Reporting requirements under the European Electronic Communications Code
Dear European Union Agency for Cybersecurity,
Under the right of access to documents in the EU treaties, as developed in Regulation 1049/2001, I seek access to the documents that contain the following information regarding Directive (EU) 2018/1972 on the European Electronic Communications Code (EECC).
1. Under Article 40.1 EECC:
a. Coordination: Copies of documents reporting on the coordination with Member States as per Article 40.1 since the EECC came into force, including evaluations of the impact of that coordination and any issues which have arisen.
b. Guidance: Copies of any guidance provided to Member States on how to comply with Article 40.1. Similarly, any reports on meetings held with Member States to provide such guidance.
2. Under Article 40.2 EECC
a. Incident reports: Copies of reports received from Member States about specific security incidents that have occurred (Article 40.2).
b. Annual reports: Copies of the annual reports received from Member States as per Article 40.2.
c. Evaluations: Documents reporting on any evaluation of action taken or recommendations issued as a result of the reports received under Article 40.2.
My postal address is Calle Vinroz [ADDRESS] Spain. There is no need to send hard copies, an electronic response will suffice.
Yours faithfully,
Rachel Hanna
Dear Ms. Hanna,
Thank you very much for your email. Will come back to you with a response.
Kind regards,
[1]ENISA Public Access to Documents
[2]ENISA
Agamemnonos 14, 15231 Chalandri, Attiki, Greece |
enisa.europa.eu
[3]Twitter [4]Facebook [5]LinkedIn [6]YouTube
Link: [1]File-List
Link: [2]Edit-Time-Data
Link: [3]themeData
Link: [4]colorSchemeMapping
[5]access to documents request - Reporting requirements under the European
Electronic Communications Code - Ares(2023)8749673 (Please use this link
only if you are an Ares user – Svp, utilisez ce lien exclusivement si vous
êtes un(e) utilisateur d’Ares)
Dear Ms. Hanna,
Thank you for your enquiry.
We hereby acknowledge receipt of your Initial Application for Public
Access to Documents, registered today 20/12/2023.
In accordance with Regulation (EC) No 1049/2001 regarding Public Access to
European Parliament, Council and Commission documents, applications are
handled within 15 working days. In case this time limit needs to be
extended, you will be informed in due course. The estimated deadline for
reply applicable to this request is therefore 19 January 2022.
Thank you in advance for your cooperation.
Kind regards,
[6]ENISA Public Access to Documents
[7]ENISA
Agamemnonos 14, 15231 Chalandri, Attiki, Greece |
enisa.europa.eu
[8]Twitter [9]Facebook [10]LinkedIn [11]YouTube
From: access-documents <[ENISA request email]>
Sent: Thursday,30 November, 2023 10:32
To: Rachel Hanna <[FOI #13903 email]>;
access-documents <[ENISA request email]>
Subject: RE: access to documents request - Reporting requirements under
the European Electronic Communications Code
Dear Ms. Hanna,
Thank you very much for your email. Will come back to you with a response.
Kind regards,
[12]ENISA Public Access to Documents
[13]ENISA
Agamemnonos 14, 15231 Chalandri, Attiki, Greece |
enisa.europa.eu
[14]Twitter [15]Facebook [16]LinkedIn [17]YouTube
Reg. number: Ares(2024)444493
Dear Ms.Hanna,
In accordance with Regulation 1049/2001, and based on your request, please find attached our reply.
Kindly acknowledge and confirm the good receipt of this email.
Kind regards,
Public Access to Documents
Agamemnonos 14, 15231 Chalandri, Attiki, Greece | enisa.europa.eu
Registration Number: Ares(2024)444493
Dear Ms.Hanna,
In accordance with Regulation 1049/2001, and based on your request, please
find attached our reply.
Kind regards,
[1]ENISA Public Access to Documents
[2]ENISA
Agamemnonos 14, 15231 Chalandri, Attiki, Greece |
enisa.europa.eu
[3]Twitter [4]Facebook [5]LinkedIn [6]YouTube
From: ve_enisa.pad requests (ENISA) <[ENISA request email]>
Sent: Wednesday,20 December, 2023 12:34
To: Rachel Hanna <[FOI #13903 email]>
Cc: access-documents <[ENISA request email]>
Subject: access to documents request - Reporting requirements under the
European Electronic Communications Code - Ares(2023)8749673
[7]access to documents request - Reporting requirements under the European
Electronic Communications Code - Ares(2023)8749673 (Please use this link
only if you are an Ares user – Svp, utilisez ce lien exclusivement si vous
êtes un(e) utilisateur d’Ares)
Dear Ms. Hanna,
Thank you for your enquiry.
We hereby acknowledge receipt of your Initial Application for Public
Access to Documents, registered today 20/12/2023.
In accordance with Regulation (EC) No 1049/2001 regarding Public Access to
European Parliament, Council and Commission documents, applications are
handled within 15 working days. In case this time limit needs to be
extended, you will be informed in due course. The estimated deadline for
reply applicable to this request is therefore 19 January 2022.
Thank you in advance for your cooperation.
Kind regards,
[8]ENISA Public Access to Documents
[9]ENISA
Agamemnonos 14, 15231 Chalandri, Attiki, Greece |
enisa.europa.eu
[10]Twitter [11]Facebook [12]LinkedIn [13]YouTube
From: access-documents <[14][ENISA request email]>
Sent: Thursday,30 November, 2023 10:32
To: Rachel Hanna <[15][FOI #13903 email]>;
access-documents <[16][ENISA request email]>
Subject: RE: access to documents request - Reporting requirements under
the European Electronic Communications Code
Dear Ms. Hanna,
Thank you very much for your email. Will come back to you with a response.
Kind regards,
[17]ENISA Public Access to Documents
[18]ENISA
Agamemnonos 14, 15231 Chalandri, Attiki, Greece |
enisa.europa.eu
[19]Twitter [20]Facebook [21]LinkedIn [22]YouTube
Dear DG ENISA,
Under Article 7 Regulation 1049/2001, I would like to submit the below confirmatory application concerning my request Ares (2023) 8749673.
In my request, I sought access to documents, that contain the following information regarding Directive (EU) 2018/1972 on the European Electronic Communications Code (EECC)’:
1. Under Article 40.1 EECC:
a. Coordination:
Copies of documents reporting on the coordination with Member States as per Article 40.1 since the EECC came into force, including evaluations of the impact of that coordination and any issues which have arisen.
b. Guidance:
(i) Copies of any guidance provided to Member States on how to comply with Article 40.1.
(ii) Similarly, any reports on meetings held with Member States to provide such guidance.
2. Under Article 40.2 EECC
a. Incident reports:
Copies of reports received from Member States about specific security incidents that have occurred (Article 40.2).
b. Annual reports:
Copies of the annual reports received from Member States as per Article 40.2.
c. Evaluations:
Documents reporting on any evaluation of action taken or recommendations issued as a result of the reports received under Article 40.2.’’
You kindly provided links to relevant public documents. Regarding point 2(a) and (b) of my request that sought access to incident reports and annual reports, however, you state that:
ENISA would like to inform you that the copies of reports received from Member States about specific incidents that have occurred and the copies of annual reports are according to Article 4 (1) (a) of Regulation (EC) 1049/2001 non disclosable, since they are related to public security as containing sensitive information.
In my confirmatory application, I would like to present the following points:
1. The harm that disclosure would cause has not been sufficiently proven.
2. Granting partial access to the requested documents would not have negative consequences for the reporting of security incidents by Member States.
1. The harm that disclosure would cause has not been sufficiently proven.
The harm test applicable to Article 4(1)(a) has not been sufficiently proven as it was not sufficiently demonstrated how disclosure of the document would cause a reasonably foreseeable, non-hypothetical harm to public security.
In Case T 233/09 Access Info Europe v Council, the General Court confirmed that the mere fact that a document concerns an interest protected by an exception to disclosure is not sufficient to justify the application of that exception.
The Court of Justice of the European Union has also stated that an EU body “remains obliged (...) to explain how disclosure of that document could specifically and actually undermine the interest protected by an exception provided for in that provision, and the risk of the interest being undermined must be reasonably foreseeable and must not be purely hypothetical.” (Judgment of 3 July 2014. Council of the European Union v Sophie in 't Veld.C-350/12P para. 64)
Relying on an exception that carries a harm test may be justified only if access to that document could specifically and effectively undermine the protected interest. Moreover, the risk of the protected interest being undermined must not be purely hypothetical and must be reasonably foreseeable.
By simply stating that “the copies of reports received from Member States about specific incidents that have occurred and the copies of annual reports are according to Article 4 (1) (a) of Regulation (EC) 1049/2001 non disclosable, since they are related to public security as containing sensitive information” it was not sufficiently demonstrated, specifically and actually, how wider access to that document would cause a reasonably foreseeable, non-hypothetical harm.
Yours sincerely,
Rachel Hanna
Dear Ms. Hanna,
We hereby acknowledge receipt of your confirmatory application with
regards to your access to documents request on the ‘Reporting requirements
under the European Electronic Communications Code’, registered today
31/01/2024, Ares(2024)731476 .
We will revert to you.
Thank you.
Kind regards,
[1]ENISA Public Access to Documents
[2]ENISA
Agamemnonos 14, 15231 Chalandri, Attiki, Greece |
enisa.europa.eu
[3]Twitter [4]Facebook [5]LinkedIn [6]YouTube
Dear Ms. Hanna,
In accordance with Regulation (EC) No 1049/2001 regarding Public Access to
European Parliament, Council and Commission documents, applications are
handled within 15 working days from the registration.
Therefore in case of your confirmatory application, the estimated deadline
for reply is 21 February 2024.
In case this time limit needs to be extended, you will be informed in due
course.
Thank you in advance for your cooperation.
Kind regards,
[1]ENISA Public Access to Documents
[2]ENISA
Agamemnonos 14, 15231 Chalandri, Attiki, Greece |
enisa.europa.eu
[3]Twitter [4]Facebook [5]LinkedIn [6]YouTube
From: access-documents <[ENISA request email]>
Sent: Wednesday,31 January, 2024 15:49
To: Rachel Hanna <[FOI #13903 email]>
Cc: access-documents <[ENISA request email]>
Subject: RE: Internal review of access to documents request - Reporting
requirements under the European Electronic Communications Code
Dear Ms. Hanna,
We hereby acknowledge receipt of your confirmatory application with
regards to your access to documents request on the ‘Reporting requirements
under the European Electronic Communications Code’, registered today
31/01/2024, Ares(2024)731476 .
We will revert to you.
Thank you.
Kind regards,
[7]ENISA Public Access to Documents
[8]ENISA
Agamemnonos 14, 15231 Chalandri, Attiki, Greece |
enisa.europa.eu
[9]Twitter [10]Facebook [11]LinkedIn [12]YouTube
Dear Ms. Hanna,
In relation to your confirmatory application, please find attached our response.
Kind regards,
Public Access to Documents
Agamemnonos 14, 15231 Chalandri, Attiki, Greece | enisa.europa.eu