THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty establishing the European Community, and in particular Article 80(2) thereof,

Having regard to the proposal from the Commission,

Having regard to the opinion of the European Economic and Social Committee [1],

Having regard to the opinion of the Committee of the Regions [2],

Acting in accordance with the procedure laid down in Article 251 of the Treaty [3],

Whereas:

(1) Security incidents resulting from terrorism are among the greatest threats to the ideals of democracy, freedom and peace, which are the very essence of the European Union.

(2) People, infrastructure and equipment in ports should be protected against security incidents and their devastating effects. Such protection would benefit transport users, the economy and society as a whole.

(3) On 31 March 2004 the European Parliament and the Council of the European Union adopted Regulation (EC) No 725/2004 [4] on enhancing ship and port facility security. The maritime security measures imposed by that Regulation constitute only part of the measures necessary to achieve an adequate level of security throughout maritime-linked transport chains. That Regulation is limited in scope to security measures on board vessels and the immediate ship/port interface.

(4) In order to achieve the fullest protection possible for maritime and port industries, port security measures should be introduced, covering each port within the boundaries defined by the Member State concerned, and thereby ensuring that security measures taken pursuant to Regulation (EC) No 725/2004 benefit from enhanced security in the areas of port activity. These measures should apply to all those ports in which one or more port facilities covered by Regulation (EC) No 725/2004 are situated.

(5) The security objective of this Directive should be achieved by adopting appropriate measures without prejudice to the rules of the Member States in the field of national security and measures which might be taken on the basis of Title VI of the Treaty on European Union.

(6) Member States should rely upon detailed security assessments to identify the exact boundaries of the security-relevant port area, as well as the different measures required to ensure appropriate port security. Such measures should differ according to the security level in place and reflect differences in the risk profile of different sub-areas in the port.

(7) Member States should approve port security plans which incorporate the findings of the port security assessment. The effectiveness of security measures also requires the clear division of tasks between all parties involved as well as regular exercises. This clear division of tasks and the recording of exercise procedures in the format of the port security plan is considered to contribute strongly to the effectiveness of both preventive and remedial port security measures.

(8) Roll-on roll-off vessels are particularly vulnerable to security incidents, in particular if they carry passengers as well as cargo. Adequate measures should be taken on the basis of risk assessments which ensure that cars and goods vehicles destined for transport on roll-on roll-off vessels on domestic and international routes do not cause a risk to the vessel, its passengers and crew or to the cargo. The measures should be taken in a way which impedes as little as possible the fluidity of the operations.

(9) Member States should be able to establish port security committees entrusted with providing practical advice in the ports covered by this Directive.

(10) Member States should ensure that responsibilities in port security are clearly recognised by all parties involved. Member States should monitor compliance with security rules and clearly establish a responsible authority for all their ports, approve all security assessments and plans for their ports, set and communicate as appropriate security levels and ensure that measures are well communicated, implemented and coordinated.

(11) Member States should approve assessments and plans and monitor their implementation in their ports. In order to keep disruption to ports and the administrative burden on inspection bodies to a minimum, the Commission's monitoring of the implementation of this Directive should be conducted jointly with the inspections provided for in Article 9(4) of Regulation (EC) No 725/2004.

(12) Member States should ensure that a focal point for port security takes up the role of contact point between the Commission and Member States. They should inform the Commission which ports are covered by this Directive on the basis of the security assessments carried out.

(13) The effective and standard implementation of measures under this security policy raises important questions in relation to its funding. The funding of extra security measures should not generate distortions of competition. By 30 June 2006, the Commission should submit to the European Parliament and the Council the findings of a study on the costs involved in measures taken under this Directive, addressing in particular the way financing is shared between the public authorities, port authorities and operators.

(14) This Directive respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union.

(15) The measures necessary for the implementation of this Directive should be adopted in accordance with Council Decision 1999/468/EC of 28 June 1999 laying down the procedures for the exercise of implementing powers conferred on the Commission [5].

(16) A procedure should be defined for the adaptation of this Directive to take account of developments in international instruments and, in the light of experience, to adapt or complement the detailed provisions of the Annexes to this Directive, without broadening the scope of this Directive.

(17) Since the objectives of this Directive, namely the balanced introduction of appropriate measures in the field of maritime transport and port policy, cannot be sufficiently achieved by the Member States and can therefore, by reason of the European scale of this Directive, be better achieved at Community level, the Community may adopt measures in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty. In accordance with the principle of proportionality, as set out in that Article, this Directive does not go beyond what is necessary in order to achieve those objectives.

(18) Since this Directive concerns seaports, the obligations herein contained should not be applicable to Austria, the Czech Republic, Hungary, Luxembourg or Slovakia,

---

[1] OJ C 120, 20.5.2005, p. 28.

[2] OJ C 43, 18.2.2005, p. 26.

[3] Opinion of the European Parliament of 10 May 2005 (not yet published in the Official Journal) and Council Decision of 6 October 2005.

[4] OJ L 129, 29.4.2004, p. 6.

[5] OJ L 184, 17.7.1999, p. 23.

1. The main objective of this Directive is to introduce Community measures to enhance port security in the face of threats of security incidents. This Directive shall also ensure that security measures taken pursuant to Regulation (EC) No 725/2004 benefit from enhanced port security.

2. The measures referred to in paragraph 1 shall consist of:

(a) common basic rules on port security measures;

(b) an implementation mechanism for these rules;

(c) appropriate compliance monitoring mechanisms.

1. This Directive lays down security measures which shall be observed in ports. Member States may apply the provisions of this Directive to port-related areas.

2. The measures laid down in this Directive shall apply to every port located in the territory of a Member State in which one or more port facilities covered by an approved port facility security plan pursuant to Regulation (EC) No 725/2004 is or are situated. This Directive shall not apply to military installations in ports.

3. Member States shall define for each port the boundaries of the port for the purposes of this Directive, appropriately taking into account information resulting from the port security assessment.

4. Where the boundaries of a port facility within the meaning of Regulation (EC) No 725/2004 have been defined by a Member State as effectively covering the port, the relevant provisions of Regulation (EC) No 725/2004 shall take precedence over those of this Directive.

For the purpose of this Directive:

1. "port" means any specified area of land and water, with boundaries defined by the Member State in which the port is situated, containing works and equipment designed to facilitate commercial maritime transport operations;

2. "ship/port interface" means the interactions that occur when a ship is directly and immediately affected by actions involving the movement of persons or goods or the provision of port services to or from the ship;

3. "port facility" means a location where the ship/port interface takes place; this includes areas such as anchorages, waiting berths and approaches from seaward, as appropriate;

4. "focal point for port security" means the body designated by each Member State to serve as contact point for the Commission and other Member States and to facilitate, follow up and provide information on the application of the port security measures laid down in this Directive;

5. "port security authority" means the authority responsible for security matters in a given port.

Member States shall ensure that port security measures introduced by this Directive are closely coordinated with measures taken pursuant to Regulation (EC) No 725/2004.

1. Member States shall designate a port security authority for each port covered by this Directive. A port security authority may be designated for more than one port.

2. The port security authority shall be responsible for the preparation and implementation of port security plans based on the findings of port security assessments.

3. Member States may designate a "competent authority for maritime security" provided for under Regulation (EC) No 725/2004 as port security authority.

1. Member States shall ensure that port security assessments are carried out for the ports covered by this Directive. These assessments shall take due account of the specificities of different sections of a port and, where deemed applicable by the relevant authority of the Member State, of its adjacent areas if these have an impact on security in the port and shall take into account the assessments for port facilities within their boundaries as carried out pursuant to Regulation (EC) No 725/2004.
2. Each port security assessment shall be carried out taking into account as a minimum the detailed requirements laid down in Annex I.

3. Port security assessments may be carried out by a recognised security organisation as referred to in Article 11.

4. Port security assessments shall be approved by the Member State concerned.

1. Subject to the findings of port security assessments, Member States shall ensure that port security plans are developed, maintained and updated. Port security plans shall adequately address the specificities of different sections of a port and shall integrate the security plans for port facilities within their boundaries established pursuant to Regulation (EC) No 725/2004.

2. Port security plans shall identify, for each of the different security levels referred to in Article 8:

(a) the procedures to be followed;

(b) the measures to be put in place;
(c) the actions to be undertaken.

3. Each port security plan shall take into account as a minimum the detailed requirements specified in Annex II. Where, and to the extent appropriate, the port security plan shall in particular include security measures to be applied to passengers and vehicles set for embarkation on seagoing vessels which carry passengers and vehicles. In the case of international maritime transport services, the Member States concerned shall cooperate in the security assessment.

4. Port security plans may be developed by a recognised security organisation as referred to in Article 11.

5. Port security plans shall be approved by the Member State concerned before implementation.

6. Member States shall ensure that the implementation of port security plans is monitored. The monitoring shall be coordinated with other control activities carried out in the port.

7. Member States shall ensure that adequate exercises are performed, taking into account the basic security training exercise requirements listed in Annex III.

1. Member States shall introduce a system of security levels for ports or parts of ports.

2. There shall be three security levels, as defined in Regulation (EC) No 725/2004:

- "Security level 1" means the level for which minimum appropriate protective security measures shall be maintained at all times;

- "Security level 2" means the level for which appropriate additional protective security measures shall be maintained for a period of time as a result of a heightened risk of a security incident;

- "Security level 3" means the level for which further specific protective security measures shall be maintained for a limited period of time when a security incident is probable or imminent, although it may not be possible to identify the specific target.

3. Member States shall determine the security levels in use for each port or part of a port. At each security level, a Member State may determine that different security measures are to be implemented in different parts of the port depending on the findings of the port security assessment.

4. Member States shall communicate to the appropriate person or persons the security level in force for each port or part of a port as well as any changes thereto.

1. A port security officer shall be approved by the Member State concerned for each port. Each port shall, where practicable, have a different port security officer, but may, if appropriate, share a security officer.

2. Port security officers shall fulfil the role of point of contact for port security related issues.

3. Where the port security officer is not the same as the port facility(ies) security officer(s) under Regulation (EC) No 725/2004, close cooperation between them shall be ensured.

1. Member States shall ensure that port security assessments and port security plans are reviewed as appropriate. They shall be reviewed at least once every five years.

2. The scope of the review shall be that of Articles 6 or 7, as appropriate.

Member States may appoint recognised security organisations for the purposes specified in this Directive. Recognised security organisations shall fulfil the conditions set out in Annex IV.

Member States shall appoint for port security aspects a focal point. Member States may designate for port security aspects the focal point appointed under Regulation (EC) No 725/2004. The focal point for port security shall communicate to the Commission the list of ports concerned by this Directive and shall inform it of any changes to that list.

1. Member States shall set up a system ensuring adequate and regular supervision of the port security plans and their implementation.

2. The Commission shall, in cooperation with the focal points referred to in Article 12, monitor the implementation of this Directive by Member States.

3. This monitoring shall be conducted jointly with the inspections provided for in Article 9(4) of Regulation (EC) No 725/2004.

Annexes I to IV may be amended in accordance with the procedure referred to in Article 15(2), without broadening the scope of this Directive.

1. The Commission shall be assisted by the committee set up by Regulation (EC) No 725/2004.

2. Where reference is made to this paragraph, Articles 5 and 7 of Decision 1999/468/EC shall apply, having regard to the provisions of Article 8 thereof.

The period laid down in Article 5(6) of Decision 1999/468/EC shall be set at one month.

3. The Committee shall adopt its Rules of Procedure.

1. In applying this Directive, the Commission shall take, in accordance with Decision 2001/844/EC, ECSC, Euratom [6], appropriate measures to protect information subject to the requirement of confidentiality to which it has access or which is communicated to it by Member States.

Member States shall take equivalent measures in accordance with relevant national legislation.

2. Any personnel carrying out security inspections, or handling confidential information related to this Directive, shall have an appropriate level of security vetting by the Member State of which the person concerned is a national.

---

[6] OJ L 317, 3.12.2001, p. 1. Decision as last amended by Decision 2005/94/EC, Euratom (OJ L 31, 4.2.2005, p. 66).

Member States shall ensure that effective, proportionate and dissuasive penalties are introduced for infringements of the national provisions adopted pursuant to this Directive.

1. Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with this Directive by 15 June 2007. They shall forthwith inform the Commission thereof.

When Member States adopt these measures, they shall contain a reference to this Directive or shall be accompanied by such reference on the occasion of their official publication. The methods of making such reference shall be laid down by Member States.

2. Member States shall communicate to the Commission the text of the main provisions of national law which they adopt in the field covered by this Directive.

By 15 December 2008 and every five years thereafter, the Commission shall submit an evaluation report to the European Parliament and the Council based, among other things, on the information obtained pursuant to Article 13. In the report, the Commission shall analyse compliance with this Directive by Member States and the effectiveness of the measures taken. If necessary, it shall present proposals for additional measures.

This Directive shall enter into force on the 20th day following its publication in the Official Journal of the European Union.

This Directive is addressed to the Member States which have ports as referred to in Article 2(2).


Done at Strasbourg, 26 October 2005.

For the European Parliament

The President

J. Borrell Fontelles

For the Council

The President

D. Alexander

The port security assessment is the basis for the port security plan and its implementation. The port security assessment will cover at least:

- identification and evaluation of important assets and infrastructure which it is important to protect;

- identification of possible threats to the assets and infrastructure and the likelihood of their occurrence, in order to establish and prioritise security measures;

- identification, selection and prioritisation of counter-measures and procedural changes and their level of effectiveness in reducing vulnerability; and

- identification of weaknesses, including human factors in the infrastructure, policies and procedures.

For this purpose the assessment will at least:

- identify all areas which are relevant to port security, thus also defining the port boundaries. This includes port facilities which are already covered by Regulation (EC) No 725/2004 and whose risk assessment will serve as a basis;

- identify security issues deriving from the interface between port facility and other port security measures;

- identify which port personnel will be subject to background checks and/or security vetting because of their involvement in high-risk areas;

- subdivide, if useful, the port according to the likelihood of security incidents. Areas will be judged not only upon their direct profile as a potential target, but also upon their potential role of passage when neighbouring areas are targeted;

- identify risk variations, e.g. those based on seasonality;

- identify the specific characteristics of each sub-area, such as location, accesses, power supply, communication system, ownership and users and other elements considered security-relevant;

- identify potential threat scenarios for the port. The entire port or specific parts of its infrastructure, cargo, baggage, people or transport equipment within the port can be a direct target of an identified threat;

- identify the specific consequences of a threat scenario. Consequences can impact on one or more sub-areas. Both direct and indirect consequences will be identified. Special attention will be given to the risk of human casualties;

- identify the possibility of cluster effects of security incidents;

- identify the vulnerabilities of each sub-area;

- identify all organisational aspects relevant to overall port security, including the division of all security-related authorities, existing rules and procedures;

- identify vulnerabilities of the overarching port security related to organisational, legislative and procedural aspects;

- identify measures, procedures and actions aimed at reducing critical vulnerabilities. Specific attention will be paid to the need for, and the means of, access control or restrictions to the entire port or to specific parts of a port, including identification of passengers, port employees or other workers, visitors and ship crews, area or activity monitoring requirements, cargo and luggage control. Measures, procedures and actions will be consistent with the perceived risk, which may vary between port areas;

- identify how measures, procedures and actions will be reinforced in the event of an increase of security level;

- identify specific requirements for dealing with established security concerns, such as "suspect" cargo, luggage, bunker, provisions or persons, unknown parcels, known dangers (e.g. bomb). These requirements will analyse desirability conditions for either clearing the risk where it is encountered or after moving it to a secure area;

- identify measures, procedures and actions aimed at limiting and mitigating consequences;

- identify task divisions allowing for the appropriate and correct implementation of the measures, procedures and actions identified;

- pay specific attention, where appropriate, to the relationship with other security plans (e.g. port facility security plans) and other existing security measures. Attention will also be paid to the relationship with other response plans (e.g. oil spill response plan, port contingency plan, medical intervention plan, nuclear disaster plan, etc.);

- identify communication requirements for implementation of the measures and procedures;

- pay specific attention to measures to protect security-sensitive information from disclosure;

- identify the need-to-know requirements of all those directly involved as well as, where appropriate, the general public.

The port security plan sets out the port's security arrangements. It will be based on the findings of the port security assessment. It will clearly set out detailed measures. It will contain a control mechanism allowing, where necessary, for appropriate corrective measures to be taken.

The port security plan will be based on the following general aspects:

- defining all areas relevant to port security. Depending on the port security assessment, measures, procedures and actions may vary from sub-area to sub-area. Indeed, some sub-areas may require stronger preventive measures than others. Special attention will be paid to the interfaces between sub-areas, as identified in the port security assessment;

- ensuring coordination between security measures for areas with different security characteristics;

- providing, where necessary, for varying measures both with regard to different parts of the port, changing security levels, and specific intelligence;

- identifying an organisational structure supporting the enhancement of port security.

Based on those general aspects, the port security plan will attribute tasks and specify work plans in the following fields:

- access requirements. For some areas, requirements will only enter into force when security levels exceed minimal thresholds. All requirements and thresholds will be comprehensively included in the port security plan;

- ID, luggage and cargo control requirements. Requirements may or may not apply to sub-areas; requirements may or may not apply in full to different sub-areas. Persons entering or within a sub-area may be liable to control. The port security plan will appropriately respond to the findings of the port security assessment, which is the tool by which the security requirements of each sub-area and at each security level will be identified. When dedicated identification cards are developed for port security purposes, clear procedures will be established for the issue, the use-control and the return of such documents. Such procedures will take into account the specificities of certain groups of port users allowing for dedicated measures in order to limit the negative impact of access control requirements. Categories will at least include seafarers, authority officials, people regularly working in or visiting the port, residents living in the port and people occasionally working in or visiting the port;

- liaison with cargo control, baggage and passenger control authorities. Where necessary, the plan is to provide for the linking up of the information and clearance systems of these authorities, including possible pre-arrival clearance systems;

- procedures and measures for dealing with suspect cargo, luggage, bunker, provisions or persons, including identification of a secure area; as well as for other security concerns and breaches of port security;

- monitoring requirements for sub-areas or activities within sub-areas. Both the need for technical solutions and the solutions themselves will be derived from the port security assessment;

- signposting. Areas with access and/or control requirements will be properly signposted. Control and access requirements will appropriately take into account all relevant existing law and practices. Monitoring of activities will be appropriately indicated if national legislation so requires;

- communication and security clearance. All relevant security information will be properly communicated according to security clearance standards included in the plan. In view of the sensitivity of some information, communication will be based on a need-to-know basis, but it will include where necessary procedures for communications addressed to the general public. Security clearance standards will form part of the plan and are aimed at protecting security sensitive information against unauthorised disclosure;

- reporting of security incidents. With a view to ensuring a rapid response, the port security plan will set out clear reporting requirements to the port security officer of all security incidents and/or to the port security authority;

- integration with other preventive plans or activities. The plan will specifically deal with integration with other preventive and control activities in force in the port;

- integration with other response plans and/or inclusion of specific response measures, procedures and actions. The plan will detail interaction and coordination with other response and emergency plans. Where necessary conflicts and shortcomings will be resolved;

- training and exercise requirements;

- operational port security organisation and working procedures. The port security plan will detail the port security organisation, its task division and working procedures. It will also detail the coordination with port facility and ship security officers, where appropriate. It will delineate the tasks of the port security committee, if this exists;

- procedures for adapting and updating the port security plan.

Various types of training exercises which may involve participation of port facility security officers, in conjunction with the relevant authorities of Member States, company security officers, or ship security officers, if available, will be carried out at least once each calendar year with no more than 18 months elapsing between the training exercises. Requests for the participation of company security officers or ships security officers in joint training exercises will be made bearing in mind the security and work implications for the ship. These training exercises will test communication, coordination, resource availability and response. These training exercises may be:

(1) full scale or live;

(2) tabletop simulation or seminar; or

(3) combined with other exercises held such as emergency response or other port State authority exercises.

A recognised security organisation will be able to demonstrate:

(1) expertise in relevant aspects of port security;

(2) an appropriate knowledge of port operations, including knowledge of port design and construction;

(3) an appropriate knowledge of other security relevant operations potentially affecting port security;

(4) the capability to assess the likely port security risks;

(5) the ability to maintain and improve the port security expertise of its personnel;

(6) the ability to monitor the continuing trustworthiness of its personnel;

(7) the ability to maintain appropriate measures to avoid unauthorised disclosure of, or access to, security-sensitive material;

(8) knowledge of relevant national and international legislation and security requirements;

(9) knowledge of current security threats and patterns;

(10) the ability to recognise and detect weapons, dangerous substances and devices;

(11) the ability to recognise, on a non-discriminatory basis, characteristics and behavioural patterns of persons who are likely to threaten port security;

(12) knowledge of techniques used to circumvent security measures;

(13) knowledge of security and surveillance equipment and systems and their operational limitations.

A recognised security organisation which has made a port security assessment or review of such an assessment for a port is not allowed to establish or review the port security plan for the same port.