Our reference: 2024-0772

Dear Mr. Sadagursky,

The European Parliament hereby acknowledges receipt of your message, which
was registered on October 17, 2024.

All applications for public access to documents are treated in compliance
with Regulation (EC) No 1049/2001 of 30 May 2001 regarding public access
to European Parliament, Council and Commission documents.

In accordance with the above-mentioned Regulation, your application will
be handled within 15 working days upon registration of your request.

Your personal data will be processed in accordance with Regulation (EU)
2018/1725 of 23 October 2018 on the protection of natural persons with
regard to the processing of personal data by the Union institutions,
bodies, offices and agencies and on the free movement of such data. A
detailed privacy statement is available [1]here.

The European Parliament reserves the right to ask for additional
information regarding your identity in order to verify compliance with
Regulation (EC) No 1049/2001 and the European Parliament’s implementing
measures.

Your attention is drawn to the fact that you have lodged your application
via the AsktheEU.org website, which is a private website not officially
related to the European Parliament. Therefore, the European Parliament
cannot be held accountable for any technical issues or problems linked to
the use of this system.

In addition, please note that any personal data that you provide by using
AsktheEU.org website may be disclosed to the general public and visible on
this private website. The European Parliament cannot be held responsible
for such disclosure. Should you need to communicate directly to Parliament
any personal data and would like to avoid public disclosure, you may do so
from your private email address by using the following functional mailbox
address: AccesDocs(at)europarl.europa.eu

Best regards,

TRANSPARENCY UNIT
European Parliament
Directorate-General for the Presidency
Directorate-General for Interinstitutional Affairs and Legislative
Coordination
[2][European Parliament request email]
[3]www.europarl.europa.eu/RegistreWeb

References

Visible links
1. https://www.europarl.europa.eu/RegistreW...
2. mailto:[European Parliament request email]
3. http://www.europarl.europa.eu/RegistreWeb

Our reference: 2024-0772

Dear Mr Sadagursky,

Further to your request and following the time limitation of its scope,
Parliament, after a preliminary verification, estimates that it covers a
number of voluminous documents, amounting to several hundreds of
documents, which would have to be individually and thoroughly assessed,
including in light of the relevant case-law, in order to determine which
parts may be covered by applicable exceptions. Please note that these
documents contain information which, should it be publicly disclosed,
would severely undermine the European Parliament's cybersecurity, in
accordance with the first indent of point (a) of Article 4(1) of
Regulation (EC) No 1049/2001.

The assessment and redaction of the documents falling within the scope of
your application would constitute an exceptionally heavy, unreasonable
workload for Parliament, amounting to an excessive administrative burden,
in line with the principle of proportionality as recognised by the Court
of Justice of the European Union. Article 6(3) of Regulation (EC) No
1049/2001 provides that in the event of an application relating to a very
large number of documents, the institution concerned may confer with the
applicant informally, with a view to finding a fair solution. 

We therefore propose to reduce the scope of your application to a concrete
type of documents and to a shorter period of time, namely to one or two
specific months of the reference period.

We thank you for your understanding and cooperation.

Best regards,

TRANSPARENCY UNIT
European Parliament
Directorate-General for the Presidency
Directorate-General for Interinstitutional Affairs and Legislative
Coordination
[1][European Parliament request email]
[2]www.europarl.europa.eu/RegistreWeb

References

Visible links
1. mailto:[European Parliament request email]
2. http://www.europarl.europa.eu/RegistreWeb

Our reference: 2024-0772

Dear Mr Sadagursky,

The time limit for responding to your application for public access to
documents under Regulation (EC) No 1049/2001, as registered on October 17,
2024, expires on November 8, 2024.

However, our consultations are taking more time than expected, so that
Parliament must exceptionally extend the time limit provided by Article
7(1) of Regulation (EC) No 1049/2001 by a further 15 working days in
accordance with Article 7(3) of that Regulation in order to reply to your
application.

Please accept our apologies for any inconvenience. We thank you for your
understanding.

Best regards,

TRANSPARENCY UNIT
European Parliament
Directorate-General for the Presidency
Directorate-General for Interinstitutional Affairs and Legislative
Coordination
[1][European Parliament request email]
[2]www.europarl.europa.eu/RegistreWeb

References

Visible links
1. mailto:[European Parliament request email]
2. http://www.europarl.europa.eu/RegistreWeb

Our reference: 2024-0772

Dear Mr Sadagursky,

We are currently handling your request as referred above, pursuant to
which you are seeking access to documents containing information,
statistics, attribution to APTs, the dates, the identified or suspected
perpetrators and the methods of cyber-attacks against the Parliament. We
take note of your willingness to limit its scope to a specific timeframe
(i.e. the period January to April 2022). However, the description of the
documents you seek is too broad and not sufficiently precise to enable us
to identify and assess the specific documents falling under it, despite
the proposed limitation of its scope. We therefore ask you to clarify your
application in accordance with Article 6(2) of that Regulation.

In the meantime, we would like to let you know that certain relevant
information is publicly available as follows:

- Relevant information on Parliament’s cyber preparedness can be found in
the Questionnaire to the Parliament discharge for 2022, available [1]here
(in particular, Q44), as well as the [2]2022 Annual activity report of the
Directorate-General for Innovation and Technological Support and, in
particular, in the section “3.3. Overview of associated risks”. All annual
activity reports per year are available in Parliament’s website, [3]here
and you can access them by clicking the year you are interested in, under
“Discharge procedure”

- European Court of Auditors “Special report 05/2022: Cybersecurity of EU
institutions, bodies and agencies: Level of preparedness overall not
commensurate with the threats”, available on [4]this website.

If you would still like to pursue your initial request, please specify
further the types of documents that you wish to access and provide some
more background to your request to help us understand better. Please be
informed, however, that most of the documents concerning Parliament’s
cybersecurity are of a sensitive nature and it is highly likely that they
need to be protected under the exception to disclosure provided for in the
first indent of point (a) of Article 4(1) of Regulation (EC) No 1049/2001,
concerning the protection of public security.

Please be aware that the deadline for responding to your application
cannot run pending clarification, and that your application will be
considered as withdrawn and the file as closed in the absence of any reply
within 20 working days.

We thank you for your understanding and cooperation.

Best regards,

TRANSPARENCY UNIT
European Parliament
Directorate-General for the Presidency
Directorate-General for Interinstitutional Affairs and Legislative
Coordination
[5][European Parliament request email]
[6]www.europarl.europa.eu/RegistreWeb

References

Visible links
1. https://www.europarl.europa.eu/cmsdata/2...
2. https://www.europarl.europa.eu/cmsdata/2...
3. https://www.europarl.europa.eu/committee...
4. https://www.eca.europa.eu/en/publication...
5. mailto:[European Parliament request email]
6. http://www.europarl.europa.eu/RegistreWeb