THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty establishing the European Community,
and in particular Article 80(2) thereof,
Having regard to the
proposal from the Commission,
Having regard to the opinion of the
European Economic and Social Committee ,
Having regard to the
opinion of the Committee of the Regions ,
Acting in accordance
with the procedure laid down in Article 251 of the Treaty ,
incidents resulting from terrorism are among the greatest threats to the ideals of
democracy, freedom and peace, which are the very essence of the European Union.
(2) People, infrastructure and equipment in
ports should be protected against security incidents and their devastating effects. Such
protection would benefit transport users, the economy and society as a whole.
(3) On 31 March 2004 the European Parliament
and the Council of the European Union adopted Regulation (EC) No 725/2004  on
enhancing ship and port facility security. The maritime security measures imposed by
that Regulation constitute only part of the measures necessary to achieve an adequate
level of security throughout maritime-linked transport chains. That Regulation is
limited in scope to security measures on board vessels and the immediate ship/port
(4) In order to achieve the fullest
protection possible for maritime and port industries, port security measures should be
introduced, covering each port within the boundaries defined by the Member State
concerned, and thereby ensuring that security measures taken pursuant to Regulation (EC)
No 725/2004 benefit from enhanced security in the areas of port activity. These measures
should apply to all those ports in which one or more port facilities covered by
Regulation (EC) No 725/2004 are situated.
The security objective of this Directive should be achieved by adopting appropriate
measures without prejudice to the rules of the Member States in the field of national
security and measures which might be taken on the basis of Title VI of the Treaty on
(6) Member States should rely
upon detailed security assessments to identify the exact boundaries of the
security-relevant port area, as well as the different measures required to ensure
appropriate port security. Such measures should differ according to the security level
in place and reflect differences in the risk profile of different sub-areas in the port.
(7) Member States should approve port
security plans which incorporate the findings of the port security assessment. The
effectiveness of security measures also requires the clear division of tasks between all
parties involved as well as regular exercises. This clear division of tasks and the
recording of exercise procedures in the format of the port security plan is considered
to contribute strongly to the effectiveness of both preventive and remedial port
(8) Roll-on roll-off vessels
are particularly vulnerable to security incidents, in particular if they carry
passengers as well as cargo. Adequate measures should be taken on the basis of risk
assessments which ensure that cars and goods vehicles destined for transport on roll-on
roll-off vessels on domestic and international routes do not cause a risk to the vessel,
its passengers and crew or to the cargo. The measures should be taken in a way which
impedes as little as possible the fluidity of the operations.
(9) Member States should be able to establish
port security committees entrusted with providing practical advice in the ports covered
by this Directive.
(10) Member States should
ensure that responsibilities in port security are clearly recognised by all parties
involved. Member States should monitor compliance with security rules and clearly
establish a responsible authority for all their ports, approve all security assessments
and plans for their ports, set and communicate as appropriate security levels and ensure
that measures are well communicated, implemented and coordinated.
(11) Member States should approve assessments
and plans and monitor their implementation in their ports. In order to keep disruption
to ports and the administrative burden on inspection bodies to a minimum, the
Commission's monitoring of the implementation of this Directive should be conducted
jointly with the inspections provided for in Article 9(4) of Regulation (EC) No
(12) Member States should ensure that
a focal point for port security takes up the role of contact point between the
Commission and Member States. They should inform the Commission which ports are covered
by this Directive on the basis of the security assessments carried out.
(13) The effective and standard
implementation of measures under this security policy raises important questions in
relation to its funding. The funding of extra security measures should not generate
distortions of competition. By 30 June 2006, the Commission should submit to the
European Parliament and the Council the findings of a study on the costs involved in
measures taken under this Directive, addressing in particular the way financing is
shared between the public authorities, port authorities and operators.
(14) This Directive respects the fundamental
rights and observes the principles recognised in particular by the Charter of
Fundamental Rights of the European Union.
The measures necessary for the implementation of this Directive should be adopted in
accordance with Council Decision 1999/468/EC of 28 June 1999 laying down the procedures
for the exercise of implementing powers conferred on the Commission .
(16) A procedure should be defined for the
adaptation of this Directive to take account of developments in international
instruments and, in the light of experience, to adapt or complement the detailed
provisions of the Annexes to this Directive, without broadening the scope of this
(17) Since the objectives of this
Directive, namely the balanced introduction of appropriate measures in the field of
maritime transport and port policy, cannot be sufficiently achieved by the Member States
and can therefore, by reason of the European scale of this Directive, be better achieved
at Community level, the Community may adopt measures in accordance with the principle of
subsidiarity as set out in Article 5 of the Treaty. In accordance with the principle of
proportionality, as set out in that Article, this Directive does not go beyond what is
necessary in order to achieve those objectives.
(18) Since this Directive concerns seaports,
the obligations herein contained should not be applicable to Austria, the Czech
Republic, Hungary, Luxembourg or Slovakia,
 OJ C 120, 20.5.2005, p. 28.
 OJ C 43,
18.2.2005, p. 26.
 Opinion of the European Parliament of 10
May 2005 (not yet published in the Official Journal) and Council Decision of 6 October
 OJ L 129, 29.4.2004, p. 6.
OJ L 184, 17.7.1999, p. 23.
01 Article Subject matter
1. The main objective of this Directive is to
introduce Community measures to enhance port security in the face of threats of security
incidents. This Directive shall also ensure that security measures taken pursuant to
Regulation (EC) No 725/2004 benefit from enhanced port security.
2. The measures referred to in paragraph 1
shall consist of:
(a) common basic rules on
port security measures;
(b) an implementation
mechanism for these rules;
compliance monitoring mechanisms.
02 Article Scope
1. This Directive lays down security measures
which shall be observed in ports. Member States may apply the provisions of this
Directive to port-related areas.
measures laid down in this Directive shall apply to every port located in the territory
of a Member State in which one or more port facilities covered by an approved port
facility security plan pursuant to Regulation (EC) No 725/2004 is or are situated. This
Directive shall not apply to military installations in ports.
3. Member States shall define for each port
the boundaries of the port for the purposes of this Directive, appropriately taking into
account information resulting from the port security assessment.
4. Where the boundaries of a port facility
within the meaning of Regulation (EC) No 725/2004 have been defined by a Member State as
effectively covering the port, the relevant provisions of Regulation (EC) No 725/2004
shall take precedence over those of this Directive.
03 Article Definitions
For the purpose of this Directive:
1. "port" means any specified area of land
and water, with boundaries defined by the Member State in which the port is situated,
containing works and equipment designed to facilitate commercial maritime transport
2. "ship/port interface" means the
interactions that occur when a ship is directly and immediately affected by actions
involving the movement of persons or goods or the provision of port services to or from
3. "port facility" means a location
where the ship/port interface takes place; this includes areas such as anchorages,
waiting berths and approaches from seaward, as appropriate;
4. "focal point for port security" means the
body designated by each Member State to serve as contact point for the Commission and
other Member States and to facilitate, follow up and provide information on the
application of the port security measures laid down in this Directive;
5. "port security authority" means the
authority responsible for security matters in a given port.
04 Article Coordination with measures taken in application of Regulation (EC) No
Member States shall ensure that port security measures introduced by
this Directive are closely coordinated with measures taken pursuant to Regulation (EC)
05 Article Port security authority
1. Member States shall designate a port security
authority for each port covered by this Directive. A port security authority may be
designated for more than one port.
2. The port
security authority shall be responsible for the preparation and implementation of port
security plans based on the findings of port security assessments.
3. Member States may designate a "competent
authority for maritime security" provided for under Regulation (EC) No 725/2004 as port
06 Article Port security assessment
1. Member States shall ensure that port security
assessments are carried out for the ports covered by this Directive. These assessments
shall take due account of the specificities of different sections of a port and, where
deemed applicable by the relevant authority of the Member State, of its adjacent areas
if these have an impact on security in the port and shall take into account the
assessments for port facilities within their boundaries as carried out pursuant to
Regulation (EC) No 725/2004.
2. Each port security
assessment shall be carried out taking into account as a minimum the detailed
requirements laid down in Annex I.
security assessments may be carried out by a recognised security organisation as
referred to in Article 11.
4. Port security
assessments shall be approved by the Member State concerned.
07 Article Port security plan
1. Subject to the findings of port security
assessments, Member States shall ensure that port security plans are developed,
maintained and updated. Port security plans shall adequately address the specificities
of different sections of a port and shall integrate the security plans for port
facilities within their boundaries established pursuant to Regulation (EC) No 725/2004.
2. Port security plans shall identify, for
each of the different security levels referred to in Article 8:
(a) the procedures to be followed;
(b) the measures to be put in place;
(c) the actions to be undertaken.
3. Each port security plan shall take into
account as a minimum the detailed requirements specified in Annex II. Where, and to the
extent appropriate, the port security plan shall in particular include security measures
to be applied to passengers and vehicles set for embarkation on seagoing vessels which
carry passengers and vehicles. In the case of international maritime transport services,
the Member States concerned shall cooperate in the security assessment.
4. Port security plans may be developed by a
recognised security organisation as referred to in Article 11.
5. Port security plans shall be approved by
the Member State concerned before implementation.
6. Member States shall ensure that the
implementation of port security plans is monitored. The monitoring shall be coordinated
with other control activities carried out in the port.
7. Member States shall ensure that adequate
exercises are performed, taking into account the basic security training exercise
requirements listed in Annex III.
08 Article Security levels
1. Member States shall introduce a system of
security levels for ports or parts of ports.
There shall be three security levels, as defined in Regulation (EC) No 725/2004:
- "Security level 1" means the level for which minimum appropriate
protective security measures shall be maintained at all times;
"Security level 2" means the level for which appropriate additional protective security
measures shall be maintained for a period of time as a result of a heightened risk of a
- "Security level 3" means the level for which
further specific protective security measures shall be maintained for a limited period
of time when a security incident is probable or imminent, although it may not be
possible to identify the specific target.
Member States shall determine the security levels in use for each port or part of a
port. At each security level, a Member State may determine that different security
measures are to be implemented in different parts of the port depending on the findings
of the port security assessment.
States shall communicate to the appropriate person or persons the security level in
force for each port or part of a port as well as any changes thereto.
09 Article Port security officer
1. A port security officer shall be approved by
the Member State concerned for each port. Each port shall, where practicable, have a
different port security officer, but may, if appropriate, share a security officer.
2. Port security officers shall fulfil the
role of point of contact for port security related issues.
3. Where the port security officer is not the
same as the port facility(ies) security officer(s) under Regulation (EC) No 725/2004,
close cooperation between them shall be ensured.
10 Article Reviews
1. Member States shall ensure that port security
assessments and port security plans are reviewed as appropriate. They shall be reviewed
at least once every five years.
2. The scope of
the review shall be that of Articles 6 or 7, as appropriate.
11 Article Recognised security organisation
Member States may appoint recognised security organisations for the
purposes specified in this Directive. Recognised security organisations shall fulfil the
conditions set out in Annex IV.
12 Article Focal point for port security
Member States shall appoint for port security aspects a focal point.
Member States may designate for port security aspects the focal point appointed under
Regulation (EC) No 725/2004. The focal point for port security shall communicate to the
Commission the list of ports concerned by this Directive and shall inform it of any
changes to that list.
13 Article Implementation and conformity checking
1. Member States shall set up a system ensuring
adequate and regular supervision of the port security plans and their implementation.
2. The Commission shall, in cooperation with
the focal points referred to in Article 12, monitor the implementation of this Directive
by Member States.
3. This monitoring shall be
conducted jointly with the inspections provided for in Article 9(4) of Regulation (EC)
14 Article Adaptations
Annexes I to IV may be amended in accordance with the procedure
referred to in Article 15(2), without broadening the scope of this
15 Article Committee procedure
1. The Commission shall be assisted by the
committee set up by Regulation (EC) No 725/2004.
2. Where reference is made to this paragraph,
Articles 5 and 7 of Decision 1999/468/EC shall apply, having regard to the provisions of
Article 8 thereof.
The period laid down in Article 5(6) of
Decision 1999/468/EC shall be set at one month.
The Committee shall adopt its Rules of Procedure.
16 Article Confidentiality and dissemination of information
1. In applying this Directive, the Commission
shall take, in accordance with Decision 2001/844/EC, ECSC, Euratom , appropriate
measures to protect information subject to the requirement of confidentiality to which
it has access or which is communicated to it by Member States.
Member States shall take equivalent measures in accordance with
relevant national legislation.
2. Any personnel
carrying out security inspections, or handling confidential information related to this
Directive, shall have an appropriate level of security vetting by the Member State of
which the person concerned is a national.
 OJ L 317, 3.12.2001, p. 1. Decision as last amended by Decision
2005/94/EC, Euratom (OJ L 31, 4.2.2005, p. 66).
17 Article Penalties
Member States shall ensure that effective, proportionate and
dissuasive penalties are introduced for infringements of the national provisions adopted
pursuant to this Directive.
18 Article Implementation
1. Member States shall bring into force the laws,
regulations and administrative provisions necessary to comply with this Directive by 15
June 2007. They shall forthwith inform the Commission thereof.
When Member States adopt these measures, they shall contain a
reference to this Directive or shall be accompanied by such reference on the occasion of
their official publication. The methods of making such reference shall be laid down by
2. Member States shall
communicate to the Commission the text of the main provisions of national law which they
adopt in the field covered by this Directive.
19 Article Evaluation report
By 15 December 2008 and every five years thereafter, the Commission
shall submit an evaluation report to the European Parliament and the Council based,
among other things, on the information obtained pursuant to Article 13. In the report,
the Commission shall analyse compliance with this Directive by Member States and the
effectiveness of the measures taken. If necessary, it shall present proposals for
20 Article Entry into force
This Directive shall enter into force on the 20th day following its
publication in the Official Journal of the European Union.
21 Article Addressees
This Directive is addressed to the Member States which have ports as
referred to in Article 2(2).
Done at Strasbourg, 26
For the European Parliament
J. Borrell Fontelles
For the Council
Annex I Port security assessment
The port security assessment is the basis for the port security plan
and its implementation. The port security assessment will cover at least:
- identification and evaluation of important assets and
infrastructure which it is important to protect;
of possible threats to the assets and infrastructure and the likelihood of their
occurrence, in order to establish and prioritise security measures;
- identification, selection and prioritisation of counter-measures
and procedural changes and their level of effectiveness in reducing vulnerability; and
- identification of weaknesses, including human factors in the
infrastructure, policies and procedures.
For this purpose the
assessment will at least:
- identify all areas which are relevant
to port security, thus also defining the port boundaries. This includes port facilities
which are already covered by Regulation (EC) No 725/2004 and whose risk assessment will
serve as a basis;
- identify security issues deriving from the
interface between port facility and other port security measures;
- identify which port personnel will be subject to background
checks and/or security vetting because of their involvement in high-risk areas;
- subdivide, if useful, the port according to the likelihood of
security incidents. Areas will be judged not only upon their direct profile as a
potential target, but also upon their potential role of passage when neighbouring areas
- identify risk variations, e.g. those based on
- identify the specific characteristics of each
sub-area, such as location, accesses, power supply, communication system, ownership and
users and other elements considered security-relevant;
potential threat scenarios for the port. The entire port or specific parts of its
infrastructure, cargo, baggage, people or transport equipment within the port can be a
direct target of an identified threat;
- identify the specific
consequences of a threat scenario. Consequences can impact on one or more sub-areas.
Both direct and indirect consequences will be identified. Special attention will be
given to the risk of human casualties;
- identify the possibility
of cluster effects of security incidents;
- identify the
vulnerabilities of each sub-area;
- identify all organisational
aspects relevant to overall port security, including the division of all
security-related authorities, existing rules and procedures;
identify vulnerabilities of the overarching port security related to organisational,
legislative and procedural aspects;
- identify measures,
procedures and actions aimed at reducing critical vulnerabilities. Specific attention
will be paid to the need for, and the means of, access control or restrictions to the
entire port or to specific parts of a port, including identification of passengers, port
employees or other workers, visitors and ship crews, area or activity monitoring
requirements, cargo and luggage control. Measures, procedures and actions will be
consistent with the perceived risk, which may vary between port areas;
- identify how measures, procedures and actions will be reinforced
in the event of an increase of security level;
- identify specific
requirements for dealing with established security concerns, such as "suspect" cargo,
luggage, bunker, provisions or persons, unknown parcels, known dangers (e.g. bomb).
These requirements will analyse desirability conditions for either clearing the risk
where it is encountered or after moving it to a secure area;
identify measures, procedures and actions aimed at limiting and mitigating consequences;
- identify task divisions allowing for the appropriate and correct
implementation of the measures, procedures and actions identified;
- pay specific attention, where appropriate, to the relationship
with other security plans (e.g. port facility security plans) and other existing
security measures. Attention will also be paid to the relationship with other response
plans (e.g. oil spill response plan, port contingency plan, medical intervention plan,
nuclear disaster plan, etc.);
- identify communication
requirements for implementation of the measures and procedures;
pay specific attention to measures to protect security-sensitive information from
- identify the need-to-know requirements of all those
directly involved as well as, where appropriate, the general public.
Annex II Port security plan
The port security plan sets out the port's security arrangements. It
will be based on the findings of the port security assessment. It will clearly set out
detailed measures. It will contain a control mechanism allowing, where necessary, for
appropriate corrective measures to be taken.
The port security
plan will be based on the following general aspects:
all areas relevant to port security. Depending on the port security assessment,
measures, procedures and actions may vary from sub-area to sub-area. Indeed, some
sub-areas may require stronger preventive measures than others. Special attention will
be paid to the interfaces between sub-areas, as identified in the port security
- ensuring coordination between security measures for
areas with different security characteristics;
- providing, where
necessary, for varying measures both with regard to different parts of the port,
changing security levels, and specific intelligence;
an organisational structure supporting the enhancement of port security.
Based on those general aspects, the port security plan will
attribute tasks and specify work plans in the following fields:
access requirements. For some areas, requirements will only enter into force when
security levels exceed minimal thresholds. All requirements and thresholds will be
comprehensively included in the port security plan;
- ID, luggage
and cargo control requirements. Requirements may or may not apply to sub-areas;
requirements may or may not apply in full to different sub-areas. Persons entering or
within a sub-area may be liable to control. The port security plan will appropriately
respond to the findings of the port security assessment, which is the tool by which the
security requirements of each sub-area and at each security level will be identified.
When dedicated identification cards are developed for port security purposes, clear
procedures will be established for the issue, the use-control and the return of such
documents. Such procedures will take into account the specificities of certain groups of
port users allowing for dedicated measures in order to limit the negative impact of
access control requirements. Categories will at least include seafarers, authority
officials, people regularly working in or visiting the port, residents living in the
port and people occasionally working in or visiting the port;
liaison with cargo control, baggage and passenger control authorities. Where necessary,
the plan is to provide for the linking up of the information and clearance systems of
these authorities, including possible pre-arrival clearance systems;
- procedures and measures for dealing with suspect cargo, luggage,
bunker, provisions or persons, including identification of a secure area; as well as for
other security concerns and breaches of port security;
monitoring requirements for sub-areas or activities within sub-areas. Both the need for
technical solutions and the solutions themselves will be derived from the port security
- signposting. Areas with access and/or control
requirements will be properly signposted. Control and access requirements will
appropriately take into account all relevant existing law and practices. Monitoring of
activities will be appropriately indicated if national legislation so requires;
- communication and security clearance. All relevant security
information will be properly communicated according to security clearance standards
included in the plan. In view of the sensitivity of some information, communication will
be based on a need-to-know basis, but it will include where necessary procedures for
communications addressed to the general public. Security clearance standards will form
part of the plan and are aimed at protecting security sensitive information against
- reporting of security incidents. With a
view to ensuring a rapid response, the port security plan will set out clear reporting
requirements to the port security officer of all security incidents and/or to the port
- integration with other preventive plans or
activities. The plan will specifically deal with integration with other preventive and
control activities in force in the port;
- integration with other
response plans and/or inclusion of specific response measures, procedures and actions.
The plan will detail interaction and coordination with other response and emergency
plans. Where necessary conflicts and shortcomings will be resolved;
- training and exercise requirements;
operational port security organisation and working procedures. The port security plan
will detail the port security organisation, its task division and working procedures. It
will also detail the coordination with port facility and ship security officers, where
appropriate. It will delineate the tasks of the port security committee, if this exists;
- procedures for adapting and updating the port security
Annex III Basic security training exercise requirements
Various types of training exercises which may involve participation
of port facility security officers, in conjunction with the relevant authorities of
Member States, company security officers, or ship security officers, if available, will
be carried out at least once each calendar year with no more than 18 months elapsing
between the training exercises. Requests for the participation of company security
officers or ships security officers in joint training exercises will be made bearing in
mind the security and work implications for the ship. These training exercises will test
communication, coordination, resource availability and response. These training
exercises may be:
(1) full scale or live;
(2) tabletop simulation or seminar; or
(3) combined with other exercises held such
as emergency response or other port State authority exercises.
Annex IV Conditions to be fulfilled by a recognised security organisation
A recognised security organisation will be able to demonstrate:
(1) expertise in relevant aspects of port
(2) an appropriate knowledge of port
operations, including knowledge of port design and construction;
(3) an appropriate knowledge of other
security relevant operations potentially affecting port security;
(4) the capability to assess the likely port
(5) the ability to maintain and
improve the port security expertise of its personnel;
(6) the ability to monitor the continuing
trustworthiness of its personnel;
ability to maintain appropriate measures to avoid unauthorised disclosure of, or access
to, security-sensitive material;
of relevant national and international legislation and security requirements;
(9) knowledge of current security threats and
(10) the ability to recognise and
detect weapons, dangerous substances and devices;
(11) the ability to recognise, on a
non-discriminatory basis, characteristics and behavioural patterns of persons who are
likely to threaten port security;
knowledge of techniques used to circumvent security measures;
(13) knowledge of security and surveillance
equipment and systems and their operational limitations.
recognised security organisation which has made a port security assessment or review of
such an assessment for a port is not allowed to establish or review the port security
plan for the same port.