Legal base	—
Department	Home Office
Basis of consideration	Minister's letter of 25 April 2006
Previous Committee Report	HC 34-xviii (2005-06), para 12 (8 February 2006), HC 34-xiv (2005-06), para 8 (11 January 2006) and see HC 38-v (2004-05), para 5 (26 January 2005)
To be discussed in Council	No date set
Committee's assessment	Legally and politically important
Committee's decision	Cleared

Background

16.1 In June 2004 the European Council asked the Commission and the High Representative to prepare an overall strategy to protect critical infrastructure.[33] On 11 January and 8 February 2006 we considered a Commission Green Paper, which was the latest stage in the drawing up of a European Programme for Critical Infrastructure Protection (EPCIP), which programme would be supplemented by a critical infrastructure warning network (CWIN).

16.2 We noted that the Green Paper suggested the creation of a common framework, with common principles and standards for the protection of critical infrastructure, and with common definitions of concepts such as critical infrastructure protection, European critical infrastructure and Operator Security Plans. We also noted that the Green Paper suggested the adoption of a common list of critical infrastructure sectors, which would include energy, information and communications technologies, water and food supply, health, financial services, "public and legal order and safety", civil administration, transport, chemical and nuclear industries and "space and research". Under the heading "civil administration", the list included government functions, emergency services, civil administration services and postal and courier services, but also included the armed forces. On this latter point, we sought and obtained from the Minister an assurance that in no circumstances would the disposition and organisation of this country's armed forces form part of any "common framework" at Community level, as referred to in the Green Paper.

16.3 The Green Paper argued that it was in the interests of the Member States and the European Union as a whole that each Member State should protect its national critical infrastructure under a common framework but in our view, some of the issues raised in the Green Paper touched on the fundamental duty of a national government to ensure the security of its citizens, and we thought the Minister was right to express caution about a number of the options suggested.

16.4 We held the document under scrutiny pending receipt of the Government's reply to the Green Paper.

The Minister's letter

16.5 In her letter of 25 April 2006 the then Minister of State at the Home Office (Hazel Blears) supplied us with a copy of the Government's response to the Green Paper. The Government's response consists of an overall summary of the UK's views on the activities that would best help to improve the protection of European Critical Infrastructure, followed by detailed responses to the specific questions raised in the Green Paper.

16.6 The overall summary emphasises the view that the management of national critical infrastructure must be left, in accordance with the principle of subsidiarity, to the Member State concerned. The reply finds the introduction of options relating to national critical infrastructure in some sections of the Green Paper to be "very confusing" and notes that the Government will be seeking greater clarification, and separation of what the Commission is proposing for European critical infrastructure on the one hand, and for national critical infrastructure on the other.[34] The Government goes on to state that the proposed activities and activities of the European Programme for Critical Infrastructure Protection (EPCIP) need to be clearly established.

16.7 In this regard, the Government sets out its view of the aims and objectives of EPCIP. In its view, the aim of the EPCIP should be to share good practice and expertise and to share research into issues and solutions related to critical infrastructure protection, but should not include national critical infrastructure issues such as the justification by Member States of what it regards as critical, the national armed forces and associated infrastructures, vulnerability analyses or monitoring of protective security measures. The EPCIP should also exclude assessing the threat from terrorism.

16.8 The Government also stresses that the protection of critical infrastructure is "first and foremost a national responsibility" and that the Commission's efforts would be most effective when working with Member States on the protection of critical infrastructure having an EU cross-border effect (i.e. when having an impact on at least three Member States). Any sharing of information on critical infrastructure must take place "in an environment of trust and confidentiality" with access to information being granted on a strict need-to-know basis.

16.9 The Government's reply notes that there is currently a lack of clarity as to what a European critical infrastructure designation would mean.[35] The Government accordingly considers it premature to define any common framework as suggested in the Green Paper.[36] The reply also notes with concern that EC research activities are being started which attempt to collect sensitive data from all Member States on national critical infrastructure in advance of agreement by the Member States as to what exactly forms part of European critical infrastructure and that the direct approaches which have been made to UK companies "are jeopardising our working relationships with these companies". The Government therefore insists that clear guidelines on the collection and handling of data should be agreed in advance of undertaking EPCIP related research initiatives.

16.10 The Government considers that the next step is to agree key definitions and principles for the EPCIP, following which the UK priorities would be to facilitate the dissemination of advice and good practice, to define what constitutes cross-border infrastructure which is critical to Europe, to define the role and competence of the EU in relation to cross-border critical infrastructure (considering in particular the question of whether it falls under the EU or EC Treaty, and whether Article 308 EC would be relevant as a legal base) and finally to develop an understanding of the interdependencies between the parts of the EPCIP and how EU-level priorities might be identified.

16.11 In relation to the critical infrastructure warning network (CWIN), the Government is not persuaded of the need for any additional warning network, and does not therefore support a CWIN format which would involve the dissemination of information on specific threats, alerts or vulnerabilities.

Conclusion

16.12 We are grateful to the Minister for showing us the Government's reply to the Green Paper and we commend it as thorough and persuasive, making points which we wholly support.

16.13 We are content to clear the document, but we look to the Minister to keep us informed, in particular, of any legislative proposals which may emerge from the Green Paper. It is apparent that the legal base for action at EU level in this area will require the closest examination.

34   The detailed responses to the questions in the Green Paper states at this point that the UK does not see the role of the Commission as being to standardise security requirements.  Back

35   The detailed response states that the UK "strongly disagrees" with the suggestion in the Green Paper that both national and European critical infrastructure should be identified and included in the EPCIP. Back

36   The detailed response notes that a legislative framework at EU level is not required for national critical infrastructure, whilst the need for such framework at European level has not been shown. The reply comments, "This early focus by EPCIP on legislation appears to go against the Commission drive for better regulation and cutting red tape".  Back