impact thereof. It shall address the application of the Agency’s policy on conflicts of interest and it shall also reflect any circumstances that may have impaired the independence and autonomy of the Security Accreditation Board.

2. The Commission shall submit a report on the evaluation and its conclusions to the European Parliament, the Council, the Administrative Board and the Security Accreditation Board of the Agency. The results of the evaluation shall be made available to the public.

3. One evaluation in two shall include an inspection of the Agency’s balance sheet in terms of its objectives and tasks. If the Commission considers that the continuation of the Agency is no longer justified with regard to the objectives and tasks assigned to it, the Commission may, where appropriate, propose that this Regulation be repealed.

4. External audits on the performance of the Agency may be carried out at the request of the Administrative Board or the Commission.’.

Article 2 - Entry into force

This Regulation shall enter into force on the third day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in all Member States.