I527-290 ESRIF Final Report (WEB).indd - European Commission
I527-290 ESRIF Final Report (WEB).indd - European Commission
I527-290 ESRIF Final Report (WEB).indd - European Commission
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Not only this interaction between diff erent policy domains is characterizing the legal frame for security. Also the large variety<br />
of national practices and the diversity across the EU Member States in translating and implementing EU rules, conditions and<br />
regulations into national law contribute signifi cantly to the complexity. Moreover, there may exist national, <strong>European</strong> and<br />
International legislation, legal frameworks and treaties that would not allow for any exchanges of information or expertise, as<br />
for instance in the case of CBRNE matters.<br />
In order to improve the understanding of the state of play for all stakeholders in specifi c security-related situations, it is<br />
important to have an overview of all these elements and their interaction. A database with legislation in force in the EU might<br />
contribute signifi cantly to this understanding and would facilitate the process of identifying potential gaps, confl icts, averse<br />
eff ects, of the rules, conditions and regulations in use.<br />
<strong>ESRIF</strong> WG 9 held hearings with experts, e. g. the <strong>European</strong> Representative for Data Protection. It became evident that any<br />
new solution must take into consideration aspects of privacy and civil liberty rights from the beginning of the design of new<br />
security measures. This concept of privacy by design or data protection by design is a core characteristic of Europe’s unique<br />
approach to privacy and data protection. The balancing between increasing security and enhancing security measures on<br />
the one hand and preserving the fundamental rights of citizens for privacy, justice and freedom on the other should be the<br />
driving force for any investment in security. As such, the concept of privacy by design or data protection by design should be<br />
an inseparable part of the wider concept of security by design, described in the key messages of <strong>ESRIF</strong>.<br />
<strong>ESRIF</strong> WG 9 also noted that other countries introduced new legal measures for providers of security solutions, e. g. in the aspect<br />
of liability (the US Safety Act). It is suggested to assess both the need and the value of establishing an EU equivalent in order<br />
to enhance the competitiveness of EU industry.<br />
9.3.1.3 Ambitious use of standards<br />
The market for security solutions in Europe is highly fragmented thereby preventing EU industry from exploiting its overall<br />
potential and accessing market opportunities in a more eff ective way. There is a need to make a thorough analysis of the<br />
security market conditions, looking more closely at the demand side, and in particular considering the role of standards and<br />
standardization as processes for organizing the market.<br />
Dynamic standardisation<br />
The <strong>European</strong> <strong>Commission</strong> 3 identifi es dynamic standardisation as an important enabler of innovation, contributing to the<br />
development of sustainable industrial policy, unlocking the potential of innovative markets and strengthening the position of<br />
the <strong>European</strong> economy through more effi cient capitalising of its knowledge base.<br />
State-of-the-art standards provide a level playing fi eld, which facilitates interoperability and enhances competition between new and<br />
already existing technologies, products, services and processes. They generate trust in the performance of these new technologies,<br />
products, services and processes and allow their benchmarking through reference and validation according to standardised methods.<br />
In this understanding, new standardization concepts must be developed which are capability driven, focusing on the level of<br />
performance of security related solutions rather than on the level of technical equipment specifi cations. This is important to<br />
enrich the market and to allow a broad range of industries to come up with solutions that are compatible and interoperable,<br />
and at the same time allowing fl exibility to adapt to individual customer needs.<br />
If specifi c areas are identifi ed where new standards or standard-like initiatives are required, they should be approached with<br />
an innovative mindset, as described also in the Aho <strong>Report</strong>.<br />
“Specifi cation of functional performance or standards, which allows suppliers to produce any confi guration of technology<br />
they feel can meet the need.”<br />
3 COM (2008) 133 <strong>Final</strong>, Communication from the <strong>Commission</strong>, Towards an increased contribution from standardisation to<br />
innovation in Europe, dated 11 March 2008.<br />
199