Report on the European Ombudsman's meeting with the European External Action Service in case 935/2018/EA concerning the handling of requests for access to EUNAVFOR MED Operation Sophia’s documents
Inspection Report - Date Wednesday | 28 November 2018
Case 935/2018/FP - Opened on Sunday | 22 July 2018 - Decision on Monday | 22 July 2019 - Institution concerned European External Action Service (No maladministration found )
Case title: Handling of requests for access to EUNAVFOR MED Operation Sophia’s documents
Date: Tuesday, 02 October 2018
Physical location: European External Action Service, Brussels
The European Ombudsman represented by:
Mr Fergal O’Regan Anthony, Head of Inquiries Unit 2
Ms Elpida Apostolidou, Strategic Inquiries Unit
Mr Maximillian Kemp, Trainee, Strategic Inquiries Unit
The European External Action Service represented by:
1. Purpose of the meeting, introduction, and procedural information
The Ombudsman’s inquiry team introduced themselves and presented the purpose of the inquiry into complaint 935/2018/EA, which is to examine the handling of requests for access to EUNAVFOR MED Operation Sophia’s (‘Operation Sophia’) documents.
The Ombudsman opened the inquiry with a letter containing a set of questions and requesting that a meeting be organised between the European External Action Service (‘EEAS’) and her representatives in order to discuss the issues concerned. These questions concerned the legal status of Operation Sophia and how the EEAS and the Operation Sophia handle requests for access to documents relating to the latter. 
The Ombudsman’s inquiry team also explained the mandate as well as the inquiry powers of the Ombudsman. They added that the Ombudsman will determine her next step in this inquiry on the basis of the answers provided. The Ombudsman’s inquiry team also informed the EEAS representatives that the Ombudsman may send the meeting report for comments to the complainant and that she will publish it on her website, in order to allow anyone interested to read it.
2. Information exchanged
The discussion was held on the basis of the questions sent in the Ombudsman’s letter opening the inquiry.
1) The EEAS has said to the complainant that the Operation Sophia is a separate and independent entity, endowed by the Council with legal capacity. On what basis does the EEAS make this assertion?
The EEAS provided the following reply:
Pursuant to Articles 42 (4) and 43 (2) of the Treaty on the European Union (‘TEU’), the Council establishes three types of Common Security and Defence Policy (‘CSDP’) missions and operations:
i) civilian missions are placed at strategic level under the Civilian Operation Commander, and at operational level under a Head of Mission;
ii) military executive operations are placed at strategic level under an Operation Commander (located in a dedicated Operation Headquarters, Rome for Operation Sophia, Northwood for Operation Atalanta, SHAPE – in Mons – for Operation Althea), and at operational level under a Force Commander, located in the area of operation;
iii) military non-executive missions are placed at strategic level under the Mission Commander, and at operational level under a mission force commander.
Council decisions establishing civilian CSDP missions provide that such missions have the capacity to procure services and supplies, to enter into contracts and administrative arrangements, to employ staff, to hold bank accounts, to acquire and dispose of assets and to discharge their liabilities, and to be a party to legal proceedings, as required in order to implement such decisions.
Operation Sophia has been established by Council Decision (CFSP) 2015/778. Like the other military missions and operations, Operation Sophia has the legal capacity necessary to perform its tasks: e.g. by delegation of the ATHENA mechanism, the Operation Commander is authorising officer of the budget dedicated to the Operation, and implements the appropriation relating to operational common costs expenditures. The ATHENA Special Committee can authorise the OHQ of the Operation to enter into and award contracts for logistical and other services.
Established by specific Council decisions, the CSDP missions and operations constitute operational actions of the Union, separate and independent from the EEAS. Article 1 (4) of Decision 2010/427/EU of 26 July 2010 establishing the organisation and functioning of the EEAS, adopted by the Council on the basis of Article 27(3) TEU, provides that "[t]he EEAS shall be made up of central administration and of the Union Delegations to third countries and to international organisation". The CSDP missions and operations are separate from the EEAS. They are not part of it.
Indeed, according to Article 6 (1) of Council Decision (CFSP) 2015/778, it is under the responsibility of the Council and of the High Representative that the Political and Security Committee exercises political control and strategic direction of Operation Sophia, pursuant to Article 38, second subparagraph, TEU. The EEAS supports the High Representative for the fulfilment of this task. But this task is political in nature and does not concern the conduct, including the administration, of CSDP missions and operations.
However, the conduct of CSDP missions and operations is not under the direct authority of the High Representative. The chain of command for civilian missions and military missions and operations is in charge of coordinating all matters relating to their support, including their administration. The High Representative is not part of the chain of command for CSDP missions and operations. The commanders of civilian missions and military missions and operations are responsible for the conduct of those missions and operations. They report to the Council, which has established those missions and operations and laid down their respective mandates.
Pursuant to Article 27(3) TEU, the EEAS assists the High Representative, in particular for what concerns the planning of CSDP missions and operations, as well as for the guidance she provides to the Council for the implementation of Council decisions on such missions and operations.
Article 4 (3) (a), third indent, of the Council Decision establishing the EEAS therefore provides that the EEAS includes the Crisis Management and Planning Directorate (‘CMPD’), the Civilian Planning and Conduct Capability (‘CPCC’), the European Union Military Staff (‘EUMS’) and the European Union Situation Centre (‘SITCEN’, nowadays ‘INTCEN’), which assist the High Representative. In that context, since June 2017, a Military Planning and Conduct Capability (‘MPCC’) has been established within the EUMS, responsible at the strategic level for the operational planning and conduct of non-executive military missions.
Each time the Council decides to establish a civilian mission or a military non-executive mission, the Director of the CPCC and the Director of the MPCC are appointed as Civilian Operation Commander or Mission Commander for the military mission, respectively. This double-hatting does not modify the fact that the CSDP missions and operations constitute entities separate and independent from the EEAS. For executive military operations, the Operation Commander is a separate entity, appointed by the Council on a case by case basis.
2) In the EEAS’s view, is the Operation Sophia an EU body within the meaning of Article 15 of the Treaty on the Functioning of the European Union (‘TFEU’)?
The EEAS provided the following reply:
The primary law of the EU, when describing in an encompassing way the EU entities to which provisions in the Treaties apply, does not refer to “institutions, bodies, missions, offices and agencies”, but only to “institutions, bodies, offices and agencies”. This is the case in Article 15 TFEU on the right of access to documents, but also, for instance, in Article 16 TFEU on the protection of personal data, or in Article 298 (1) TFEU on an independent European administration.
It is also the case in Articles 127 (4), 130 and 282 (3) TFEU on the European Central Bank, Articles 263 (4) and 267 (b) TFEU on the jurisdiction of the Court of Justice of the European Union (‘CJEU’), Article 325 (1) TFEU on countering fraud and other illegal activities affecting the financial interests of the EU, several provisions in Protocol 4 on the statute of the European system of central banks and of the European Central Bank, Article 9 of Protocol 36 on transitional provisions, as well as Article 41, Article 51 (1) and Article 52 (5) of the Charter, addressing respectively the right to good administration, the field of application and the scope and interpretation of rights and principles.
With regard to Article 263 TFEU on the jurisdiction of the CJEU, it should be recalled that the order of the President of the General Court in case T-271/10 R (concerning the EU Police Mission in Bosnia- Herzegovina, (‘EUPM’)) states that “[t]he EUPM is a 'mission', in other words, a simple activity” and that "the EUPM cannot therefore be classified as a body, office or agency for the purposes of the first and fourth paragraphs of Article 263 TFEU [on the competence of the Court of Justice of the EU]”. This is also in line with the terminology used in Article 38 (2) and (3) TEU (role of the Political and Security Committee in relation to missions), which refers to "crisis management operations".
Equally important in the context of Article 263 TFEU is the judgment of the Court in case C-439/13 P (Elitaliana SpA v. Eulex Kosovo), in particular paragraphs 58 and 59 thereof:
“58. It is apparent from the foregoing considerations that the General Court was correct in finding that Eulex Kosovo could not be regarded as having legal personality, since Joint Action 2008/124 classified that entity as a Mission and since, in political and strategic matters, the Mission was under the authority and control of the Council and the HR while, in budgetary and financial matters, the Head of Mission exercised his powers under the supervision and authority of the Commission.
59. Accordingly, the General Court did not err in law in holding, at paragraph 26 of the order under appeal, that Eulex Kosovo did not have legal personality and that provision was not made for it to be a party to proceedings before the European Union Courts. The General Court correctly concluded on that basis that Eulex Kosovo was a Mission, of limited duration, which could not be a ‘body, office or agency' within the meaning of the first paragraph of Article 263 TFEU”.
Council decisions establishing civilian CSDP missions contain a provision to the effect that each mission has the capacity to procure services and supplies, enter into contracts and administrative arrangements, employ staff, hold bank accounts, acquire and dispose of assets, discharge its abilities and to be a party to legal proceedings, as required in order to implement the decision establishing the mission. Such provision does not provide the missions with legal personality (by contrast with the Council decisions establishing the three Union agencies in the CFSP area, i.e. the EDA, the SATCEN and the ISS), but only a limited functional legal capacity. For military missions and operations, such capacity is endowed on the Athena mechanism (Athena is a mechanism which handles the financing of common costs relating to EU military operations under the EU's common security and defence policy (CSDP)). Endowing missions with a functional legal capacity does not have the effect of transforming them into bodies, offices or agencies in the meaning of EU law.
Likewise, the secondary law of the EU with regard to the processing of personal data, including Regulation 45/2001, has consistently made a distinction between Union institutions, bodies, offices and agencies, on the one hand, and EU CSDP missions and operations, on the other hand. The successor regulation of Regulation 45/2001, which is to be adopted shortly by the Council and the Parliament, will apply to all EU institutions, bodies, offices and agencies. It will not apply to the processing of personal data by the CSDP missions and operations.
Only in the very specific context of EUROPOL Regulation has the EU legislator decided, for operational reasons, to refer to EU "institutions, bodies, missions, offices and agencies" when it comes to relations of EUROPOL with other relevant EU entities: this is evidence that in all other cases where "missions" are not explicitly referred to in primary or secondary law, such CSDP missions (and operations) do not fall under the scope of the respective Treaty or secondary law provisions. In the context of EUROPOL, Article 2 of the abovementioned Regulation only refers to CSDP missions "for the purposes of this Regulation" (as mentioned in the chapeau of this Article), meaning that the scope of application of this provision is limited to the implementation of this Regulation.
In the light of the considerations above, it is clear that CSDP missions and operations (including Operation Sophia) are not EU bodies in the meaning of Article 15 TFEU.
3) The EEAS informed the complainant that, according to the Operation Sophia’s legal service, the latter could receive and handle requests for access to documents that are sent directly to it. However, the Operation Sophia has told the complainant that it is not responsible for requests for access to documents under Regulation 1049/2001. Could the EEAS clarify this point?
The EEAS representative stated that the EEAS had indeed referred the complainant to the Operation Sophia concerning certain documents which the EEAS did not hold, and which it therefore could not disclose under Regulation 1049/2001.
However, it was clarified that, in doing so, the EEAS had not indicated that access requests addressed to the Operation Sophia would be handled under the framework of Regulation 1049/2001. This therefore explains the Operation Sophia’s answer to the complainant’s requests, as the complainant mentioned that he was addressing his requests to the Operation Sophia under Regulation 1049/2001.
4) Is there a policy in place regarding how the Operation Sophia handles requests for access to documents?
The EEAS representative stated that, as the Operation Sophia is a distinct entity, this question should be addressed to it directly.
Nevertheless, it was added that the EEAS had called for a meeting with Operation Sophia in order to inform itself of how the Operation deals with requests for access to documents. In that context, the Operation Sophia had informed the EEAS that it was developing a policy for dealing with access requests. In particular, the Operation Sophia had identified its spokesperson as the person to whom such requests should be addressed or forwarded.
5) Is there a policy in place for how the EEAS handles requests for access to documents held by and/or relating to the Operation Sophia, or similar CSDP Operations?
For requests relating to military Operations, the EEAS applies the same rules and practices as for other requests it receives for access to documents held by it. The work methods build on Regulation 1049/2001 and the EEAS implementing decision, PROC HR (2011) 012 on the Rules regarding Access to Documents.
In operational terms, the internal work procedures can be described as follows:
1. Reception and attribution: When receiving a request for access to documents, the EEAS sends an acknowledgment of receipt to the requestor and registers the request in the access to documents database (‘ATD’). The Transparency Team attributes the request to the relevant EEAS division(s), which in the case of military Operations normally concern different divisions within EEAS, including the geographic division. For example, requests concerning Operation Sophia often relate to Libya and the geographic desk responsible for this country is consulted (it is to be noted that the Team can only instruct divisions that are part of EEAS and not, for instance, the Operation itself or the Chair of the EU Military Committee, to whom military Operations report).
2. Identification: The concerned EEAS divisions are asked to verify whether they hold (are in possession of) the requested document, which includes if they have been included in correspondence or in copy of the document. The EEAS also searches the EEAS document management database, ARES and the public e-EEAS register.
3. Examination: If documents have been identified, the division which has access to them is asked to examine each document individually to check whether it can be released to the public, fully or partially:
a. If the examination concludes that the document is public or that it can be released, the division informs the Transparency Team accordingly.
b. If the examination leads to the conclusion that one or more of the exceptions provided for in Article 4 of Regulation 1049/2001 apply, whereby access to the document will be refused fully or partially, the division must provide a text to the Transparency Team explaining the content of the document and a justification to explain what "harm" a public disclosure could cause and which exemptions in the Regulation apply to the document or its redacted parts.
4. Third Party Consultation: If the document originates from the Operation or from another third party, a consultation is conducted, as per Article 4 (4) of the Regulation 1049/2001, unless the examination has concluded that it is clear that the document shall or shall not be disclosed. In the case of third party consultations with Operation Sophia, EEAS has normally received a reply from the Operation within 2-3 working days. The Operation has either given agreement that EEAS can release their document fully or provided EEAS with justifications on why the Operation, as a consulted party, is not in favour of disclosure.
5. Reply: Once information has been received from all concerned EEAS divisions, a draft reply to the requestor will be prepared:
a. If EEAS is not in possession of the document, it will inform the requestor that it does not hold the requested document and explain that the Operation itself is not part of EEAS.
b. If the examination has concluded that the EEAS holds the document and it can be released to the public, the Transparency Team will send the document to the applicant. If the document is classified, the possibility to declassify the document will be assessed before making it public. Released documents are at that time also marked as a public document in the e- EEAS register, where it becomes available to the large public.
c. In the case of negative replies, or if only partial access can be granted, the draft will pass by the Legal Affairs division for validation before approval by the Head of the Parliamentary Affairs Division. If access has been denied, the requestors will in the reply be informed of their right to ask for a review of the decision by submitting a confirmatory application to the EEAS within 15 working days. (Confirmatory applications are decided upon by the Director of Budget and Administration of the EEAS. In the case of a negative response on a confirmatory application, the EEAS will inform the citizen of his/her right to institute court proceedings against the EEAS or make a complaint to the European Ombudsman.)
6. All outgoing replies are registered both in the ATD database and in ARES.
6) Has the EEAS received requests for access to documents held by and/or relating to other CSDP Operations? If so, how has it dealt with these?
The EEAS receives approximately 160-180 initial requests for access to documents per year, of which some relate to CSDP Operations.
As an example, 10 out of 168 initial requests related to military operations in 2017. Information on response given is summarised in table 1 in Annex. In terms of operational handling, the standard internal procedures, as outlined above, apply to military operations.
The exact number of received initial requests concerning civilian CSDP missions, and response given, is summarised in table 2 in Annex. For civilian missions, internal attribution and identification practice is facilitated by the fact that in most cases only one EEAS directorate (CPCC) needs to be involved. In some cases, however, also the geographical desk will be contacted, if the requested document concerns a specific country.
During the meeting, the EEAS representative added that is relatively rare that the EEAS does not hold the requested documents in such cases.
3. Conclusion of the meeting
The Ombudsman’s inquiry team and EEAS representatives agreed that since questions (1) and (2) relate to complicated legal issues, the EEAS would address them in the form of a written reply.
The Ombudsman's inquiry team expressed their gratitude for the good cooperation of the EEAS representatives involved and present. The meeting then ended.
The EEAS subsequently provided the Ombudsman with a detailed written reply to questions (1) and (2) as agreed during the meeting. The EEAS also provided a written reply to factual questions (5) and (6). The written input provided by the EEAS was used for the preparation of this report.
Fergal O’Regan Anthony Elpida Apostolidou
Head of Inquiries Unit 2 Strategic Inquiries Unit
Table 1: Number of requests for access to documents received by the EEAS relating to military CSDP Operations
Table 2: Number of requests for access to documents received by the EEAS relating to civilian CSDP missions
 The mission core mandate of Operation Sophia is to undertake systematic efforts to identify, capture and dispose of vessels and enabling assets used or suspected of being used by migrant smugglers or traffickers, in order to contribute to wider EU efforts to disrupt the business model of human smuggling and trafficking networks in the Southern Central Mediterranean and prevent the further loss of life at sea. https://www.operationsophia.eu/
 The Ombudsman’s letter opening the inquiry is available at: https://www.ombudsman.europa.eu/en/correspondence/en/100081
 Following the meeting, the EEAS provided its answers to questions (1), (2), (5), (6) in the form of a written reply. The written reply was therefore used for the preparation of the meeting report.
 See for instance Article 13 of Council Decision (CFSP) 2017/1869 of 16 October 2017 on the European Union Advisory Mission in support of Security Sector Reform in Iraq (EUAM Iraq), OJ L 266, 17.10.2017, p. 12.
 Council Decision (CFSP) 2015/778 of 18 May 2015 on a European Union military operation in the Southern Central Mediterranean (EUNAVFOR MED operation SOPHIA), OJ L 122, 19. 5. 2015, p. 31.
 Article 8 of Council Decision (CFSP) 2015/528 of 27 March 2015 establishing a mechanism to administer the financing of the common costs of EU operations having military or defence implications (Athena) and repealing Decision 2011/871/CFSP, OJ L 84, 28.3.2015, p. 39.
 OPLAN for Operation SOPHIA, p. 39.
 Order of the President of the General Court of 22 July 2010 in case T-271/10 R, H v Council and Commission, paras 19-20.
 Judgment of the Court of 12 November 2015 in case C-493/13 P, Elitaliana SpA v Eulex Kosovo.
 Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA, OJ L 135, 24.5.2016, p.53.