- EN English
Proposal for a solution on how the European Union Agency for Law Enforcement Cooperation (Europol) dealt with a request for public access to meeting minutes of its Management Board (case 1948/2024/PVV)
Solution - Date Wednesday | 23 April 2025
Case 1948/2024/PVV - Opened on Thursday | 31 October 2024 - Decision on Tuesday | 02 December 2025 - Institution concerned European Union Agency for Law Enforcement Cooperation ( No further inquiries justified ) - Country Czechia
Complaint submitted
23/10/2024Analysis of the complaint
24/10/2024Inquiry ongoing
31/10/2024Preliminary outcome
23/04/2025Inquiry outcome
02/12/2025
Made in accordance with Article 2(10) of the Statute of the European Ombudsman[1]
Background to the complaint
1. The main governance body of the European Union Agency for Law Enforcement Cooperation (Europol) is its Management Board.[2] The Management Board is composed of one representative of each Member State and one representative of the European Commission. The Board comes together about four times a year and it provides Europol with strategic guidance while overseeing its activities. In accordance with the Europol Regulation[3], summaries of the outcome of the meetings of the Management Board are published on Europol’s website[4]. For day-to-day governance, an Executive Director heads Europol with the assistance of three Deputy Directors (the Europol Directorate).
2. Against this background, the complainant submitted a request for public access to the complete minutes of Europol Management Board meetings and of Europol Executive Board meetings held between 1 September 2023 and the date of the access request, 9 April 2024.
3. In its initial reply of May 2024, Europol identified the meeting minutes of Europol’s Management Board meetings of 10-11 October 2023 and 12-13 December 2023 as falling within the scope of the access request. Europol refused access to the two documents at issue in their entirety. In doing so, it invoked four exceptions under the EU legislation on public access to documents (Regulation 1049/2001[5]). More specifically, Europol argued that disclosing the documents could undermine the protection of the public interest as regards public security[6], the privacy and integrity of the individual[7], the purpose of inspections, investigations and audits[8], and Europol’s ongoing and closed decision-making processes[9]. Europol did not identify an overriding public interest in disclosure.
4. The complainant asked Europol to review its position on the access request (by making a ‘confirmatory application’), challenging Europol’s application of the exceptions to public access and its refusal to provide partial access.
5. Following its confirmatory decision of July 2024, Europol provided the complainant with partial access to the two documents at issue. To justify the remaining redactions, Europol relied on the exceptions invoked at initial stage and it added two further exceptions to public access, arguing that some of the redacted information could undermine the protection of the public interest as regards international relations[10] and legal advice[11]. Europol reiterated that it did not identify an overriding public interest in disclosure.
6. Dissatisfied with this outcome, the complainant turned to the Ombudsman in October 2024.
The inquiry
7. The Ombudsman opened an inquiry into Europol’s decision to give only partial access to the requested documents under Regulation 1049/2001.
8. The Ombudsman inquiry team inspected the two documents at issue and asked Europol to clarify why it did not identify any further meeting minutes (from the Executive Board or from the Management Board meetings of 26 January 2024 and 19-20 March 2024). Europol replied that it identified the two documents at issue in its initial reply to the access request and that these documents were reassessed at confirmatory stage.
Arguments presented
9. In his complaint to the Ombudsman, the complainant took issue with Europol’s application of the exceptions to public access and contended that Europol did not sufficiently substantiate the risks of disclosure for the protected interests. He also considered that Europol did not adequately address the arguments that he had put forward in the confirmatory application.
10. In his confirmatory application, the complainant had argued that Europol “failed to provide a differentiated, context-specific document-by-document justification for non-disclosure”. More specifically, as regards Europol’s application of the exception for the protection of the public interest as regards public security, the complainant contended that the use of this exception cannot be justified by referring to “the mere fact that the documents relate to or concern matters of public security”. According to the complainant, Europol failed to put forward tangible evidence for the harm to public security that would likely occur if access would be given. In a similar vein, the complainant argued that Europol did not provide such tangible evidence in relation to the harm to its decision-making processes.
11. The complainant also considered that an overriding public interest in disclosure exists. Given that the discussions of the Management Board concern key strategic decisions of Europol, transparency would be essential for the agency’s democratic accountability. More specifically, they mentioned that “during the period covered by the request, the Agency has been embroiled in various contentious matters – e.g. pertaining to data protection, the Big Data challenge, and scrutiny from the EDPS [European Data Protection Supervisor]”.
12. In its confirmatory decision, Europol argued that it refused disclosure of parts of the documents (containing “sensitive law enforcement information, details on arrangements of operational relevance, and operational activities of the Member States and third partners as well as sensitive information and Europol's operational methods/tools and organisational arrangements”) to protect the public interest as regards public security and international relations. According to Europol, disclosing these parts of the documents might jeopardise present and future operational activities of law enforcement authorities as well as the trust and mutual cooperation between Europol and its partners.
13. Other parts of the documents, concerning “EDPS-related matters including implementing rules of the Management Board that are subject to further discussions”, were redacted by Europol to protect its ability to receive frank, objective and comprehensive legal advice. For the parts of the documents that “concern sensitive details on the main findings of the Audit of Europol’s budget processes, Audit of Europol’s Environmental performance and the effectiveness of its Environmental Management System and Audit of Europol’s Document Forensics and the planning of upcoming audits”, Europol invoked the exception for the protection of the purpose of inspections, investigations and audits.
14. Finally, Europol considered that further parts of the documents had to be redacted to protect its ongoing and closed decision-making processes. More specifically, Europol’s decision-making processes would be seriously undermined by disclosure of information (i) on internal organisational aspects revealing opinions for internal use as part of deliberations and preliminary consultations within Europol, (ii) related to decisions of the Management Board that have not yet been taken, (iii) regarding external relations and partnership matters as well as planned future cooperative relations, (iv) related to law enforcement activities considered to be implemented, and (v) regarding strategic and corporate matters.
15. Europol did not identify an overriding public interest in disclosure of the parts covered by the exceptions for the protection of legal advice, the purpose of inspections, investigations and audits, and decision-making.
The Ombudsman's assessment
16. While Europol’s mandate involves handling highly sensitive information concerning criminal investigations, intelligence reports, and public security assessments, Europol remains bound by Regulation 1049/2001. Europol can thus only refuse access where the disclosure of the requested documents could specifically and actually undermine one or several of the interests protected by Regulation 1049/2001. As the complainant pointed out in his confirmatory application, it is not sufficient that the requested documents concern a protected interest.[12]
17. Based on the inspection and the additional views that Europol provided, the Ombudsman considers that Europol should have granted wider access, for the reasons set out below.
Public security and international relations - Article 4(1)(a) Regulation 1049/2001
18. First, as regards Europol’s application of the exceptions for the protection of the public interest as regards public security and international relations, EU institutions enjoy a wide margin of discretion when determining whether disclosing a document would undermine the public interest[13]. That said, Europol is still required to demonstrate a ‘specific and actual risk’ that is reasonably foreseeable and not purely hypothetical[14].
19. Broadly speaking, Europol considered that the information redacted on the basis of these exceptions concerns ‘operational information’,[15] and that its disclosure would hinder the fight against organised crime and terrorism, and jeopardise the trust and mutual cooperation between Europol and its partners.
20. Following the inspection of the documents at issue, it is not readily clear how this would be the case for some of this information. Indeed, while several topics for discussion are mentioned that could concern public security or international relations, the reflection of these discussions in the meeting minutes is not detailed or specific throughout. Rather, some of the redacted information[16] appears to be generic. Therefore, and in light of the complainant’s arguments, the Ombudsman considers that Europol should provide further clarifications on how disclosure of the redacted information would pose a ‘specific and actual’ risk to public security and international relations. Where no such risk can be identified, wider access should be given.
Exceptions under Article 4(2) and (3) of Regulation 1049/2001
21. Second, as for Europol’s reliance on the exceptions for the protection of legal advice, the purpose of inspections, investigations and audits, and its ongoing and closed decision-making process, the Ombudsman is not convinced that Europol could reasonably refuse access for the following reasons:
Legal advice - Article 4(2), second indent of Regulation 1049/2001
22. To refuse access to parts of a document to protect legal advice, an institution must determine that the document, or parts thereof, relate to legal advice. Then, it must be examined whether disclosure would undermine Europol’s interest in seeking and receiving frank, objective and comprehensive legal advice.[17]
23. According to Europol, the parts of the documents that are redacted based on this exception concern sensitive matters related to the activities of the EDPS. The inspection of the documents has shown that these parts indeed reflect discussions and updates on the state-of-play of the EDPS’s supervision of Europol. However, they do not appear to contain legal advice on these matters. It is thus unclear why Europol relied on this exception.
The purpose of audits - Article 4(2), third indent of Regulation 1049/2001
24. The inspection of the documents has confirmed that the information redacted on the basis of the exception for the protection of the purpose of audits concerns information related to audits of Europol. However, contrary to what Europol argued, it is not readily clear that these parts of the documents contain “sensitive details”. In any event, the Ombudsman is not convinced that disclosure of this information would undermine the purpose of these audits. Finally, in case (some of) the audits mentioned have been concluded, Europol should take this into account when replying to this solution proposal.
Decision-making - Article 4(3) of Regulation 1049/2001
25. To refuse public access based on the exception for the protection of its decision-making, Europol has to show that disclosure would seriously undermine its decision-making process. More specifically, Europol must show, with tangible evidence, that access is likely to bring serious harm to the decision-making process in a reasonably foreseeable and non-hypothetical way.[18] As the Court of Justice of the EU has held recently, an institution’s intention to take a decision on a matter within its competence does not suffice to rely on this exception “so long as the specific object of a decision to be taken in the future has not yet been defined”.[19]
26. It appears that Europol has applied the decision-making exception to three different categories of information: (i) information meant for internal use[20], (ii) information related to international relations and law enforcement responses[21] and (iii) information on the views of Member State representatives.
27. While information pertaining to the second category may come within the scope of the exceptions for the protection of the public interest as regards public security and international relations, Europol has not sufficiently substantiated how disclosure of any of the three categories of information would undermine its decision-making. For the third category specifically, it should be noted that Europol can, in case of doubt, consult[22] the relevant Member States (or their representatives) on the possible disclosure of their views.
28. Overall, the Ombudsman considers that Europol has applied this exception too broadly.
Overriding public interest in disclosure
29. The public interests protected under Article 4(1)(a) of Regulation 1049/2001 cannot be set aside by another public interest that is deemed more important. If Europol insists on redacting parts of the documents based on the exceptions under Article 4(2) and (3) of Regulation 1049/2001, it is necessary to assess the possible existence of an overriding public interest in disclosure. In this regard, Europol should take into account that the published summaries of the outcome of the meetings of the Management Board[23] are rather limited in content. To satisfy the public interest, it is therefore all the more important that Europol grants the widest possible access to the detailed minutes, if requested.
30. In light of the above, the Ombudsman proposes that Europol reconsider its position on the public access request, with a view to granting wider access to the requested documents, taking into account my above observations. If Europol maintains redactions, it should provide further reasoning for them.
Identification of the documents at issue
31. Finally, it appears that further Management Board meetings took place on 26 January 2024 (summary published on 23 February 2024) and 19-20 March 2024 (summary published on 10 April 2024). Given that the access request covers the period between 1 September 2023 and 9 April 2024, the Ombudsman would be grateful if Europol could clarify whether the detailed minutes of these meetings would also fall within the scope of the access request.
The proposal for a solution
The Ombudsman proposes that Europol reconsider its position on the public access request, with a view to granting wider access to the requested documents, taking into account the above observations. If Europol maintains redactions, it should provide further reasoning for them.
In addition, Europol should clarify whether the detailed minutes of the meetings of 26 January 2024 and 19-20 March 2024 would also fall within the scope of the access request.
Europol is invited to inform the Ombudsman by 23 July 2025 of any action it has taken in relation to the above solution proposal.
Teresa Anjinho
European Ombudsman
Strasbourg, 23/04/2025
[1] Available at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv%3AOJ.L_.2021.253.01.0001.01.ENG&toc=OJ%3AL%3A2021%3A253%3ATOC
[2] For more information, see: https://www.europol.europa.eu/about-europol/governance-accountability.
[3] Article 65(4) of Regulation 2016/794 of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02016R0794-20220628.
[4] See: https://www.europol.europa.eu/publications-events/publications/europol-management-board-meetings-summaries.
[5] Regulation 1049/2001 regarding public access to European Parliament, Council and Commission documents: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32001R1049, applicable to Europol in accordance with Article 65(1) of Regulation 2016/794 on the European Union Agency for Law Enforcement Cooperation (Europol): https://eur-lex.europa.eu/eli/reg/2016/794/oj/eng. The detailed rules for applying Regulation 1049/2001 are set out in Europol’s Management Board Decision of 13 December 2016, available at: https://www.europol.europa.eu/sites/default/files/documents/decision_of_the_mb_rules_applying_reg_1049_2001.pdf.
[6] Article 4(1)(a), first indent of Regulation 1049/2001.
[7] Article 4(1)(b) of Regulation 1049/2001. The complainant does not contest the application of this exception. Therefore, its application does not fall within the scope of this inquiry.
[8] Article 4(2), third indent of Regulation 1049/2001.
[9] Article 4(3) of Regulation 1049/2001.
[10] Article 4(1)(a), third indent of Regulation 1049/2001.
[11] Article 4(2), second indent of Regulation 1049/2001.
[12] Judgment of 27 November 2019, Izuzquiza and Semsrott v Frontex, T-31/18, paragraphs 61-62: https://curia.europa.eu/juris/liste.jsf?num=T-31/18.
[13] Judgment of 1 February 2007, Sison v Council, C‑266/05 P, paragraph 64: https://curia.europa.eu/juris/liste.jsf?language=en&num=C-266/05.
[14] Izuzquiza and Semsrott vs Frontex, paragraphs 65-66.
[15] More specifically, as mentioned in Europol’s confirmatory decision: “sensitive law enforcement information, details on arrangements of operational relevance, and operational activities of the Member States and third partners as well as sensitive information and Europol's operational methods/tools and organisational arrangements”.
[16] For example, p. 7-8 under heading d, p. 14-15 under heading 13 and p. 19-20 under heading d for minutes of the meeting of 10-11 October 2023; p. 7-8 under heading d and p. 9 under headings 10 and 11 for minutes of the meeting of 12-13 December 2023. The use of examples is not exhaustive and it is for Europol to take account of the Ombudsman’s assessment as regards all of the redacted information.
[17] Judgment of 1 July 2008, Sweden & Turco v Council, C-39/05 P and C-52/05 P, paragraphs 37-45: https://curia.europa.eu/juris/liste.jsf?num=C-39/05&language=en.
[18] Judgment of 7 June 2011, Toland v Parliament, T-471/08, paragraphs 71 and 78: https://curia.europa.eu/juris/liste.jsf?language=en&num=T-471/08.
[19] Judgment of 16 January 2025, Commission v Pollinis France, C-726/22 P, paragraphs 74 and 78: https://curia.europa.eu/juris/liste.jsf?language=en&td=ALL&num=C-726/22%20P.
[20] More specifically, as mentioned in Europol’s confirmatory decision: “information on internal organisational aspects [that] would reveal opinions for internal use as part of deliberations and preliminary consultations within Europol”, “information shared for internal use and relate[d] to decisions of the MB which ha[ve] not yet been taken” and “details of strategic and corporate matters where the release of such sensitive information, on Europol’s capabilities/tools and positions related to the topics to the public could have a negative impact on the internal work processes at Europol”.
[21] More specifically, as mentioned in Europol’s confirmatory decision: “sensitive information [that] would reveal details as regards external relations and partnership matters as well as planned future cooperative relations” and “information [that] outlines activities considered to be implemented to enhance law enforcement responses in preventing and investigating terrorism and serious and organised crime”.
[22] In accordance with Article 4(4) and (5) of Regulation 1049/2001.
[23] In accordance with Article 65(4) of Regulation 2016/794.