Index 
 Previous 
 Next 
 Full text 
Procedure : 2019/2080(DEC)
Document stages in plenary
Document selected : A9-0039/2020

Texts tabled :

A9-0039/2020

Debates :

Votes :

Texts adopted :

P9_TA(2020)0091

Texts adopted
PDF 149kWORD 53k
Thursday, 14 May 2020 - Brussels Final edition
Discharge 2018: European Union Agency for Network and Information Security (ENISA)
P9_TA(2020)0091A9-0039/2020
Decision
 Decision
 Resolution

1. European Parliament decision of 13 May 2020 on discharge in respect of the implementation of the budget of the European Union Agency for Network and Information Security (ENISA) (now ENISA (the European Union Agency for Cybersecurity)) for the financial year 2018 (2019/2080(DEC))

The European Parliament,

–  having regard to the final annual accounts of the European Union Agency for Network and Information Security (ENISA) for the financial year 2018,

–  having regard to the Court of Auditors’ annual report on EU agencies for the financial year 2018, together with the Agency’s reply(1),

–  having regard to the statement of assurance(2) as to the reliability of the accounts and the legality and regularity of the underlying transactions provided by the Court of Auditors for the financial year 2018, pursuant to Article 287 of the Treaty on the Functioning of the European Union,

–  having regard to the Council’s recommendation of 18 February 2020 on discharge to be given to the Agency in respect of the implementation of the budget for the financial year 2018 (05761/2020 – C9‑0047/2020),

–  having regard to Article 319 of the Treaty on the Functioning of the European Union,

–  having regard to Regulation (EU, Euratom) No 966/2012 of the European Parliament and of the Council of 25 October 2012 on the financial rules applicable to the general budget of the Union and repealing Council Regulation (EC, Euratom) No 1605/2002(3), and in particular Article 208 thereof,

–  having regard to Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union, amending Regulations (EU) No 1296/2013, (EU) No 1301/2013, (EU) No 1303/2013, (EU) No 1304/2013, (EU) No 1309/2013, (EU) No 1316/2013, (EU) No 223/2014, (EU) No 283/2014, and Decision No 541/2014/EU and repealing Regulation (EU, Euratom) No 966/2012(4), and in particular Article 70 thereof,

–  having regard to Regulation (EU) No 526/2013 of the European Parliament and of the Council of 21 May 2013 concerning the European Union Agency for Network and Information Security (ENISA) and repealing Regulation (EC) No 460/2004(5), and in particular Article 21 thereof,

–  having regard to Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (6) and in particular Article 31 thereof,

–  having regard to Commission Delegated Regulation (EU) No 1271/2013 of 30 September 2013 on the framework financial regulation for the bodies referred to in Article 208 of Regulation (EU, Euratom) No 966/2012 of the European Parliament and of the Council(7), and in particular Article 108 thereof,

–  having regard to Commission Delegated Regulation (EU) 2019/715 of 18 December 2018 on the framework financial regulation for the bodies set up under the TFEU and Euratom Treaty and referred to in Article 70 of Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council(8), and in particular Article 105 thereof,

–  having regard to Rule 100 of and Annex V to its Rules of Procedure,

–  having regard to the report of the Committee on Budgetary Control (A9-0039/2020),

1.  Grants the Executive Director of ENISA (the European Union Agency for Cybersecurity) discharge in respect of the implementation of the Agency’s budget for the financial year 2018;

2.  Sets out its observations in the resolution below;

3.  Instructs its President to forward this decision, and the resolution forming an integral part of it, to the Executive Director of ENISA (the European Union Agency for Cybersecurity), the Council, the Commission and the Court of Auditors, and to arrange for their publication in the Official Journal of the European Union (L series).

(1) OJ C 417, 11.12.2019, p. 1.
(2) OJ C 417, 11.12.2019, p. 34.
(3) OJ L 298, 26.10.2012, p. 1.
(4) OJ L 193, 30.7.2018, p. 1.
(5) OJ L 165, 18.6.2013, p. 41.
(6) OJ L 151, 7.6.2019, p. 15.
(7) OJ L 328, 7.12.2013, p. 42.
(8) OJ L 122, 10.5.2019, p. 1.


2. European Parliament decision of 13 May 2020 on the closure of the accounts of the European Union Agency for Network and Information Security (ENISA) (now ENISA (the European Union Agency for Cybersecurity)) for the financial year 2018 (2019/2080(DEC))

The European Parliament,

–  having regard to the final annual accounts of the European Union Agency for Network and Information Security (ENISA) for the financial year 2018,

–  having regard to the Court of Auditors’ annual report on EU agencies for the financial year 2018, together with the Agency’s reply(1),

–  having regard to the statement of assurance(2) as to the reliability of the accounts and the legality and regularity of the underlying transactions provided by the Court of Auditors for the financial year 2018, pursuant to Article 287 of the Treaty on the Functioning of the European Union,

–  having regard to the Council’s recommendation of 18 February 2020 on discharge to be given to the Agency in respect of the implementation of the budget for the financial year 2018 (05761/2020 – C9‑0047/2020),

–  having regard to Article 319 of the Treaty on the Functioning of the European Union,

–  having regard to Regulation (EU, Euratom) No 966/2012 of the European Parliament and of the Council of 25 October 2012 on the financial rules applicable to the general budget of the Union and repealing Council Regulation (EC, Euratom) No 1605/2002(3), and in particular Article 208 thereof,

–  having regard to Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union, amending Regulations (EU) No 1296/2013, (EU) No 1301/2013, (EU) No 1303/2013, (EU) No 1304/2013, (EU) No 1309/2013, (EU) No 1316/2013, (EU) No 223/2014, (EU) No 283/2014, and Decision No 541/2014/EU and repealing Regulation (EU, Euratom) No 966/2012(4), and in particular Article 70 thereof,

–  having regard to Regulation (EU) No 526/2013 of the European Parliament and of the Council of 21 May 2013 concerning the European Union Agency for Network and Information Security (ENISA) and repealing Regulation (EC) No 460/2004(5), and in particular Article 21 thereof,

–  having regard to Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (6) and in particular Article 31 thereof,

–  having regard to Commission Delegated Regulation (EU) No 1271/2013 of 30 September 2013 on the framework financial regulation for the bodies referred to in Article 208 of Regulation (EU, Euratom) No 966/2012 of the European Parliament and of the Council(7), and in particular Article 108 thereof,

–  having regard to Commission Delegated Regulation (EU) 2019/715 of 18 December 2018 on the framework financial regulation for the bodies set up under the TFEU and Euratom Treaty and referred to in Article 70 of Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council(8), and in particular Article 105 thereof,

–  having regard to Rule 100 of and Annex V to its Rules of Procedure,

–  having regard to the report of the Committee on Budgetary Control (A9-0039/2020),

1.  Approves the closure of the accounts of the European Union Agency for Network and Information Security (ENISA) for the financial year 2018;

2.  Instructs its President to forward this decision to the Executive Director of ENISA (the European Union Agency for Cybersecurity), the Council, the Commission and the Court of Auditors, and to arrange for its publication in the Official Journal of the European Union (L series).

(1) OJ C 417, 11.12.2019, p. 1.
(2) OJ C 417, 11.12.2019, p. 34.
(3) OJ L 298, 26.10.2012, p. 1.
(4) OJ L 193, 30.7.2018, p. 1.
(5) OJ L 165, 18.6.2013, p. 41.
(6) OJ L 151, 7.6.2019, p. 15.
(7) OJ L 328, 7.12.2013, p. 42.
(8) OJ L 122, 10.5.2019, p. 1.


3. European Parliament resolution of 14 May 2020 with observations forming an integral part of the decision on discharge in respect of the implementation of the budget of the European Union Agency for Network and Information Security (ENISA) (now ENISA (the European Union Agency for Cybersecurity)) for the financial year 2018 (2019/2080(DEC))

The European Parliament,

–  having regard to its decision on discharge in respect of the implementation of the budget of the European Union Agency for Network and Information Security (ENISA) for the financial year 2018,

–  having regard to Rule 100 of and Annex V to its Rules of Procedure,

–  having regard to the report of the Committee on Budgetary Control (A9-0039/2020),

A.  whereas, according to its statement of revenue and expenditure(1), the final budget of the European Union Agency for Network and Information Security (the ‘Agency’) for the financial year 2018 was EUR 11 473 788, representing an increase of 2,67 % compared to 2017; whereas the budget of the Agency derives mainly from the Union budget(2);

B.  whereas the Court of Auditors (the ‘Court’), in its report on the Agency’s annual accounts for the financial year 2018 (the ‘Court's report’), states that it has obtained reasonable assurances that the Agency’s annual accounts are reliable and that the underlying transactions are legal and regular;

Budget and financial management

1.  Notes with satisfaction that the budget monitoring efforts during the financial year 2018 resulted in a budget implementation rate of 99,98 %, representing a decrease of 0,01 % compared to 2017; notes furthermore that the payment appropriations execution rate was 88,56 %, representing a slight increase of 0,37 % compared to 2017;

Performance

2.  Notes that the Agency uses certain key performance indicators (KPIs) to measure the added value provided by its activities and to enhance its budget management, focusing more on qualitative indicators for the assessment of the achievement of its operational goals and more on quantitative indicators for its administrative goals; notes that, in order to better meet its stakeholders’ expectations, the Agency is enhancing its reporting package by tailoring its qualitative and quantitative KPIs to measure its activity impact more efficiently;

3.  Calls on the Agency to step up its action to tackle the security vulnerabilities of 5G and to disseminate information on the subject as widely as possible in order to ensure that the existing technical solutions are adopted by the industry;

4.  Regrets that, following the study on the external evaluation of the Agency’s performance over the 2013 to 2016 period carried out on behalf of the Commission in 2017, no action plan has been formalised; nevertheless, notes that relevant recommendations have been implemented and that an internal audit carried out by the Commission’s internal audit service made overlapping recommendations for which a formal remedial action plan has been agreed upon;

5.  Encourages the Agency to pursue the digitalisation of its services;

6.  Calls on the Commission to conduct a Feasibility Study in order to assess the possibility of setting up shared synergies with the Cedefop which has its headquarters in Thessaloniki; calls on the Commission to evaluate both scenarios, namely the transfer of the Agency to the Cedefop headquarters in Thessaloniki, and the transfer of the Agency's headquarters to its Heraklion headquarters; notes that the transfer of the Agency to the Cedefop headquarters would entail the sharing of corporate and support services and the management of the common premises, as well as shared ICT, telecommunications and internet-based infrastructures, saving very significant amounts of money which would be used for the further funding of both agencies;

Staff policy

7.  Notes with concern that, on 31 December 2018, the establishment plan was executed only to 93,62 %, with 44 temporary agents appointed out of 47 temporary agents authorised under the Union budget (compared with 48 authorised posts in 2017); notes that, in addition, 27 contract agents and three seconded national experts worked for the Agency in 2018;

8.  Notes that in 2015, the Agency planned to relocate staff engaged in its administration to Athens while Regulation (EU) No 526/2013(3) provides that such members of staff should be based in Heraklion, and that it is likely that costs could be further reduced if all members of staff were centralised in one location; notes that only seven members of staff are currently working at the Heraklion premises; notes that the Agency will further study the relevance of the facilities in line with the current seat agreement and the programmes developed in those facilities;

9.  Notes with concern that the Agency finds it difficult to recruit, attract and hold suitably qualified staff, mainly due to the types of post that are advertised, namely contract agent posts, and to the low correction coefficients applied to the salaries of the Agency’s members of staff in Greece; notes with satisfaction, however, that the Agency has implemented a number of social measures in order to increase its attractiveness;

10.  Notes that the Agency does not have the necessary appropriations to advertise all vacant posts in all EU languages as required by EPSO; notes, however, that the Agency, like other Union decentralised agencies, publishes vacancy notices on several websites, in publications across the Union and on the EU Agencies Network website;

11.  Notes that the handover process to new members of staff is currently being reviewed in order to better transfer knowledge to new staff in the future and that this process is considered to be included in the sensitive posts policy; invites the Agency to inform the discharge authority when that review has been concluded;

12.  Notes with concern the lack of gender balance in 2018 among senior managers (8 men and 2 women) and among the members of the management board (25 men and 5 women);

Prevention and management of conflicts of interests and transparency

13.  Notes the Agency’s existing measures on and ongoing efforts to secure transparency and the prevention and management of conflicts of interests and notes that the CVs of the members of the management board and their declaration of conflicts of interests have now been published on the Agency’s website; recalls that the Agency does not publish the senior management members’ declarations of conflicts of interests on its website; reiterates its calls on the Agency to publish the CVs of all the members of the management board and the declarations of conflicts of interests of its senior management and to report to the discharge authority on the measures taken in that regard;

Internal controls

14.  Notes with concern that the Court’s report finds that the Agency does not have a sensitive post policy for the purpose of identifying sensitive functions, keeping them up to date and establishing appropriate measures to mitigate the risks of vested interests; calls on the Agency to adopt and implement such a policy without delay;

15.  Notes that in 2018, the Commission’s internal audit service issued an audit report on “Stakeholders’ involvement in the Production of Deliverables in ENISA” for which the Agency is preparing an action plan to address any potential areas of improvement;

Other comments

16.  Notes that the impact of the United Kingdom’s decision to withdraw from the Union on the Agency’s operations and administration is very limited; notes, however, that the Agency has reviewed its internal processes to mitigate any risks linked to the United Kingdom’s withdrawal from the Union, and that none of those risks are considered to be critical but that they are, rather, considered to be very low;

17.  Regrets the fact that the Agency has not yet formalised a strategy to ensure an environmentally friendly work place; calls on the Agency to do so as a matter of urgency;

18.  Calls on the Agency to focus on disseminating the results of its research to the public, and to reach out to the public via social media and other media outlets;

o
o   o

19.  Refers, for other observations of a cross-cutting nature accompanying its decision on discharge, to its resolution of 14 May 2020(4) on the performance, financial management and control of the agencies.

(1) OJ C 120, 29.3.2019, p. 205.
(2) OJ C 120, 29.3.2019, p. 206.
(3) Regulation (EU) No 526/2013 of the European Parliament and of the Council of 21 May 2013 concerning the European Union Agency for Network and Information Security (ENISA) and repealing Regulation (EC) No 460/2004 (OJ L 165, 18.6.2013, p. 41).
(4) Texts adopted, P9_TA(2020)0121.

Last updated: 19 October 2020Legal notice - Privacy policy