Text consolidated by Valsts valodas centrs (State Language Centre) with amending regulations of: 25 June 2013 [shall come
into force from 28 June 2013]; If a whole or part of a paragraph has been amended, the date of the amending regulation appears in square brackets at the end of the paragraph. If a whole paragraph or sub-paragraph has been deleted, the date of the deletion appears in square brackets beside the deleted paragraph or sub-paragraph. |
Republic of Latvia Cabinet |
Issued pursuant to
Section 22.2, Paragraph six
of the National Security Law
1. This Regulation prescribes the procedures for the identification of critical infrastructure, including European critical infrastructure, and planning and implementation of security measures.
2. This Regulation shall not apply to a critical infrastructure, the operation of which is prescribed by the 1961 Vienna Convention on Diplomatic Relations and the 1963 Vienna Convention on Consular Relations.
3. The Commission of Intermediary Institutions for State Security (hereinafter - the Commission) is an advisory collegial institution, which evaluates and improves the critical infrastructure, including European critical infrastructure, the aggregate of systems and security measures. The Commission shall operate in accordance with this Regulation.
[25 June 2013]
4. The Commission shall have the following tasks:
4.1. to evaluate proposals of the responsible sectoral ministries or members of the Commission regarding determination of critical infrastructure;
4.2. after evaluation of proposals of the responsible sectoral ministries or members of the Commission, to draft legislative proposals for submission to the Cabinet regarding the aggregate of critical infrastructure and the allocation of competences of the State intelligence and security services in the provision of the planning and implementation of security measures as regards critical infrastructure, including European critical infrastructure;
4.3. not less than once a year to prepare an informative report for submission to the Cabinet regarding the security situation of the critical infrastructure;
4.4. to prepare legislative proposals for submission to the Cabinet regarding critical infrastructure and European critical infrastructure;
4.5. after evaluation of proposals from the responsible sectoral ministries or members of the Commission, to prepare proposals to the Ministry of the Interior:
4.5.1. regarding the determination of an individual critical infrastructure as the European critical infrastructure;
4.5.2. regarding the necessity to inform the European Commission and European Union Member States, which may be significantly affected by any potential European critical infrastructure, regarding such European critical infrastructure and reasons, why it was determined as the potential European critical infrastructure;
4.5.3. regarding the necessity to ensure bilateral or multilateral negotiations with the other European Member States, which may be significantly affected by the potential European critical infrastructure;
4.6. to prepare once a year information for the European Commission regarding the number of designated European critical infrastructures per sector and the number of Member States dependent on each designated European critical infrastructure, and to submit it to the Cabinet for approval;
4.7. on the basis of the report by the Security Police, the Constitution Protection Bureau and the Defence Intelligence and Security Service, to prepare once every two years information for the European Commission regarding the types of risks, threats and vulnerabilities in each European critical infrastructure sector and to submit it to the Cabinet for approval;
4.8. to evaluate the proposals prepared by the responsible sectoral ministry regarding the determination of the precise threshold value for each potential European critical infrastructure, to which cross-sector criteria shall be applied.
5. The Commission has the following rights:
5.1. to request and receive free of charge from State and local government institutions, as well as private individuals the information necessary for the work of the Commission regarding critical infrastructure, including European critical infrastructure;
5.2. to invite officials of other institutions and specialists, as well as owners or lawful possessors of critical infrastructure, including European critical infrastructure, to meetings of the Commission;
5.3. in accordance with the competence, to perform the necessary communications with the European Commission and European Union Member States.
6. The composition of the Commission shall include authorised officials from the following institutions:
6.1. the Ministry of Defence;
6.2. the Ministry of Foreign Affairs;
6.3. the Ministry of Economics;
6.4. the Ministry of Finance;
6.5. the Ministry of the Interior;
6.6. the Ministry of Transport;
6.7. the Ministry of Justice;
6.8. the Ministry of Health
6.9. the Ministry of Environmental Protection and Regional Development
6.10. [25 June 2013];
6.11. the Security Police
6.12. the Bank of Latvia;
6.13. Defence Intelligence and Security Service;
6.14. the National Armed Forces;
6.15. Constitution Protection Bureau;
6.16. State Fire-fighting and Rescue Service;
6.17. The State Police;
6.18. the Information Technologies Security Incidents Response Institution.
[25 June 2013]
6.1 The composition of the Commission shall be approved by the Minister for the Interior.
[25 June 2013]
7. Members of the Commission shall require at least a second category security clearance for access to official secrets.
8. The Chairperson of the Commission shall be an official representative appointed by the Ministry of the Interior.
9. The Vice-chairperson of the Commission shall be an official representative appointed by the Security Police.
10. The Chairperson of the Commission shall:
10.1. plan the work of the Commission and preside over the meetings of the Commission;
10.2. approve the agenda for meetings of the Commission;
10.3. convene meetings of the Commission;
10.4. sign the decisions of the Commission, minutes of meetings and other documents of the Commission;
10.5. provide information in accordance with the competence of the Commission.
11. During the absence of the Chairperson of the Commission, his or her duties shall be fulfilled by the Vice-chairperson of the Commission.
12. An extraordinary Commission meeting may be convened upon the proposal of the Chairperson of the Commission or at least five members of the Commission.
13. The Secretary of the Commission shall be an official authorised by the Ministry of the Interior. The Secretary of the Commission shall perform the following functions:
13.1. take minutes at meetings of the Commission;
13.2. prepare documentation for review at the meetings of the Commission;
13.3. prepare documents of the Commission for signing.
14. Meetings of the Commission shall take place not less than four times per year.
15. The Commission shall have a quorum if more than half of the members of the Commission are present at its meeting. The Commission shall take a decision by a majority vote. In the event of a tied vote, the vote of the Chairperson of the Commission shall prevail.
16. Minutes of the meetings of the Commission shall record items on the agenda, decisions of the Commission; persons present at the meeting, as well as the individual opinions of members of the Commission regarding the relevant matter shall be indicated. The minutes shall be signed by the Chairperson of the Commission and the Secretary of the Commission. Copies of the minutes shall be sent to all members of the Commission.
17. The work of the Commission shall be organisationally and materially ensured by the Ministry of the Interior in accordance with the resources allocated thereto from the State budget.
18. The responsible sectoral ministries, the Security Police, the Constitution Protection Bureau and the Defence Intelligence and Security Service shall:
18.1. identify the possible critical infrastructure and submit proposals to the Commission regarding inclusion thereof in the aggregate of critical infrastructure;
18.2. identify the possible European critical infrastructure and submit proposals to the Commission regarding the determination thereof as a European critical infrastructure.
19. A critical infrastructure may be recognised as a European critical infrastructure, if disruption to the activity of the relevant critical infrastructure or destruction thereof would significantly affect at least two Member States of the European Union and an agreement has been reached with the relevant Member States of the European Union. The significance of such effects shall be evaluated in terms of cross-cutting criteria, including the consequences resulting from the dependence of several sectors on other types of critical infrastructure.
20. The cross-cutting criteria referred to in Paragraph 19 of this Regulation are:
20.1. casualties criterion (assessed in terms of the potential number of fatalities or injuries);
20.2. economic effects criterion (assessed in terms of the significance of economic loss or degradation of products or services, including the loss of essential services, alternatives for the provision of services and disruption of services and length of restoration thereof);
20.3. public effects criterion (assessed in terms of the impact on public confidence, physical suffering and disruption of daily life, including the loss of essential services, alternatives for the provision of services and disruption of services and length of restoration thereof).
21. The cross-cutting criteria thresholds shall be based on the severity of the impact of the disruption or destruction of a particular critical infrastructure.
22. The responsible ministry shall prepare and submit to the Commission proposals regarding the determination of precise threshold values for each critical infrastructure, to which cross-cutting criteria are applicable.
23. The Ministry of the Interior, on the basis of the proposals of the Commission, shall:
23.1. inform the European Commission and European Union Member States, which may be significantly affected by the potential European critical infrastructure, regarding such European critical infrastructure and reasons, why it was determined as the potential European critical infrastructure;
23.2. co-ordinate bilateral or multilateral negotiations with other European Union Member States, which may be significantly affected by the potential European critical infrastructure.
24. The Security Police, the Constitution Protection Bureau or the Defence Intelligence and Security Service, in accordance with the competence specified in the aggregate of critical infrastructure, shall inform the owner or lawful possessor of a critical infrastructure:
24.1. regarding the inclusion of the critical infrastructure in the aggregate of critical infrastructure;
24.2. regarding determination of the critical infrastructure as the European critical infrastructure.
25. The owner or lawful possessor of a critical infrastructure or a European critical infrastructure shall appoint a person responsible for the security of the infrastructure and determine the tasks thereof.
[6 June 2017]
26. A person responsible for the security of a critical infrastructure or a European critical infrastructure may be a person:
26.1. who is a citizen of Latvia;
26.2. who has not been punished for an intentional criminal offence;
26.3. who has not been convicted for an intentional criminal offence, releasing from a punishment;
26.4. who has not been held criminally liable of committing an intentional criminal offence, except the case when a person has been held criminally liable but the criminal proceedings have been terminated on the grounds of exoneration;
26.5. who has not been put under guardianship;
26.6. who is not or has not been a staff employee or non-staff employee of the security service of the U.S.S.R., Latvian S.S.R. or a foreign state, or an agent, resident or safe-house keeper thereof;
26.7. who is not or has not been a participant (member) of an organisation prohibited by the laws of the Republic of Latvia, decisions of the Supreme Council or court adjudications after prohibition of such organisations;
26.8. who has received the opinion of a narcologist and a psychiatrist that he or she has not been diagnosed as having mental disorders or addiction to alcohol, narcotic, psychotropic or toxic substances;
26.9. who in accordance with the information at the disposal of the Security Police, the Constitution Protection Bureau, the Defence Intelligence and Security Service or the State Police, does not belong to groups of organised crime, unlawful militarised or armed formations, as well as to non-governmental organisations or associations of non-governmental organisations that have commenced activities (legal) prior to the registration thereof or continue to operate after suspension or termination of the activities thereof by a court adjudication;
26.10. who has work experience of at least two years in the planning or implementation of the physical security measures. This condition shall not apply to a person responsible for the security of a critical infrastructure or a European critical infrastructure who has been vetted by the State intelligence and security services in accordance with their competence.
[25 June 2013; 6 June 2017]
27. The Security Police, the Constitution Protection Bureau, or the Defence Intelligence and Security Service may vet employees of critical infrastructure or European critical infrastructure, as well as owner, members of the board and employees of a merchant, if the merchant provides services in the critical infrastructure, who have access to information important to the functioning of the critical infrastructure or European critical infrastructure or technological devices thereof, or who provide services important to the functioning of the critical infrastructure or European critical infrastructure, and evaluate information in relation to a person's criminal record for intentional criminal offences and facts that give grounds to doubt his or her ability to retain restricted access or classified information. On the basis of the results of screening, the relevant State intelligence and security service shall provide recommendations regarding implementation of the security measures to the owner or lawful possessor of the critical infrastructure or European critical infrastructure.
[6 June 2017]
28. The Security Police, the Constitution Protection Bureau, or the Defence Intelligence and Security Service shall, in accordance with the competence of the referred to State intelligence and security services, vet and approve the nomination of the person responsible for the security of a critical infrastructure or a European critical infrastructure.
[6 June 2017]
28.1 If according to the information at the disposal of the Security Police, the Constitution Protection Bureau, or the Defence Intelligence and Security Service the person does not comply with the requirements laid down in Section 26 of this Regulation, the Security Police, the Constitution Protection Bureau, or the Defence Intelligence and Security Service shall recommend that the owner or lawful possessor of the critical infrastructure or European critical infrastructure restricts access of the said person to the information important to the functioning of the critical infrastructure or European critical infrastructure or technological devices thereof.
[6 June 2017]
29. The person responsible for the security of a critical infrastructure or a European critical infrastructure shall:
29.1. plan security measures for the critical infrastructure or the European critical infrastructure;
29.2. evaluate and determine a list of the information, technological devices, or services important to the functioning of the critical infrastructure or European critical infrastructure which shall be submitted to the Security Police, the Constitution Protection Bureau, or the Defence Intelligence and Security Service in accordance with the competence of the said State intelligence and security services;
29.3. organise theoretical and practical training in physical security for the employees involved in the provision of physical security measures for the critical infrastructure at least once a year in accordance with the procedures and to the extent determined by the owner or lawful possessor of the critical infrastructure or European critical infrastructure;
29.4. inform the Security Police, the Constitution Protection Bureau, or the Defence Intelligence and Security Service in accordance with the competence of the referred to State intelligence and security services not later than one month prior to the day of the training referred to in Sub-paragraph 29.3 of this Regulation.
[6 June 2017]
30. The information referred to in the Annex 1 to this Regulation shall be included in the documents regulating the security measures for critical infrastructure or European critical infrastructure.
[6 June 2017]
31. The documents regulating the security measures of critical infrastructure or European critical infrastructure shall be co-ordinated with the Security Police, the Constitution Protection Bureau or the Defence Intelligence and Security Service according to the competence of the referred to State intelligence and security services.
32. The Security Police, the Constitution Protection Bureau, or the Defence Intelligence and Security Service shall, in accordance with their competence, control the fulfilment of the requirements specified in the documents regulating the security measures of critical infrastructure or European critical infrastructure and provide recommendations for the elimination of deficiencies detected during inspections, as well as provide recommendations for a topic of the training referred to in Sub-paragraph 29.3 of this Regulation.
[6 June 2017]
33. The Security Police shall provide recommendations for enhancing the security measures of critical infrastructure or European critical infrastructure according to the specified levels of terrorism threats.
34. Security or defence plans for civil aviation objects, ionising radiation objects, objects of ports and port facilities, information and communication technologies, if they have been determined as the critical infrastructure or European critical infrastructure, shall be developed and co-ordinated according to the procedures specified in the laws and regulations governing the relevant sector.
35. The implementer of the provision of the physical security measures of Category A critical infrastructure shall be determined by an individual Cabinet order.
36. The implementation of the physical security measures of Category B and C critical infrastructure shall be ensured by the owner or lawful possessor of the critical infrastructure.
37. The Cabinet may specify that units of the State Police or the National Armed Forces ensure implementation of individual measures for the physical security of Category B critical infrastructure or European critical infrastructure.
37.1 It is prohibited to make video recordings, take photographs, or otherwise document a critical infrastructure or European critical infrastructure without agreeing upon this with the owner or lawful possessor thereof, provided that an information sign "BEZ SASKAŅOŠANAS FOTOGRAFĒT, FILMĒT AIZLIEGTS" ("NO PHOTOGRAPHY OR VIDEO RECORDING WITHOUT PERMISSION") is placed at the relevant critical infrastructure or European critical infrastructure (Annex 2).
[6 June 2017]
38. In the case of declaring an energy crisis, a high and critically high terrorism threat level, a state of emergency or exceptional state, the Cabinet may decree that the National Armed Forces or the State Police should take over complete or partial ensuring of measures for the physical security of individual Category B and C objects vital for State security.
39. In the case of the declaration of a high and critically high terrorism threat level, a state of emergency associated with terrorism and public disorder, an exceptional state or state of war, an owner or lawful possessor of critical infrastructure or European critical infrastructure shall co-ordinate their actions with the State Police, the National Armed Forces and the Security Police, the Constitution Protection Bureau or the Defence Intelligence and Security Service according to the competence of the State intelligence and security service specified in laws and regulations, taking into account the location of the relevant critical infrastructure and other specific factors.
[6 June 2017]
40. The list referred to in Sub-paragraph 29.2 of this Regulation shall be submitted to the relevant State intelligence and security service by 1 January 2018.
[6 June 2017]
This Regulation contains legal norms arising from Directive 2008/114/EC of the European Council of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
Prime Minister V. Dombrovskis
Minister for the Interior L. Mūrniece
Annex 1
Cabinet Regulation No. 496
1 June 2010
[6 June 2017]
1. General information regarding the critical infrastructure or the European critical infrastructure - name, owner or lawful possessor, location (address) of the critical infrastructure or the European critical infrastructure, purpose of the document.
2. The institution (structural unit) that ensures the implementation of security measures.
3. Security of external perimeter (for example, fencing and the layout thereof, lighting and the layout thereof, video surveillance and alarm systems).
4. Control of admission to the critical infrastructure or the European critical infrastructure or territory thereof (for example, admission points, the layout thereof, working hours, the regime of permits for employees, visitors, vehicles and cargos, and samples of personal identification documents).
5. Restricted access areas (for example, the layout thereof, admission points, control of admission for employees, visitors and vehicles).
6. Functions of the security personnel (for example, the location, duties, rights, patrolling regime).
7. The video surveillance systems and the layout of the video surveillance systems of the critical infrastructure or the European critical infrastructure.
8. The alarm systems for the physical security of the critical infrastructure or the European critical structure.
9. Planning of the critical infrastructure or the European critical infrastructure.
10. Actions in dangerous situations (explosion, armed attack, discovery of an explosive object, receipt of information regarding threats of explosion, receipt of a suspicious postal consignment, unauthorised access or attempt thereof, unauthorised making of video recordings, taking of photographs, or other documentation of a critical infrastructure or European critical infrastructure).
Minister for the Interior L. Mūrniece
Annex 2
Cabinet Regulation No. 496
1 June 2010
[6 June 2017]
1. The information sign "BEZ SASKAŅOŠANAS FOTOGRAFĒT, FILMĒT AIZLIEGTS" shall constitute a white rectangle in black frame with a stylised pictogram of video recording and photography equipment and an inscription in the Latvian language.
2. Background of the information sign shall be white, 210 x 297 mm (picture). The middle of the information sign shall show a stylised pictogram of video recording and photography in black. The prohibition sign shall be in a round shape, sides of the sign and the diagonal line crossing the pictogram from the left to the right at 45° shall be red (the red part shall account for at least 35 % of the square of the sign). Diameter of the prohibition sign - 14 cm. The text of the information sign "BEZ SASKAŅOŠANAS FOTOGRAFĒT, FILMĒT AIZLIEGTS" shall be arranged in four rows. The height of the letters above the pictogram shall be 12 mm, the height of the letters under the pictogram - 17 mm. The inscription in the Latvian language in black letters "TĀLRUNIS:" shall be on the bottom left-hand side of the information sign (the height of the letters - 5 mm) together with a place where the owner or lawful possessor of a critical infrastructure or European critical infrastructure indicates the contact telephone number of the relevant critical infrastructure or European critical infrastructure.
3. The information sign shall be in the following colours (colour requirements have been specified in accordance with the PANTONE, CMYK, and ORACAL systems):
3.1. the rectangle, as well as the background of the pictogram of video recording and photography equipment - in white (PANTONE 362C or C70 M0 Y100 K0);
3.2. the stylised pictogram of video recording and photography equipment and the inscription "BEZ SASKAŅOŠANAS FOTOGRAFĒT, FILMĒT" - in black (PANTONE 362C or C70 M0 Y100 K0);
3.3. the contour of the prohibition sign and the inscription "AIZLIEGTS" - in red (PANTONE 3425C or C70 M0 Y78 K42);
3.4. the frame of the information sign - in black (PANTONE 3425C or C100 M0 Y78 K42).
4. Procedures for using the sign:
4.1. when erecting the sign on the spot one of the following sizes shall be selected:
4.1.1. 148 x 210 mm;
4.1.2. 210 x 297 mm;
4.1.3. 297 x 420 mm;
4.2. the size of the information sign in polygraphically printed publications shall be selected according to the used scale but not less than 148 x 210 mm by preserving proportions of a rectangle;
4.3. in other cases not referred to in Sub-paragraphs 4.1 and 4.2 of this Annex signs of different sizes may be used by preserving proportions of a rectangle.
Translation © 2018 Valsts valodas centrs (State Language Centre)