Explanatory Memorandum to COM(2010)550 - Detailed rules for access to the public regulated service offered by the global navigation satellite system established under the Galileo programme - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
dossier | COM(2010)550 - Detailed rules for access to the public regulated service offered by the global navigation satellite system established ... |
---|---|
source | COM(2010)550 |
date | 08-10-2010 |
Regulation (EC) No 683/2008 of the European Parliament and of the Council of 9 July 2008 i lays down the conditions for the further implementation of the two European satellite navigation programmes (EGNOS and Galileo). The provisions of the Annex to the Regulation define the specific objectives of the programmes. They provide that the system to be established under the Galileo programme will offer five services, including a 'public regulated service', hereinafter 'PRS', restricted to government-authorised users, for sensitive applications which require a high level of service continuity. They specify that the PRS uses strong, encrypted signals.
The PRS is a service to which the general public will not have access and which is restricted exclusively to the Council, the Commission, Member States and, where appropriate, duly authorised European Union agencies, non-member countries and international organisations.Its use must be monitored for safety and security reasons, unlike the other unsecured services which will be offered by the two European GNSS systems. It is therefore essential to monitor users by means such as establishing an authorisation procedure, using encryption keys, receiver approval, etc. Moreover, certain applications of the service may be politically and strategically very sensitive. The characteristics of the PRS as a whole necessitate a precise legislative definition of the detailed rules for access to the PRS.
Furthermore, even before Regulation (EC) No 638/2008 was adopted, the Transport Council (in the conclusions it adopted at its meeting on 12 October 2006) asked the Commission to actively pursue its work on the drawing up of the PRS access policy, so as to be able to determine the conditions under which the Member States will organise and manage their user groups, on the basis of preparatory work that had already been completed, and to present its proposals in due time for the Council's deliberation and approval. In these conclusions, the Transport Council pointed out that Member States' use of the PRS would be optional and that the operating costs of this service would be borne by users on a non-commercial basis.
In view of the deadlines for implementing the various supervisory mechanisms and since the timetable for providing the initial services is now known, it has become not only appropriate but urgent to establish in legislation the detailed rules for access to the PRS.
Although it has not formally been the subject of an impact assessment, the draft text is nonetheless the result of very thorough preparatory work which closely involved the various stakeholders interested in the PRS, particularly the Member States, which will be the key participants in this service.
In order to prevent any confusion, it is appropriate to make a semantic distinction between the PRS participants on the one hand, which are the Member States, the Council, the Commission and, where appropriate, the European Union agencies, non-member countries and international organisations, and the PRS users on the other, who are natural or legal persons duly authorised by the PRS participants to own or use a PRS receiver.
Furthermore, the stakeholders in the detailed rules for access to the PRS are as follows:
- the Commission, which deals with all matters relating to the security of the systems pursuant to the provisions of Article 13 of Regulation (EC) No 683/2008;
- the Council, which is in particular responsible for the implementation of Joint Action 2004/552/CFSP i;
- the Member States, which will be the key participants in the PRS and to which this proposal for a Decision is addressed;
- the European GNSS Agency set up by Regulation (EC) No xxx/2010 which, pursuant to Article 16 of Regulation (EC) No 683/2008 and in accordance with the guidelines issued by the Commission, both approves the security of the European satellite navigation systems and operates the Galileo Security Centre. In particular, the Security Centre is the Council's sole partner in implementing the instructions given under Joint Action 2004/552/CFSP with regard to all PRS participants and users;
- the companies that design or manufacture PRS receivers, and which must comply with the approval standards laid down by the security approval authority within the European GNSS Agency.
The security requirements relating to use of the PRS directly concern the security of the Union and its Member States. As such, they form part of a strategic challenge, and also touch on the Union's external policy. They require the establishment of a user monitoring framework, which is the essential aim of this proposal.
The framework includes both technical measures, such as authorisations by encryption key, and institutional measures, such as, for example, the security approval procedures or the crisis procedures arising from Joint Action 2004/552/CFSP. It must take into account the fact that there may be multiple PRS users and they may, depending on the required use, have different needs or be subject to different reliability requirements.
It is important that the monitoring framework is put in place ahead of the initial operation phase, scheduled for 2014. It will be required throughout that phase, i.e., for several decades, and its purpose will be mainly:
- to anticipate a crisis situation; this would require permanent, institutionalised relationships, including a suitable decision-making procedure, between the various public and private stakeholders;
- to strictly regulate the conditions of use of PRS receivers, in particular by means of effective user management;
- to closely monitor the activity of companies responsible for manufacturing PRS receivers, in particular by imposing binding manufacturing rules.
In order to achieve these aims, it is particularly important to specify and formalise the respective responsibilities of the Council, the Commission, the Member States, and all other public and private stakeholders. The conditions under which international organisations and non-member countries can potentially use the PRS and the conditions for exporting PRS equipment must also be defined. Management of the different user groups would also appear an essential aspect of the framework, in particular to minimise the negative effects of any failings on the part of one of these groups. Finally, it is essential to determine the approval and manufacturing standards which will be imposed on PRS receiver manufacturers, and for the European Union to verify compliance. Manufacturers must be capable not only of producing highly secure receivers, but also of designing mechanisms to prevent them being reproduced in the event of theft or loss.
The various matters relating to the detailed rules for access to the PRS were carefully discussed by the Security Board, known as the GSB, which was established under Article 7 of Council Regulation (EC) No 876/2002 i and repealed under Article 23 of Regulation (EC) No 683/2008. The GSB was set up to deal with security matters relating to the Galileo system and was composed of one representative from each Member State of the European Union and a representative of the Commission. In fact, it brought together the few experts within the European Union who had the necessary skills to ensure the security and safety of systems as complex as Galileo. It was replaced by a group of experts from the Commission i.
Under the GSB, four 'PRS seminars' were held in 2006 and 2007, each of which was attended by about 60 experts from the Member States. The very detailed talks focused on the range of security problems posed by use of the PRS, in particular technical considerations and features, the institutional mechanisms to be set up, the timetable for the latter, the scope of PRS use, etc.
Through this series of seminars, the participants reached a consensus on the need to quickly establish a suitable regulatory framework, the general principles of the detailed rules for access to the PRS, the security standards to be met at a technical level and the various stages of their implementation. The draft text reflects the results of this work, translated into a legal form and adapted to the new governance plan for European satellite navigation programmes established under Regulation (EC) No 683/2008.
The main elements of the proposal are set out in point 3 below. They are informed by the conviction, shared by all the Member States, that the detailed rules for access to the PRS must comply with minimum security standards and authorisation procedures common to all Member States in order to ensure a high level of security. It should be noted that the text does not address the question of the nature of PRS use, which is left to each Member State to decide individually, but defines common criteria allowing PRS participants to select their users in a secure manner.
Under the scheme adopted, the technical functions directly connected to the infrastructure are centralised at European level through the activities of the security centre used by the European GNSS Agency; conversely, the participant supervisory functions are decentralised at national level in order to take account of local constraints. The legal mechanisms provided ensure consistency between the two levels of functions and harmonisation of decision-making procedures, notably by means of the minimum common standards with which all stakeholders must comply.
It should crucially be underlined that during the preparatory work carried out by the GSB and in the context of the 'PRS seminars', the whole range of different possible schemes was carefully considered. Only the one that best satisfied both the interests of the European Union and the Member States and the security and safety requirements was selected. Several alternative options were thus discarded. For example:
- take no action. As well as not complying with the conclusions adopted by the Council on 12 October 2006, this option effectively means abandoning all use of the PRS, which would also be contrary to the provisions of the Annex to Regulation (EC) No 683/2008. Effectively, neither the Commission, which is responsible for the security of the system, nor the Council, responsible for implementing Joint Action 2004/552/CFSP, nor, least of all, the Member States, could seriously contemplate using the PRS if no prior framework ensuring a high level of security had been established;
- no monitoring of PRS users by the Member States. This option would also have been incompatible with the high level of security required for the PRS. It could not be considered in view of the sensitivity of the subject and its security implications for the Member States and the European Union;
- entirely centralised management at European Union level of all authorisation standards and procedures, approval and monitoring relating to the detailed rules for access to the PRS, in particular manufacture of receivers and distribution of access-protection keys. This option proved to be both harmful to the development of the markets linked to PRS use and contrary to the subsidiarity principle. The European Union currently lacks the necessary technical capabilities to provide this kind of centralised management by itself, although in time it could acquire expertise in approval through the work of the European GNSS Agency. These capabilities, particularly with regard to encryption components, are currently concentrated in a small number of Member States. The European Union also lacks instruments that could centralise the management and monitoring of PRS receiver manufacture, an activity which is partly industrial in nature and which can only be carried out by the Member States as regards the security aspects;
- conversely, entirely decentralised management of the same components at Member State level. This option was also rejected, as it makes it difficult to define minimum standards common to all Member States and, more importantly, to ensure compliance with such standards with the same level of stringency in all Member States. As a result, EU bodies are responsible for defining common standards and monitoring compliance with them.
The option selected establishes a system which best strikes a balance between centralised management of certain elements at European Union level, where such centralisation is both possible and desirable, and decentralised management of other elements in cases where, although the infrastructure belongs to the EU, the Member States are best placed to manage it.
The Decision which is the subject of this proposal is likely to have an impact on the Member States, European Union bodies, international organisations and non-member countries and industrial companies.
Firstly, with regard to the Member States, which are in principle the stakeholders most concerned by and interested in using the PRS, it should be highlighted that the Decision will affect only those Member States wishing to use the PRS and will have no impact, financial or otherwise, on those Member States that do not wish to use it. Any Member State wishing to use to the PRS will in principle need to designate a 'Competent PRS Authority' which will manage its users, possibly deal with the manufacture of PRS receivers and, where appropriate, monitor compliance with PRS receiver manufacturing standards in its territory. It should be noted that a body already existing within a Member State may be designated as the 'Competent PRS Authority'.
In order to assess the Member States' needs with regard to PRS use, the Commission sent out a questionnaire to them in 2008. The responses to this questionnaire, which are in no way formally binding on the Member States, are summarised in the two tables below (those Member States not mentioned did not reply to the questionnaire):
[afbeelding - zie origineel document]
[afbeelding - zie origineel document]
It should be stressed that although the various potential uses of the PRS are left to the Member States' discretion, their requests will only be fulfilled in so far as they are compatible with the required minimum security standards. Member State requests that are incompatible or scarcely compatible with the standards will therefore not be covered by the PRS, but by the open service, which offers an equal performance in terms of reliability.
The proposal lays down the same restrictions on use by EU bodies as by Member States. While the general principles agreed with the Member States in discussions prior to drafting the proposal fully authorise 'EU' use of the PRS, they also result in identical access arrangements for all participants. It is up to the European Union bodies concerned, namely the Council, the Commission and, where appropriate, the EU agencies, to decide whether or not they want to use the PRS and for which purposes. Furthermore, the Council and the European GNSS Agency are called on to play a particular role under Joint Action 2004/552/CFSP.
As for international organisations and non-member countries, if they wish to access the PRS service, they will have to conclude prior international agreements with the European Union laying down restrictions on PRS use. Such restrictions will be at least as binding as those imposed on the Member States.
Finally, with regard to industrial companies, it is particularly important to stress that only those companies which have freely chosen to respond to the invitations to tender for the design or manufacture of PRS receivers will be subject to the restrictions regarding compliance with binding standards. Furthermore, since the PRS is a new service with no previous equivalent, the economic impact of its introduction cannot fail to be positive, despite the security-related restrictions.
Furthermore, companies were consulted on numerous occasions on the conditions of use of the PRS, in particular through the PACIFIC study undertaken under the 6th Framework Programme for Research and Development. It is clear from this that companies:
- recognise the specific security needs of the PRS;
- are in favour of extensive use of the PRS in security-related sectors, in particular defence and law enforcement;
- with regard to the defence sector, point out the need for interoperability with the military GPS signal;
- with regard to law enforcement, highlight the interest in combining use of PRS receivers with other secure telecommunication methods;
- consider it necessary to be able to export PRS receivers to non-member countries authorised to become participants in the PRS.
The text of the proposal contains no provisions contrary to the wishes of companies, although it does provide a strict framework to ensure a high level of security for the conditions under which private sector stakeholders can manufacture and use PRS receivers.
As previously mentioned, the draft text is the result of very thorough preparatory work carried out in 2006 and 2007 involving the various stakeholders in the PRS, particularly the Member States, which will be the main participants in this service.
The many discussions which have taken place since 2007 within the various bodies responsible for the security of the programmes and systems have merely confirmed the consensus on the various solutions chosen in the draft. These bodies, which are composed of representatives of the Member States, are primarily the expert group on the security of European GNSS systems and the working sub-group specifically dedicated to the PRS, which this expert group created.
It is important to remember that, in view of their sensitive nature, matters relating to use of the PRS involve not only system security but also the security of the Member States themselves. It has for that reason proved to be politically and practically impossible for the Member States to reach a consensus on the options selected. Recourse to Joint Action 2004/552/CFSP, which falls under the unanimity rule, is furthermore explicitly provided for by Article 11 of the draft in any cases where the security of the European Union and its Member States could be undermined.
Contents
- LEGAL ELEMENTS OF THE PROPOSAL
- BUDGETARY IMPLICATIONS
- 2. CONSULTATION OF INTERESTED PARTIES AND IMPACT ASSESSMENT
- A. DEFINITION OF THE PROBLEM
- B. APPROACH CHOSEN AND ALTERNATIVE SOLUTIONS
- C. IMPACT ON THE MEMBER STATES AND OTHER STAKEHOLDERS
- D. EXISTENCE OF GENUINE CONSENSUS
- 5. ADDITIONAL INFORMATION
The legal basis of the Commission's proposal is Article 172 of the Treaty on the Functioning of the European Union, ex Article 156 of the Treaty establishing the European Community. Furthermore, it takes the form of a proposal for a decision of the European Parliament and of the Council, since the text is addressed to the Member States only.
It contains the following key measures:
- general principles on the detailed rules for access to the PRS, in particular the fact that the Council, the Commission and the Member States have unlimited, uninterrupted access to the PRS anywhere in the world, while an agreement would be required to grant access to the PRS to European Union agencies, non-member countries and international organisations;
- the requirement for PRS participants to designate a 'Competent PRS Authority' to manage and monitor manufacture, ownership and use of PRS receivers, and the establishment of minimum common standards to which the competent PRS authorities must comply;
- the establishment of a framework of conditions for the manufacture and security of PRS receivers;
- provisions on export control, control centres worldwide, and the implementation of joint actions under the “second pillar”.
Finally, although the text may have implications for the Common Foreign and Security Policy, it must nonetheless be adopted under the procedures provided for under the Treaty on the Functioning of the European Union pursuant to the Court of Justice's case law resulting from the Judgment of 20 May 2008, C-91/05 (Commission of the European Communities v. Council of the European Union), known as 'Small arms'.
The Commission's proposal has no direct negative impact on the European Union budget; in particular, it does not commit the European Union to any new policy and the various EU supervisory bodies to which it refers have already been established by means of other texts.
Some applications of the PRS service may be very sensitive at a political and strategic level. However, the Commission's proposal does not aim to regulate the potential applications of the PRS per se, but rather the detailed rules for accessing this service. It is first and foremost technical in nature, rather than political.