(fra kommisjonsbeslutningen)

(1) Pursuant to Article 3(1)c of Regulation (EU) 2021/696, Copernicus is an operational, autonomous, user-driven, civil Earth observation system under civil control, building on the existing national and European capacities, offering geo-information data and services, comprising satellites, ground infrastructure, data and information processing facilities, and distribution infrastructure, based on a free, full and open data policy and, where appropriate, integrating the needs and requirements of security; 

(2) Without prejudice to Member States prerogatives in the area of national security, the Commission, as responsible for the Programme should determine the general security requirements applicable to each of the Union Space Programme’s components. 

(3) Pursuant to Article 34(2) of Regulation (EU) 2021/696, based on a risk and threat analysis the Commission shall determine, by means of implementing acts, the general security requirements of the Copernicus component. In doing so, the Commission shall take account of the impact of those requirements on the smooth functioning of Copernicus, in particular in terms of cost, risk management and schedule, and shall ensure that the general level of security is not reduced, that the functioning of the existing equipment based on that component is not undermined and shall take into account cybersecurity risks. 

(4) Pursuant to Article 34(3) of Regulation (EU) 2021/696, the Commission, as the entity responsible for the management of the Copernicus component of the Union Space Programme, shall be responsible for the operational security of that component and shall, to that end, carry out risk and threat analysis and all the necessary activities to ensure and monitor the security of that component and, in particular, setting of technical specifications and operational procedures, and to monitor their compliance with the general security requirements. 

(5) Pursuant to Article 34(7) of Regulation (EU) 2021/696, the entities involved in the Union Space Programme shall take all the necessary measures, including in light of the issues identified in the risk analysis, to ensure the security of the Union Space Programme. 

(6) Pursuant to Articles 29, 30 and 32 of Regulation (EU) 2021/696, the Commission has entrusted, in full or in part, by means of contribution agreements, the implementation of tasks related to the Copernicus space infrastructure and Copernicus Services to the following entrusted entities: European Space Agency, European Organisation for the Exploitation of Meteorological Satellites, European Centre for Medium-Range Weather Forecasts, Mercator Océan International, European Environment Agency, Frontex, European Maritime Safety Agency and EU Satellite Centre. 

(7) The Commission relies on the Joint Research Centre (JRC) scientific and technical support for the implementation of some Copernicus services. The JRC is managing the Copernicus emergency management service and the global component of the Copernicus land monitoring service and is therefore considered in this Decision as a Copernicus entrusted entity implementing entrusted tasks. 

(8) The Copernicus general security requirements should apply to the above-mentioned entrusted entities when implementing the Copernicus tasks entrusted by the Commission, except to the EU Satellite Centre. 

(9) Copernicus is an operational system thanks to the infrastructures, equipment and assets already developed and operated by the entrusted entities. Therefore, considering the establishment of the Copernicus general security requirements after the start of implementation of the entrusted tasks, some flexibility regarding the timeframe for their application by the entrusted entities is deemed necessary. 

(10) Pursuant to Article 34(2) of Regulation (EU) 2021/696, the Commission has concluded in 2023 a risk and threat analysis for Copernicus that is the basis for the Copernicus general security requirements provided for in this Decision. 

(11) Pursuant to Article 38(2)e of Regulation (EU) 2021/696, the Security Accreditation Board was consulted and provided an advice which was taken into account. 

(12) Pursuant to Article 107 of Regulation (EU) 2021/696, for the purposes of the adoption of implementing acts referred to in Article 34(2) of the same Regulation, the Commission is assisted by the Programme Committee in the security configuration. 

(13) The measures provided for in this Decision are in accordance with the opinion of the security configuration of the Programme Committee established by Article 107 of Regulation (EU) 2021/696.