The Biological and Toxin Weapons Convention (BTWC) Database

Rolling Text (9th Session) : Annex E

Annex E of the Rolling Text is provided below. This material is from the 9th Session of the Ad Hoc Group of States Parties to the Convention.

Please note: the page numbers given are those which appear in the original text, these appear at the top of the page. The detailed footnotes are provided at the end of the main text.

Return to list of AHG documents                                  (Click here to view the Disclaimer.)

BWC/AD HOC GROUP/39
Annex 1
page 187

E. CONFIDENTIALITY PROVISIONS

I. GENERAL PRINCIPLES FOR THE HANDLING OF
CONFIDENTIAL INFORMATION

(A) THE NEED-TO-KNOW PRINCIPLE

1. [The obligation to protect confidential information shall pertain to the verification of both civil and military activities and facilities. Pursuant to the general obligations set forth in Article IV, the Organization shall] [The Organization] shall require only the minimum amount of information and data necessary for the timely and efficient carrying out of its responsibilities under [this Protocol] and shall avoid any access to [confidential] information and data not related to the aims of this Protocol. [The Organization] shall develop agreements and regulations to implement the provisions of this Protocol and shall specify as precisely as possible the information to which [the Organization] shall be given access by a State Party. Confidential information shall only be disseminated within [the Organization] in accordance with paragraph 5.

(B) THE CONFIDENTIALITY REGIME

2. [The Director-General shall have the primary responsibility for ensuring the protection of confidential information and shall establish and maintain a stringent regime governing the handling of confidential information pursuant to paragraph 4 (a), Article IV of this Protocol (hereinafter referred to as "the Confidentiality Regime"). In order to establish the Confidentiality Regime, an appropriate unit of [the Secretariat] (hereinafter referred to as "the Confidentiality Unit") [shall] [may] be charged with overall supervision of the administration of confidentiality provisions.] In order to establish the regime governing the handling of confidential information pursuant to Article IV (hereinafter referred to as "the Confidentiality Regime"), an appropriate unit of [the Secretariat] (hereinafter referred to as "the Confidentiality Unit") [shall] [may] be charged with overall supervision of the administration of confidentiality provisions.

3. [As the objective of the Confidentiality Regime is the protection of the rights of the States Parties providing the information,] the regime shall be considered and approved by [the Conference]. The approval of the Confidentiality Regime by [the Conference] shall be mandatory prior to initial processing, further handling and authorized distribution

BWC/AD HOC GROUP/39
Annex 1
page 188

of the information and data the States Parties have passed on to [the Organization] in confidence.127 128

4. Subsequently, the Director-General shall report [annually] to [the Conference] [the Executive Council] on the implementation of the Confidentiality Regime by [the Secretariat].

(C) THE ESTABLISHMENT OF A CLASSIFICATION SYSTEM

[4 bis Each State Party from which the information was received or to which the information refers shall have the right [, in due consultation with the Confidentiality Unit as the party may consider appropriate,] to classify any information that it provides under this Protocol in accordance with the classification system.]

5. The [Director-General] [head of the Confidentiality Unit] or persons to whom such authority was delegated shall have the authority to classify information and data [submitted by States Parties] [information generated by the Organization in the implementation of its duties] according to a classification system [evaluated by States Parties] [which is to be introduced by the [head of the Confidentiality Unit]] [unless such information and data have been already classified by the States Parties]. The classification system shall provide for clear criteria ensuring the inclusion of information into appropriate categories of confidentiality and shall be considered and approved by [the Conference].

[6. All data and documents obtained [produced] by [the Secretariat] [in implementation of its duties] shall be evaluated by the Confidentiality Unit in order to establish whether they contain confidential information. If confidential information is contained, the Confidentiality Unit shall classify this information according to the classification system [in consultation with States Parties concerned] [provided that the State Party of which the information was obtained has not already classified that information].]

[(D) CRITERIA FOR CONFIDENTIALITY

7. Information shall be considered confidential if:

(a) It is designated to be confidential by the State Party from which the information was [received] [, and to which the information refers]; or

BWC/AD HOC GROUP/39
Annex 1
page 189

(b) In the judgement of [the Director-General or] [the head of the Confidentiality Unit], its [unauthorized] disclosure could reasonably be expected to cause damage [either] [to the State Party to which it refers or] to the implementation mechanisms of this Protocol.]

[7 bis A classification system shall be introduced, which shall provide for clear criteria ensuring the inclusion of information into appropriate categories of confidentiality and the justified durability of the confidential nature of information. While providing for the necessary flexibility in its implementation the classification system shall protect the right of States Parties providing confidential information. A classification system shall be considered and approved by the Conference pursuant to Article IX, paragraph 24 (h).

(a) The essential factors to be considered in determining the level of sensitivity of an item of information are as follows:

(i) The degree of potential damage which its disclosure could cause to a State Party, any other body of a State Party, including a commercial firm or to any national of a State Party, or to the Protocol or [the Organization]; and

(ii) The degree of potential, particular or selective advantage, its disclosure could offer to an individual, a State, or any other body, including a commercial firm.

(b) Based on guiding factors in subparagraph (a) and the specific classification criteria set out below, confidential information shall be classified into the following categories, given in increasing order of sensitivity:

(i) Restricted:

This category comprises information of which unauthorized disclosure would be prejudicial to the effectiveness or credibility of the Protocol, or prejudicial to the interests of a State Party or of a commercial or governmental body or of a national of a State Party;

(ii) Protected:

This category comprises information of which unauthorized disclosure may cause substantial damage to the effectiveness or credibility of the Protocol, or to the interest of a State Party or of a commercial or governmental body or of a national of a State Party;

BWC/AD HOC GROUP/39
Annex 1
page 190

(iii) Highly protected:

This category comprises sensitive information of which unauthorized disclosure would cause serious damage to the effectiveness or credibility of the Protocol, or its aims and purpose, or cause serious damage from the point of view of national security or commercial secrecy to the interest of a State Party or of a commercial or governmental body or national of a State Party.]

(E) OBLIGATIONS FOR HANDLING OF CONFIDENTIAL INFORMATION

[7 ter To the greatest extent consistent with the effective implementation of the verification provisions of this Protocol, information shall be handled and stored by the [Technical] Secretariat in a form that precludes direct identification of the facility to which it pertains.]

8. Each access by a staff member of [the Secretariat] to confidential information shall be regulated in accordance with its classification and shall be [strictly] on a need-to-know basis. [Each access to confidential information shall be recorded on file when accessing and exiting. This record shall be retained for [an unlimited period] [(time period to be specified)].]

[8 bis [If necessary to fulfil its obligations under this Protocol,] [the Secretariat] may grant access to information and data classified as confidential to entities or individuals not on the staff of [the Secretariat] only on specific approval by [the DirectorGeneral] [the head of the Confidentiality Unit] accompanied by consent of the State Party concerned. [The Secretariat] shall notify the State Party concerned of the proposed access and [unless the State Party concerned explicitly disclaims the proposed access within [30] days after the above notification, the proposal may be deemed to be consented to].]

9. [Wherever possible,] [the Secretariat] shall avoid the transmission of [(level) to be specified] confidential information in telephone conversations, by electronic means or fax/telex to or from locations outside of [the Secretariat] [unless it is enciphered (coded) (scrambled)].

(F) HANDLING OF SENSITIVE INFORMATION ON THE PREMISES OF STATES PARTIES

[10. Data required by the States Parties to be assured of the continued compliance with the Convention and this Protocol by other States Parties shall be [routinely] [, upon request,] provided to them. Such data shall encompass:

(a) The initial and annual declarations provided by States Parties under Article III and relevant Annexes and Appendices;

(b) General reports on the results and effectiveness of verification activities; and

BWC/AD HOC GROUP/39
Annex 1
page 191

(c) Information to be supplied to all States Parties in accordance with the provisions of this Protocol.]

11. Each State Party shall protect information which it receives from [the Organization] at the same level of confidentiality established for that information. Upon request, a State Party shall provide details on the [manner in which] information provided to it by [the Organization] [is to be handled].

12. [The Secretariat] shall [upon] the request of the States Parties [be prepared to] examine information and data which the States Parties regard as being of particular sensitivity in a special manner. Such information and data would not [in any case] have to be physically transmitted to [the Secretariat], provided that it remained available for ready further examination by [the Secretariat] on premises of the States Parties.

(G) OBLIGATIONS FOR INTENDED RELEASE OF CONFIDENTIAL INFORMATION

13. No confidential information obtained by [the Secretariat] in connection with the implementation of this Convention shall be published or otherwise released, except [as follows]:

(a) The information is summarized in a way that the resulting information is no longer of a confidential nature [with the consent of the State Party concerned];

(b) All States Parties directly concerned explicitly agree to the publication/release;

[(c) The information is - in accordance with the provisions set forth in [this Protocol] - required by the States Parties to be assured of the continued compliance with this Convention by other States Parties [. This information shall include declarations made under Article ... of this Protocol.];]

[(d) [After carefully weighing up,] [in the judgement of the Director-General] the release is necessary to fulfil [the Organization's] obligations under this Protocol.]

[13 bis No information obtained by [the Secretariat] in connection with the implementation of this Protocol shall be published or otherwise released, except as follows:

(a) General information on the implementation of this Protocol may be compiled and released publicly in accordance with the decisions of the Conference or the Executive Council;

(b) Any information may be released with the express consent of the State Party to which the information refers;

BWC/AD HOC GROUP/39
Annex 1
page 192

(c) Information classified as confidential shall be released by the Organization only through procedures which ensure that the release of information only occurs in strict conformity with the needs of this Protocol. Such procedures shall be considered and approved by the Conference pursuant to Article IX, paragraph 24 (h).]

[14. [If necessary to fulfil its obligations under this Protocol,] [the Secretariat] may grant access to information and data classified as confidential to entities or individuals not staff of [the Secretariat] only on specific approval by [the Director-General] [the head of the Confidentiality Unit]. [The Secretariat] shall notify a State Party [at least 30 days] before any such access is intended.]

BWC/AD HOC GROUP/39
Annex 1
page 193

II. CONDITIONS OF STAFF EMPLOYMENT RELATING TO THE
PROTECTION OF CONFIDENTIAL INFORMATION

(A) GENERAL REQUIREMENTS

1. Conditions of staff employment shall be such as to ensure that access to and handling of confidential information shall be in conformity with the procedures established by the Director-General in accordance with section ... .

2. Each position in the [Technical] Secretariat shall be governed by a formal position description that also specifies the scope of access to confidential information, if any, needed in that position.

[3. In the discharge of their functions [in on-site activities] [employees of the Organization] [members of the investigating [or visiting] teams] shall only request the information and data which are necessary to carry out their duties. They shall not make any records of information collected incidentally and not related to the requirements of their duties.]

(B) INDIVIDUAL SECRECY AGREEMENTS

4. The Director-General and the other members of the staff shall enter into individual secrecy agreements with the [Technical] Secretariat covering their period of employment and a [unlimited] period of [5] [10] years after it is terminated.

5. They shall not disclose even after termination of their functions to any unauthorized persons any confidential information coming to their knowledge in the performance of their official duties.

6. Subject to this agreement, they shall not communicate to any State, organization or person outside the [Technical] Secretariat any confidential information to which they have access in connection with their activities in relation to any State Party.

(C) CODE OF CONDUCT

7. Each staff member shall be obliged to abstain from any kind of public pronouncement, [which might adversely reflect on his or her status or on his or her] [to ensure] integrity, independence or impartiality.

8. No staff member shall - except with explicit approval of the Director-General:

(a) Issue statements to the press, radio or other media of public information;

BWC/AD HOC GROUP/39
Annex 1
page 194

(b) Accept or keep speaking engagements;

(c) Take part in film, theatre, radio or television productions or presentations;

(d) Submit articles, books or other material for publication;

related to the activities of the Organization.

[9. In order to avoid improper disclosures, members of the investigation team and staff members shall be appropriately advised and reminded about security considerations and of the possible penalties that they would incur in the event of improper disclosure.]

[10. Not less than 30 days before an employee is given clearance for access to confidential information that refers to activities on the territory or in any other place under the jurisdiction or control of a State Party, the State Party concerned shall be notified of the proposed clearance. For members of the investigation team the notification of a proposed designation shall fulfil this requirement.]

[11. In evaluating the performance of members of the investigation team and any other employees of the [Technical] Secretariat, specific attention shall be given to the employee's record regarding protection of confidential information.]

(D) PERSONNEL INSTRUCTION/TRAINING

[12. Prior to taking up their activities, staff members shall take part in an initial and continuing training programme in order to be advised and reminded of their duties regarding confidentiality issues.]

BWC/AD HOC GROUP/39
Annex 1
page 195

III. MEASURES [TO PROTECT CONFIDENTIAL INFORMATION IN THE COURSE
OF ON-SITE ACTIVITIES] [TO ENSURE THE PROTECTION OF
CONFIDENTIAL INFORMATION MADE AVAILABLE TO INVESTIGATING OR VISITING TEAMS WHILE THEY ARE ON THE TERRITORY OF THE INVESTIGATED OR VISITED STATE PARTY]

(A) PRINCIPLE OF LEAST INTRUSIVE ACTION

1. Investigating or visiting teams shall be guided by the principle of conducting on-site activities and investigations in the least intrusive manner consistent with the timely and effective accomplishment of their mission. [In particular, the number, duration and intensity of on-site activities [visits] [and investigations] actually carried out shall be kept to the minimum necessary.] [Investigating or visiting teams shall [at any time] take into consideration proposals which may be made by the States Parties to keep the amount of confidential information coming to their knowledge to the minimum necessary.]

[2. Members of the investigating or visiting team shall strictly abide by the provisions set forth in Article IV and relevant Annexes governing the conduct of investigations. They shall respect the procedures designed to protect sensitive installations and to prevent the disclosure of confidential data.]

3. In conducting its activities, the [Technical] Secretariat shall avoid undue intrusion into the States Parties' activities not prohibited under the Convention.

[4. Confidential information including, inter alia, photographs, plans and other documents required only for the purpose of on-site activities of a specific facility or for which special investigation according to Annex E, section I, paragraph 13, was requested by a State Party shall, to the extent possible, be stored with [the National Authority] of the State Party or be kept under lock and key at the facility to which it pertains.]

(B) [ESCORT] [OBSERVATION OF ON-SITE ACTIVITIES]

5. Each investigated [/visited] State Party shall have the right to have investigators and [inspection assistants] accompanied during their inspections by representatives of that State Party, provided that investigators shall not thereby be delayed or otherwise impeded in the exercise of their functions.

6. The representative of the investigated [/visited] State Party shall have the right to observe all on-site activities carried out by the investigating or visiting team.

(C) PROTECTION OF SENSITIVE INFORMATION AND EQUIPMENT

7. Pursuant to Article IV, paragraph 3, each State Party may, when receiving an investigation [or visit], indicate to the investigating [or visiting] team the equipment,

BWC/AD HOC GROUP/39
Annex 1
page 196

documentation or areas that it considers sensitive and not related to the purpose of the investigation [or visit]. [The investigating [or visiting] team shall avoid any access to that equipment, documentation or areas, provided that it agrees that the access is not necessary to fulfil the obligations of the investigating [or visiting] team.] Likewise, the investigating [or visiting] team shall not make any records of information collected incidentally and not related to their mandate.

8. If removal of information or data from a facility is necessary to achieve timely and effective implementation under [this Protocol], the amount of information and data to be removed from a facility shall be kept to the minimum necessary.

[(D) PROTECTION OF SAMPLES

9. The Director-General shall have the primary responsibility for ensuring that the confidentiality of samples during the transfer to designated laboratories for analysis off-site is protected. The Director-General shall do so in accordance with procedures to be considered and approved by [the Conference] pursuant to ... of [this Protocol].

10. Designated laboratories shall enter into specific secrecy agreements confirming the obligations established within ... of [this Protocol] governing sampling procedures and process of analysis.]

[(E) REPORTS

11. The report to be prepared after each investigation shall contain only facts relevant to compliance with [this Protocol].

12. The report shall be handled in accordance with the regulations established by the Confidentiality Unit governing the handling of confidential information. If necessary, the information contained in the report shall be processed into less sensitive forms, before it is transmitted outside the [Technical] Secretariat or the inspected State Party, respectively.]

BWC/AD HOC GROUP/39
Annex 1
page 197

IV. PROCEDURES IN CASE OF BREACHES OR ALLEGED BREACHES
OF CONFIDENTIALITY

[(A) DEFINITIONS

1. A breach of confidentiality is established [, if a damage has occurred,] which is caused by a violation of obligations to protect confidential information.

The following may also represent cases of breaches, among others:

(a) Unauthorized disclosure of confidential information;

(b) Misuse of confidential information, e.g. to gain a personal advantage or to benefit or damage the interests of a third party;

(c) Loss of confidential information.]

[1 bis A breach of confidentiality shall include any unauthorized disclosure of confidential information complied by [the Organization] to any individual, or government or private entity, regardless of the intention or the consequences of the disclosure.]

(B) OBLIGATION FOR [INTERNAL INVESTIGATION] [FACT FINDING] [INQUIRY]

2. The DirectorGeneral shall establish procedures to be followed in case of breaches or alleged breaches of confidentiality, which shall be considered and approved by [the Conference] pursuant to ... . The DirectorGeneral shall also consider recommendations given by the [Conference of] States Parties and amend accordingly the procedures recommended related to the issue of breaches or alleged breaches.

3. The DirectorGeneral shall promptly initiate an [investigation] [fact-finding] [inquiry], if [, in his or her judgement,] there is sufficient indication, that obligations concerning the protection of confidential information have been violated.

4. The DirectorGeneral [shall] [may] also promptly initiate an [investigation] [fact-finding] [inquiry] if there is an allegation made by a State Party that a breach of confidentiality has occurred.

5. In case of an allegation of a breach of confidentiality, States Parties and/or staff members which are named in the allegation or which might be involved in the alleged breach or violation shall be informed of that allegation immediately.

BWC/AD HOC GROUP/39
Annex 1
page 198

6. An internal [investigation] [fact-finding] [inquiry] shall result in a written report, which shall, if necessary, remain confidential and be subject to the strict application of the needtoknow principle. If necessary, the results of the [investigation] [fact-finding] [inquiry] shall be reported to the Conference of the States Paries.

(C) INTERIM MEASURES

7. The DirectorGeneral may impose interim measures before the conclusion of the internal [investigation] [fact-finding] [inquiry] in order to prevent further damage. These measures may include withdrawal of certain personnel from specific functions, denial of access to [certain] information and, in serious cases, a temporary suspension.

[8. The DirectorGeneral shall oversee the implementation of individual secrecy agreements. The DirectorGeneral shall promptly initiate an internal [investigation] [fact-finding] [inquiry], following sufficient indication that there has been a violation of an obligation to protect confidential information on the part of: (a) a staff member of the [Technical] Secretariat; or (b) an agent or official of a State Party.

8 bis (a) When the internal [investigation] [factfinding] [inquiry] pursuant to paragraph 8 establishes that there has been a breach of confidentiality, the DirectorGeneral shall, in case of (a) of paragraph 8, impose appropriate punitive and disciplinary measures on staff members who have violated their obligations to protect confidential information in accordance with the Staff Rules and Regulations.

(b) In case of a breach of confidentiality by a person referred to in (b) of paragraph 8, consultations shall be held between the Organization and States Parties concerned to address the case.

8 ter In cases where a State Party considers that there has been a breach of confidentiality by a staff member of the [Technical] Secretariat, consultations shall be held between the DirectorGeneral and the State Party, and the DirectorGeneral shall initiate promptly internal [investigation] [fact-finding] [inquiry]. If such consultations are not concluded successfully [within 60 days], the State Party shall have the right to initiate the proceedings of the "Commission for the settlement of disputes related to confidentiality" (hereinafter referred to as "the Commission"), set up in accordance with paragraph 7, Article IV and paragraph 24 (j), Article IX of this Protocol, to consider the case. The Commission shall seek to settle the case through mediation, enquiry, conciliation, arbitration or other peaceful means. The Commission may request the DirectorGeneral to submit the result of the internal [investigation] [fact-finding] [inquiry] to the extent possible.]

[9. States Parties shall, to the extent possible, cooperate with and support the DirectorGeneral in investigating any breach or alleged breach of confidentiality and in taking appropriate action in accordance with applicable laws and regulations in case a breach has been established.]

BWC/AD HOC GROUP/39
Annex 1
page 199

(D) LOSS OF CONFIDENTIAL INFORMATION

[10. Any loss of a document classified as confidential shall be immediately reported by the staff member who has first come to the knowledge of that loss to his superior. The superior shall assure that the loss is reported to the head of the Confidentiality Unit without delay. Upon receiving information of the loss of a document, the head of the Confidentiality Unit shall initiate an internal [investigation] [fact-finding] [inquiry] and report to the DirectorGeneral on:

(a) The circumstances that have caused the loss of the document;

(b) Whether any security regulations or rules were breached;

(c) The sensitivity of the information contained in the document;

(d) Anticipated consequences of the loss of the document;

(e) Corrective action, if any, which would either lessen the damage caused by the loss in the actual case, or, would serve to prevent or lessen the chance of future losses.]

[11. Subsequently, the Director-General shall take appropriate action, if he or she deems it necessary to do so, in accordance with section C.]

[(E) OBLIGATIONS OF OBSERVERS AND OTHER AUTHORIZED INDIVIDUALS OR ENTITY BEYOND THE [TECHNICAL] SECRETARIAT

[12. The requesting State Party shall ensure that the observer complies with and is individually bound by all relevant provisions of this Protocol. Once any confidential information is disclosed to or acquired by the observer, in addition to and without diminishing the observer's own individual responsibility, the requesting State Party shall also become responsible for the handling and protection of that information in accordance with this Protocol.

12 bis Paragraphs [...] shall apply, mutatis mutandis, to observers and other authorized individuals or entity beyond the [Technical] Secretariat.]]

BWC/AD HOC GROUP/39
Annex 1
page 200

V. APPROPRIATE PROCEDURES TO PROTECT CONFIDENTIALITY
[OF DECLARATIONS]

[(A) MARKING OF CONFIDENTIAL INFORMATION129

1. Written documents provided by the States Parties [in the course of declarations] shall, on receipt by the [Technical] Secretariat, be fitted with an appropriate stamp indicating the confidential nature of the included information. If confidential information is submitted in a form other than in writing, it shall be marked in an equivalent manner using procedures to be established by the head of the Confidentiality Unit.]

[(B) SEALING OF DECLARATIONS130

2. Member States shall pass on declarations to the [Technical] Secretariat in double envelopes, the inner envelope being sealed and clearly marked to show, that it contains confidential information. Upon receipt by registry, all declarations shall be referred with the inner envelope unopened to the Confidentiality Unit.]

[(C) HANDLING OF DECLARATIONS131

3. To the greatest extent consistent with the effective implementation of the provisions under [this Protocol], data declarations [as well as other confidential information] shall be handled and stored in a form that precludes direct identification of the facility to which it pertains, if handled outside the Confidentiality Unit.

[4. Declarations must not be distributed [outside of the area of the Confidentiality Unit] within the internal mail of the [Technical] Secretariat unless sealed as outlined above.]

5. If multiple access on confidential documents is needed for internal purposes, the minimum number of copies necessary may be made. These copies shall be destroyed [safely] [by shredding] as soon as the access is no longer needed. The head of the Confidentiality Unit shall oversee the implementation of this paragraph.]

(D) STORAGE OF CONFIDENTIAL INFORMATION

6. Confidential information shall be stored securely at the premises of [the Organization]. The DirectorGeneral shall set out, in an administration directive, physical security measures

BWC/AD HOC GROUP/39
Annex 1
page 201

adapted to the individual areas, where confidential information is stored. These measures shall, inter alia, include the restriction of access for certain sensitive areas such as storage areas for confidential information or areas processing declarations or investigation reports.

BWC/AD HOC GROUP/39
Annex 1
page 202

VI. PROCEDURES FOR ARCHIVING OF CONFIDENTIAL INFORMATION

Notes

127. This provision is without prejudice to further discussion on the availability to States Parties of initial and annual declarations made under Article III.

128. "[The Organization] shall not process, handle or distribute information or data supplied to it in confidence by States Parties until the regime has been approved by [the Conference]" is a possible alternative formulation for the sentence.

129. The content of this paragraph is to be examined in the light of the discussions on Declarations.

130. Ibid.

131. Ibid.

Return to the list of AHG documents