Article 89 Règles de sécurité en matière de protection des informations classifiées et des informations sensibles non classifiées

Summary What does Article 89 of the Anti-money laundering authority regulation (AMLAR) say?

This article establishes the security framework that AMLA must put in place for handling classified and sensitive information.

It requires the Authority to mirror the Commission's own security standards, covering how such information is exchanged, processed, and stored.

It also sets a clear approval gate: the Executive Board adopts the security rules, but only after the Commission has approved them.

The article connects closely to Article 88, which deals with professional secrecy obligations, together forming the broader confidentiality and information security regime governing the Authority.

Important points:

The Authority is required to adopt security rules equivalent to the Commission's own rules for protecting both EU Classified Information and sensitive non-classified information.
The Authority's security rules must be adopted by the Executive Board following approval by the Commission.
Any administrative arrangement or ad hoc release of EU Classified Information to third-country authorities is subject to the Commission's prior approval.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

1. L’Autorité adopte ses propres règles de sécurité, équivalentes à celles de la Commission concernant la protection des informations classifiées de l’Union européenne (ICUE) et des informations sensibles non classifiées, énoncées dans la décision (UE, Euratom) 2015/443 de la Commission(⁴⁵) et la décision (UE, Euratom) 2015/444. Les règles de sécurité de l’Autorité contiennent notamment des dispositions relatives à l’échange, au traitement et au stockage de telles informations. Le conseil exécutif adopte les règles de sécurité de l’Autorité après approbation de la Commission.
1. Tout arrangement administratif relatif à l’échange d’informations classifiées avec les autorités compétentes d’un pays tiers ou, en l’absence d’un tel arrangement, toute communication ad hoc exceptionnelle d’ICUE à ces autorités est subordonné à l’approbation préalable de la Commission.

Table of contents

Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.