The European Council adopts conclusions on the digital future of Europe

In December 2020, the European Council approved conclusions that acknowledge the increased use of consumer products and industrial devices connected to the internet and the related risks for privacy, information security and cybersecurity.

It believes connected devices, including machines, sensors and networks that make up the Internet of Things (IoT), will play a key role in further shaping Europe’s digital future.

The conclusions set out priorities to address this crucial issue and to boost the global competitiveness of the EU’s IoT industry by ensuring the highest standards of resilience, safety and security.

They also underline the importance of assessing the need for horizontal legislation in the long term to address all relevant aspects of the cybersecurity of connected devices, such as availability, integrity and confidentiality. This would include specifying the necessary conditions for placement on the market.

Some of the conclusions reached are:

  • That the European Union and its Member States need to ensure their digital sovereignty and strategic autonomy, while preserving an open economy.
  • That in addition to ensuring a high level of security of connected devices, it is equally important to increase consumer awareness of their potential privacy and security risks.
  • That there is a need to establish cybersecurity norms, standards or technical specifications for connected devices and efforts undertaken by European Standards Organisations in this matter should be strengthened.
  • That cybersecurity and privacy must be an essential part of product innovation, production and development processes, including the design phase, and must be guaranteed throughout a product’s entire life cycle and across its supply chain.

Lastly, cybersecurity certification, as defined under the Cybersecurity Act, will be essential for raising the level of security within the digital single market. The EU Agency for Cybersecurity, ENISA , is already working on cybersecurity certification schemes, and the conclusions invite the Commission to consider a request for candidate cybersecurity certification schemes for connected devices and related services.


Aquest apunt en català / Esta entrada en español / Post en français

Mexico approves the National Public Security Strategy

Mexico DFThe strategy was presented by the head of the Security and Public Protection Office, Alfonso Durazo, who was responsible for presenting the document, for the first time to the Republic’s Senate, containing measures to be taken by the federal government to guarantee the security of Mexicans.

The document establishes that the objective of the strategy is to attack the structural origin of crime, organised crime, violence and, in general, all aspects that may pose a risk to public security.

This strategy aims to align efforts in terms of security, where the State’s legitimate force will be used in a framework of legality, democratic principles and respect for human rights.

The strategy consists of eight lines of action, which include the fight against corruption, the promotion of Human Rights and reformulating the debate against drugs, bearing in mind the legalisation of some of these.

It also foresees a social and pacifying focus for the country, with the creation of a Council for the Construction of Peace, to work on such issues. Among other actions, it also raises the idea of recovering and dignifying penitentiary facilities.

The strategy in the area of public and national security, anticipates the dignifying and improving of the forces of law enforcement to reinforce state coordination – municipalities, along with the formation and use of the National Guard with a conception of civil command affiliated to the Security and Public Protection Office. This could reinforce attention in those municipalities where there are situations of imminent violence or risk.

With the opposition of PAN and PRI senators, the verdict passed by the majority states that political and social violence can only be resolved with dialogue, rationality, transparency and with public decisions that respond to social demands.

Moreover, it recognises that the emergency situation being experienced by the country requires commitment and responsibility on the part of the Mexican state, with the participation and coordination of the three government levels and authorities.

They also present the idea of having a better institutional coordination between those responsible for applying it, imposing order on the government to put an end to corruption, impunity and influence peddling.

It also foresees improvements in the area of Civil Protection, which will take action to recover and support the population in disaster-related situations, and strengthen the area of intelligence, seeking to preserve social cohesion and to strengthen government institutions.


Aquest apunt en català / Esta entrada en español / Post en français


The Brexit agreement draft: how will this affect legal and police cooperation between the United Kingdom and the member states?

On 14 November 2018, the European Commission published the first agreement draft that the British government led by Theresa May has managed to reach, regarding the Brexit question. May appeared at 10 Downing Street to announce support for the agreement on behalf of her cabinet, a task that was by no means easy for the Prime Minister, due to the division that the Brexit negotiations have caused the British government. The Prime Minister defined it as “the best agreement that could have been negotiated”. Now, with the blessing of the two main protagonists, the text must be passed by the leaders of the 27 member states, who received the text on the day of its publication, and by the British Parliament, a step that is expected to be even more complicated than the previous ones.

The draft resolves some of the main uncertainties that arose with the United Kingdom’s withdrawal from the Union: the border between Ireland and Northern Ireland, the status of European citizens resident in the UK and of British citizens living on the continent, control of Gibraltar, the United Kingdom’s financial obligations and the commercial agreement. Apart from these subjects of great relevance and general interest, the agreement also devotes some pages to determine the disconnection of the United Kingdom in the area of police and legal collaboration.

Article 62 of the agreement establishes the continuity of collaboration in legal cases of judicial processes between the European Union and the United Kingdom during the transition period of withdrawal from the Union. Therefore, the process of execution of European arrest warrants will continue to be the same as present, until at least 31st December 2021, when the withdrawal transition period from the Union by the United Kingdom is expected to be completed. In such a way, the agreements established by the Council of Justice and Interior of the European Union will be upheld.

Similarly, during the transition period, the process of exchange of information referring to police records and penal records will continue to be the same as before the application of the Brexit initiative, via the European Criminal Records Information System (ECRIS), in order to streamline court proceedings in penal terms for the different member states of the Union. Once the transition period is completed, the ECRIS will stop functioning as a mechanism of information exchange between the United Kingdom and the remaining member states.

The same article also foresees the participation of the competent UK authorities in those investigation teams already in operation before the end of the transition process, with the same aim of consolidating cooperation between member states of the Union in penal cases. In order to finalise ongoing legal proceedings, Eurojust can continue to provide the UK with information and vice versa.

The agreement also foresees mechanisms for police activities and cooperation in United Kingdom territory and that of state members that the United Kingdom is involved with. These are established in article 63 of the draft.

Apart from the agreements in terms of police and judicial cooperation already mentioned, article 156 of the draft of the agreement establishes that the United Kingdom is obliged to continue to contribute, until the end of the transition period in December 2021, to the financing in accordance with Gross National Income (GNI) of different European agencies dedicated to security and defence issues: the European Defence Agency, the Institute of Security Studies of the European Union, the Centre of Satellites of the European Union. It will also have to continue to meet the proportional part of costs, in accordance with its Gross National Product (GNP) of the EU’s Common Policy operations of Security and Defence.

These contributions will have to be made in accordance with the principle of complete cooperation and good faith, established by article 5 of the draft. Both parts must take the necessary measures to ensure obligations arising from the Brexit agreement are fulfilled.

In the following link you can find the complete draft of the Great Britain and Northern Ireland withdrawal agreement from the European Union and from the European Atomic Energy Union, published on 14 November 2018:


Aquest apunt en català / Esta entrada en español / Post en français

Some measures against terrorism become permanent in France

The President of the French Republic passed, last 30 October 2017, Law 2017-1510, to reinforce internal security and fight against terrorism. The norm took effect the following day, when it was published in the Official Journal. The immediate consequence was the conclusion of the state of emergency in which France had lived since 13 November 2015. The new law makes some measures applied during the state of emergency permanent and specifies others to reduce their effects on civil rights.

The most noteworthy measures are:

  • To establish perimeters of protection to give support to events or venues with a high level of exposure (sports, cultural events…).
  • To allow for the closure of places of worship that incite or advocate terrorism or incite hatred and discrimination.
  • To allow the administrative authority to implement controls and measures for individual monitoring of persons who may be a particularly serious threat.
  • To allow government delegates to order, with prior legal authorisation, the monitoring of places frequented by persons linked to terrorism.
  • To allow for administrative investigations to be carried out on civil servants at risk of being radicalised.
  • To carry out identity checks in border areas and at a perimeter of 10 Kms from airports and international railway stations.
  • To adapt French law to the Passenger Name Record (PNR)[1].
  • To extend the length and the perimeter of control of border areas.
  • To introduce a new system to monitor communications.
  • To create a new penal offence: parents who incite their children to commit terrorist acts or to travel abroad for this reason will incur a sentence of 15 years in prison and a fine of 225,000€. They may also lose parental power.

According to official sources of the French government, this legal reform is motivated by the necessity to adapt the legal corpus to fight effectively against terrorism within the framework of common law and end the state of emergency the country was exposed to. It is important to remember that the state of emergency in France was conceived as a way of addressing exceptional circumstances when need be; limiting the exercise of certain public freedoms like freedom of assembly and demonstration; finally, it gave the administration special powers over common law.

Links of interest:

[1] A record of the names of passengers who enter or leave French territory by sea or by air in order to allow for a better monitoring of risk-related movements.


Aquest apunt en català / Esta entrada en español / Post en français

The long-awaited public security law arrives in Italy

After over fifteen years of having contrasted the need to regulate in the area of public safety, last 20 February the Decree law num.14 was passed with urgent public security provisions. The new regulations apply to the whole country; indeed, it is passed as an instrument of cooperation between the state, regions and localities. It seems to organise a kind of governance of public security to ensure that different territorial levels have to abide by cooperation agreements in this area. It is based on the concept of a considerably wide scope of “public security”, which reflects contributions from the latest related literature, which insists on mainstreaming security.

The legal text defines urban security as a public resource which encompasses cohabitation and decorum in cities (art. 4). In order to maintain this resource, actions aimed at the reclassification of degraded areas must be undertaken, marginalising factors and social exclusion must be eliminated, crime must be prevented, social cohesion must be promoted and the law must be respected. The state, regions and municipalities must collaborate in this type of interventions in accordance with their competences.

After this definition, the legal area would be revolutionised,[1] most measures included in the text, as some critics have stated,[2] are traditional ones, of a sanctioning nature or of situational prevention. For example, the power of mayors is increased in order to limit the timetable  for the sale of alcoholic drinks (art. 8) or it establishes the distancing of railway lines, airports, shipping and public transport from people who disrupt them or who prevent others from using them (art. 9). This measure seems to have been imported from sports regulations, which already foresaw the possibility of stopping those who have behaved violently from entering stadiums.

If this behaviour was repeated, the questor, the provincial public security authority in Italy, can ban entry into such venues for a minimum of 1 year and a maximum of 5 years.

The text also foresees the possibility of prohibiting certain professional activities for people who have been found guilty of certain types of crime, such as drug trafficking. The prohibition may include a ban on entering places related with these activities and parking in the neighbourhood (art. 13).

There are also specific powers attributed to the prefectes, state representatives in the province, which may give priority to vacating occupied buildings if they believe that its occupation endangers public safety. In this case, they can request the effective intervention of the police to ensure that it is vacated (art.11).

Everything suggests that the Decree Law will be validated soon by Parliament (possibly when this text is published it will have been passed), because other factors could lead to the fall of the government, bearing in mind the complicated political situation at the moment in Italy. Whether the opposition will ask for a commitment to modify it in the future remains to be seen.

[1] This is not so in the regulatory area, as ex-minister Maroni had already defined the Decree of 5 August 2008 in a similar way, a practice questioned by the Constitutional Court.

[2] See, for example, the brief article of Gian Guido Nobili in the magazine Il Mulino.


Aquest apunt en català / Esta entrada en español / Post en français

New norms to regulate drones to guarantee safety and privacy in the European Union

Drones, small remote-controlled aircraft, can be used to take photographs from the air, film a football match from the air, spread herbicides and pesticides over crops and monitor forest fires. Despite their usefulness, they are also a risk to air safety and privacy.

The Transport Commission of the European Union gave its support to these new norms put forward by the European Commission to guarantee safety and privacy in the EU.

drone-407393_1920At present, drones weighing less than 150 kilos are regulated nationally. In the EU, the regulating framework is fragmented: different certificates and technical and safety standards, which cause a real headache for operators and transnational manufacturers. Members of the European Parliament want basic prerequisites which drones weighing less than 150 kilos have to comply with to be included in EU legislation to ensure coherence and clarity. Furthermore, they ask for an obligatory record of drones weighing more than 250 grams and demand that operators have the necessary skills to pilot a crewless plane in a public domain.

This way, most toy drones, which are currently the most commonplace, will not be affected by this prerequisite.

The present characteristics of the various national regulations concerning drones are the following:

  • Civil drones: different countries, different regulations. A drone is a crewless aircraft which is permitted as long as it is remote controlled, but it is still not authorised to operate if it is completely automated.
  • In most countries, crewless planes weighing over 20-25 kilos need special authorisation (record, flight permit, pilot’s licence and technical assessment).
  • Drones are regulated nationally if they weigh from 0 to 150 kilos, whereas if they are more than 150 kilos they are regulated by the European Union.
  • Small civil drones weighing less than 25 kilos are the most popular. In the European Union, during 2015 1.7 million were sold, 98% of which weighed less than 2 kilos.
  • At present there are over 3 millions drones in use -according to estimations made in several EU countries-, excluding “toys” and model aircraft.
  • The maximum flying capacity also differs depending on the country. The most restrictive is Belgium, with 90 metres. Spain is mid-table with a permitted height of 125 metres, and other countries like France and Italy permit a maximum of 150 metres.
  • Concerning the distance deemed to be safe as far as buildings, persons or vehicles is concerned,this is at least 50 metres.

Links of interest:


Aquest apunt en català / Esta entrada en español / Post en français

A step forward in the integration of local police forces in police statistics

On 18 July the decree to shape the Centre for the Elaboration of Police Data in the Basque Country , formally created by the Law 15/2012, of 28 June, for the organisation of the public security system in the Basque Country. The centre is defined as an administrative organ with competence for dealing with (gathering, storing, elaboration, classification and communication) data which is necessary for police agencies. The definition is very significant for a range of reasons.

28_udaltzaingoa01First of all, it aims to create a sole data base for both the Ertzaintza as well as Euskadi’s local police forces. The municipalities affected sign specific agreements with the Department of the Interior to give structure to the participation of local police forces, related to areas to be the focus of shared information, their characteristics and technical requirements necessary for the use of common data bases.

The Basque Country thereby joins the process initiated in Catalonia in 2002, which has meant that the immense majority of Catalonia’s local police forces (208 of 214) share the same data base with the Mossos d’Esquadra, with information of police interest. This process has also required signing ad hoc* agreements with each and every municipality to ensure the incorporation of its local police service.

Taking into account the development and dimensions that local police forces have had over recent decades, the inclusion of data relative to their activities is very relevant in a common instrument which facilitates an environment which is more in tune with the context of security. Police data shows one black spot because of the low level of complaints in reference to criminal activities for several reasons. If, furthermore, the data corresponding to police forces with the biggest presence within a territory are not added to police statistics, an important part of the information about police activity which may be of interest, for example, to resolve cases or generate intelligence, is lost.

Secondly, the Basque centre offers an interesting new concept: the organism is defined within the framework of the Department of the Interior (more specifically of the Deputy Council of Security), but beyond the structure of the police, which may create a small distance from the day-to-day organisation of the main police force (the Ertzaintza) and offers a more global idea as a data base for the whole police service in the Basque Country. The incorporation of a representative of the Ertzaintza, and another from local police forces, with a computer expert and another expert in fundamental rights, means that the Centre of Data Elaboration is a technical organ with plenty of autonomy in relation to the organisations which will provide it with data.

If this initiative is consolidated —we must think so—, other actors will have to take measures in the same direction, as, otherwise, comparing police statistics will become impossible, as in the rest of the country police data does not include local police records. This is the current situation when the Ministry of the Interior compares data with the Department of the Interior of the Generalitat, which respond to different realities and therefore create confusion. The Ministry only includes data from the Policia Nacional and the Guardia Civil, whereas the Department of the Interior, as well as the Mossos d’Esquadra’s data, also includes data from Catalonia’s local police forces, and obviously records higher crime rates.

* Refer to this example,agreement.


Aquest apunt en català / Esta entrada en español / Post en français

More security on the network and information systems in the European Union

Last 19 July, the Official Journal of the European Union (OJ) published the Directive (UE) 2016/1148 of the European Parliament and of the Council of 6 July, concerning measures for a high common level of security of network and information systems across the European Union.

25-ue_seguretatThe text includes 75 legal foundations, 27 articles and 3 annexes. Article 25 establishes that the member states must adopt and publish, by 9 May 2018 at the latest, the legal, regulative and administrative provisions to complement the directive’s requirements and apply the planned measures from 10 May of the same year.

According to article 1, measures to be applied to meet the objective of improving the workings of the internal market, within the framework of achieving a common high level on networks and information systems within the European Union, are the following:

  • Oblige all member states to adopt a national security strategy for the network and information systems.
  • Create a cooperation group to provide support and facilitate strategic cooperation and information exchange between the member states and develop trust and security among them.
  • Create a network of teams to respond to situations involving computer security (the CSIRTnetwork – Computer Security Incident Response Teams) to contribute to the development of trust and safety among member states and promote operational cooperation which is fast and efficient.
  • Set requirements concerning security and information for essential service operators1) and digital providers.
  • Set out obligations so that member states can appoint competent national authorities, single points of contact and CSIRT with functions related to network security and information systems.

1) Article 4.4 of the directive defines them as a public or private entity of energy subsectors (electricity, crude oil and gas); transport (air, rail, sea and river, and by road); banking; the infrastructure of financial markets; the healthcare sector; provision and distribution of drinking water, and digital infrastructure.


Aquest apunt en català / Esta entrada en español / Post en français

Measures to control the increase in crime and threats to air space using drones

17_dronesWhen in 2013 a drone landed on the stage during a talk by the German chancellor, Angela Merkel, the incident ended up being little more than an anecdote. But since then the number of such cases and crimes recorded using such devices has increased, many of which have received media attention: in 2014, a drone flew over seven French nuclear power plants; in April 2015, a drone landed in the office of the Japanese Prime Minister; in October 2015, a drone exploded near the Washington Monument, and last July, a Lufthansa plane with 108 passengers on board had to modify its route to avoid hitting a drone.

2015 was the year when statistics revealed a notable increase in the use of drones in many European countries and especially the United States, where 28 of a total of 241 reports were made related to drones which involved pilots having to make manoeuvres to avoid a crash.

The case of the UK illustrates this increase. The Thames Valley Police recorded an increase of 21 incidents in 2014 and of 80 in 2015; London’s Metropolitan Police, one more case in 2014 and 21 in 2015, and the Greater Manchester Police, the first 58 incidents in 2015. According to Scotland Yard, some of the drone-related crimes in the country include sexual crimes and transporting drugs to a prison.

This has led to several countries such as Spain, France, Germany and the UK itself, to intensify laws regulating the use of drones, controlling distances for safety purposes and controlling the permitted weight and altitude.

Other measures, in the case of the United States, have included an agreement signed in September 2015 by the Federal Aviation Administration (FAA) and the company California Analysis Center, Inc. (CACI) to develop technology which facilitates the monitoring of the connection between a drone and the person operating it. The very FAA says that it receives approximately 100 complaints monthly from pilots who see devoices flying near airports and in air space where the presence of drones is prohibited.

In an effort to foresee risks and combat possible incidents, the Netherlands police force has published a video with the collaboration of the company Guard From Above, in which birds of prey intercept drones, a procedure regarded as one of the possible mechanisms to control threats.

• For further information about the FAA agreement CACI you can consult the official statement.

• You can consult the 2005 Report of London’s Metropolitan Police related to drones.

• If you would like further information about the company which offers a training service for birds to be able to catch drones, Guard From Above, you can visit its webpage.


Aquest apunt en català / Esta entrada en español / Post en français

Critical infrastructures: basic guidelines, safety plans and specific protection plans


The normal working of essential services for the general population is based on a series of infrastructures administered both publicly and privately, the functioning of which does not allow for alternative solutions: the so-called critical infrastructures. For this reason, a homogeneous and global policy needs to be designed within organisations, specifically aimed at critical infrastructures, defining subsystems of security which will be introduced to protect them. The objective is to prevent their destruction, interruption and disruption, thereby avoiding any subsequent damage to the provision of essential services to the population.

Law 8/2011, 28 April, in accordance with which measures are established for the protection of critical infrastructure, aims to establish appropriate organisational strategies and structures which allow for the management and coordination of the workings of a range of organs of public administration in relation to the protection of critical infrastructure, once they are identified and confirmed. The collaboration and involvement of the organisms and companies (critical operators) of these infrastructures are also encouraged in order to optimise the level of protection in the face of these intentional attacks which may affect the provision of essential services. Royal decree 704/2011, 20 May, which approves the regulations corresponding to the protection of critical infrastructure, sets out this law.

Article 13 of the same Law 8/2011 specifies commitments for public and private critical operators, stressing the need to elaborate an operator security plan (PSO) and specific protection plans to be determined (PPE).

There are further details available in Resolution 8 September 2015 of the State Department of Security, in accordance with which new minimum components of the security plans of the operator and of plans of specific protection are passed.


Aquest apunt en català / Esta entrada en español / Post en français