LAW ON CLASSIFIED INFORMATION CHAPTER ONE. General provisions

Transcription

1 LAW ON CLASSIFIED INFORMATION CHAPTER ONE General provisions Article 1 The Law herein regulates the classification of information, conditions, criteria, measures and the activities to be taken in the process for providing protection of classified information, the rights, responsibilities and obligations of the originators and the users of such information, the international exchange, as well as other issues concerning the protection of classified information. Article 2 The aim of this Law is to ensure lawful use of classified information and to prevent any type of illegal access to such information. Article 3 The provisions of this Law shall also be applied for the protection of classified information received from foreign states and international organizations or created during joint efforts of cooperation, unless otherwise regulated by ratified international agreements or by the international agreements to which the Republic of Macedonia has become a member. Article 4 For the purposes of implementing the established policy for protection of classified information and the international standards, carrying out the exchange of classified information in line with the international agreements and for accomplishing other tasks regulated by this Law, the Directorate for Security of Classified Information (hereinafter referred to as the Directorate ) shall be founded. Definitions Article 5 Individual expressions used in this Law shall have the following meaning: 1. Information is any knowledge that can be communicated in any form. 2. Information of interest for the Republic of Macedonia is any information or material produced by a state body, body of a unit of the local self-government, public enterprise, public institution and service, legal entity and natural person, as 1

2 well as foreign state body, foreign legal entities and natural persons, related to the security and defence of the state, its territorial integrity and sovereignty, constitutional order, public interest, freedoms and rights of the human and the citizen. 3. Classified information is any information determined to require protection against unauthorized access or use and which has been so designated by a security classification. 4. Material includes documents, technical devices, any machinery, equipment or separate components thereof or weapons or tools, manufactured or in the process of manufacturing. 5. Document is any recorded information regardless of its physical form or characteristics, including, without limitation, written or printed matter, maps, charts, photographs, paintings, drawings, engravings, sketches, working papers, carbon copies or ink ribbons, or reproductions by any means or process, and sound, voice, magnetic or electronic, optical or video recording in any form, and ADP equipment with resident computer storage media and removable computer storage media. 6. Damage is understood to mean a violation of the interests of the state as a consequence from endangering the classified information of interest to the Republic of Macedonia or the information that the Republic of Macedonia is obliged to protect according to international agreements. 7. Security risk is likelihood for security infraction of the classified information. 8. Security of classified information includes activities and measures applied for protection of classified information against unauthorized access and use. 9. Security clearance is a document confirming the eligibility of the legal entity or the natural person to have access to and use classified information. 10. Access permit is a document confirming that the foreign legal entity or natural person has a security clearance and is eligible to have access to and use classified information in the Republic of Macedonia. 11. Need-to-know is a principle according to which the user who has a requirement for access to classified information in order to perform his function or official tasks is determined. 12. Reclassification is the change of the classification level of the classified information. 13. Security area is the area around the building that represents the minimum distance from which the building or the classified information therein could be threatened. 14. Security zone is the area or room within the building where information classified CONFIDENTIAL or above is located or kept and needs to be protected accordingly. 2

3 15. Administrative zone is the area or room within the building where information classified RESTRICTED is located or kept and needs to be protected accordingly. CHAPTER TWO Classification of information Article 6 The classification determines the level of protection of the information that should match the degree of the damage that would result for the Republic of Macedonia from unauthorized access to that information or its unauthorized use. Information subject to classification shall particularly refer to: public security; defence; foreign affairs; security, intelligence and counter intelligence activities of the state administration bodies of the Republic of Macedonia; systems, devices, projects and plans of importance for the public security, defence, foreign affairs; scientific research; technological, economic and financial affairs of importance for the Republic of Macedonia. Article 7 The classification of the information shall be granted according to its contents. The authorized person referred to in Article 9 of this Law shall determine the level of classification of the information. The information shall be granted one of the levels of classification as follows: - TOP SECRET; - SECRET; - CONFIDENTIAL and - RESTRICTED. Article 8 The information classified TOP SECRET shall be the information the unauthorized disclosure of which would put in jeopardy and cause irreparable damage to the permanent interests of the Republic of Macedonia. The information classified SECRET shall be the information created by the state bodies, bodies of the units of the local self-government and other institutions that is of interest to the public security, defence, foreign affairs and the security, intelligence and counter intelligence activities of the state administration bodies of the Republic of Macedonia, the unauthorized disclosure of which would result in exceptionally serious damage to the vital interests of the Republic of Macedonia. 3

4 The information classified CONFIDENTIAL shall be the information created by the state bodies, bodies of the units of the local self-government and other institutions that is of interest to the public security, defence, foreign affairs and the security, intelligence and counter intelligence activities of the state administration bodies of the Republic of Macedonia, the unauthorized disclosure of which would result in serious damage to the interests of importance for the Republic of Macedonia. The information classified RESTRICTED shall be the information the unauthorized disclosure of which would result in damage of the work of the state bodies, bodies of the units of the local self-government and other institutions that is of interest to the public security, defence, foreign affairs and the security, intelligence and counter intelligence activities of the state administration bodies of the Republic of Macedonia. Article 9 The TOP SECRET classification can be granted to an information by the President of the Republic of Macedonia, the President of the Assembly of the Republic of Macedonia, the President of the Government of the Republic of Macedonia, the President of the Constitutional Court of the Republic of Macedonia, the President of the Supreme Court of the Republic of Macedonia, the ministers within their sphere of activity, the Public Prosecutor of the Republic of Macedonia, the Chief of the General Staff of the Army of the Republic of Macedonia, the Director of the Intelligence Agency, the Director of the Directorate for Security of Classified Information and the persons authorized by them in written. If otherwise regulated by law, international agreement or another regulation, the persons envisaged therein can give TOP SECRET classification to information. Article 10 The information not intended for public use, the disclosure of which would result in decreased efficiency of the work of the state bodies, shall be marked with FOR LIMITED USE 1. Article 11 If the information includes data with different levels of classification, the originator shall be obliged to determine the level of classification for each data separately. The information as a whole shall be classified according to the highest classification level, and the other parts with classification levels belonging to the information shall be indicated on the front page of the material. If a part of the document contains a higher level of classified information, that part shall be extracted as a separate document with an appropriate level of classification. 1 FOR LIMITED USE corresponds to NATO UNCLASSIFIED 4

5 The footnotes of the classified information shall not be classified, unless containing or disclosing classified information. In order to avoid security risks, inserting footnotes should be minimized. Article 12 The originator of the classified information shall mark its level of classification on a visible place. Article 13 If the information has not been granted a level of classification, and the originator cannot be determined or has ceased to exist, the classification of the information shall be made by the legal successor of the originator. In case the legal successor of the originator cannot be determined either, the Directorate shall mark the level of classification of the information. Article 14 The originator, or another authorized person with his written consent, shall make the change of the level of classification. The users of the information shall necessarily be informed about the change of its level of classification. Article 15 The Government of the Republic of Macedonia (hereinafter referred to as: the Government ) shall prescribe the marking of the classification level of the information with a Decree. Article 16 The classification of the information will terminate: - on the date specified in the document; - with the advent of the event specified in the document; - with the expiry of the time period specified in the document; and - with declassification. Article 17 Declassification shall change the classified information into accessible information. 5

6 The originator of the information shall make the declassification referred to in paragraph 1 of this Article and inform the users about that. Article 18 The originator of the classified information shall mark the time period or the event until when the information cannot be reclassified or declassified. The time period or the event until when the information cannot be reclassified or declassified shall not be longer than ten years, unless the information requires a longer protection according to this or another law. Article 19 The originator shall review and evaluate the TOP SECRET information in a period no longer than ten years in order to assess the requirement for further maintaining of the classification level. The originator shall review and evaluate the SECRET information in a period no longer than five years in order to assess the requirement for further maintaining of the classification level. The originator shall review and evaluate the CONFIDENTIAL information in a period no longer than three years, in order to assess the requirement for further maintaining of the classification level. The originator shall review and evaluate the RESTRICTED information in a period no longer than two years in order to assess the requirement for further maintaining of the classification level. Article 20 Information that has been given a level of classification shall not be considered as classified information if it is concealing a criminal activity, an overstepping or misuse of official function or any other illicit act or action. Classified information of foreign states or international organizations Article 21 Classified information from foreign states or international organizations with which the Republic of Macedonia has entered into international agreements or to which the Republic of Macedonia has become a member, shall keep the marking of the level of classification used in that state or international organization. 6

7 Article 22 Classified information shall be disseminated according to the principle of needto-know. During dissemination of the classified information, the authorized person shall undertake activities for reception, processing, identification of users and distribution of the classified information to them. The authorized person shall distribute the classified information to the identified users. The Government shall prescribe the activities during dissemination of classified information that refer to the processing, the identification of users and the distribution of such information with a Decree. CHAPTER THREE Criteria, measures and activities for protection of classified information Article 23 Criteria that shall particularly be taken into account while determining the measures for protection of classified information shall be as follows: - level of classification; - scope and shape of the classified information; and - threat assessment for the security of the classified information. Article 24 In order to protect the classified information, measures shall be taken for administrative, physical, personnel, information and industrial security. Article 25 Measures and activities for administrative security shall be as follows: - identification of the classification level and marking of the classified information accordingly; - receipt and recording of the classified information; - safekeeping of and handling the classified information; - reproductions, translations and excerpts of the classified information and designation of the number of copies and the users; 7

8 - control and handling of the classified information during its dissemination and distribution; - prevention of unauthorized takeout, disclosure and security breaching of the classified information; - prevention of compromises of the classified information; and - disposal and destruction of the classified information. Article 26 Measures and activities for physical security shall be as follows: - assessment of the possible security infringement of the classified information with intrusion and unauthorized access to, use and disposal of the classified information; - establishing a security area around the facility; - definition of security and administrative zones; - organizing physical security and application of technical and other security devices for buildings and rooms where classified information is held; - issuing clearances for access to buildings and rooms; - control of entry, movement and exit of individuals and vehicles for transportation of classified information; and - transportation of classified information outside the security zones. Article 27 Measures and activities for personnel security shall be as follows: - identification of authorized persons for work and handling classified information; - responsible handling of classified information; - security vetting; - issuing security clearances; - issuing access permits for classified information; and - verifying and evaluation of the ability to handle classified information. Article 28 Measures and activities for information security shall be as follows: - certification of communication and information systems and processes; 8

9 - assessment for possible security infringement of the classified information by intrusion in the information system, and use and destruction of the classified information processed and stored in communication and information systems; - definition of methods and security procedures for reception, processing, transmission, storing and archiving of electronic classified information; - protection of the information in the course of the processing and storing of classified information in the communication and information systems; - production of crypto keys and other crypto material; - cryptographic protection of communication, information and other electronic systems used for preparation, transmission, processing and archiving of classified information; - determination of zones and rooms protected from compromising electro-magnetic emission; and - installation of devices for safekeeping of classified information. Article 29 Measures and activities for industrial security shall be as follows: - protection from misplacing or compromising of classified information contained in industrial agreements; - issuing of security clearances to legal entities and natural persons that produce, use or have contact with industry related classified information; - protection from misplacing or compromising of classified information in consortia and mixed enterprises with foreign legal entities and natural persons; - ensure protection during transportation of classified information; and - establishing procedures for visits of legal entities and natural persons from other countries to facilities and industrial associations where classified material is produced, processed and kept. Article 30 The Government shall determine the measures and activities referred to in Articles of this Law with Decrees. 9

10 Exchange of classified information with foreign states and international organizations Article 31 Classified information of a foreign state or international organization is an information or material, which the competent agency of the foreign state or the international organization has released to the Republic of Macedonia with an obligation to ensure its protection. The classified information received from a foreign state or an international organization shall be handled as determined with an international agreement. If the international agreement referred to in paragraph 2 of this Article does not include provisions on the way of handling classified information, it shall be handled in line with the provisions of this Law. Article 32 In exceptionally unfavorable political, economic, defence and security conditions in the Republic of Macedonia, upon a request by the competent bodies according to the Constitution and the legislation, the Directorate may exchange classified information with foreign states and international organizations with which it has not entered into international agreements, if that is in the interest of the Republic of Macedonia. Article 33 According to the assumed obligations from the ratified international agreements, the Directorate shall ensure exercising control by authorized representatives of foreign states and international organizations for the way of use and protection of the classified information they have released to the Republic of Macedonia. In line with this Law and the international agreements, the Directorate shall control the use and protection of the released classified information from the Republic of Macedonia to the foreign states and international organizations. The Government shall determine the classified information of the Republic of Macedonia that could be subject to international exchange with a Decision. Use of classified information Article 34 User of classified information shall be a state body or another legal entity or natural person in the Republic of Macedonia that has a security clearance or a foreign state body or another foreign legal entity or natural person that has a security clearance issued by the home-country and an access permit for classified information issued by the Directorate. 10

11 Article 35 Security clearance shall be issued for an appropriate level of classified information. In order to have a security clearance for an appropriate level of classified information issued, the relevant legal entity or natural person shall submit a written request to the Directorate. The security clearance referred to in paragraph 1 of this Article shall be issued on the basis of a security vetting conducted in advance. Article 36 Security clearance for access to and use of classified information of any level of classification, without previous security vetting, for the purpose of accomplishing the official function from the day of election until the end of the mandate, shall be issued to: the President of the Republic of Macedonia, the President of the Assembly of the Republic of Macedonia, the President of the Government of the Republic of Macedonia, the Deputy of the President of the Government of the Republic of Macedonia, the President of the Constitutional Court of the Republic of Macedonia and the President of the Supreme Court of the Republic of Macedonia. Article 37 For the purposes of accomplishing the official tasks, a security clearance for access to an appropriate level of classified information shall be issued to the employees at the state bodies, the bodies of the units of the local self-government, the public enterprises, the public institutions and services, as well as to other legal entities and natural persons according to the principle of need-to-know. The persons referred to in paragraph 1 of this Article shall submit the request for a security clearance through the persons in charge in the state bodies, the bodies of the unit of the local self-government, the public enterprises, the public institutions and services, as well as in other legal entities and natural persons. Article 38 Security clearance shall be issued to a natural person if: - (s)he is a citizen of the Republic of Macedonia; - there is a justified reason for using classified information according to the principle of need-to-know ; - there are no limiting circumstances for having access to classified information; - (s)he has legal capacity, - (s)he is 18 years old, and for using information classified TOP SECRET, 21 years old; 11

12 - there is no security measure delivered for prohibition from practicing a profession, activity or obligation; - (s)he has good health capacity; - (s)he has signed a written statement for conscientious and accountable use of the classified information; - the activities of the natural person do not indicate existence of a security risk for using the classified information; and - (s)he has been briefed on the regulation concerning the work with classified information, which is verified through an interview with the applicant by an authorized person before the security clearance is issued. Article 39 Security clearance shall be issued to a legal entity if: - it has ensured physical, administrative, information and industrial security and has provided personnel security clearances; - it is financially and economically stable; and - there is no security risk for using classified information. Article 40 The legal entity shall not be considered eligible to provide protection of classified information in case it has not provided conditions for application of the measures and activities for protection of classified information, regulated by this Law. The financial and economic stability of the legal entity shall be confirmed upon submitting the following documents, the issuance date of which should not be older than six months: - extract from the professional activity register; - prescribed document about the business success issued by the Central Registry of the Republic of Macedonia; - evidence from a relevant court for nonexistence of bankruptcy or liquidation proceedings; - evidence from a relevant court that no security measure for prohibition from practicing a profession has been delivered; and - certificate from the Public Revenue Authority for paid taxes and other public allowances. Security risk shall be considered to exist if: - certain activities of the legal entity and its authorized persons are contrary to the interests of the Republic of Macedonia; and 12

13 - the legal entity has connections with foreign legal entities and natural persons that could harm the foreign policy or security of the Republic of Macedonia. Security Clearance Issuing Procedure Article 41 The fulfilling of the conditions for issuing a security clearance shall be determined through a security vetting. The security vetting referred to in paragraph 1 of this Article shall be conducted on the basis of a prior written consent from the individual to whom the security clearance should be issued, which is a part of the request referred to in Article 35 paragraph 1 of this Law. If the individual withdraws his consent during the vetting procedure with a written statement, another security vetting cannot be conducted before the expiry of one-year period starting from the day of the withdrawal of the consent. Article 42 Security vetting shall be conducted before a security clearance is issued to legal entities and natural persons for access to and use of classified information, in order to determine the existence or nonexistence of circumstances limiting the access to and use of the classified information. The security vetting shall begin with filling out the security questionnaire for the appropriate level of security vetting. The data collated from the questionnaire represent a part of the contents of the security vetting. The Director of the Directorate shall prescribe the form and contents of the security questionnaire referred to in paragraph 1 of this Article with a Set of Rules. Article 43 The questionnaire filled out for a security vetting shall be classified RESTRICTED. The data collated from the questionnaire referred to in paragraph 1 of this Article shall be used for the purposes of the security vetting. Article 44 For using RESTRICTED information, no security vetting shall be required. The individual shall be briefed about the obligation to protect the classified information that (s)he has been given access to or a permission to use. 13

14 Article 45 Depending on the level of the classified information for which a request for a security clearance has been filed, different vetting procedures, appropriate to the classification level of the information shall be conducted, as follows: a) first level vetting for information classified CONFIDENTIAL; b) second level vetting for information classified SECRET; and c) third level vetting for information classified TOP SECRET. Article 46 The first level vetting shall determine the following: - identity of the individual (based on the submitted written documentation and short curriculum vitae); - age of minimum 18 years; - citizenship of the Republic of Macedonia; - legal capacity of the individual (based on a certificate from a relevant court); and - security risk of the individual. Article 47 The second level vetting shall determine the following: - identity of the individual (based on the submitted written documentation and short curriculum vitae, and with operational verification of the data about the person); - age of minimum 18 years; - citizenship of the Republic of Macedonia; - legal capacity of the individual (based on a certificate from a relevant court); - security risk of the individual; and - health condition (based on an evaluation by a relevant medical commission). Article 48 The third level vetting shall determine the following: - identity of the individual (based on the submitted written documentation and short curriculum vitae, and with operational verification of the data about the person); - age of minimum 21 years; 14

15 - citizenship of the Republic of Macedonia; - legal capacity of the individual (based on a certificate from a relevant court); - security risk of the individual; and - health condition (based on an evaluation by a relevant medical commission). Article 49 Security clearance for using classified information shall be issued by the Director of the Directorate after the procedure regulated with the provisions of this Law has been carried out. Article 50 Upon a request by the Directorate, the security vetting procedures referred to in Articles 46, 47 and 48 of this Law shall be carried out by: - the competent services of the Ministry of Interior for all individuals, with the exception of the ones indicated below in line 2 of this Article; and - the competent services of the Ministry of Defence for the military personnel and the civilians employed at the Army of the Republic of Macedonia. Article 51 The security vetting procedure shall last no longer than: - one month for first level vetting; - three months for second level vetting; and - six months for third level vetting. In more complex cases or due to emergencies, the time limits referred to in paragraph 1 of this Article may be doubled. Time of validity of the security clearances Article 52 Validity of the security clearance issued for TOP SECRET information shall be no longer than five years. Validity of the security clearance issued for SECRET information shall be no longer than five years. Validity of the security clearance issued for CONFIDENTIAL information shall be no longer than ten years. 15

16 The Director of the Directorate shall prescribe the contents and pattern of the security clearances referred to in the paragraphs 1, 2 and 3 of this Article with a Set of Rules. Article 53 Based on a written notification by the Directorate, the user of classified information shall be obliged to file a new request for extending the validity of the security clearance six months the latest before the day of the expiry of its validity. For the applicant who files a request for extension of the validity of the security clearance, the competent services referred to in Article 50 of this Law shall carry out a new vetting procedure according to the classification level of the information to be released to him. Article 54 In case it is determined that the individual does not handle the classified information according to this Law or that any of the conditions, on the basis of which the security clearance has been issued, is no longer met, the Director of the Directorate shall bring a decision to terminate the validity of the security clearance for that individual even before the expiry of its validity. The decision referred to in paragraph 1 of this Article shall not include a ratio about the reasons for terminating the validity of the security clearance. Article 55 Unless the conditions referred to in paragraphs 46, 47 and 48 of this Law are met, the Director of the Directorate may bring a decision to refuse the request for issuing a security clearance. The decision referred to in paragraph 1 of this Article shall not include a ratio about the reasons for refusing the request for issuing a security clearance. The individual whose request has been refused may appeal to the competent secondary commission of the Government against the decision referred to in paragraph 1 of this Article. Article 56 The appeal referred to in Article 55 paragraph 3 of this Law shall be filed within 15 days from the day of the receipt of the decision, via the body that has brought the decision to the competent secondary commission of the Government. The decision referred to in paragraph 1 of this Article brought by the Commission shall be final. 16

17 Article 57 Validity of the security clearance shall be terminated by force of law: - upon expiry of its validity; - with the ending of the function of the individuals referred to in Article 36of this Law; - with the termination of the requirement for having access to classified information according to the principle of need-to-know ; and - with the death of the natural person or the termination of existence of the legal entity. Article 58 The validity of the access permit for classified information shall terminate: - upon expiry of the time-line indicated in the access permit; - upon accomplishing the relevant task; - if a new request for extending the validity of the access permit has not been submitted before the expiry of its validity; and - if the requirement for issuing the access permit has ceased to exist or has been changed. Article 59 The obligation for protection of the secrecy of the classified information shall continue beyond the termination of the validity of the security clearance, in line with Article 16 of this Law. In case of an emerged necessity during court proceedings or a procedure in front of a relevant body, the individual is obliged to provide a prior consent from the originator of the information for exemption from the obligation for keeping the secrecy of the classified information. Article 60 The Directorate shall keep records of the issued security clearances and the filled out security questionnaires. The Directorate shall keep a separate record of the issued access permits for classified information in the Republic of Macedonia. The contents, form and way of keeping the records referred to in paragraphs 1 and 2 of this Article shall be prescribed by the Director of the Directorate with a Set of Rules. 17

18 CHAPTER FOUR Bodies for protection of classified information Article 61 The state bodies, organizations, institutions and other legal entities shall be obliged to create conditions necessary for protection of classified information and to take on measures for eliminating the negative consequences should such information be disclosed. The Directorate and the users of the classified information shall prepare emergency plans for the protection of classified information. In order to ensure efficient and coordinated execution of the rights and obligations concerning the classified information, all users of classified information referred to in paragraph 1 of this Article shall designate an authorized person. The person referred to in paragraph 3 of this Article is required to have a relevant security clearance. Directorate for Security of Classified Information Article 62 The Directorate shall be a standalone body of the state administration with capacity of a legal entity. The Directorate shall: - ensure continuous application of the international standards and norms while taking on the measures and activities for protection of the classified information; - coordinate the activities for ensuring protection of the classified information with the state bodies and the institutions that exchange classified information with foreign states and international organizations; - prepare, organize, apply and monitor the application of the measures and activities for ensuring protection of classified information that has been released to the Republic of Macedonia by foreign states and international organizations; - take on activities for protection of the classified information that the Republic of Macedonia has released to foreign states and international organizations; - participate in the process of developing plans and programs of the Republic of Macedonia for membership in international organizations related to the protection of classified information; - plan and accomplish international cooperation for protection and exchange of classified information; - recommend measures for enhancing the protection of classified information; 18

19 - initiate entering into international agreements with foreign states and international organizations related to the exchange of classified information; - initiate developing of security plans for protection of classified information in emergencies; - educate the users of classified information and the interested bodies, organizations and individuals in the Republic of Macedonia; and - accomplish other tasks regulated with this Law and other legal acts. The Directorate shall prepare an annual plan and report for its work that shall be subject to adoption by the Government. Registries and Control Points Article 63 For the purpose of accomplishing the works concerning foreign classified information within the scope of responsibility of the Directorate, Central Registry, registries and control points shall be established. The Central Registry of classified information shall be kept in the Directorate, while registries and control points shall be kept within the ministries and other bodies of the state administration and other state bodies where foreign classified information are received and registered continuously. The registries and control points referred to in paragraph 1 of this Article shall forward information necessary for accomplishing the work of the Directorate and the exchange of classified information with foreign countries. Upon a proposal by the Directorate, the Government shall determine the number of registries and control points with a Decision. The exchange of classified information from the Republic of Macedonia with foreign states and international organizations shall be accomplished via the Directorate, unless otherwise regulated by another law or international agreement. Article 64 The Directorate shall inform the competent bodies of the foreign states and international organizations about the security of the classified information exchanged and shall be informed by them about the security of the classified information released to them by the Republic of Macedonia. Article 65 Upon a request by the Directorate, the state bodies, the bodies of the units of local self-government, the organizations, the institutions and the other legal entities and 19

20 natural persons shall give information to the Directorate for the purpose of accomplishing the tasks within its scope of responsibility. Article 66 The Director of the Directorate shall be appointed and discharged by the Government. The Director shall be appointed for a mandate of 4 years. Article 67 The leading personnel in the Directorate and the other employees who accomplish specific tasks shall be persons with specific duties and authorization. The act on systematic design of posts in the Directorate shall determine the posts with specific duties and authorization in the connotation of the paragraph 1 of this Article. The salary of the employees referred to in paragraph 1 of this Article shall be up to 30% higher than the salary of the other workers with appropriate qualifications. Employees with specific duties and authorization cannot accomplish other activities unconnected to their duties. The employees of the Directorate shall have identification cards issued by the Director of the Directorate. The Director of the Directorate shall prescribe the pattern of the identification card and the issuing procedure with a Set of Rules. CHAPTER FIVE Plans and programs for the work of the Directorate and budgeting of the Directorate Article 68 The work of the Directorate shall be guided and accomplished according to the relevant principles, norms and procedures of the Planning, Programming and Budgeting System. The Government shall determine the plans, programs and the finances necessary for their completion, as well as the way of their developing, their contents and structure with a Decree. 20

21 Article 69 The finances necessary to meet the requirements of the Directorate shall be provided from the Budget of the Republic of Macedonia. The finances necessary to meet the requirements of the Directorate may also be provided from other sources, according to a law. The finances for the state bodies necessary for the protection, use and international exchange of the classified information shall be provided from the Budget of the Republic of Macedonia within the framework of the budgets of those bodies. The trade associations, public enterprises, institutions and services of specific importance for the protection, use and international exchange of classified information shall provide finances from their own sources and from the financial and material assets of the Republic of Macedonia. CHAPTER SIX Supervision Article 70 The supervision for the purpose of applying this law and the other regulations concerning the classified information shall be exercised by a General Inspector for Security of Classified Information (hereinafter referred to: General Inspector). The rights, obligations and authorities of the General Inspector referred to in paragraph 1 of this Article shall be regulated by a separate Law. The Law referred to in paragraph 2 of this Article shall be passed within a period of one year from the day of entering into force of this Law. Article 71 Authorized persons - inspectors, designated by the Government with a Decision, shall support the work of the General Inspector. Authorized person, as referred to in paragraph 1 of this Article inspector can be any person employed at the Directorate, with appropriate higher education and working experience of at least five years in the area of security of classified information or a related field. Supervision as referred to in Article 72 of this Law in state bodies, trade associations, public enterprises, institutions and services of specific importance for the protection, use and international exchange of classified information shall be exercised in line with the Law on the General Inspector for Security of Classified Information. 21

22 Article 72 While exercising the supervision referred to in Article 71 of this Law, the inspectors shall be authorized to: - inspect the application of this Law and the other regulations concerning the security of classified information; and - recommend measures for removal of the occurred irregularities and deficiencies in an established time frame. While exercising supervision, the inspectors are obliged to give assistance in the application of the laws and other regulations concerning the classified information. Article 73 The inspectors shall make a Report from the inspection and shall submit it to the responsible person where the inspection has been carried out and to the General Inspector. The Report referred to in paragraph 1 of this Article shall illustrate the acknowledged situation and the measures and time frames recommended for removal of the irregularities and deficiencies. The responsible person referred to in paragraph 1 of this Article is obliged to take up actions according to the Report and to inform the inspector about the implemented measures. If during the inspection the inspector determines that the violation of the relevant regulation represents an offence of a criminal action, he shall file a request or a denunciation to the competent body to take up an appropriate action. Closer provisions on the way of exercising supervision shall be regulated in the Law on the General Inspector for Security of Classified Information. CHAPTER SEVEN Punitive provisions Article 74 For an offense, the authorized person shall be fined with an amount between DEN 1,000 and DEN 50,000 or imprisoned from 5 to 90 days if: - (s)he does not take on the activities necessary for reception, processing, identification of users and does not forward the classified information to them (Article 22, paragraphs 2 and 3); - (s)he does not implement the measures for administrative, personnel, physical, information and industrial security (Article 24); - (s)he has issued a security clearance to the individual who in the request submitted to the Directorate for issuing a security clearance has given incorrect 22

23 information in the security questionnaire or has submitted inappropriate documents prescribed with this Law (Article 35, paragraph 1; Article 38 and Article 42, paragraph 2); and - the person does not handle the classified information in line with the provisions of this Law (Article 54, paragraph 1). Article 75 For an offense, the legal entity shall be fined with an amount between DEN 10,000 and DEN 300,000 if it attaches evidence that do not correspond to its real financial and economic condition when submitting the request for issuing a security clearance (Article 40). Article 76 Within the limits of the fine for the offense prescribed with this Law, the perpetrator shall also be punished for an attempted offence. CHAPTER EIGHT Transitional and final provisions Article 77 TOP SECRET shall be the highest level of classified information. On the day of entering into force of this Law, the classified information marked with the type of classification OFFICIAL SECRET, MILITARY SECRET and BUSINESS SECRET and the level of classification SECRET, CONFIDENTIAL and RESTRICTED shall obtain the following equivalents: - OFFICIAL SECRET, MILITARY SECRET and BUSINESS SECRET information classified with SECRET is equivalent to SECRET; - OFFICIAL SECRET, MILITARY SECRET and BUSINESS SECRET information classified with CONFIDENTIAL is equivalent to CONFIDENTIAL; and - OFFICIAL SECRET, MILITARY SECRET and BUSINESS SECRET information classified with RESTRICTED is equivalent to RESTRICTED. The classified information marked with the type of classification OFFICIAL SECRET, MILITARY SECRET and BUSINESS SECRET and the level of classification SECRET, CONFIDENTIAL and RESTRICTED that has been originated until the day of entering into force of this Law shall keep the type and level of classification according to the regulations that have been into force on the day of their origination. 23

24 If any of the classified information referred to in paragraphs 2 and 3 of this Article is subject to an international exchange, it shall be classified according to the provisions of this Law. Article 78 The regulations regulating the issues on classified information shall be harmonized with the provisions of this Law in a period of one year starting from the day of entering into force of the Law. Article 79 The by-laws envisaged with this Law shall be passed within six months from the day of its entering into force. Article 80 On the day of entering into force of this Law, the National Security Authority of the Republic of Macedonia in NATO Context, established with the Decision for Establishing the National Security Authority of the Republic of Macedonia in NATO Context ( Official Gazette of the Republic of Macedonia, no. 21/02), shall continue functioning as a Directorate for Security of Classified Information. The Director of the National Security Authority of the Republic of Macedonia in NATO Context shall act as Director of the Directorate until the appointment of the Director of the Directorate. The Directorate for Security of Classified Information shall take over the employees, building, equipment, archive and the other devices of the National Security Authority of the Republic of Macedonia in NATO Context. On the day of entering into force of this Law, the Directorate shall use the budget envisaged for 2004 for the National Security Authority of the Republic of Macedonia in NATO Context, according to the established pace and purposes, in line with the actions established with the existing regulations. Article 81 The security clearances that are in process of issuing until the day of entering into force of this Law shall be issued according to the existing regulations. The security clearances issued until the day of entering into force of this Law shall be used until the termination of their validity, but no longer than two years. 24

25 Article 82 The validity of the Decision for Establishing the National Security Authority of the Republic of Macedonia in NATO Context ( Official Gazette of the Republic of Macedonia, no. 21/02) shall terminate on the day of entering into force of this Law. Article 83 This Law shall enter into force on the eight day from the day of its publication in the Official Gazette of the Republic of Macedonia. 25