1

Dr. Alois J. Sieber, HoU,European Commission

Joint Research CentreJRC IPSC, Ispra, Italy

Standardisationfor

security and protection of the citizens

2List of Content

Where do I come from?

Why does the European Commission underline the needs for standardisation?

In which areas has the EC already efforts in standardisation?

Way ahead

3

Where does the JRC fitin the European Commission?

Commissioner Máire Geoghegan-Quinn

Research, Innovation and Science

Joint Research Centre (JRC)

President José Manuel Barroso

27 Commission Members

Research DG (RTD)

4

The Mission of the Joint Research Centre

… is to provide customer-driven scientific and technical support for the conception, development, implementation and monitoring of EU policies.

As a service of the European Commission, the JRC functions as a reference centre of science and technology for the Union.

Close to the policy-making process, it servesthe common interest of the Member States,while being independent of special interests,whether private or national.

5

Our Structure: 7 Institutes in 5 Member StatesIRMM - Geel, BelgiumInstitute for Reference Materials and Measurements

ITU - Karlsruhe, GermanyInstitute for Transuranium Elements

IE - Petten, The Netherlands – Ispra, ItalyInstitute for Energy

IPSC - Ispra, ItalyInstitute for the Protection and Security of the Citizen

IES - Ispra, ItalyInstitute for Environment and Sustainability

IHCP - Ispra, ItalyInstitute for Health and Consumer Protection

IPTS - Seville, SpainInstitute for Prospective Technological Studies

~ 2750 staff~ 330 M€/y budget (+ 40 M€/y competitive income)

6

7EU Grand Challenges and Security

Safety &

Security

Sustainability &

Growth

Public health / consumer protection

Fight against terror &

organized crime

Natural resources & agriculture

Knowledge and innovation

society

Energy & climate change

Crises Management /

natural disasters

Nuclear Safety and security

Sustainable production & consumption

8

EUROPE 2020

A strategy for smart, sustainable and inclusive growth (COM/2010/2020) states

Initiative by President José Manuel BARROSO

9Steering the process

Commission is proposing five measurable EU targets for 2020 in order to steer the process:

for employment

for research & innovation

for climate change and energy

for education

for combating poverty

10

Seven flagship initiatives to catalyze process

Flagship initiative: “Innovation Union”

– Based on improved framework conditions for innovation like setting up interoperable standards

Flagship initiative: “Resource efficient Europe”

– To use regulation building performance standards

Flagship initiative: “An industrial policy for globalization era”

– To develop a horizontal approach to industrial policy combining policy instruments (e. g. “smart” regulations, modernized public procurement, competition rules and standard setting)

11In preparation

In early 2011, the Commission will present a Communication accompanied by a legislative proposal on standardisation, which will inter alia cover the ICT sector, in order

to speed up and modernise standard-setting to enable interoperability and foster innovation in fast-moving global markets.

This will be combined with a multi-annual programme to anticipate new standardisation needs and integration of standards into R&D projects in the research Framework Programme.

12The challenge

A Report on the future of European standardization (2010/2051(INI)) by the Committee on the Internal Market and Consumer Protection underlines

“the need to improve mutual awareness and cooperation between standardisers, innovators, academia and the research communities” and

“the inclusion of new knowledge in standards, in particular from publicly funded research and innovation programmes”

in order to promote innovation and competitiveness.

13Integrated Approach

Ref.: STAIR

14New Approach: Scenario Based

15

Improving Awareness & Visibility of Security

16

EC develops legally binding standardsEC develops legally binding standards for aviation security screening for aviation security screening equipment (e.g. detection performance, operational use, training of staff) equipment (e.g. detection performance, operational use, training of staff)

CooperationCooperation with Technical experts from MS (Regulatory Committee) (incl. Technical Task Force of

ECAC (European Civil Aviation Conference (UN-body on civil aviation in Europe)) Aviation Industry (Advisory Board) More frequently meetings of joint special WGs of MS and industry, reporting to

Regulatory Committee International Cooperation, e.g. USA (Joint Committee under the EU-US Air Transport Joint Committee under the EU-US Air Transport

Agreement )Agreement ), QUAD-group, joint seminars, framework of ICAO

ProcedureProcedure Agreement on Regulatory Committee level, adoption by European Commission, laid down in European Commission

regulation (EU) No 185/2010: common basic standards on aviation security Non-sensitive: published in Official Journal Sensitive or classified: Commission Decision 774 not published

Aviation Security - Overview

17

EC is considering to develop generic guidelines for canine develop generic guidelines for canine detectiondetection based on the experience in the aviation security

EC appreciate future subjects related to standardisation such as: the aligning of EC policies on the use of security scanners (body

scanners) liquids screening equipment

In the future and in the context of the EU CBRN Action Plan it is planned to carry out similar activities as in Internal Security, in particular on sampling, detection, etc.

[2]: ECAC: [2]: ECAC: European European Civil ivil AAviation viation ConferenceConference

Aviation Security - Look ahead

18

The ‘The ‘Action Plan on Enhancing the security of Explosives of 2008’ Action Plan on Enhancing the security of Explosives of 2008’ recommends to recommends to develop develop minimum detection standardsminimum detection standards based on relevant detection scenarios and threat assessment based on relevant detection scenarios and threat assessment

relevant scenarios are currently being relevant scenarios are currently being developed by an expert working groupdeveloped by an expert working group (representative (representative of MS, supported by a network of experts for the detection of explosives)of MS, supported by a network of experts for the detection of explosives)

CEN standardisation workCEN standardisation work (funded by EC) has been provided over the last few years in a (funded by EC) has been provided over the last few years in a couple of areas, such as:couple of areas, such as: critical infrastructure protectioncritical infrastructure protection, , Biosafety / biosecurityBiosafety / biosecurity,, security of drinking watersecurity of drinking water

ERN-CIPERN-CIP project (lead by the JRC) project (lead by the JRC)

EC supports as well the EC supports as well the ITRAP+10 projectITRAP+10 project (lead by the JRC): testing and certification of (lead by the JRC): testing and certification of nuclear detection equipment (cooperation element with the US)nuclear detection equipment (cooperation element with the US)

CIPS: Prevention, preparedness and consequence management of terrorism and other CIPS: Prevention, preparedness and consequence management of terrorism and other security-related risks, Endorsed by the Council in Dec 2009 security-related risks, Endorsed by the Council in Dec 2009

Internal Security / Detection – Running

19

Internal Security / Migration, Asylum, Borders – Running

for the time being: for the time being: restrictedrestricted work work on technical or operational standards, on technical or operational standards, particular work on particular work on legal / legal / political harmonisationpolitical harmonisation

AsylumAsylum:: framework of practical co-operationframework of practical co-operation plus Eurodac and plus Eurodac and Dublin Convention,Dublin Convention, and in the Global approach to and in the Global approach to

migrationmigration (Mobility Partnerships), (Mobility Partnerships), Visa Information SystemVisa Information System (VIS),  (VIS),  Schengen Information SystemSchengen Information System (SIS), (SIS), irregular immigrationirregular immigration::

ICONet (Decision 2005/267/EC), ICONet (Decision 2005/267/EC), the Immigration Liaison Officers (Reg. 377/2004/EC) and the Immigration Liaison Officers (Reg. 377/2004/EC) and the Rapid Border Intervention Teams (Reg. 863/2007)the Rapid Border Intervention Teams (Reg. 863/2007)

IntegrationIntegration:: framework of the Common Basic Principles (JHA Council conclusions of 19.11.2004)framework of the Common Basic Principles (JHA Council conclusions of 19.11.2004)

Borders:Borders: FRONTEXFRONTEX and the and the Schengen Border CodeSchengen Border Code::

more relevant work carried out but for the time being not too interesting for industry more relevant work carried out but for the time being not too interesting for industry more industry relevant more industry relevant discussion of technical interoperability standardsdiscussion of technical interoperability standards in the area of in the area of EUROSUREUROSUR, (very early stage) , (very early stage)

The same applies to the The same applies to the entry/exitentry/exit and and registered traveller programmesregistered traveller programmes

expect more work onexpect more work on technical interoperability standards technical interoperability standards in the near futurein the near future

20

EC: advocates a comprehensive and effective multi layered risk management approach using a range of methods and technologies commensurate to the risks associated with specific high risk consignments

The testing of some Container Security Devices (Smart seals) under the EU - CHINA pilot on Smart and Secure Trade Lanes (SSTL) (involvement of UK, NL and CN Customs) has highlighted the need for common (customs) requirements, procedures and standards

faced with interoperability problems when seals and reader infrastructure didn't belong to the same "family" using different communication protocols based on different international standards

CONCLUSION / Way forward:modern customs administrations and the economic operators are urged to make use of new emerging technologies to enhance the security in the global supply chain

harmonization and standardization of security standards and equipment will be indispensable

Global Supply Chain – A practical Example

21

Specific EU security requirements are less developed to date in the maritime security sector

EU security requirements for land transport security do not exist yet

it is conceivable that both sectors could follow the same approach as aviation security in setting legally binding standards

Maritime and Land Transport Security – Running / Way forward

22

Mutual recognition of security standards and trade partnership programmes, like AEO[1] and C-TPAT[2], with the EU main trading partners (a key element of the EU efforts to strengthen the end-to-end security of international supply chains)

Aim: to enhance supply chain security and to facilitate trade through focusing on real risks and granting substantial, equal and reciprocal benefits to reliable international partners and economic operators

Example: June 2010: DG Deffaa and Commissioner Bersin signed a document entitled "Final Steps Towards the Implementation of Mutual Recognition Between the United States and the European Union" Current Status: Under approval process (intended signingsigning of the of the

Mutual Recognition Decision is Mutual Recognition Decision is expected in early 2011expected in early 2011) )

AEO and C-TPAT AEO and C-TPAT benefitsbenefits will only be activated will only be activated after after successful completion of the joint validations and IT successful completion of the joint validations and IT solutionssolutions foreseen in the work program, expected for foreseen in the work program, expected for no no later than the 31 October 2011later than the 31 October 2011

Conformity Assessment – Running / Way forward

[1]: AEO: EU Authorised Economic Operator[2]: C-TPAT: Customs-Trade Partnership Against Terrorism

23

The data protection community in Europe is following closely the elaboration of the ISO 29100 standard on data protection

Expectation: an ambitious standard that protects effectively the ‘data subject’ rights Promoting concrete rights for the individuals, and a high level of privacy Safe international exchanges of data Compatible with the existing legislation in Europe (Directive 95/46/CE)

Those standards are seen as extremely important in order to have secure international data flows, Accompany the current globalisation, protecting the individual rights such as data access, data correction and deletion common ground (vocabulary, concept, guidelines rules, evaluation methods …) to discuss the

privacy and data protection issues

EC supports the standardisation of 'privacy and security seals and labels‘ established seals in the US and emerging seals in Europe standardisation in this area will be very welcome

Data Protection – ISO 29100: The upcoming Data Protection Standard

24

Security Standardisation Programming MandateSecurity Standardisation Programming Mandate - Scope

Development of a work programme for the definition of European Standards and other standardisation deliverables in the area of SECURITY.

Including protection against man-made and natural disasters Excluding Defence and Space technologies

The Mandate concerns the analysis of the current security standards landscape in Europe, taking account of the legislative background, and the drawing of a security standardisation map.

25

Security Standardisation Programming MandateSecurity Standardisation Programming Mandate – List of Areas

Security of the Citizens Organised Crime

Counter Terrorism

Explosives

CBRN

Border Security Land border / Check Points Sea Border Air Border

Restoring security and safety in case of crisis

Preparedness and planning Response Recovery

Security of infrastructures and utilities

Building design Energy / Transport communication grids Surveillance Supply Chains

26

Security Standardisation Programming MandateSecurity Standardisation Programming Mandate – Execution of mandated Work

For each selected sector: identification of the specific standardisation needs and preparation of a comprehensive standardisation programme with a suitable and realistic roadmap

A study should identify the state of play in security standardisation, existing gaps, list a set of sectors, List the particular stakeholders needing to be involved

Phase 1

Phase 2

Phase 0

Report: Setting up arrangements

2 months 6 months 6 months

Acceptance of report by EC

ESOs shall execute the Standardisation Mandates on the sectors agreed with the EC afterwards

8 months

27Way ahead

Collaboration across borders

User, industry, research, …

28