The reform is an essential step to strengthening citizens’ fundamental rights in the digital age and facilitating business by simplifying rules for companies in the Digital Single Market.

What will change under the General Data Protection Regulation?

The Regulation updates and modernises the principles enshrined in the 1995 Data Protection Directive to guarantee privacy rights. It focuses on:

• reinforcing individuals’ rights;
• strengthening the EU internal market;
• ensuring stronger enforcement of the rules;
• streamlining international transfers of personal data and;
• setting global data protection standards.

The changes will give people more control over their personal data and make it easier to access it. They are designed to make sure that people’s personal information is protected – no matter where it is sent, processed or stored – even outside the EU, as may often be the case on the internet.

What are the benefits for citizens?

The reform provides tools for gaining control of one’s personal data, the protection of which is a fundamental right in the European Union. The data protection reform will strengthen citizens’ rights and build trust.

Nine out of ten Europeans have expressed concern about mobile apps collecting their data without their consent, and seven out of ten worry about the potential use that companies may make of the information disclosed. The new rules address these concerns through:

• A “right to be forgotten”: When an individual no longer wants her/his data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be deleted. This is about protecting the privacy of individuals, not about erasing past events or restricting freedom of the press.

• Easier access to one’s data: Individuals will have more information on how their data is processed and this information should be available in a clear and understandable way. A right to data portability will make it easier for individuals to transmit personal data between service providers.

• The right to know when one’s data has been hacked: Companies and organisations must notify the national supervisory authority of data breaches which put individuals at risk and communicate to the data subject all high risk breaches as soon as possible so that users can take appropriate measures.

• Data protection by design and by default: ‘Data protection by design’ and ‘Data protection by default’ are now essential elements in EU data protection rules. Data protection safeguards will be built into products and services from the earliest stage of development, and privacy-friendly default settings will be the norm – for example on social networks or mobile apps.

Right to be forgotten: How will it work?

Already the current Directive gives individuals the possibility to have their data deleted, in particular when the data is no longer necessary. For example, if an individual has given her or his consent to processing for a specific purpose (such as display on a social networking site) and does not want this service anymore, then there is no reason to keep the data in the system.

In particular, when children have made data about themselves accessible – often without fully understanding the consequences – they must not be stuck with the consequences of that choice for the rest of their lives.

This does not mean that on each request of an individual all his personal data are to be deleted at once and forever. If, for example, the retention of the data is necessary for the performance of a contract, or for compliance with a legal obligation, the data can be kept as long as necessary for that purpose.

The proposed provisions on the “right to be forgotten” are very clear: freedom of expression, as well as historical and scientific research are safeguarded. For example, no politician will be able to have their earlier remarks deleted from the web. This will thus allow, inter alia, news websites to continue operating on the basis of the same principles.

Is there specific protection for children?

Yes, the Regulation recognises that children deserve specific protection of their personal data, as they may be less aware of risks, consequences, safeguards and their rights in relation to the processing of personal data. For instance, they benefit from a clearer right to be forgotten.

When it comes to information society services offered directly to a child, the Regulation foresees that consent for processing the data of a child must be given or authorised by the holder of the parental responsibility over the child. The age threshold is for Member States to define within a range of 13 to 16 years.

The aim of this specific provision aims at protecting children from being pressured to share personal data without fully realising the consequences. It will not to stop teenagers from using the Internet to get information, advice, education etc. Moreover, the Regulation specifies that the consent of the holder of parental responsibility should not be necessary in the context of preventive or counselling services offered directly to a child.

What are the benefits for businesses?

The reform provides clarity and consistency of the rules to be applied, and restores trust of the consumer, thus allowing undertakings to seize fully the opportunities in the Digital Single Market.

Data is the currency of today’s digital economy. Collected, analysed and moved across the globe, personal data has acquired enormous economic significance. According to some estimates, the value of European citizens’ personal data has the potential to grow to nearly €1 trillion annually by 2020. By strengthening Europe’s high standards of data protection, lawmakers are creating business opportunities.

The data protection reform package helps the Digital Single Market realise this potential through:

• One continent, one law: a single, pan-European law for data protection, replacing the current inconsistent patchwork of national laws. Companies will deal with one law, not 28. The benefits are estimated at €2.3 billion per year.

• One-stop-shop: a ‘one-stop-shop’ for businesses. Companies will only have to deal with one single supervisory authority, not 28, making it simpler and cheaper for companies to do business in the EU.

• The same rules for all companies – regardless of where they are established: Today European companies have to adhere to stricter standards than companies established outside the EU but also doing business in our Single Market. With the reform, companies based outside of Europe will have to apply the same rules when they offer goods or services on the EU market. This creates a level playing field.

• Technological neutrality: the Regulation enables innovation to continue to thrive under the new rules.

What is the one-stop shop?

Within a single market for data, identical rules on paper are not enough. The rules must be applied in the same way everywhere. The ‘one-stop-shop’ will streamline cooperation between the data protection authorities on issues with implications for all of Europe. Companies will only have to deal with one authority, not 28. It will ensure legal certainty for businesses. Businesses will profit from faster decisions, from one single interlocutor (eliminating multiple contact points), and from less red tape. They will benefit from consistency of decisions where the same processing activity takes place in several Member States. Individuals will have more control.

How will that help business?

The new right to data portability will allow individuals to move their personal data from one service provider to another. Start-ups and smaller companies will be able to access data markets dominated by digital giants and attract more consumers with privacy-friendly solutions. This will make the European economy more competitive.

Example: Benefits for individuals, benefits for businesses

A new small company wishes to enter the market offering an online social media sharing website. The market already has big players with a large market share. Under the current rules, each new customer will have to consider starting over again with the personal data they wish to provide to be established on the new website. This can be a disincentive for some people considering switching to the new business.

With the Data Protection Reform: The right to data portability will make it easier for potential customers to transfer their personal data between service providers. This allows customers to exercise control over their personal data, and at the same time fosters competition and encourages new businesses in the marketplace.

What are the benefits for SMEs?

The data protection reform is geared towards stimulating economic growth by cutting costs and red tape for European business, also for small and medium enterprises (SMEs). By having one rule instead of 28, the EU’s data protection reform will help SMEs break into new markets. In a number of cases, the obligations of data controllers and processors are calibrated to the size of the business and/or to the nature of the data being processed. For example:

• SMEs need not appoint a data protection officer unless their core activities require regular and systematic monitoring of the data subjects on a large scale, or if they process special categories of personal data such as that revealing racial or ethnic origin or religious beliefs. Moreover, this will not need to be a full-time employee but could be an ad-hoc consultant, and therefore, would be much less costly.

• SMEs need not keep records of processing activities unless the processing they carry out is not occasional or likely to result in a risk for the rights and freedoms of data subject.

• SMEs will not be under an obligation to report all data breaches to individuals, unless the breaches represent a high risk for their rights and freedoms.

How will the new rules save money?

The Regulation will establish a single, pan-European law for data protection meaning that companies can simply deal with one law, not 28. The new rules will bring benefits of an estimated €2.3 billion per year.

Example: Cutting costs

A chain of shops has its head office in France and franchised shops in 14 other EU countries. Each shop collects data relating to clients and transfers it to the head office in France for further processing.

With the current rules: France’s data protection laws would apply to the processing done by head office, but individual shops would still have to report to their national data protection authority, to confirm they were processing data in accordance with national laws in the country where they were located. This means the company’s head office would have to consult local lawyers for all its branches to ensure compliance with the law. The total costs arising from reporting requirements in all countries could be over €12,000.

With the Data Protection Reform: The data protection law across all 14 EU countries will be the same – one European Union – one law. This will eliminate the need to consult with local lawyers to ensure local compliance for the franchised shops. The result is direct cost savings and legal certainty.

How will the Data Protection Reform encourage innovation and use of big data?

According to some estimates, the value of European citizens’ personal data could grow to nearly €1 trillion annually by 2020. The new EU rules will offer flexibility to businesses all while protecting individuals’ fundamental rights.

‘Data protection by design and by default’ will become an essential principle. It will incentivise businesses to innovate and develop new ideas, methods, and technologies for security and protection of personal data. Used in conjunction with data protection impact assessments, businesses will have effective tools to create technological and organisational solutions.

The Regulation promotes techniques such as anonymisation (removing personally identifiable information where it is not needed), pseudonymisation (replacing personally identifiable material with artificial identifiers), and encryption (encoding messages so only those authorised can read it) to protect personal data. This will encourage the use of “big data” analytics, which can be done using anonymised or pseudonymised data.

Example: Driverless cars

The driverless cars technology requires important data flows, including the exchange of personal data. Data protection rules go hand in hand with innovative and progressive solutions. For example, in case of a crash, cars equipped with eCall emergency call system can automatically call the nearest emergency centre. This is an example of a workable and efficient solution in line with EU data protection principles.

With the new rules, the function of eCall will become easier, simpler and more efficient in terms of data protection. It is a data protection principle that when personal data is collected for one or more purposes it should not be further processed in a way that is incompatible with the original purposes. This does not prohibit processing for a different purpose or restrict ‘raw data’ for use in analytics.

A key factor in deciding whether a new purpose is incompatible with the original purpose is whether it is fair. Fairness will consider factors such as; the effects on the privacy of individuals (e.g. specific and targeted decisions about identified persons) and whether an individual has a reasonable expectation that their personal data will be used in the new way.

So in the case of driverless cars, raw data can be used to analyse where the most accidents take place and how future accidents could be avoided. It can also be used to analyse traffic flows in order to reduce traffic jams.

Businesses should be able to anticipate and inform individuals of the potential uses and benefits of big data – even if the exact specifics of the analysis are not yet known. Businesses should also think whether the data can be anonymised for such future processing. This will allow raw data to be retained for big data, while protecting the rights of individuals.

The new data protection rules provide businesses with opportunities to remove the lack of trust that can affect people’s engagement with innovative uses of personal data. Providing individuals with clear, effective information will help build trust in analytics and innovation. The information to be provided is not exactly how the data is to be processed, but the purposes for which it will be processed.

The apparent complexity of innovated products and big data analytics is not an excuse for failing to seek consent of people where it is required. However, consent is not the only basis for processing.

Companies are free to base processing on a contract, on a law or, on, in the absence of other bases, on a “balancing of interests”. These ‘formal requirements’, such as consent, are set out in the rules to provide the necessary control by individuals over their personal data and to provide legal certainty for everyone. The new EU rules will provide flexibility on how to meet those requirements.

How will the European Data Protection Board work?

Currently all European data protection authorities meet under the “Article 29 Working Party”, as set up under Article 29 of the Data Protection Directive (Directive 95/46/EC). This body will be replaced by the European Data Protection Board (EDPB), which will be composed of representatives from the national data protection authority of each EU Member State, the European Data Protection Supervisor and the Commission (without voting right). The EDBP Chair will be chosen from among its members. In the same way as the Article 29 Working Party, the EDPB will monitor the correct application of the new data protection rules, advise the European Commission on any relevant issue, and give advice and guidance on a variety of topics related to data protection. The novelty of the GDPR is that the EDPB will also issue binding decisions in the case of   certain disputes between national data protection authorities thus fostering the consistent application of data protection rules throughout the EU.

What penalties will there be for businesses if they break the new data protection rules?

The General Data Protection Regulation establishes a range of tools for enforcing the new rules, including penalties and fines. When it comes to deciding on an appropriate fine, each case will be carefully assessed and a range of factors will be taken into account:

• the gravity/ duration of the violation;
• the number of data subjects affected and level of damage suffered by them;
• the intentional character of the infringement;
• any actions taken to mitigate the damage;
• the degree of co-operation with the supervisory authority.

The regulation sets two ceilings for fines if the rules are not respected. The first ceiling sets fines up to a maximum of €10 million or, in case of an undertaking, up to 2% of worldwide annualturnover. This first category of fine would be applied for instance if a controllers does to conduct impact assessments, as required by the Regulation. The higher ceiling of fines reaches up to a maximum of €20 million or 4% of worldwide annual turnover. An example would be an infringement of the data subjects’ rights under the Regulation. Fines are adjusted according to the circumstances of each individual case.

How does the GDPR protect personal data in case of cyberattacks?

• The GDPR contains an obligation that personal data should be processed in a manner that ensures appropriate security of personal data, including for preventing unauthorised access to or use of personal data and the equipment used for the processing. Therefore, the controller or processor should evaluate the risks inherent in the processing of personal data and implement measures to mitigate those risks. (Art. 32 of the GDPR)

• Data controllers will need to inform data subjects about data breaches without undue delay. This obligation will be relevant where that personal data breach is likely to result in a high risk to the rights and freedoms of the natural person in order to allow him or her to take the necessary precautions. (Article 33 of the GDPR)

• Data controllers will also have to notify the relevant data protection supervisory authority, unless the controller is able to demonstrate that the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Such notifications shall be submitted without undue delay and, where feasible, in general not later than 72 hours after having data controllers become aware of it. (Article 34 of the GDPR)

• The GDPR contains clear rules on conditions for imposing administrative fines. Data protection authorities will be able to fine companies who do not comply with EU rules, if they have for instance not informed their clients that they’re data have been breached or the data protection authorities.

How will the new rules work in practice?

Example:a multinational company with several establishments in EU Member States has an online navigation and mapping system across Europe. This system collects images of all private and public buildings, and may also take pictures of individuals.

With the current rules: The data protection safeguards upon data controllers vary substantially from one Member State to another. In one Member State, the deployment of this service led to a major public and political outcry, and some aspects of it were considered to be unlawful. The company then offered additional guarantees and safeguards to the individuals residing in that Member State after negotiation with the competent DPA, however the company refused to commit to offer the same additional guarantees to individuals in other Member States. Currently, data controllers operating across borders need to spend time and money (for legal advice, and to prepare the required forms or documents) to comply with different, and sometimes contradictory, obligations.

With the new rules: The new rules will establish a single, pan-European law for data protection, replacing the current inconsistent patchwork of national laws. Any company – regardless of whether it is established in the EU or not – will have to apply EU data protection law should they wish to offer their services in the EU.

Example: a small advertising company wants to expand its activities from France to Germany.

With the current rules: Its data processing activities will be subject to a separate set of rules in Germany and the company will have to deal with a new regulator. The costs of obtaining legal advice and adjusting business models in order to enter this new market may be prohibitive. For example, some Member States charge notification fees for processing data.

With the new rules: The new data protection rules will scrap all notification obligations and the costs associated with these. The aim of the data protection regulation is to remove obstacles to cross-border trade.

What about the Data Protection Directive for the police and criminal justice sector?

The Police Directive ensures the protection of personal data of individuals involved in criminal proceedings, be it as witnesses, victims, or suspects. It will also facilitate a smoother exchange of information between Member States’ police and judicial authorities, improving cooperation in the fight against terrorism and other serious crime in Europe. It establishes a comprehensive framework to ensure a high level of data protection whilst taking into account the specific nature of the police and criminal justice field.

How does the Data Protection Directive for the police and criminal justice sector impact law enforcement operations?

Law enforcement authorities will be able to exchange data more efficiently and effectively. By further harmonising the 28 different national legislations, the common rules on data protection will enable law enforcement and judicial authorities to cooperate more effectively and more rapidly with each other. It will facilitate the exchange of personal data necessary to prevent crime under conditions of legal certainty, fully in line with the Charter of Fundamental Rights.

Criminal law enforcement authorities will no longer have to apply different sets of data protection rules according to the origin of the personal data, saving time and money.

The new rules will apply to both domestic processing and cross-border transfers of personal data. Having more harmonised laws in all EU Member States will make it easier for our police forces to work together. The rules in the Directive take account the specific needs of criminal law enforcement and respect the different legal traditions in Member States.

How does the Directive affect citizens?

Individuals’ personal data will be better protected. The Directive protects citizens’ fundamental right to data protection when data is used by criminal law enforcement authorities. Everyone’s personal data should be processed lawfully, fairly, and only for a specific purpose. All law enforcement processing in the Union must comply with the principles of necessity, proportionality and legality, with appropriate safeguards for the individuals. Supervision is ensured by independent national data protection authorities and effective judicial remedies must be provided.

The Directive also provides clear rules for the transfer of personal data by criminal law enforcement authorities outside the EU, to ensure that these transfers take place with an adequate level of data protection. The directive provides robust rules on personal data exchanges at national, European and international level.

How does the Directive affect the work of criminal law enforcement?

Having the same law in all EU Member States will make it easier for our criminal law enforcement authorities to work together in exchanging information. This will increase the efficiency of criminal law enforcement and thus create conditions for more effective crime prevention.

This is also why the Data Protection Directive is considered a key element of the development of the EU’s area of freedom, security and justice and a building block of the EU Agenda on Security. The Directive replaces Framework Decision 2008/977/JHA which previously governed data processing by police and judicial authorities.

The entry into force of the Lisbon Treaty and, in particular, the introduction of a new legal basis (Article 16 TFEU) allows the establishment of a comprehensive data protection framework in the area of police and judicial cooperation in criminal matters. The new framework will cover both cross-border and domestic processing of personal data.

For more information

Statement/17/1436

Are you a senior scientist with experience of work within scientific advisory bodies, covering disciplines within EFSA’s areas of responsibility – from chemistry and toxicology to microbiology, plant diseases and statistics, amongst others? Do you have the skills and experience to advise EFSA on how it should carry its crucial assessment work? Then you should consider applying as an expert for the Scientific Committee, the nerve centre of EFSA’s science.

What does the Scientific Committee do?

The Scientific Committee helps EFSA develop harmonised risk assessment methodologies and ensure consistency across its Scientific Panels. It also carries out risk assessments that impact more than one food/feed chain sector. The Committee also provides strategic scientific advice to EFSA’s management on key scientific issues and oversees EFSA’s scientific publishing through the EFSA Journal. See the Scientific Committee page for more details.

Recent high-profile work includes topics such as endocrine disruptors, edible insects and cloning while important upcoming work includes approaches for assessing chemical mixtures.

Save the date: 1 June 2017

Have we managed to tweak your interest? Then register now on EFSA’s website and prepare your application in advance so that you can submit it between 1 June and 8 September 2017.

Would you like to know more?

Read the story on Food safety scientists wanted. Join EFSA’s scientific panels or watch our videos on endocrine disruptors, chemical mixtures and bee health.

EFSA has launched a public consultation on its draft guidance on the assessment of the safety of feed additives for the consumer.

The guidance document is intended to assist the applicant in the preparation and presentation of an application for the authorisation of a feed additive. It specifies what kind of information and data applicants need to include in their dossiers to allow EFSA to assess the safety of a feed additive for the consumer of animal products.

EFSA invites interested parties to submit written comments by 21 July 2017.

EFSA has launched a public consultation on its draft guidance on the identity, characterisation and conditions of use of feed additives.

The guidance document is intended to assist applicants in the preparation and presentation of an application for authorisation of a feed additive. It specifies what kind of information and data applicants need to include in the dossier to properly identify and characterise a feed additive.

EFSA invites interested parties to submit written comments by 7 July 2017.

Brussels, 23 May 2017

Check against delivery!

First of all, it was an honour and a pleasure for me to be able to host the second Quartet meeting. We had a very fruitful first meeting in Cairo few months ago, on the 18th of March, and we used this opportunity today to assess developments in Libya since our last meeting and coordinate our work to advance the political process and assist Libya in its democratic transition.
I will present to you the main results of our Joint Communiqué being sure that you will have the full text immediately after our press conference and then I will leave to my friends and colleagues to reply to most of your questions. Since we have exchanged for several hours today on common positions, each of us can easily speak on the name of the others.

Today we committed again to the sovereignty, independence, territorial integrity and national unity of Libya and its institutions under the Libyan Political Agreement. We underscored the urgent need for a Libyan-led peaceful resolution of the political crisis and reiterated our rejection of the threat or use of armed forces by any Libyan party.

We strongly condemned the unprovoked attack on Brak al-Shati last week and all acts of violence. We called on all parties to refrain from further violence and any act that may undermine ongoing work to find a negotiated solution to the conflict.

We reiterated the importance we attach on consolidating stability and security along Libya’s borders. We commended the efforts by the Constitutional Drafting Assembly to finalise a draft constitution to be concluded as soon as possible and pave the way to general and presidential elections.

We encouraged all Libyan parties to engage in constructive and inclusive talks – and I will stress the word “inclusive”. We underlined during our talks today the importance of having inclusiveness at the core of this political process.
We welcomed all efforts and encouraging progress resulting from recent meetings between Libyan stakeholders and in particular between Prime Minister [of the Government of National Accord and Chairman of the Presidential Council of Libya, Fayez] al-Sarraj and Field Marshal [Khalifa] Haftar in Abu Dhabi in May and between the President of the House of Representatives, Agila Saleh and the President of the High State Council, [Abdulrahman] Sewehli in Rome in April this year.

We welcomed the appointment of dialogue committees by both the House of Representatives and the High State Council and urged them to seek consensus on outstanding issues to ensure the full implementation of the Libyan Political Agreement.

We expressed our appreciation for ongoing regional efforts to support the Libyan political process, in particular the meeting of Libya’s Neighbours held in Algiers this May.

We expressed our concern about the economic situation in Libya, underlined the need for the Libyan authorities to tackle the serious and urgent fiscal and monetary challenges facing the country and we reiterated our support to the coordination role of the United Nations and encouraged the United Nations to take the lead in any effort to facilitate a limited amendment of the Libyan Political Agreement.

We exchanged in-depth about the future steps to be taken, in particular we decided that our teams will continue to work closely together on a daily basis as they have done so far. But as I told you we exchanged information, analysis, decisions on the next steps to accompany a Libyan process that will see our four organisations committed to do it in the most coordinated, united and effective manner.

We also discussed that the venue of our next meeting will be Addis Abeba, hosted by the African Union. But obviously we will take every opportunity to meet if there will be the need to do so at any earliest convenience. Our contacts and our coordination will continue to be essential for the coordination of the efforts and the work of all our Member States. Together, we can really send to all the Libyans a message of unity that can hopefully – Inch’Allah – encourage their own unity.

Thank you.

Q&A:

Q. A question to you four mainly. Mme Mogherini, the European Union is supporting Mr [Fayez al-] Sarraj government as many, as the international community, but Mr [Fayez al-] Sarraj government, or part of it, or his allies in Misrata are responsible for the military attack in the South of Libya. If there is no external military intervention in this country, is it possible to imagine that you, as international community representatives, can take action against those militia who are responsible of putting in danger the whole political process? And I have another question, if the Arab League, the African Union, the European Union, can do something for those who are suffering in the migration camps inside Libya? And there are enough sad reports about that.

I will maybe take the last part of your question and leave the first part to my colleagues and friends.
We discussed about this at length and we agreed on the fact that it is useful for us to clarify completely that the support we give to the legitimate institutions in Tripoli and to [Fayez al-] Sarraj is not something that comes from the UN or from the EU, but from all the four of us together. It is the entire community that works with the legitimate Libyan institutions in the framework of the Libyan Political Agreement with a view of ensuring the inclusiveness of the process and the need for different parties of the country and different stakeholders to come together. And as I said, we welcomed very much the recent meetings that took place in this direction and we will encourage further steps in this direction. But maybe on this Martin Kobler can elaborate more.

On the presence of the migrants inside Libya and in particular in the detention centres, I can tell you about the work that the European Union is doing with the International Organisation for Migrations [IOM] and the UNHCR [United Nations High Commissioner for Refugees]. I met the IOM Director [General, William Lacy] Swing just the day before yesterday in Jordan. We are supporting the presence and the work of the IOM inside Libya with a very substantial financial package so that the IOM can operate inside the detention centres – guaranteeing living conditions, human rights standards at international level inside the camps in Libya. We often talk with the Libyan authorities at different levels to encourage their cooperation with the IOM and the work that the IOM is doing, is trying to do and is trying to increase inside Libya, is for us another way of saving lives. This has to be done at sea, as we are doing with our Operation Sophia. This has to be done in the desert, in particular in Niger where people and lives have to be saved before they enter Libya. But this has to be done also inside Libya and we see the IOM and the UNHCR as the key actors to guarantee the rights of the migrants, protect their lives, and also – as it is happening already – assist them if they wish to return in their countries of origin. Since the beginning of the year, the IOM, with our assistance, has already organised more returns from Libya to the countries of origin than in the entire last year. It is still not enough but the European Union and the IOM are working to try to solve this – especially for humanitarian reasons.

Q. I wanted to go back to the relationship between Prime Minister [Fayez al-] Sarraj and General [Khalifa] Haftar. Before, especially from the EU, the message was about supporting the UN recognised government. Today, Mme Mogherini, you are talking more and more about inclusiveness. Do you think we are coming to a point where politically the moment to miss building up to give General [Khalifa] Haftar a bigger role or maybe a role at part where [Fayez al-] Sarraj or any new unity – the unity government that could emerge in Libya? Before we were more expecting him to become the Defence Minister under [Fayez al-] Sarraj. He clearly thinks he can do better or have a more prominent role. So, do you think we are in a place of political messaging changing from the outside?

On our side we have always talked about inclusiveness; we have always recognized that the Libyan Political Agreement is the framework and the legitimacy of the Libyan authorities derives from that agreement including the legitimacy of the House of Representatives – that does not recognise necessarily the legitimacy of other institutions deriving from that same agreement.

This to say that it is not for us as European Union – or I believe any of us – to determine who does what in Libya, but we are united in saying that Libya has to find an institutional setting with a legitimate basis that can allow also the international organisations and institutions to relate with the country’s authorities and support the Libyan people in difficult circumstances. First of all, the fight against terrorism – let’s not forget it.  As Martin was saying, Libya is a rich country, Libya is a country that can easily find its own way by itself but is also facing some challenges.

Our only purpose is to accompany the Libyans along this road and to make sure that no one lives with the illusion that one side can win against the other. We have always united our voices in saying that Libya needs all Libyans and that the unity of Libya – East, South, West, different parts of the country – can together overcome the current challenges the country is facing and offer to the Libyan population a peace perspective better than the past years they have experienced.

It is not up to us to determine who does what, it is up to the Libyans to agree in which way they will share responsibilities in the framework of the legitimate internationally recognised Libyan Political Agreement with – as Martin [Kobler] said – eventual amendments to be decided among the Libyan parties.
This is the only thing we care about and you will find unity among us and unity as far as I see also among the neighbouring countries on the need for the different Libyan stakeholders to come together within the international framework that is recognised.

And this is why our joint messaging in this respect is so important because, really, the fact of us being together in passing this message of unity, our encouragement – encouragement, I would like to underline this – towards an inclusive dialogue, a constructive dialogue, we hope can really strengthen the actors that are in this moment signalling readiness to engage.

Q. I have something else for Mme Mogherini, it has nothing to do with Libya but with what happened last night in Manchester United. Are you going to take some strong actions to save your citizens since it looks like this type of attack is increasing more and more in a lot of European countries?

I will say a few words on the attack in Manchester if you allow me.
This is a very sad day for Europe and for all of us. I would like to take the opportunity also to thank our friends from the African Union, from the Arab League, from the UN for the solidarity and the condolences expressed today.

For all of us, rightly so, because we are together in this,  in the suffering and in the reaction. In Europe, in the Arab world, in Africa, elsewhere in the world, terrorists attack a way of living, a way of seeing life. In this particular case, it was particularly dramatic, the fact that it was hitting a concert where teenagers or pre-teenagers were celebrating joy and their love for life. And this should stay as the main guiding value of our youth, both in the European continent but also in the Arab world, in Africa, elsewhere where the love for life should stay the core of our way of seeing and living.

On the concrete response we have put in place. I was in contact this morning with Boris Johnson [Secretary of State for Foreign and Commonwealth Affairs of the United-Kingdom] not only expressing solidarity but also offering all the European Union support on whatever will be considered useful and needed from the UK authorities. We have put at their disposal all our counterterrorism knowledge and competences and networks, including the external one.

I know that Commissioner King who is responsible for security in the European Commission is obviously looking at the best possible ways to coordinate our support. These are the first hours and the focus is mainly on the suffering and the thoughts to all the families and all the loved ones of those who lost their lives but also all the ones who were injured. But, the work has started immediately to offer to the UK authorities that are responsible for the investigations obviously and for the security of their citizens on their ground, to offer them all possible support and cooperation.
We are united in this and all the EU instruments are at the disposal of the UK, in all ways that can be useful, and we will continue this work in the next hours.  

Link to the video: https://ec.europa.eu/avservices/video/player.cfm?ref=I138934