• Home /
• Analyses /
• 2023 /
• The proposal on security of EU information: how to burst the bubble and open the EU fortress

The proposal on security of EU information: how to burst the bubble and open the EU fortress

Topic

Country/Region

12 September 2023

Part 2 of a series /// The Commission's proposal on security of EU information threatens to fatally undermine the rules on access to documents, which are essential for transparency, openness and public participation in democratic-decision making. The European Parliament and the Council need to take action to fix the proposal on security of information. At the same time, there are clear steps they could take to improve the access to documents rules, ensuring that legislative deliberations are as open and transparent as required by the treaties.

Image: fflav, CC BY-NC-ND 2.0

---

The first part of this analysis is available here: The proposal on security of EU information: transforming the “bubble” into a “fortress”?

Notwithstanding all the shortcomings of the Commission’s legislative proposal (as documented in the first part of this analysis), the challenge for the European Parliament (EP) and for the Council is now to bring some order to the information management inside the EU. This is particularly important given that the EU's digital agenda provides the opportunity, as part of an increasingly-integrated public administration, to establish a virtual common working space, to categorise information to be shared, to establish different level of access and diffusion with the external world, within the EU institutions or to be exchanged with the member states.

However, to do so by respecting the principles of transparency, proportionality, efficiency and accountability requires the EP and the Council to share the same political vision. Notwithstanding the repeated public mantra invoking a more democratic and transparent EU, there is no way this requirement can be taken for granted. Suffice to recall that 23 years after the Regulation on access to documents came into force the Parliament, Council and Commission have not yet been able (or willing?) to establish a common platform displaying day by day the EU legislative process, and this is clearly not solely due to technical reasons.

The problem being political more than technical it should now be seen if the EP and the Council could find an interinstitutional agreement on such a complex issue in the next six months, given the political pressure of the end of the legislature. The Commission may have authored the proposal but, as co-legislators, the EP and Council bear all responsibility for its final content before EU citizens and before the Court of Justice.

This EP-Council legislative co-responsibility has been clearly framed at primary law level by the Treaty on European Union, according to which: "The European Parliament shall, jointly with the Council, exercise legislative and budgetary functions," (Article 14(1)) and: "The Council shall, jointly with the European Parliament, exercise legislative and budgetary functions" (Article 16(1)).

Revising and strengthening the Regulation on access to documents

The first issue on the agenda in negotiations on the security of information proposal should be how to strengthen, at the highest level, the aspects dealing with transparency and open administration, bearing in mind the different legislative "cultures" of the EP and the Council. This could be done by amending explicitly, and publicly, the Regulation on access to documents that the Commission is proposing to revise by stealth, through the information security proposal.

The first thing to do is to add to the legislative proposal a complementary legal basis of Article 15 TFEU, according to which the EP and the Council shall define "General principles and limits on grounds of public or private interest" governing the right of access to EU documents. Thereafter articles. 4, 9 and 12 of that Regulation should be amended by taking in account (at last!) the new constitutional situation arising from the entry into force of the Lisbon treaty and of the relevant CJEU jurisprudence in this domain.

The first set of amendments should enforce at secondary law level the fundamental notion of legislative transparency and its impact on legislative preparatory documents and debates.

It is worth recalling that the principle of legislative transparency (which is ignored by the information security proposal), has, since Lisbon, been imposed at primary law level by Article 15(2) TFEU, according to which: "The European Parliament shall meet in public, as shall the Council when considering and voting on a draft legislative act." Regardless of the different legislative "culture" of the Council, the authors of the Lisbon Treaty also imposed specific obligations of legislative transparency even at the level of the definition of its meeting agendas with (Article 16(8) of the TEU).

With all these provisions, the EU legislative function becomes inherently intertwined with the obligation of transparency (as it should be in a democratic entity). This is consistent with the choice of the authors of the Lisbon Treaty, of modelling the EU legal order upon the constitutional principle of the separation of powers, adding to the administration and the judiciary (provided for by the previous rules in Article 17 and Article 19 TEU) the EU legislative power (Articles 14 and 16 TEU).

Thus, the legislative function has become an institutional, democratic and autonomous prerogative of the European Union, directly governed by several principles and rules of EU primary law. Under this constitutional framework, being transparent when acting as legislator has become a self-standing obligation upon the institutions, the scope of which does not depend on the aleatory condition of whether or not an individual has requested access to a legislative preparatory document.

In a way, since Lisbon, the institutions' obligation to be transparent when acting as co-legislator is a different, even if parallel, regime to the pre-Lisbon access to documents regime. Moreover, if legislative preparatory documents are already public, why should citizens ask for them?

The idea that legislative procedures should be more transparent than non-legislative procedures was already present in the 2001 access to documents Regulation, thanks to specific EP amendments to the original Commission proposal. But, at the time, the very notion of legislative activity was substantially different from the one framed by the Lisbon Treaty. Transposing into secondary law the principle of legislative transparency as required by Article 15(2) TFEU is a long overdue obligation.

This can be easily done through two simple amendments to the Regulation on access to documents.

The first should change the title of Article 4, which should become "Exceptions applicable to non-legislative documents." It is worth recalling that in December 2011 the European Parliament voted, as co-legislator, for just such an amendment. This would have strengthened the principle of legislative transparency, but the EP amendment was not taken on board by the Council. Twelve years later and some months before the European elections it would be timely to convince the Council to stick to its obligation of legislative transparency

The second should amend Article 12(2) so that it reads: "2. In particular, legislative preparatory documents shall be made directly accessible." This amendment is consistent with the previous one. There should no longer be any reference to Article 4 exceptions, nor to Article 9 on classified information - this has a special regime, as is discussed below.

The non-legislative decision making process is dealt with in recital 11 and Article 4 of the access to documents Regulation and it already foresees several general exceptions to protect the internal debates in a given institution, agency or body in cases where a document’s disclosure would undermine the protection of one of the protected interests.

Since the adoption of Regulation 1049/01 the Court of justice has already framed more strictly the conditions under which these exceptions should be interpreted.

To quote a recent judgement of CJEU (points 67-70 of Ruling T-163/21, emphasis added) :

“..Since such exceptions derogate from the principle that the public should have the widest possible access to the documents, they must be interpreted and applied strictly... Where an EU institution, body, office or agency to which a request for access to a document has been made decides to refuse to grant that request on the basis of one of the exceptions laid down in Article 4 of Regulation No 1049/2001, it must, in principle, explain how access to that document could specifically and actually undermine the interest protected by that exception, and the risk of that undermining must be reasonably foreseeable and not purely hypothetical...

According to the case-law, the decision-making process is ‘seriously’ undermined, within the meaning of the first subparagraph of Article 4(3) of Regulation No 1049/2001 where, inter alia, the disclosure of the documents in question has a substantial impact on the decision-making process. The assessment of that serious nature depends on all of the circumstances of the case including, inter alia, the negative effects on the decision-making process relied on by the institution as regards disclosure of the documents in question...”

The simplest solution would be to stick to the CJEU jurisprudence and amend Article 4 as follows (the proposed amendments are in bold):

Article 4 Exceptions applicable to non-legislative documents

1. The institutions shall refuse access to a document where disclosure would undermine the protection of:

(a) the public interest as regards:

– public security,
– defence and military matters,
– international relations,
– the financial, monetary or economic policy of the Community or a Member State;

(b) privacy and the integrity of the individual, in particular in accordance with Community legislation regarding the protection of personal data.

2. The institutions shall refuse access to a document where disclosure would undermine the protection of:

– commercial interests of a natural or legal person, including intellectual property,
– court proceedings and legal advice,
– the purpose of inspections, investigations and audits,

unless there is an overriding public interest in disclosure.

The EU Institution, Agency or body must, in principle, explain how access to a requested document could specifically and actually undermine the interest protected by the exception at stake, and the risk of that undermining must be reasonably foreseeable and not purely hypothetical.

3. Access to a document, drawn up by an institution for internal use or received by an institution, which relates to a matter where the decision has not been taken by the institution, shall be refused if disclosure of the document would seriously undermine the institution’s decision-making process, unless there is an overriding public interest in disclosure.

4. Access to a document containing opinions for internal use as part of deliberations and preliminary consultations within the institution concerned shall be refused even after the decision has been taken if disclosure of the document would seriously undermine the institution’s decision-making process, unless there is an overriding public interest in disclosure.

The decision-making process is ‘seriously’ undermined, within the meaning of the first subparagraph of Article 4(3) of Regulation No 1049/2001 where, inter alia, the disclosure of the documents in question has a substantial impact on the decision-making process. The assessment of that serious nature depends on all of the circumstances of the case including, inter alia, the negative effects on the decision-making process relied on by the institution as regards disclosure of the documents in question.

4. As regards third-party documents, the institution shall consult the third party with a view to assessing whether an exception in paragraph 1 or 2 is applicable, unless it is clear that the document shall or shall not be disclosed.

5. A Member State may request the institution not to disclose a document originating from that Member State without its prior agreement.

6. If only parts of the requested document are covered by any of the exceptions, the remaining parts of the document shall be released.

7. The exceptions as laid down in paragraphs 1 to 3 shall only apply for the period during which protection is justified on the basis of the content of the document. The exceptions may apply for a maximum period of 30 years. In the case of documents covered by the exceptions relating to privacy or commercial interests and in the case of sensitive documents, the exceptions may, if necessary, continue to apply after this period.”

Mutual sincere cooperation

One fundamental aspect ignored in the Commission’s information security proposal is a minimal framework for implementing Article 13(2) TEU according to which: “The institutions shall practice mutual sincere cooperation,” at least in the most common and frequent cases of procedures associating several agencies or, even, EU institutions.

A sensible solution would be to define a list of these procedures, describe in advance the possible workflow and, without prejudice to the "nuclear option" of launching judicial procedures before the CJEU in case of conflicts of interpretation or failure to act, to define a "mediation mechanism" preventing or solving the conflicts in a transparent and friendly way.

This issue should be further examined by the co-legislator. At first sight, in the case of EU agencies the role of mediator may be played by the European Commission and in the case of the EU institutions it may be the case of the European Ombudsman. In case of unsuccessful mediation, it will remain possible to take the matter to the CJEU.

---

Author: Emilio de Capitani

Further reading