For ease of reading, the term ‘EU institution’ is used as an abbreviation for the EU’s institutions, bodies, offices and agencies, unless it is necessary to distinguish between these entities.

1. The right of public access to EU documents

1.1. Does EU law provide for a right of public access to documents?

The Charter of Fundamental Rights of the EU and the Treaty on the Functioning of the EU (TFEU) state that EU citizens and residents have a right to access documents in the possession of EU institutions, bodies, offices and agencies.

Article 42 of the Charter states that:

“Any citizen of the Union, and any natural or legal person residing or having its registered office in a Member State, has a right of access to documents of the institutions, bodies, offices and agencies of the Union, whatever their medium.”

Article 15(3) TFEU states that:

“Any citizen of the Union, and any natural or legal person residing or having its registered office in a Member State, shall have a right of access to documents of the Union institutions, bodies, offices and agencies, whatever their medium, subject to the principles and the conditions to be defined in accordance with this paragraph.

General principles and limits on grounds of public or private interest governing this right of access to documents shall be determined by the European Parliament and the Council, by means of regulations, acting in accordance with the ordinary legislative procedure.

Each EU institution, body, office or agency shall ensure that its proceedings are transparent and shall elaborate in its own Rules of Procedure specific provisions regarding access to its documents, in accordance with the regulations referred to in the second subparagraph.

The Court of Justice of the European Union, the European Central Bank and the European Investment Bank shall be subject to this paragraph only when exercising their administrative tasks.

The European Parliament and the Council shall ensure publication of the documents relating to the legislative procedures under the terms laid down by the regulations referred to in the second subparagraph.”

Regulation 1049/2001 on public access to EU documents gives effect to this right for most EU institutions, bodies, offices or agencies.

When a document contains environmental information, the specific rules set out in the Aarhus Regulation also apply (more information in question 9.1).

2. Obligations on the different EU institutions, bodies, offices and agencies

2.1. What are the rules applying to the EU institutions?

There are seven EU institutions: the European Parliament, the Council of the EU, the European Commission, the European Council, the Court of Justice, the European Central Bank and the Court of Auditors.

Regulation 1049/2001 on public access to documents applies directly to the Parliament, the Council of the EU and the Commission (these institutions are explicitly mentioned in Regulation 1049/2001). The rules of procedure of the Parliament, the Council and the Commission include specific provisions setting out how they apply Regulation 1049/2001.The Parliament’s rules contain provisions for documents pertaining to Members of the European Parliament, see also the Ombudsman’s decision in 1264/2022/PB. The Commission considers that documents come within the scope of the Regulation only if they are registered.

In a Joint Declaration on Regulation 1049/2001, the European Parliament, the Council and the Commission called on the other EU institutions, bodies, offices and agencies to adopt internal rules on public access to documents which take account of the principles and limits set out in that regulation.

The European Council applies Regulation 1049/2001 and the relevant rules of procedure of the Council of the EU regarding how to deal with requests for access to document (see Article 10 of the European Council’s rules of procedure). According to those rules, the European Council’s deliberations are covered by secrecy provisions, unless the European Council decides otherwise. However, Regulation 1049/2001 nonetheless applies to documents held by the European Council. These rules add that the European Council may authorise the production of a copy of or an extract from European Council documents for use in legal proceedings even when those documents have not already been released to the public in accordance with Regulation 1049/2001.

The three other EU institutions - the Court of Justice of the EU, the European Central Bank and the European Court of Auditors - apply separate rules that differ to varying degrees from Regulation 1049/2001.

The Court of Justice adopted a decision setting out how it deals with access to documents requests relating to its administrative work only. There is no right of public access to documents it holds relating to its ‘judicial work’, which includes pleadings, evidence and its internal deliberations on cases. The legal basis for this exception to the general rule of public access to documents is found in paragraph 4 of Article 15(3) of the Treaty on the Functioning of the EU (TFEU), which states that the right of public access to documents does not apply to the Court of Justice, except when it is exercising its ‘administrative tasks’. The Court of Justice’s rules that apply to documents relating to its administrative tasks are broadly similar to the rules set out in Regulation 1049/2001.

If another EU institution, body, office or agency (‘EU institutions’) were also to hold a copy of a document that relates to the judicial work of the Court of Justice, a request for access to that document can be put to that institution, body, office or agency. For example, if an EU institution is a party in court proceedings, it will have copies of the pleadings in that case, as demonstrated by EU case-law (para. 15). It must deal with any request for access to that document in accordance with the access to documents rules that apply to it.

The decision of the European Central Bank (ECB) on public access to ECB documents sets out more restrictive rules than Regulation 1049/2001, in particular to protect the confidentiality of information that is protected as such under EU law and the ECB’s decision making. The rules regarding decision making exist to give effect to Article 15(3) of TFEU, which states that the right of public access to documents does not apply to the European Central Bank, except when it is exercising its administrative tasks. In addition, in accordance with Article 10(4) of the Protocol on the Statute of the European System of Central Banks and of the European Central Bank, the proceedings of the meetings of the Governing Council of the European Central Bank are confidential unless the Governing Council decides to make the outcome of its deliberations public. EU case-law (paras. 110-111) has established the concept of the ‘confidentiality of the deliberations of the ECB’s Governing Council’, however this covers only the conduct of the deliberations and not their outcome.

According to EU case-law (paras. 94-95) as regards its supervisory work, the ECB cannot rely on a ‘general presumption’ to refuse access. This means that it must justify any refusal to grant access on the basis of the content of the documents at issue.

The Court of Auditors has adopted rules that are very similar to Regulation 1049/2001. They contain one additional exception aimed at protecting the Court of Auditor’s “preliminary audit observations” and documents used in the preparation of those observations. This does not differ in substance from the rules set out in Regulation 1049/2001. The Court of Auditors’ rules also contain an option to release any document it holds if there is an overriding public interest in disclosure.

2.2. What are the rules applying to EU bodies?

There are eight EU bodies: the European External Action Service (EEAS), the European Economic and Social Committee, the European Committee of the Regions, the European Data Protection Supervisor (EDPS), the European Data Protection Board (EDPB), the European Ombudsman, the European Investment Bank (EIB), and the European Public Prosecutor’s Office (EPPO).

Regulation 1049/2001 on public access to documents applies to the EEAS pursuant to Article 11(1) of Council Decision 2010/427 of 26 July 2010 establishing the organisation and functioning of the EEAS. The EEAS has also adopted implementing rules.

The EEAS also assists EU ‘civilian missions’ in dealing with access to documents requests.

The European Economic and Social Committee decided to apply the principles of Regulation 1049/2001. In practice, this means that it applies Regulation 1049/2001.

The Committee of the Regions decided to apply the principles of Regulation 1049/2001. In practice, this means that it applies Regulation 1049/2001.

Article 51 of the Regulation governing the EDPS states that Regulation 1049/2001 applies to documents it holds.

Article 76 of the Regulation governing the EDPB states that it applies Regulation 1049/2001.

The European Ombudsman deals with applications for public access to documents in accordance with Regulation 1049/2001, while respecting the Statute of the European Ombudsman, which contains provisions on confidentiality.

The EIB has a policy that is more restrictive than Regulation 1049/2001, notably regarding protecting the purpose of investigations, audits and inspections. In the context of the EIB’s transparency policy, the Ombudsman decided to take a simpler approach than that currently existing in the EIB policy. The Ombudsman will consider any complaints concerning public access to documents, as soon as the EIB has provided a negative reply to a confirmatory application, or has missed the deadline to reply. 

Regulation 1049/2001 applies to the EPPO through Council Regulation 2017/1939 (the EPPO Regulation). However, in accordance with Article 109(1) of Regulation 2017/1939, the right of access to documents does not apply to documents that are part of the investigation files of the EPPO. The EPPO has adopted implementing rules governing access to EPPO documents.

2.3. What are the rules applying to EU agencies?

The founding regulations of the EU agencies that existed in 2001, when Regulation 1049/2001 on public access to documents was adopted, have been adapted to specify that Regulation 1049/2001 applies to these agencies. The founding regulations of all new agencies, established since 2001, contain a provision applying Regulation 1049/2001 to those agencies.

Most agencies have adopted decisions setting out how they apply Regulation 1049/2001, for example the Single Resolution Board and the European Medicines Agency. It is important to note that these decisions cannot derogate from or limit the right of access provided for in Regulation 1049/2001.

The ‘EU executive agencies’ depend on the European Commission for administrative support when dealing with access to documents requests. They apply the same rules as the European Commission when dealing with access to documents requests, namely Regulation 1049/2001 and the rules of procedure of the Commission.

See a detailed list of the EU’s decentralised and executive agencies.

2.4. The rules applying to EU offices

The four EU inter-institutional offices – the European Personnel Selection Office, the European School of Administration, the Publications Office of the EU and CERT-EU (the EU’s Computer Emergency Response Team) – deal with requests for access to documents in accordance with Regulation 1049/2001 on public access to documents.

2.5. Does the right of public access to documents apply to the Eurogroup?

The Eurogroup is an informal body through which the ministers of the euro area Member States meet. As the Eurogroup is not a formal EU body, the right of public access to EU documents does not apply to it. Nevertheless, the Eurogroup has informed the Ombudsman that it aims to adhere to the spirit of the rules and principles set out in the Treaties. One such principle is transparency. The Eurogroup has stated that it has a proactive transparency policy and draws on Article 4 of Regulation 1049/2001 on public access to documents to help it evaluate whether or not documents can be disclosed proactively. It also stated that EU citizens can address requests for public access to documents to the Eurogroup.

2.6. Are there other rules governing the right of public access to documents?

The rules on access to documents must be understood and applied in accordance with the case-law of the Court of Justice of the EU.

EU institutions, bodies, offices and agencies (‘EU institutions’) must take account of the rules set out in the Aarhus Regulation (Regulation 1367/2006) when they apply Regulation 1049/2001 where the requested document contains ‘environmental information’ (more information in question 9.1).

The right of public access to EU documents is qualified by the EU Data Protection Regulation (Regulation 2018/1725). The Regulation lays down the data protection obligations for the EU institutions and bodies when they process personal data, which must be taken account of by EU institutions when they also apply Regulation 1049/2001 on public access to documents (more information in question 7.1).

According to EU case-law (paras. 109-111), rules on confidentiality set out in certain sector specific regulations must be taken into account when applying Regulation 1049/2001, for example Article 28 of Regulation 1/2003 on competition law proceedings.

3. To whom does the right of public access apply?

3.1. Who can ask an EU institution for access to a document?

Any EU citizen, any other person residing in an EU Member State or any ‘legal person’ resident or with their registered office in a Member State (such as a company, a non-governmental organisation, a school or an association) has a right to access documents held by an EU institution. Certain EU institutions have chosen to extend this right to non-residents.

3.2. Must a person identify who they are when making a request for access to a document?

The Ombudsman has found that an EU institution is entitled to ask for contact details for the purpose of processing a request for access, including to verify if the person requesting access to documents is an EU resident or citizen.

Many EU institutions do not, however, make use of this option and accept requests from all persons.

4. To what does the right apply? What is a document?

4.1. What is implied by ‘document’ in the context of the right to public access?

The concept of a ‘document’ is broad and includes any content whatever its medium, as long as it relates to policies, activities and decisions falling within the sphere of responsibility of the EU institution concerned (see EU case-law).

The Ombudsman has taken the view that ‘document’ also refers to text or instant messages concerning professional activities (see question 4.2 on the subject matter of the document).

According to EU case-law, the right of public access to documents also covers the content of a database, provided the content can be retrieved from the database using existing software solutions available to those persons using the database (that is, to end-users). However, if the content can be retrieved from the database only with substantial help from specialised IT staff or by specialised IT tools that are not normally available to end-users of the database, that content is not covered by the right of public access to documents. The Ombudsman has found that in such circumstances an EU institution is entitled to state that the requested document(s) is simply not in its ‘possession’. The Ombudsman has also found that this interpretation also applies where information is held in a single database but where the dataset is stored across ”multiple complex data structures”.

However, the Ombudsman has encouraged EU institutions to investigate and evaluate possible technical solutions, so as to be able to provide the public with downloadable versions of a database in the future.

4.2. Does the subject matter of the document matter?

The right of public access to documents applies to documents relating to the policies, activities and decisions falling within an EU institution’s ‘sphere of responsibility’. Normally, if an EU institution holds a document, it will fall within the institution's sphere of responsibility. That said, the right of public access does not apply to certain very limited categories of documents, for example:

Documents held by the Court of Justice that relate to its judicial work. The right of access applies only to ‘administrative documents’ held by the Court. According to EU case-law (para. 49), if a Court document relating to its judicial work is held by another EU institution,  the right of public access applies in principle to that document.

Documents containing the deliberations of the Governing Council of the European Central Bank are not subject to public access (as the Ombudsman has found).

The same applies to documents held by the European Public Prosecutor’s Office that relate to the prosecutorial work of the European Public Prosecutor (individuals only have the right to access ‘administrative documents’ held by the European Public Prosecutor’s Office).

4.3. Does the right of public access apply to documents on the work email account of an EU staff member?

The Ombudsman has consistently taken the view that, provided an email is work-related (see question 4.2 on the subject matter of documents), the right of public access applies in principle.

If the email is related to the private life of a staff member (personal emails), or otherwise falls outside the EU institution’s sphere of responsibility, it is not covered by the right of public access.

The Ombudsman has found that an EU institution may, in accordance with principles of good administration, ask a staff member to give it copies of substantive work-related emails sent to or from the staff member’s private email account. Once the emails come into the possession of the EU institution, they are covered by the right of public access to documents.

4.4. Does the right of public access apply to text or instant messages sent by mobile phone?

The Ombudsman has taken the view that work-related text (or other instant) messages sent to or from a phone provided to staff by an EU institution are covered by the right of public access to documents.

The Ombudsman has taken the view that, an EU institution may, in accordance with principles of good administration, ask a staff member to give it copies of substantive work-related text messages sent to or from the staff member’s private phone. The right of public access would then apply to such documents.

The Ombudsman has issued a set of best practices for the EU administration concerning the record keeping of text and instant messages sent by EU public servants, when acting in a professional capacity.

4.5. How to find out if an EU institution has a document?

All EU institutions that apply Regulation 1049/2001 (or equivalent rules) on public access to documents are supposed to have a register of documents. Such registers must be made available to the public in electronic form. The Ombudsman has issued guidance on the principles that should apply to such registers. They normally contain lists of documents. In certain cases, registers will contain a direct link to the documents in an online register. The register should give a brief description of each document, and its reference number. If the document is not available directly, the reference can be used to request access to the document.

Certain categories of documents should, as far as is possible, be made directly accessible (preferably electronically) to the public. For example, documents that concern the process by which legislation is created should, as far as possible, be directly accessible.

According to EU case-law (para. 99) the EU institutions should ensure that their policies on registering documents are not arbitrary.

In practice, registers do not contain all of the documents in the possession of an EU institution.

Those seeking documents not listed in the register of an EU institution may find references to such documents on the websites of the institutions, or they may be cross-referenced in other documents. This information can be used to make requests for access to documents.

Individuals may also request access to documents that they assume exist, for example, where a particular procedure normally involves the creation of a certain type of document.

However, in the context of an access request, individuals may also ask an EU institution if it has any documents concerning a particular issue. According to Article 6(2) of Regulation 1049/2001, the institution is obliged to help process such requests. It can do so for example by providing a list of the documents that it holds concerning that issue. Individuals may then use this list to make a request for public access to documents.

However, if it is not possible to clarify a request, the institution is entitled not to deal with the request further. It is therefore in the interest of requesters to attempt to identify as clearly as possible the document(s) that they want.

4.6. What if an EU institution insists that a requested document does not exist or is no longer in its possession?

The right of access to documents applies only to documents that exist and are in the possession of an EU institution.

According to EU case-law (para. 155), if an EU institution states that a document does not exist, this statement is presumed to be true. However, the requester can seek to rebut this presumption, for example, by pointing out that a particular procedure normally involves the creation of that type of document. According to EU case-law (paras. 47 and 54), the EU institution should be able to provide plausible explanations why a document does exist.  

An EU institution is not obliged to retain copies of documents indefinitely. It may be the case that a document was once in the possession of an institution and was, as part of a normal document retention policy, deleted. However, it is good administrative practice to keep copies of important documents, at least for a reasonable period. The Ombudsman found that an institution should not destroy documents while a request for access to those documents is being processed.

It is good administrative practice for an EU institution to make public its document retention policy, as the Ombudsman has suggested.

The right of public access to documents does not imply any duty to create a new document. That said, separate from the right of public access to documents, all citizens have the right to ask every EU institution for information and have a right to a response. The right of access to ‘information’, which is set out in the European Code of Good Administrative Behaviour (Article 22) can be used to obtain a punctual answer to a question.

4.7. Is there a limit to the number of documents that can be requested?

According to EU case-law (paras. 101- 102), an EU institution can refuse to deal with a request for public access to very large numbers of documents or to very large documents if the work needed to reply to the request would lead to a disproportionate administrative burden. However, the EU institution in question should first consult the requester to try to find a “fair solution”. This could involve helping to narrow down the request (see question 6.3).

It is usually in the interest of requesters to assist with such efforts since, according to EU case-law (para. 112), if no solution can be found, the EU institution may refuse to deal with the request or decide to limit the scope of the request.

A requester cannot circumvent this rule by making multiple separate requests in the same time period.

Instead of refusing multiple requests, some EU agencies use queuing systems to deal with such requests. In such cases, they will deal with the requests in sequence.

While the Ombudsman has found in the past that, under certain circumstances, a queuing mechanism may constitute a fair solution, the Ombudsman is of the view that automatically applying a queuing system cannot be good administrative practice.

4.8. Should an EU institution list the documents it has identified as falling within the scope of a request?

The Ombudsman has taken the view that it is good administrative practice for EU institutions to include in their decision on a request for public access request a list of documents identified as falling within the scope of that request, unless disclosing such a list undermines the interest(s) to be protected. By providing a list of identified documents, the institution facilitates the processing and understanding of its response, and allows requesters to submit more informed requests for review.

4.9. What rules apply to classified documents?

Article 9 of Regulation 1049/2001 on public access to documents explains how the rules on public access apply to classified documents. These are sensitive documents that have been classified as "TRÈS SECRET/TOP SECRET", "SECRET" or "CONFIDENTIEL" in accordance with the rules of the EU institution concerned.

The aim of these rules is to protect the essential interests of the European Union or of one or more of its Member States in the areas covered by Article 4(1)(a) of Regulation 1049/2001, notably public security, defence and military matters.

While Article 9 of Regulation 1049/2001 makes specific reference to public security, defence and military matters, it does not exclude consideration of the need to protect the other interests set out in Article 4(1)(a) of Regulation 1049/2001, which include international relations and the financial, monetary or economic policy of the EU or a Member State.

Applications for access to sensitive documents must be handled only by those persons who have ‘clearance’ to consult such documents.

Sensitive documents can be recorded on a public register or released only with the consent of the person or entity from whom the documents originated.

5. Access to documents and EU languages

5.1. If an EU institution has granted access to a document in one language, does the requester have the right to a translation?

If the EU institution has a copy of a document in the requested language, it should give access to this. This applies even if the language is not an EU official language.

However, if the institution does not already have a copy in the language requested, it is under no obligation to provide a translation.

5.2. If a request is made in one official EU language, can the EU institution respond in another language?

EU institutions must reply to requests for public access in the same official EU language in which the request was made.

6. How to request access in practice

6.1. In what form can requests be made?

A requester can make a request, and ask the EU institution to respond, in their preferred written format, including by email. Some EU institutions may provide online request forms or portals with user accounts. Such online forms or portals make it easier to deal with requests, and may therefore improve the experience for those requesting access, as requests can be dealt with more efficiently. If it is not possible to identify the correct operating entity, requests should be sent to either the general contact (email) address or to the (email) address of the entity that the requester believes is responsible for the document(s). The message should clearly state that it concerns a request for public access to documents under Regulation 1049/2001. The recipient should then forward the request to the persons dealing with access to documents in the respective institution.

6.2. What if the request is not sufficiently precise?

If a request is unclear, the EU institution is required to clarify the request. This may affect when the request is registered. It is therefore important to make sure that requests are as clear as possible.

The Ombudsman has encouraged EU institutions to engage with requesters openly and constructively at all stages, and ensure they are provided with all necessary information that may enable them to clarify their requests.

The Ombudsman has found that, once a request is sufficiently precise to enable the EU institution to identify the document(s), the institution should register the request. Only after registering the request, if necessary, should the EU institution seek a fair solution. The fair solution should be sought within the statutory time-limit as required by Regulation 1049/2001 (see questions 6.3 and 6.4).

6.3. What happens if the request relates to a very long document or to a very large number of documents?

If a request for public access relates to very large numbers of documents or to very large documents and thus the work needed to reply to the request would lead to a disproportionate administrative burden, the EU institution in question should first consult the requester to try to find a “fair solution”. This could involve helping to narrow down the request (see also question 4.7.).

According to Article 6(2) of Regulation 1049/2001, the EU institution is obliged to help process such requests. It can do so for example by providing a list of the documents that it holds.

The Ombudsman has also found that an EU institution should not suspend the statutory time-limits when it realises, after having registered a request, that the request is not sufficiently precise. Where an institution has registered a request that is not sufficiently precise to enable it to identify the documents and which therefore should not initially have been registered, it should rapidly ask the requester to provide the necessary clarifications, and activate the 15 working days time-limit once such clarifications have been received. The time for contacting the requester to seek such clarifications should not exceed 2-3 working days from the date of receipt of the request. Moreover, an institution should avoid making multiple requests for clarifications. 

6.4. How long will it take to obtain a decision?

Once a request is registered, the requester should normally receive an acknowledgement of receipt.

EU institutions are required to take an initial decision within 15 working days of registering a request. This deadline of 15 working days may be extended by a further 15 working days in exceptional circumstances. The EU institution should inform the requester of this extension before the deadline expires and explain why it is necessary. Requests may only be registered once they reach the correct recipient within the institution, so identifying and sending a request to the correct operating entity will ensure that it is registered more quickly.

Where the EU institution refuses to grant full or partial public access to the requested documents or fails to reply to the request within the 15 working days or the extended 30 working days time limit, the requester can request a review (confirmatory application) (see section 8) of the decision or the implicit rejection of the request. The EU institution is required to take a confirmatory decision within a period of 15 working days, which may again be extended by another 15 working days in exceptional circumstances.

Public holidays are not counted when calculating when the deadline expires. Thus, if a request is made before a public holiday period, when the EU institution is closed for a number of days, it may take more time to get a reply.

6.5. What information should a requester provide in a request?

Requesters should identify themselves and the documents they seek access to.

Normally, requesters do not need to explain why a document is sought. However, the right of public access is not absolute and certain exceptions to this right apply. (More information on these exceptions can be found under section 7)

In some cases, even where an exception applies there may be an overriding public interest in granting the request. In such an instance, an explanation by the requester as to why the document is being sought is necessary in order to determine whether there is an overriding public interest in disclosing the document. Consequently, if requesters believe that a public interest will be served by granting public access to a document, they should explain what this public interest is and why they believe disclosing the document serves that public interest.

According to EU case-law (para. 49) and the Ombudsman, EU institutions should always seek to identify if there is an overriding public interest in granting access. This is particularly important since only the institution concerned is in possession of the documents and aware of their contents (except where the Ombudsman decides to inspect the documents in the course of dealing with a related complaint).

If the request includes access to the personal data of a third party, the requester has to demonstrate that there is a necessity, in the public interest, which would justify making public that personal data. If such a necessity exists, the EU institution will then balance that necessity against the ‘legitimate interests’ of the persons identified in the documents. The Ombudsman has taken the view that, if the legitimate interests of those persons outweigh the reasons put forward by the requester, access to the personal data must be denied.

Providing any background or contextual information when making a request may also be useful in the case of wide or voluminous requests in order to assist the EU institution in identifying the documents of specific interest to the requester.

6.6. Is a requester required to provide a postal address when making a request?

It is reasonable for an EU institution to ask a requester to provide a postal address for a number of reasons. Firstly, the right of public access to documents is enjoyed by ‘citizen[s] of the Union, and any natural or legal person residing or having its registered office in a Member State’, though this may be extended by an EU institution at its discretion (see question 3.1). Secondly, according to EU case-law (para. 62), registered post is a particularly secure form of notification to ensure legal certainty of the receipt of decisions for the purpose of establishing the time limits under Regulation 1049/2001. In addition, the rules on the processing of personal data by EU institutions entail strict requirements for transfers of personal data outside the EU. In those circumstances, it is reasonable for an EU institution to request a postal address to determine whether a transfer of personal data will take place or not.

7. Restrictions on the right to public access

7.1. What reasons can be put forward for refusing access?

The reasons for refusing access to a document are set out in Article 4(1) to 4(3) of Regulation 1049/2001 on public access to documents.

Article 4(1)(a) states that access should be denied if disclosure would undermine the protection of the public interest as regards: public security; defence and military matters; international relations; and/or the financial, monetary or economic policy of the EU or a Member State.

Article 4(1)(b) states that access should be denied if disclosure would undermine privacy and the integrity of the individual, in particular in accordance with EU legislation regarding the protection of personal data.

Article 4(2) states that access should be denied if disclosure would undermine the protection of: commercial interests of a natural or legal person, including intellectual property; court proceedings and legal advice; and/or the purpose of inspections, investigations and audits.

However, unlike the exceptions set out in Article 4(1)(a) and (b), for the exceptions set out in Article 4(2), access can still be granted to these documents if there is an overriding public interest in disclosure. A person’s private interests in disclosure are not relevant unless they coincide with a public interest. A good example would be where a person wishes to have access to a clinical study report to check if a medicine approved by the European Medicines Agency is safe. The person may have a private interest in knowing this information. However, there is also a public interest in making known information about the safety of medicines.

Article 4(3) states that access should be denied if disclosing the document would seriously undermine the EU institution’s decision-making process, unless there is an overriding public interest in disclosure. Wider access may be possible where the decision-making process has already ended. In such circumstances, this exception continues to apply to documents containing opinions for internal use as part of deliberations and preliminary consultations within the EU institution concerned.

7.2. How detailed must an EU institution’s arguments be when justifying a refusal to grant access to a document?

The EU Courts have consistently found that, in justifying their decision to invoke an exception under Regulation 1049/2001 and refuse access, an EU institution must show that there is an actual and specific risk that is “reasonably foreseeable” and not hypothetical to the interests they intend to protect. The EU institution is therefore not required to prove that granting access would undermine these interests.

However, it is not sufficient for an EU institution to state that the documents simply concern a particular interest. For example, it is not sufficient to state that a document concerns the financial, monetary or economic policy of the EU or a Member State (Article 4(1)(a) fourth indent of Regulation 1049/2001). Rather, the EU institution must show that it is reasonably foreseeable that disclosing the document(s) would undermine one or more of these interests and must provide adequate reasoning so that the requester (or the Courts or the Ombudsman) can understand why full or partial access cannot be granted.

The EU institution is not required to give any information on the content of the documents, but it may be helpful that the institution provides some information to enhance understanding of its decision not to disclose. In practice it happens that EU institutions provide such information.

According to EU case-law (para. 34), an EU institution is required to adopt a broad interpretation of the right of access and a narrow interpretation of the exceptions to that right of access.

In certain cases, however, an EU institution can rely on a ‘general presumption’ to deny access. This means that an exception justifying a refusal to grant access is presumed to apply to all documents of a certain type such that the institution does not have to carry out an individual review of each individual document. This normally occurs when there is legislation that expressly provides for the confidentiality of a document. For example, EU legislation on the conduct of state aid investigations states that information gathered in such investigations is confidential. Thus, according to EU case-law (para. 61), all the documents in a state aid file can be presumed to be confidential.

General presumptions have, however, been recognised even where there is no specific legislation requiring that access be denied. For example, according to EU case-law (paras. 55 - 65), documents relating to an infringement proceeding can be presumed to be confidential while the investigation is ongoing.

Where an EU institution invokes a general presumption to refuse access, the requester can seek to rebut this by showing that the basis for the general presumption does not exist. For example, if the presumption is based on the fact that an investigation is ongoing, it will be rebutted if it is demonstrated that the investigation has ended. If the general presumption is based on the fact that information can be presumed to be commercially confidential, that presumption can be rebutted by pointing out that the information is now obsolete. According to EU case-law (para. 79), if documents relate to matters that occurred more than five years ago, it cannot be presumed that the information remains commercially confidential.

However, even if a general presumption is rebutted, and the EU institution carries out an individual assessment of the document, it may refuse access based on the specific content of the document or the specific circumstances that relate to how the document is currently being used.

7.3. How can requesters verify that the reasons given for refusing access are justified if it is not possible to see the documents?

In certain cases, the content of a document will not be in dispute. For example, if a requester expressly asks for the personal data of a third party, it will not be in dispute that the documents falling within the scope of the request contain personal data.

In other cases, a requester may not expect that the document they requested contains sensitive data. In such cases, where access is refused after the requester has asked for the initial decision to be reviewed (by making a ‘confirmatory application’), the requester may submit a complaint to the Ombudsman. The Ombudsman has the power to inspect documents held by an EU institution, and can therefore confirm if they contain sensitive data. The EU Courts can do likewise.

In certain cases, the reasons why a document cannot be disclosed will not be based on information contained in the document itself. For example, if a person requests documents relating to infringement proceedings by the European Commission (such as a ‘letter of formal notice’), access can be refused if the infringement proceedings are ongoing at the time the request for access is refused. According to EU case-law (paras. 68 - 70), EU institutions are justified in refusing access in such circumstances, in order to protect the purpose of the ongoing investigations. According to EU case-law (paras. 116 - 117), this applies even if the documents concern environmental information. The content of the letter of formal notice will not show if the infringement proceedings are still ongoing: while the proceedings were certainly ongoing when the letter was sent, that does not mean that they were ongoing when the Commission refused to grant access to the letter. The Ombudsman must therefore check if the proceedings are ongoing, by asking the Commission to provide information on the status of the investigation.

7.4. What is a ‘public interest’ in disclosure, when can it be invoked and when can it lead to access being granted?

A public interest in disclosure exists when disclosing the document would serve to protect an interest to the benefit or advantage of the public. This does not mean that every member of the public must derive a benefit from a document being made public. For example, public access to information on the safety of a certain medicine would serve a public interest even if the medicine is prescribed to a limited group of patients.

According to EU case-law (para. 67 - 68), the transparency of a legislative procedure is a public interest that is relevant for assessing whether public access can be granted, as is the protection of the environment. The Aarhus Regulation recognises that public access to environmental information (more information in question 9.1), and in particular information relating to emissions into the environment, constitute a public interest (except where the information is being used in an investigation). The Clinical Trials Regulation (Regulation 536/2014) implies that public health may be an overriding public interest justifying access to documents relating to clinical trials. The Ombudsman has supported this view. According to EU case-law (paras. 80 - 85), there is an overriding public interest in the disclosure of harmonised standards, which are part of EU law.

The public interest must be considered when examining if the exceptions set out in Article 4(2) and 4(3) of Regulation 1049/2001 apply. In both cases, the exception will apply unless there is an overriding public interest in disclosure. Article 4(2) of Regulation 1049/2001 applies when disclosure would undermine the protection of: the commercial interests of a natural or legal person, including intellectual property; court proceedings and legal advice; and/or the purpose of inspections, investigations and audits.

Article 4(3) of Regulation 1049/2001 states that access must be denied if disclosure of the document would seriously undermine the institution's decision-making process.

However, the public interest does not need to be taken into consideration when disclosure would undermine an interest protected by Article 4(1)(a) of Regulation 1049/2001, namely the protection of: public security; defence and military matters; international relations; and/or the financial, monetary or economic policy of the EU or a Member State.

In other words, these are absolute exceptions (whereas the exceptions set out in Article 4(1)(b), 4(2) and 4(3) of Regulation 1049/2001 are relative exceptions).

According to EU case-law (paras. 54 - 58), purely private interests, such as an interest in using the documents in court proceedings, are not considered public interests. The general need for an EU institution to be transparent is also, according to the Court, not a public interest that can override an exception invoked to protect one of the interests referred to in Article 4(2) and 4(3) of Regulation 1049/2001. According to EU case-law (paras. 53 - 54), an overriding public interest must normally be something specific.

The fact that a public interest in disclosure is identified does not mean that this interest overrides the interest in non-disclosure. Rather, it is always necessary to weigh up the relative importance of these interests and this is done by the EU institution in question. However, if requesters believe that a public interest will be served by granting public access to a document, they should explain what this public interest is and why they believe disclosing the document serves that public interest.

This is particularly important where the interests that are protected by an exception are themselves public interests, such as the need to protect court proceedings or the purpose of investigations, audits and inspections.

7.5. Does the passage of time play a role in dealing with requests for access to documents?

An EU institution, body, office or agency can only refuse access if, at the time it refuses access, one of the exceptions set out in Regulation 1049/2001 applies. According to EU case-law (para. 146), in certain cases, it is reasonable to judge that disclosing a document would cause harm at a given point in time, whereas disclosing the same document at a later point in time may cause no harm.

This is particularly the case for documents that are related to investigations, audits and inspections. Such documents are very sensitive while an investigation is ongoing. However, they may cease to be sensitive once the investigation ends.

A document may contain commercially sensitive information. However, the passage of time may render this information obsolete, in which case it will cease to be commercially sensitive. According to EU case-law (para. 79), a document cannot be presumed to be commercially sensitive if it relates to facts that are more than five years old.

Requesters who have been refused access to documents, because there is an ongoing investigation or because the document contains commercially sensitive information, can make a new request for access to the documents once an investigation ends or sufficient time has elapsed, meaning the information is no longer commercially sensitive.

If circumstances have changed, the EU institution must take these into consideration when considering a new request.

7.6. May an EU institution, body, office or agency refuse access to a document containing information that is already in the public domain?

According to EU case-law (paras. 40-41), the fact that a document may have been leaked or is the subject of press reports does not imply that the EU institution is required to officially disclose the document.

It may be the case, however, that certain information contained in a document was not leaked, but rather was intentionally made public by the EU institution in another context, or by another authorised body in a Member State. This may mean that the information is not sensitive and that the EU institution should disclose the document containing that same information.

However, there are cases where access can still be refused, for example, where public access to the specific document would confirm how the information is being used by the EU institution. For example, the various technical means used to protect IT systems from hacking may be well known. However, it may not be well known which of those technical means are being used by an EU institution to protect its IT systems. The Ombudsman has found that the EU institution can refuse to grant access to documents explaining how it protects its IT systems (even though the technical methods described in those documents may be found online).

7.7. What is meant by the exception for protecting ‘public security’ and ‘defence and military’ matters?

Article 4(1)(a) of Regulation 1049/2001 states that access should be refused to protect the public interest as regards: public security; and/or defence and military matters

These related concepts can have a very broad meaning. According to EU case-law (paras. 63 - 65), EU institutions also have a particularly broad ‘margin of appreciation’ when deciding whether the disclosure of certain information would undermine the protection of the public interest as regards public security or defence and military matters. That is, the EU institution has considerable room for manoeuvre in evaluating whether the exception applies.

It is reasonable to consider that public security or defence and military matters could include the interests of the EU, of its Member States, or of non-EU countries or international organisations (such as NATO).

Public security could also cover the supply of essential products, such as petroleum or medicines.

Normally, it is not possible to argue that there may be an overriding public interest in disclosure. However, Article 6(1) of the Aarhus Regulation (Regulation 1367/2006) implies that the public interest served by disclosure may be taken into account when the information in the document also relates to emissions into the environment (more information in question 9.1).

7.8. What does the exception for protecting international relations mean?

Article 4(1)(a) of Regulation 1049/2001 states that access should be refused to protect the public interest as regards international relations.

This concept can also be given a very broad meaning. The EU institutions also have a broad margin of appreciation when deciding whether disclosing certain information would undermine international relations.

International relations does not encompass how the EU institutions interact with Member States on matters that fall within the scope of EU law.

However, a Member State may also engage with the EU institutions regarding a matter that falls outside the competences of the EU. In those circumstances, the relations between the EU and the Member States may fall within the exception.

According to EU case-law (para. 41), the concept of international relations would also encompass how the EU interacts with international bodies such as the UN, the WTO or NATO. In principle, the concept of international relations would also encompass how non-EU countries or international bodies interact with each other, or how a Member State interacts with an international body.

Normally, it is not possible to argue that there may be an overriding public interest in disclosure. However, article 6(1) of the Aarhus Regulation (Regulation 1367/2006) implies that the public interest served by disclosure should be taken into account when the information in the document also relates to emissions into the environment.

7.9. What is meant by the exception for protecting the financial, monetary or economic policy of the EU or a Member State?

Article 4(1)(a) of Regulation 1049/2001 on public access to documents states that access should be refused to protect the public interest as regards the financial, monetary or economic policy of the EU or a Member State.

Unlike the other interests described in Article 4(1)(a) of Regulation 1049/2001, this exception relates to the protection of interests of the EU or a Member State. It does not apply where disclosure might undermine the financial, monetary or economic policy of non-EU countries or international bodies. That said, if disclosing a document would undermine the financial, monetary or economic policy of a non-EU country, its disclosure would potentially fall under the exception relating to the protection of international relations. For example, if access were requested to documents on trade agreements with non-EU countries, this would not be covered by the exception for protecting financial, monetary or economic policy, but it might be covered by the exception for protecting international relations.

This concept can also be given a very broad meaning. The EU institutions also have a broad margin of appreciation when deciding whether the disclosure of certain information would undermine the financial, monetary or economic policy of the EU or a Member State.

This exception is often invoked by those EU institutions that are involved in formulating financial, monetary or economic policy, such as the European Central Bank.

Normally, it is not possible to argue that there may be an overriding public interest in disclosure. However, Article 6(1) of the Aarhus Regulation (Regulation 1367/2006) implies that the public interest served by disclosure may be taken into account when the information in the document also relates to emissions into the environment (more information in question 9.1).

7.10. What is meant by the exception for protecting personal data? Can personal data contained in a document be accessed?

Article 4(1)(b) of Regulation 1049/2001 on public access to documents states that access should be denied if disclosure would undermine the privacy and the integrity of the individual, in particular in accordance with Regulation 2018/1725 on the protection of natural persons with regard to the processing of personal data by the EU institutions.

The concept of ‘personal data’ is very broad. It means any information relating to an identified or identifiable natural person (known as a ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal data contained in a requested document can be disclosed only if disclosure is in compliance with the rules set out in Regulation 2018/1725. The relevant rule is that the personal data shall only be transmitted if the requester establishes that it is necessary to have the data transmitted for a specific purpose in the public interest. In addition, where there is any reason to assume that the data subject’s legitimate interests might be prejudiced, such data may be transmitted only if the institution that holds the data (‘the controller’) establishes that it is proportionate to transmit the personal data for that specific purpose after having demonstrably weighed the various competing interests.

This implies that a requester must set out what need will be served by having access to the personal data. That need must be in the public interest. Even then, access can be refused if there is any reason to assume that the data subject’s legitimate interests might be prejudiced.

In practice, this can make it very difficult to obtain non-redacted access to documents containing personal data. However, in certain cases (Case T‑375/22 and T-761/21), the Court considered the conditions for having access to personal data and recognised that the requester had established a specific purpose in the public interest in disclosure.

The key to obtaining access in such cases very often revolves around the question of whether information is or is not personal data. In certain cases, it will be clear: a person’s name, their signature, or details about them (age, marital status, health, and so on) will be personal data. In other cases, it may be less clear: for example, certain information relating to travel expenses, hotel bills or allowances may be personal data if perhaps in combination with information that is publically available, they could identify the data subject (as the Ombudsman has found).

7.11. What is meant by the exception for protecting commercial interests?

The concept of commercial interests is broad. It covers, for example, information on contractual terms (prices, the nature and the quality of product or services), technical details in tenders, commercial relationships, ‘know-how’ and expertise, etc.

The original proposal of the European Commission that led to Regulation 1049/2001 specified what these interests could include. It stated that they covered in particular: business and commercial secrets; intellectual and industrial property; industrial, financial, banking and commercials information including information relating to business relations and contracts; and/or information on costs and tenders in connection with award procedures.

While these specifications were not included in Regulation 1049/2001 when it was adopted, all of the specific points have been accepted as valid commercial interests under EU case-law (see judgments on business and commercial secrets, intellectual and industrial property, information on business relations and contracts, costs and tenders in award procedures).

That said, commercially confidential information does not cover all information relating to a company. It certainly does not cover information that the company has made public about itself.

According to EU case-law (para. 21) (concerning competition law proceedings), in order to be deemed covered by professional secrecy, information must be known only to a limited number of persons and its disclosure must be liable to cause harm. In addition, the interests liable to be harmed by disclosure must, objectively, be worthy of protection.

Furthermore, the Ombudsman has found that the exception only covers the protection of legitimate commercial interests. The Ombudsman has taken the view that a wish to hide information about defective products would not normally be considered a legitimate commercial interest.

The fact that information is or is not commercially sensitive is independent of how the EU institution uses that information. The Commission may gather such information for many purposes, such as competition law proceedings, trade law proceedings, tenders, grants etc. The nature of those proceedings, and whether they have ended or are ongoing, will not affect the question of whether the information is or is not commercially confidential.

As such, according to EU case-law (para. 45), information may remain commercially confidential after the procedures in which that information was used have ended. That said, time does play a role regarding whether information will remain commercially confidential. It can be presumed that commercial information that is relatively up-to-date remains sensitive. However, according to EU case-law (para. 79), that presumption is deemed not to exist if the information is more than five years old. Further, the absence of a presumption of commercial confidentiality does not mean that the EU institutions cannot provide specific reasons why specific information remains confidential. Certain information may continue to constitute trade secrets for many years, even indefinitely. Furthermore, the burden of proof will be on the EU institutions to show that this is the case.

The exception covers the commercial interests of legal persons (for example, companies) and physical persons. The exception does not apply where there is an overriding public interest in disclosure.

7.12. What is meant by the exception for protecting legal advice and court proceedings?

The exception relating to legal advice and court proceedings contains two reasons for refusing access, which must be understood separately from each other. However, legal advice may sometimes relate to court proceedings and documents relating to court proceedings may sometimes disclose legal advice. The two categories may sometimes overlap but they are, essentially, separate categories.

The exception does not apply where there is an overriding public interest in disclosure.

Court proceedings

This exception covers documents prepared for court proceedings. This clearly covers pleadings and evidence gathered for the purposes of court proceedings. It also covers internal documents concerning the investigation of a case, as well as internal correspondence within the EU institution or with a lawyer’s office regarding the case (according to EU case-law).

According to EU case-law (paras. 41-43), this exception can also cover other documents not drawn up for the purposes of court proceedings, that have a relevant link with pending or imminent court proceedings. Such a relevant link exists if disclosure of the document would reveal an internal position or a divergent view on an issue at stake in court proceedings. Revealing such an internal position, could then compromise the principle of ‘equality of arms’ during these court proceedings. Those proceedings may be before the EU Courts or before a national court when it is particularly likely that this court would make a reference for a preliminary ruling to the EU Courts because the proceedings raise a question of interpretation or validity of an act of EU law (EU case-law, paras. 65-69).

According to EU case-law (para. 32), documents could also be considered protected by this exception if a national court using the documents objected to their disclosure.

According to EU case-law (paras. 92 - 94), when a request relates to pleadings submitted to a court while the court proceedings are pending, there is a general presumption that such documents cannot be disclosed. This is to prevent interference with ongoing court proceedings, to guarantee the presumption of innocence and to ensure all parties have an equal opportunity to present their case, which may be affected if the pleadings of one of the parties were released. Once the court proceedings end, the general presumption no longer applies. Regulation 1049/2001 does not govern the question whether the private party to court proceedings may decide to give the public access to its own pleadings; the private party may not give access to the EU institution’s pleadings, see EU case law (paras. 123-124).

Regarding documents with a relevant link to court proceedings, according to EU case-law (para. 58) disclosure cannot be granted if this would enable the parties to benefit from privileged access to internal information belonging to the other party that is closely connected to the legal aspects of proceedings.

Legal advice

If legal advice relates to court proceedings, it can benefit from the high level of presumed protection afforded to documents that relate to ongoing court proceedings. However, if legal advice relates to other matters, the specific content of the legal advice is relevant.

Legal advice can be protected if disclosure would undermine the ability of an EU institution to obtain frank, objective and comprehensive legal advice. A judgment call on whether that is the case will depend on the content of the legal advice and whether disclosure would undermine the protection of that advice. According to EU case-law (paras. 81 - 82), an EU institution must, on the basis of such an assessment provide concrete and detailed evidence to support this, rather than rely on general and abstract considerations.

If the content relates to a matter to which a high degree of transparency applies, such as legislative matters, it may be possible that, in any event, there is an overriding public interest in disclosure. As indicated in recitals 2 and 6 of Regulation 1049/2001 on public access to documents:

“Openness enables citizens to participate more closely in the decision-making process and guarantees that the administration enjoys greater legitimacy and is more effective and more accountable to the citizen in a democratic system. Openness contributes to strengthening the principles of democracy and respect for fundamental rights as laid down in Article 6 of the EU Treaty and in the Charter of Fundamental Rights of the European Union.

...

Wider access should be granted to documents in cases where the institutions are acting in their legislative capacity, including under delegated powers, while at the same time preserving the effectiveness of the institutions’ decision-making process. Such documents should be made directly accessible to the greatest possible extent.”

In addition, according to EU case-law:

“Those considerations are clearly of particular relevance where the Council is acting in its legislative capacity, as is apparent from recital 6 of the preamble to Regulation No 1049/2001, according to which wider access must be granted to documents in precisely such cases. Openness in that respect contributes to strengthening democracy by allowing citizens to scrutinize all the information, which has formed the basis of a legislative act. The possibility for citizens to find out the considerations underpinning legislative action is a precondition for the effective exercise of their democratic rights.” (para. 46)

7.13. What is meant by the exception for protecting the purpose of audits, inspections and investigations?

The fact that a document might relate to an audit, inspection or investigation does not in itself suffice as justification for applying this exception. Rather, the exception only applies if disclosure would undermine the purpose of the audit, inspection or investigation. In refusing access, an EU institution must explain how this is the case.

EU case-law (para. 131) has defined an investigation as a structured and formalised procedure that has the purpose of collecting and analysing information, to enable the EU institution to take a position in the framework of its functions established by the EU Treaties.

According to EU case-law (paras. 45-48), the purpose of an audit, inspection or investigation is to discover, analyse and prove a set of facts. If disclosure would undermine the ability of an EU institution to do any of these, access may be denied.

The scope of the exception is not limited to audits, inspections and investigations carried out by EU institutions. It also covers the need to protect national audits, inspections and investigations.

A number of ‘general presumptions’ exist as regards the application of this exception. These arise because the secondary law applying to audits, inspections and investigations normally contains rules requiring the investigatory authority to keep confidential information gathered in the context of audits, inspections and investigations. These include merger investigations, cartel investigations, abuse of dominance investigations, state aid investigations and investigations by the European Anti-Fraud Office (OLAF). Disclosure is generally presumed to undermine the purpose of audits, inspections and investigations if they are ongoing.

EU case-law (paras. 51 - 65) has also recognised the application of a general presumption for infringement proceedings while the infringement proceedings are ongoing. The Court stated that the exception relating to the protection of the purpose of audits, inspections and investigations would still apply even when a case is submitted to the Court. The reason for this is that the Court considers that the negotiations with the Member State, aimed at putting an end to the infringement, continue even when the court case is ongoing.

The exception does not apply where there is an overriding public interest in disclosure.

7.14. What is meant by the exception for protecting internal decision-making? How could this interest be undermined by disclosing documents?

Article 4(3) of Regulation 1049/2001 on public access to documents states that:

“Access to a document, drawn up by an institution for internal use or received by an institution, which relates to a matter where the decision has not been taken by the institution, shall be refused if disclosure of the document would seriously undermine the institution's decision-making process, unless there is an overriding public interest in disclosure.”

and

“Access to a document containing opinions for internal use as part of deliberations and preliminary consultations within the institution concerned shall be refused even after the decision has been taken if disclosure of the document would seriously undermine the institution's decision-making process, unless there is an overriding public interest in disclosure.”

These exceptions seek to protect the process by which decisions are taken within an EU institution.

The decision-making process in question need not give rise to a situation where a legally binding decision is adopted. Any deliberative process, aimed at allowing an EU institution to take a position on a given matter, constitutes decision making.

A decision-making process can also relate to legislative decision making, as we have seen in cases relating to access to legislative files.

The first sub-paragraph of article 4(3) can cover any document used in decision-making where that process is ongoing. In contrast, the second sub-paragraph of article 4(3), which applies to situations in which the relevant decision has been adopted, only covers any document containing opinions for internal use as part of deliberations and preliminary consultations within the institution.

This implies that purely factual information, such as statistics, evidence or background information, gathered for the purpose of decision-making, can be protected under the first sub-paragraph of article 4(3) until such time as the decision is adopted, but cannot be protected under the second sub-paragraph of article 4(3) after the fact.

It is important for the EU institution to explain the nature of the decision-making process at stake and whether it is ongoing or not and provide the reasons for this. Similarly, an EU institution cannot rely on the first sub-paragraph of article 4(3) to refuse access in circumstances where it has not adopted a decision on a given matter but still has the intention to do so. According to EU case-law (paras. 76 - 79), in those circumstances, the decision-making process would have not purpose and the intention of an institution to adopt a future decision is not sufficient to find that such a process continues.

The wording of Article 4(3) would seem to exclude its application to inter-institutional decision making, since it refers to a matter where the decision has not been taken by the institution holding the document. However, it could be argued that all inter-institutional decision making also involves, to some degree, decision making within each of the participating EU institutions.

It is also important to mention that the risk to either decision-making process (open or closed) must be ‘serious’.

The exception does not apply where there is an overriding public interest in disclosure.

7.15. What are ’legislative documents’ and what rules apply to such documents?

Recital 6 of Regulation 1049/2001 on public access to documents states that:

“Wider access should be granted to documents in cases where the institutions are acting in their legislative capacity, including under delegated powers, while at the same time preserving the effectiveness of the institutions' decision-making process. Such documents should be made directly accessible to the greatest possible extent.”

Article 12(2) of Regulation 1049/2001 sets out the requirement to make legislative documents directly accessible to the public. It states that:

“In particular, legislative documents, that is to say, documents drawn up or received in the course of procedures for the adoption of acts which are legally binding in or for the Member States, should, subject to Articles 4 and 9, be made directly accessible.”

It is clear that the concept of legislative documents applies to documents that are related to procedures for the adoption of regulations and directives, as well as the adoption of delegated and implementing acts connected to such legislation. For example, according to EU case-law (para. 35), documents drawn up or received by the Commission in the context of its preparation of a proposal for legislation, such as an impact assessment used by the Commission to assess legislative options, fall within this definition.

The fact that a document is a legislative document means that a high degree of transparency applies. However, it does not imply that transparency is an absolute rule. It may still be possible that certain documents may remain confidential for a period of time. Regulation 1049/2001 (recital 6) states that the effectiveness of an institution's decision-making process should be preserved, which implies that there may be cases where disclosure could be understood to undermine a decision-making process. This has been confirmed both in EU case-law (para. 80) and in Ombudsman decisions. That said, the scope for refusing access should be extremely limited.

It can be argued that procedures for the adoption of all acts that are generally applicable in the Member States, such as delegated acts and implementing acts, may fall within the definition of legislative documents (since they are “acts which are legally binding in or for the Member States”). Even if they are not considered to be legislative documents, the Ombudsman has taken the view that they should still benefit from a high degree of transparency, since they give rise to rules with which the public has to comply. According to EU case-law (paras. 110 - 114) the Commission must justify why such documents cannot be released on the basis of an individual assessment of their content. It cannot base its assessment on a general presumption of non-disclosure.

The Ombudsman has consistently taken the view that documents relating to drawing up EU legislation should benefit from a high degree of transparency (for example in cases on access to documents concerning the preparation of Commission legislative proposals, on data protection guidelines issued by the European Data Protection Board, on negotiations in the Council).

7.16. Can a third party that provided a document to an EU institution veto the disclosure of the documents?

A third party that provides a document to an EU institution cannot veto disclosure of the document. However, the institution should consult that third party to obtain its views if it considers that the matter is not clear and that the views of the third party might be useful.

In principle, the third party can put forward any reason justifying why public access should be refused. However, it is often the case that the third party will put forward reasons relating to its own interests, such as the need to protect its commercial interests.

It is for the EU institution to assess whether the reasons put forward by the third party in favour of non-disclosure trigger the application of one of the exceptions set out in Article 4 of Regulation 1049/2001. The same is true if the third party is a non-EU country, see EU case-law (paras. 43-50).

The Ombudsman is of the view that, where an EU institution identifies a need to consult with a third party, it should do so early in play in order to still be able to respect the applicable deadlines for replying to the request for public access (see also question 6.4).

If the EU institution does not agree to a request from a third party not to disclose a document, the third party has a right to bring the issue before the General Court. According to EU case-law (para. 22) , if the Court grants ‘interim measures’, an EU institution must suspend its processing of the request for access pending the outcome of the court proceedings.

7.17. Can a Member State that provided a document to an EU institution veto disclosure of the document?

If a request concerns a document that was provided by a Member State to an EU institution, the EU institution is obliged to consult the Member State before disclosing the document.

In principle, the Member State can put forward any reason justifying why public access should be refused. However, it is often the case that the Member State will put forward reasons relating to its interests, such as the need to protect international relations, the need to protect national investigations or national court proceedings, or the need to protect the commercial interests of companies in that Member State.

The Ombudsman is of the view that, where an EU institution identifies a need to consult with a third party, it should do so early in play in order to still be able to respect the applicable deadlines for replying to the request for public access (see question 6.4).

It is for the EU institution to assess whether the reasons put forward by the Member State in favour of non-disclosure trigger one of the exceptions set out in Article 4 of Regulation 1049/2001. If it does not agree to a request not to disclose a document, the Member State has a right to bring the issue before the General Court. According to EU case-law (para. 22), if the Court grants ‘interim measures’, an institution must suspend its processing of the request for access pending the outcome of the court proceedings.

An EU institution must take into account the request of the Member State when refusing access. If the institution decides to grant access even where the Member State asked it to refuse access, it must explain why it has not abided by the request of the Member State.

According to EU case-law (paras. 36-39), if a Member State requests that a document originating from it not be disclosed, it must base its request on an exception set out in Regulation 1049/2001. Where this is the case, the EU institution is required only to verify that the Member State relies on an Article 4 exception and that at face value this seems well founded.

Member States do not have a generic right to veto the disclosure of documents emanating from them. However, according to EU case-law (para. 154), where secondary EU legislation specifically gives a Member State an express veto on disclosure of a document emanating from it, the Member State is entitled to veto disclosure of the document.

8. Appeals and redress

8.1. What happens if an EU institution refuses to grant access?

If an EU institution refuses to grant access, it must explain why it has denied access. It must do so by referring to the ‘exceptions’ set out in Article 4(1) to 4(3) of Regulation 1049/2001 on public access to documents. (Information concerning these exceptions can be found under section 7).

It must also examine if access to parts of the requested document(s) (‘partial access’) can be granted. Partial access will be granted if there are parts of the documents that are not subject to one of the exceptions invoked in refusing access.

It may be the case that the reasons provided by the EU institution are convincing. However, if a requester disagrees with the arguments put forward by the EU institution, and still wishes to obtain access to the document, they can request the institution to review its decision (by making a ’confirmatory application’). A confirmatory application must be made within 15 working days of receiving the institution's reply (see question 6.4).

Making a ’confirmatory application’ has a number of important consequences.

The first is that the EU institution will re-examine whether access can be given. It must do so within the same period that applies to initial requests, that is within 15 working days, extendable by another 15 working days in exceptional circumstances.

Requesters may only complain to the Ombudsman or bring the issue to court, if they have made a confirmatory application and the EU institution has maintained its decision to refuse access to the document(s) or parts thereof. According to Regulation 1049/2001, failure to deal with the confirmatory application within the prescribed time period “shall be considered to be a negative reply”.

Requesters are not required to give reasons for making a confirmatory application. They can simply ask the EU institution to re-examine whether access can be given. However, in circumstances where the requester believes that there is an overriding public interest in transparency, they must explain this in the confirmatory application and set out why the reasons provided by the institution in its original reply are not convincing.

In addition, if the reasons given for refusing access include that the documents contain personal data, requesters must provide express and legitimate reasons why there is a need, in a specific public interest, to have public access to that personal data.

This will require the EU institution to take account of these arguments when dealing with the confirmatory application.

8.2. What happens if the initial decision is upheld following a request for review (‘confirmatory application’)?

If an EU institution refuses to change its decision following a request for review (‘confirmatory application’), the requester should first consider whether the reasons given for refusing access are reasonable. (Information on the exceptions under which access may be refused can be found in section 7)

EU Courts have consistently found that, when an EU institution examines whether access can be given, it has a certain ‘margin of appreciation’. That is, the institution has room for manoeuvre in determining whether access may be granted. It is also only required to show that it is “reasonably foreseeable” that public access would harm one of the interests set out in its ‘confirmatory decision’. While an EU institution may give various reasons for invoking an exception and refusing access, it is only necessary that one reason is valid.

If a requester considers that no convincing explanations have been given for the exceptions invoked, they may consider making a complaint to the European Ombudsman or bringing the issue to Court. Legal challenges must be brought within two months and require a lawyer. Complaints to the Ombudsman can be brought within two years, do not require a lawyer and are free to make.

8.3. What happens if an EU does not respond at all to a request?

If an EU institution does not respond within the time periods for replying (15 working days, plus 15 more working days in exceptional circumstances), requesters may make a ’confirmatory application’. (See question 8.1)

If the EU institution does not respond to a confirmatory application within the applicable timeframe (15 working days, plus 15 more working days in exceptional circumstances), this is deemed to be an implicit rejection of the request and requesters may complain to the Ombudsman or bring the issue to Court.

It is often the case that the EU institution will contact a requester to state that it is unable to meet the deadlines. If they do, they should state the reasons for this and when they intend to reply. Requesters may then decide to wait for the reply, to complain to the Ombudsman or to go to Court.

The Ombudsman has found that significant systemic delays and failure to comply with the time-periods provided for in Regulation 1049/2001 amount to maladministration.

8.4. What happens if a requester submits a complaint to the Ombudsman?

The Ombudsman’s Office deals with complaints concerning public access to documents as swiftly as possible. The Ombudsman’s Office registers the complaint and sends an acknowledgement of receipt. The complaint is then examined to see whether an inquiry can be opened. This is dependent on several factors, including whether the complaint is admissible (for example, are there related ongoing court proceedings, has the complaint been submitted within a period of two years) or whether there are grounds to open an inquiry.

Where an inquiry is opened, the Ombudsman may take a number of inquiry steps, including the inspecting the documents at issue, requesting a formal reply from the relevant EU institution and, in certain cases, meeting with representatives of the EU institution.

The Ombudsman aims to have the ‘assessment’ done as swiftly as possible but this also depends on whether the EU institution engages with the Ombudsman’s inquiry in a timely manner, for example in providing the requested documents and/or in replying to questions set out by the Ombudsman.

During the inquiry, the Ombudsman may propose a solution or adopt a preliminary view that the EU institution grant partial or wider access to the requested documents requested or parts of them. If the Ombudsman finds that the EU institution should not have refused access, the Ombudsman may make a formal finding of maladministration and recommend (where appropriate) that the institution grant wider access to the documents in question. The Ombudsman might also conclude that the EU institution’s decision to refuse access was justified in order to protect one or more of the several exceptions provided for under Regulation 1049/2001 and close the case with a finding of no maladministration.

The Ombudsman has put in place a ‘Fast-Track procedure’ for handling complaints about public access to documents.

9. Special rules for environmental information/documents

9.1. What are the rules that apply to access to environmental information?

Access to information and documents, public participation in decision-making and access to justice in environmental matters are governed at international level by the Aarhus Convention (1998).

The Convention binds the EU institutions, bodies, organisations and agencies. It has been incorporated into EU law by means of the Aarhus Regulation (Regulation 1367/2006). However, access to documents containing environmental information is granted based on the rules set out in Regulation 1049/2001 or the equivalent applicable rules, read in combination with the Aarhus Convention and the Aarhus Regulation.

One rule in the Aarhus Regulation is that environmental information should be accessible directly and should be organised in such a way as to make it easy to access directly. Examples of information directly accessible by members of the public are legislation, policy-related documents, plans and programmes relating to the environment, progress reports on the implementation of those items and, more generally, reports on the state of the environment that are available through databases, such as EUR-Lex.

‘Environmental information’ covers any available information, in any form or format, on the environment itself, its elements (air, water, soil, land, landscape and natural sites, marine areas, etc.) and its various components. It also covers information concerning factors affecting or likely to affect the environment, such as substances, energy, noise, radiation or waste, including radioactive waste, emissions, discharges and other releases. Environmental information also includes measures affecting or likely to affect the environment as well as measures or activities designed to protect it, such as policies, legislation, plans, programmes and activities. Cost-benefit and other economic analyses used to prepare those measures and activities are also covered. Information on the state of human health and safety, conditions of human life, cultural sites and built structures, when influencing or influenced by the environment, and reports on the implementation of environmental legislation also constitute environmental information.

However, the fact that information constitutes environmental information does not mean that it must always be disclosed. Any of the exceptions set out in Regulation 1049/2001 can still apply. The grounds for refusal must be interpreted in a restrictive way, taking into account the public interest served by disclosure.

Where the information requested relates to ‘emissions into the environment’, the application of exceptions is further limited. According to Article 6(1) of the Aarhus Regulation, where the information requested relates to emissions into the environment, the public interest in disclosure is deemed to override the interests in exceptions set out in the first and third sub-paragraphs of Article 4(2) of Regulation 1049/2001 (the protection of commercially confidential information and the protection of the purpose of audits and inspections).

However, the public interest is not deemed to override the need to protect an investigation, in particular those concerning possible infringements of EU law (also covered under Article 4(2) third sub-paragraph). For example, if the Commission is undertaking infringement proceedings concerning an alleged infringement of EU environmental rules, public access to the infringement file can be refused while the investigation is ongoing, even if the file contains environmental information, including information on emissions into the environment.

In addition to the exceptions provided for in Article 4 of Regulation 1049/2001, Article 6(2) of the Aarhus Regulation states that, access to environmental information may be refused where disclosure of such information would adversely affect the protection of the environment to which the information relates, such as disclosing the breeding sites of rare species, for example.

10. Publication of disclosed documents

10.1. How do the rules on public access to documents interact with the rules on publishing documents?

The fact that an EU institution must disclose a document to a requester does not mean that the EU institution has a duty to publish the document proactively.

That said, according to the EU Treaty, Regulation 1049/2001 and EU case-law, EU institutions have a duty to make documents directly available to the greatest extent possible, for example by publishing them on their websites and/or through their public registers of documents.

This applies in particular as regards ‘legislative documents’ (see question 7.15), which covers all documents related to a procedure for the adoption of generally applicable acts.

As regards other documents, the Ombudsman considers that the institutions should, when deciding which documents to publish, assess which documents are of most interest and use to the public.

Legislative acts must be made available to the public in every official EU language, in accordance with Regulation 1/58. The Publications Office has launched an EU Law tracker which acts as a single portal providing access to legislative documents of the European Parliament, the Council of the EU and the European Commission.

10.2. Can a requester that has received a document following a request for access publish that document?

The fact that a requester obtains a copy of a document from an institution does not imply that the requester, or anyone else, has a right to republish or otherwise reuse the document.

If the document is covered by copyright or other intellectual property rights, certain restrictions on its reuse can be imposed by the institution.

If copyright does not impede the reuse of a document, it is still reasonable for an institution to ask complainants to indicate the origin of the documents if they republish it, and to desist from altering the document.

11. The right of access to your ‘file’

11.1. What is the difference between the right of public access to documents and the right of access to the file?

The right of public access to documents applies to all EU citizens and persons residing in a Member State, and all legal entities (for example companies) residing in a Member State.

The right of access to a file applies whenever an EU institution intends to take a decision that may adversely affect specific persons or companies. Those persons and companies have a right to see all the evidence that is relevant to that decision. This right must be respected by giving the persons concerned access to the file before the decision that may adversely affect them is taken, thereby ensuring that they can make whatever comments they consider relevant. Those comments must then be taken into consideration by the EU institution when it adopts a decision that may adversely affect that person or company.

The right of access to a file can be broader than the right of public access to documents. For example, a party under investigation by the Commission has a right of access to the evidence that will be used against it. However, public access to such documents is unlikely to be granted to a third party requester while the investigation, or a follow up, is ongoing.