Article 89 Security rules on the protection of classified and sensitive non-classified information

Summary What does Article 89 of the Anti-money laundering authority regulation (AMLAR) say?

This article establishes the security framework that AMLA must put in place for handling classified and sensitive information.

It requires the Authority to mirror the Commission's own security standards, covering how such information is exchanged, processed, and stored.

It also sets a clear approval gate: the Executive Board adopts the security rules, but only after the Commission has approved them.

The article connects closely to Article 88, which deals with professional secrecy obligations, together forming the broader confidentiality and information security regime governing the Authority.

Important points:

The Authority is required to adopt security rules equivalent to the Commission's own rules for protecting both EU Classified Information and sensitive non-classified information.
The Authority's security rules must be adopted by the Executive Board following approval by the Commission.
Any administrative arrangement or ad hoc release of EU Classified Information to third-country authorities is subject to the Commission's prior approval.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

1. The Authority shall adopt its own security rules equivalent to the Commission’s security rules for protecting European Union Classified Information (EUCI) and sensitive non-classified information, as set out in Commission Decision (EU, Euratom) 2015/443(⁴⁵) and Decision (EU, Euratom) 2015/444. The security rules of the Authority shall cover, inter alia, provisions for the exchange, processing and storage of such information. The Executive Board shall adopt the Authority’s security rules following approval by the Commission.
1. Any administrative arrangement on the exchange of classified information with the relevant authorities of a third country or, in the absence of such arrangement, any exceptional ad hoc release of EUCI to those authorities, shall be subject to the Commission’s prior approval.

Table of contents

Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.