法律人 LawPlayer logo

資料由法律人 LawPlayer整理提供·EU law / curated by LawPlayer from EUR-Lex

Decision

Commission Decision (EU) 2021/2121 of 6 July 2020 on records management and archives

CELEX
Decision (EU) 2021/2121
Date of document
Articles
23
Source
EUR-Lex
Article 1Subject matter

This Decision lays down rules concerning:

(a)

the management of Commission records and archives;

(b)

the preservation and opening to the public of the Commission’s archives and the deposit of the Commission’s historical archives at the Historical Archives of the European Union at the European University Institute (EUI) in Florence.

Article 2Scope

This Decision applies to records held by the Commission and to its archives, irrespective of their form, medium, age and location.

It may apply, by specific agreement, to records held by other entities responsible for applying certain Union policies or to records exchanged via data transmission networks between administrations and the Commission.

Article 3Definitions

For the purposes of this Decision, the following definitions shall apply:

(1)

‘record’ means information, received and created in the form of a document  ( 8 ) , a collection of data or other form in a digital or analogue medium that is captured in an official repository and managed and maintained as evidence and as an asset  ( 9 ) ;

(2)

‘metadata’ means any information describing the context, content and structure of records and their management over time for the purposes of, inter alia, retrieval, accessibility and reuse;

(3)

‘digitisation’ means the process of transforming a record on paper or any other traditional medium into an electronic rendition;

(4)

‘official repository of records’ means a system, recognised and approved by the Secretariat-General, in which records held by the Commission are collected, organised and categorised to facilitate records retrieval, distribution, use, disposal or preservation;

(5)

‘capture’ means the insertion of a document into an official electronic repository by combining a unique identifier and metadata  ( 10 ) ;

(6)

‘unique identifier’ means a sequence of digits or letters, or both, unambiguously assigned to a record by a machine or person and which identifies that record as unique and distinct from all other records;

(7)

‘registration’ means capturing a record into a register, establishing that it is complete and properly constituted from an administrative and/or legal standpoint and certifying that it has been sent by an author to an addressee on a given date, as incoming or outgoing mail, or has been incorporated into one of the Commission’s official repositories;

(8)

‘file’ means an aggregation of records organised in line with the Commission’s activities, for reasons of proof, justification or information and to guarantee efficiency in the work; the group of records making up the file is organised in such a way as to form a coherent and relevant unit in terms of the activities conducted by the Commission or its departments;

(9)

‘filing plan’ means an instrument with a hierarchical and logical structure, in the form of a tree structure with a number of interlinked headings, which enables files (or other aggregations of records) to be intellectually organised and linked to the context in which they were drawn up, on the basis of the functions, activities and working processes;

(10)

‘authenticity’ means the fact that a record can be proved to be what it purports to be, to have been created or sent by the person purported to have created or sent it and to have been created or sent when purported  ( 11 ) ;

(11)

‘reliability’ means the fact that the content of a record can be trusted as a full and accurate representation of the transactions, activities or facts to which they attest and that the record can be depended upon in the course of subsequent transactions or activities  ( 12 ) ;

(12)

‘integrity’ means the fact that a record is complete and unaltered  ( 13 ) ;

(13)

‘validity’ means the fact that a document has all the intrinsic and extrinsic characteristics required by its production context, necessary in order to be accepted as an expression of its author with all its legal consequences;

(14)

‘admissibility’ means the fact that a document has all the intrinsic and extrinsic characteristics required by its reception context, necessary for it to be accepted as an expression of its author with all its legal consequences;

(15)

‘preservation’ means all technical processes and operations which make it possible to keep records over time, to maintain their integrity and authenticity and to guarantee access to their content.

Article 4Creation

1.   The author of any newly created information shall analyse it in order to determine the electronic management system by which the information is to be managed, if it is to be captured and in which official repository system it is to be preserved.

2.   Records shall be created in accordance with the formal requirements set out for the relevant type of records.

3.   The Commission’s records shall be created as electronic records and shall be kept in its official electronic repositories.

However, in the following situations records may be created in a different medium or kept in a different manner:

(a)

where a provision of Union or national law so requires;

(b)

where protocol convenience imposes paper medium;

(c)

where practical reasons impede digitisation of the document;

(d)

where the preservation of the original analogue document has an added value because of its form or the material from which it is made or for historical reasons.

Article 5Digitisation

1.   Information in analogue media created or received by the Commission shall be systematically digitised. The resulting electronic renditions, when captured in an official electronic repository, shall replace the corresponding original analogue documents, unless a handwritten signature is required by a provision of Union law or the law of the Member State or third country concerned.

2.   Implementing rules adopted pursuant to Article 22 shall set out the procedural and technical details of digitisation, the applicable exceptions and the elimination of analogue records following their digitisation.

Article 6Capture

1.   Each directorate-general or equivalent department shall regularly review the types of information created or received in the course of its activities to identify which ones are to be captured in an official electronic repository and, taking account of the context in which they were produced, to organise the management of these throughout their life cycle.

2.   The captured records shall not be altered. They may be removed or replaced by subsequent versions until the file they belong to is closed.

Article 7Registration

1.   Documents shall be registered if they contain important information which is not short-lived or if they may involve action or follow-up by the Commission or one of its departments.

2.   Registers shall be set up to generate unique identifiers for the registered records.

Each register shall be connected to one or more electronic repositories. Exceptions may be made for security reasons.

Article 8Filing plan

The Commission’s filing plan shall use a common file classification across all Commission departments. That classification shall form part of the Commission’s activity-based management.

Article 9Computerised processes and systems

The directorates-general and equivalent departments shall keep and manage their records by means of computerised processes and computerised systems and structures with interfaces to ensure storage of, access to and recovery of records, unless required otherwise by a Commission provision.

Article 10Legal effects of electronic signatures, seals, timestamps and registered delivery services

1.   A qualified electronic signature  ( 14 ) shall have the equivalent legal effect of a handwritten signature.

2.   A qualified electronic seal  ( 15 ) shall enjoy the presumption of integrity of the data and of correctness of the origin of that data to which the qualified electronic seal is linked.

3.   A qualified electronic time stamp  ( 16 ) shall enjoy the presumption of the accuracy of the date and the time it indicates and the integrity of the data to which the date and time are bound.

4.   Data sent and received using a qualified electronic registered delivery service  ( 17 ) shall enjoy the presumption of the integrity of the data, the sending of that data by the identified sender, its receipt by the identified addressee and the accuracy of the date and time of sending and receipt indicated by the qualified electronic registered delivery service.

Article 11Validity of documents and procedures

1.   A document created or received by the Commission shall be considered to satisfy the validity or admissibility criteria where the following conditions are met:

(a)

the person from whom it originates is identified;

(b)

the context in which the document was produced is reliable and the document meets the conditions that guarantee its integrity;

(c)

the document complies with the formal requirements set out in the applicable Union or national law;

(d)

in the case of an electronic document, the document is created in a way that guarantees the integrity, reliability and usability of its content and the accompanying metadata.

2.   An electronic rendition created by digitising an analogue document created or received by the Commission shall be considered to satisfy the validity or admissibility criteria where the following conditions are fulfilled:

(a)

no signature is required by a provision of Union law or the law of a Member State or third country concerned;

(b)

its format offers guarantees of integrity, reliability, durability, readability over time and ease of access to the information it contains.

Where a signed analogue document is not required, such an electronic rendition may be used for any exchange of information and for any internal procedure within the Commission.

3.   Where a provision of Union or national law requires a signed original of a document, a document drawn up or received by the Commission shall satisfy that requirement if the document contains any of the following:

(a)

one or more handwritten or qualified electronic signatures;

(b)

one or more electronic signatures, other than qualified, providing sufficient guarantees about the identification of the signatory and the expression of their will in the signed document.

4.   Where a procedure specific to the Commission requires the signature of an authorised person or the approval of a person at one or more stages of the procedure, the procedure may be managed by computer systems, provided that each person is clearly and unambiguously identified and that the system in question provides guarantees that the content is not altered during the procedure.

5.   Where a procedure involves the Commission and other entities and requires the signature of an authorised person or the approval of a person at one or more stages of the procedure, the procedure may be managed by computer systems meeting conditions and providing technical assurances determined by mutual agreement.

Article 12Provision of data and information within the Commission

1.   Data and information shall be made available and shared as widely as possible within the Commission, unless legal obligations require access to be limited.

2.   In the interest of information sharing, directorates-general and equivalent departments shall ensure that their files are as widely accessible as the sensitivity of their content allows.

Article 13Information security and protection

Records shall be managed in accordance with the Commission’s security rules applicable to the protection of information. To this end, records, files, information systems and archives, including their networks and means of transmission, shall be protected by appropriate security measures for the management of classified information, sensitive non-classified information and personal data  ( 18 ) .

Classified information shall be processed in accordance with the rules in force on security.

Article 14Storage and preservation

1.   Storage and preservation shall take place under the following conditions:

(a)

records shall be stored in the form in which they were created, sent or received or in a form which preserves the authenticity, reliability and the integrity of their content and of the accompanying metadata;

(b)

the content of records and their relevant metadata must be readable throughout their period of storage by any person authorised to have access to them;

(c)

where records are sent or received electronically, the information required to determine the origin or destination of the record and the date and time of the capture or registration, shall be part of the minimum metadata to be stored;

(d)

as regards electronic procedures managed by IT systems, information about the formal stages of the procedure shall be stored under such conditions as to ensure that those stages and the authors and participants can be identified.

2.   The Secretary-General shall ensure the implementation of a digital preservation strategy to ensure long-term access to electronic records on the basis of the retention lists referred in Article 15(1). The strategy shall be drawn up in cooperation with the Commission’s Historical Archives Service and shall ensure that processes, tools and resources are in place to ensure the authenticity, reliability and integrity of records and their accessibility.

Article 15Retention, transfer and elimination

1.   The retention period for the various categories of files and, in certain cases, records, shall be set for the whole Commission by way of regulatory instruments, such as the common retention list, or one or more specific retention lists drawn up on the basis of the organisational context, the existing legislation and the Commission’s legal obligations.

2.   Directorates-general and equivalent departments shall regularly conduct an appraisal of records and files managed by them to assess whether they shall be transferred to the Commission’s historical archives referred to in Article 16, or eliminated.

However, a set of metadata on records and files shall be retained in the original electronic repository as evidence of such records and files and their transfer or elimination.

3.   EU classified information with a classification of CONFIDENTIEL UE/EU CONFIDENTIAL or higher shall not be transferred to the Commission’s Historical Archives Service.

Article 16Commission’s Historical Archives Service

The tasks of the Commission’s Historical Archives Service shall be to:

(a)

guarantee the authenticity, reliability and integrity of and access to the Commission’s records, files and archives which have been transferred to it;

(b)

ensure the material protection and integrity of the metadata of records and files provided by the transferring departments;

(c)

make records and files available on request to the directorates-general or equivalent departments;

(d)

undertake, where necessary and in cooperation with the originating directorate-general or equivalent department or its successor, a second review of all transferred records, files and archives;

(e)

initiate the declassification of classified documents as referred to in Articles 3 and 5 of Regulation (EEC, Euratom) No 354/83;

(f)

open the Commission’s historical archives to the public after the expiry of a period of 30 years, except for those records covered by exceptions relating to the privacy and integrity of individuals, or the commercial interests of a natural or legal person, including intellectual property;

(g)

deposit the Commission’s historical archives that have been opened to the public at the Historical Archives of the European Union at the EUI.

Article 17Processing of personal data contained in the Commission’s historical archives

1.   The following derogations from the rights of data subjects shall apply in accordance with Article 25(4) of Regulation (EU) 2018/1725, as necessary to fulfil archiving purposes in the public interest and to preserve the integrity of the Commission’s historical archives, in particular:

(a)

the right of access  ( 19 ) , in so far as the request of the data subject does not allow for the identification of specific records without involving disproportionate administrative effort. In assessing the action to be taken on the request of the data subject and the administrative effort required, particular account shall be taken of the information provided by the data subject and the nature, scope and size of the records potentially concerned;

(b)

the right to rectification  ( 20 ) , in so far as rectification renders it impossible to preserve the integrity and authenticity of records selected for permanent preservation in the Commission’s historical archives, without prejudice to the possibility of a supplementary statement or annotation to the record concerned, unless this proves impossible or involves disproportionate effort;

(c)

the obligation to notify the rectification or erasure of personal data  ( 21 ) in so far as this proves impossible or involves disproportionate effort;

(d)

the right to object to the processing  ( 22 ) , in so far as the personal data are contained in records selected for permanent preservation in the Commission’s historical archives as an integral and indispensable part of these records.

2.   The Commission shall implement appropriate safeguards to ensure compliance with Article 13 of Regulation (EU) 2018/1725. Such safeguards shall include technical and organisational measures, in particular, in order to ensure respect for the principle of data minimisation. The safeguards shall include:

(a)

the files to be transferred to the Commission’s historical archives shall be selected following a case-by-case assessment according to the Commission’s retention lists. All the other files, including structured personal data files, such as personal and medical files, shall be eliminated at the end of the administrative retention period;

(b)

the retention lists shall provide for the administrative elimination of certain types of records before the end of the administrative retention period. Consequently, these types of records shall not be processed for archiving purposes in the public interest;

(c)

prior to processing for archiving purposes in the public interest, the directorate-general or equivalent department shall report the potential presence of records covered by Article 2(1) of Regulation (EEC, Euratom) No 354/83 in the files to be transferred to the Commission’s historical archives;

(d)

before any Commission file is opened to the public, the Commission’s Historical Archives Service shall review it to verify the possible presence of records covered by the exceptions indicated in Article 2(1) of Regulation (EEC, Euratom) No 354/83, including on the basis of the signposting referred to in point (c) with the aim of protecting personal data.

3.   The Commission shall record the reasons for derogations applied pursuant to this Decision. The record and, where applicable, the documents concerning the factual or legal context shall be registered. They shall be made available to the European Data Protection Supervisor on request.

4.   The Data Protection Officer of the Commission shall be informed, as soon as possible of the application of derogations from data subject rights in accordance with this Decision. Upon request, the Data Protection Officer shall be provided with access to the associated records and any documents setting out the factual or legal context.

Article 18Deposit of the Commission’s historical archives at the EUI

1.   The Commission’s Historical Archives Service shall provide the EUI, where possible, with access to digitised copies of records held in an analogue medium.

2.   The EUI shall be the main access point to the Commission’s historical archives that are open to the public.

3.   The Commission’s Historical Archives Service shall send the EUI descriptions of the archives deposited. In accordance with international standards and to facilitate the exchange of metadata, the Commission will promote interoperability between its archives systems and those of the EUI.

4.   The EUI acts as a processor  ( 23 ) in accordance with Article 3 of Regulation (EU) 2018/1725, under instructions from the Commission, which acts as the controller  ( 24 ) of personal data contained in its historical archives, deposited at the EUI. The Commission’s Historical Archives Service provides, on behalf of the Commission, the necessary instructions for the processing of personal data contained in the Commission’s deposited archives by the EUI and monitors its performance.

5.   Classified information shall not be deposited at the EUI.

Article 19Governance at Commission level

1.   Each director-general or head of department shall put in place the necessary organisational, administrative and physical structure and provide the staff required to implement this Decision and the implementing rules by their departments.

2.   The Secretariat-General shall be responsible for ensuring that this Decision and its implementing rules are applied.

3.   The Directorate-General for Informatics shall be responsible for providing the technological infrastructure to implement this Decision.

Article 20Network of document management officers

1.   Each director-general or head of department shall designate a document management officer to maintain a modern and efficient records management system in their department and to ensure coordination within their department, with the Secretariat-General and the other departments of the Commission.

2.   The role of the network of document management officers, chaired by the Secretariat-General, shall be to:

(a)

ensure the correct and uniform application of this Decision within the directorates-general and equivalent departments;

(b)

deal with any issues which may arise from its application;

(c)

share the requirements of directorates-general and equivalent departments as regards training and support measures.

Article 21Information, training and support

The Secretariat-General, in close cooperation with the Directorate-General for Informatics, the Directorate-General for Human Resources and Security and the Commission’s Historical Archives Service, shall put in place the information, training and support measures necessary to ensure the application of this Decision within the directorates-general and equivalent departments.

Article 22Implementing rules

The Secretary-General shall draw up the implementing rules in coordination with the directorates-general and equivalent departments and shall ensure their implementation.

They shall be regularly updated taking account in particular of:

(a)

developments regarding records and archives management and results of academic and scientific research, including the emergence of relevant standards;

(b)

developments in information and communication technologies;

(c)

the applicable rules on the probative value of electronic records;

(d)

the Commission’s obligations as regards transparency, public access to documents and the opening to the public of archives;

(e)

any new obligations by which the Commission may be bound;

(f)

harmonisation in the presentation of records drawn up by the Commission and its departments.

Article 23Final provision

Decision 2002/47/EC, ECSC, Euratom and Decision 2004/563/EC, Euratom have no longer effect.

23 articles

Cite this act

Commission Decision (EU) 2021/2121 of 6 July 2020 on records management and archives (EUR-Lex). Retrieved via LawPlayer, https://lawplayer.com/eu/act/32021D2121

© European Union, https://eur-lex.europa.eu, 1998-2026. Reuse authorised under Commission Decision 2011/833/EU, provided the source is acknowledged.

EU-EurLex-Reuse-2011-833

本頁資料來源:EUR-Lex·整理提供:法律人 LawPlayer· lawplayer.com