Print   

Classified Information Act

CHAPTER I
GENERAL PROVISIONS

Article 1

This Act lays down the basic principles of a common system for the determination and safeguarding of and access to classified information in the sphere of activity of government agencies of the Republic of Slovenia relating to public security, defence, foreign affairs and the intelligence and security activities of the country, and for the declassification of such information.

This Act shall be binding on government agencies, local community agencies, holders of public authorisations and other agencies, and commercial companies and organisations which, in carrying out their statutory responsibilities, obtain or have at their disposal information referred to in the preceding paragraph (hereinafter: agencies), as well as on individuals in such agencies.

This Act shall also be binding on suppliers, contractors and service providers (hereinafter: organisations) to whom the classified information referred to in the first paragraph of this Article is imparted for the purpose of implementing procurement contracts for agencies.

Responsibility for the protection of classified information and the preservation of its confidentiality shall apply to all those to whom such information has been entrusted or who have become acquainted with the contents thereof.

Article 2

The meaning of individual terms used in this Act shall be as follows:

1. Classified information: a fact or means from the sphere of activity of an agency relating to public security, defence, foreign affairs or the intelligence and security activities of the state which, for reasons defined in this Act, must be protected against unauthorised persons and which has been defined and marked as confidential in accordance with this Act.

2. Classified information of a foreign country: information which a foreign country or its agency, or an international organisation or its agency have conveyed to the Republic of Slovenia on the understanding that it will be kept secret, and information resulting from cooperation between the Republic of Slovenia or its agencies with a foreign country or an international organisation and its agencies which is to be kept secret by mutual agreement.

3. Document: any written, drawn, printed, copied, filmed, photographed, magnetic, optical or other record of classified information.

4. Medium: any medium containing classified information.

5. Classification: an act or procedure by which a piece of information is assessed as secret and assigned a level and duration of secrecy in accordance with this Act.

6. Declassification: the statutory change of classified information into accessible information in accordance with regulations governing the business of the agency.

7. Access: the acquainting of a person with classified information or the possibility for a person to obtain classified information on the basis of permission to access.

8. Security clearance of a person: the investigation carried out by a competent agency before the issuing of permission to access classified information with the aim of gathering information about potential security restrictions.

9. Security restrictions: such findings from a background investigation as cast doubt upon the dependability and loyalty of a potential candidate for permission to access classified information.

10. A threat to the vital interests of the country: a threat to the constitutional order, independence, territorial integrity and defence capability of the country.

Article 3

The following persons may, in connection with the discharge of their functions, have access to classified information without permission to access (hereinafter: permission):

All officials and employees of the agency shall have access to information classified at the RESTRICTED level.

The persons referred to in the preceding paragraph shall be granted permission after entering the service and signing a statement to the effect that they are acquainted with this Act and other regulations governing the protection of classified information, and that they undertake to handle classified information in accordance with such regulations.

Article 4

The Commission of the National Assembly of the Republic of Slovenia for Supervision of the Work of the Security and Intelligence Services shall, in the discharge of its function, have access to classified information without the need for permission.

Article 5

Under the provisions of this Act, an information may be defined as classified if it is so important that its disclosure to unauthorised persons could or might obviously prejudice the security of the country or its political or economic interests, and is related to:

1. public security;

2. defence;

3. foreign affairs;

4. the intelligence and security activities of government agencies of the Republic of Slovenia;

5. systems, appliances, projects and plans of importance to the public security, defence, foreign affairs and intelligence and security activities of government agencies of the Republic of Slovenia;

6. scientific, research, technological, economic and financial affairs of importance to the public security, defence, foreign affairs and intelligence and security activities of government agencies of the Republic of Slovenia.

Article 6

Information that has been defined as classified in order to cover up a criminal offence, the exceeding or abuse of authority, or some other unlawful act or behaviour shall not be considered to be classified.

Article 7

Access to classified information shall be restricted and permitted in a manner and under conditions specified by this Act and the regulations based thereon, and in the manner and under conditions specified by other laws or international treaties concluded by the Republic of Slovenia.

Article 8

Officials and employees of agencies shall be bound to safeguard classified information no matter how such information has come to their knowledge.

The obligation for the persons referred to in the preceding paragraph to safeguard classified information shall not terminate with the termination of their function or employment at the agency.

Article 9

Protection of and access to classified information of a foreign country or international organisation shall be carried out in accordance with this Act or the regulations based thereon, or in accordance with international treaties concluded between a foreign country or international organisation and the Republic of Slovenia.

CHAPTER II
CLASSIFICATION OF INFORMATION

Article 10

Information shall be designated as classified by an authorised person, under conditions and in a manner specified by this Act.

Authorised persons shall include:

1. the director of the agency;

2. elected or appointed officials of the agency authorised to classify and disclose information in accordance with the law or the regulations based thereon, or in accordance with a written authorisation from the director;

3. employees of the agency to whom the director of the agency has issued written authority to classify information.

The authorised persons referred to in points 2 and 3 of the preceding paragraph may not transfer their authorisation to third persons.

The TOP SECRET level may only be assigned by the president of the republic, the president of the National Assembly, the prime minister, ministers and directors of agencies attached to the ministries, certain military commanders, and heads of government services directly answerable to the prime minister or their deputies.

The minister responsible for defence shall designate the military commanders referred to in the preceding paragraph.

The manner and procedure of classification of information in commercial companies, institutes and organisations which, in the discharge of their statutory duties, receive or have at their disposal information referred to in the first paragraph of Article 1 of this Act shall be prescribed by the minister responsible for defence, in agreement with the minister responsible for the interior.

All officials and employees, or other persons performing a function or working in an agency, shall be bound within the scope of their duties or competencies to assess the security importance of information and propose to authorised persons that such information be designated as classified if they deem it should be classified.

Article 11

An authorised person shall determine the level of classification of an information at the origin of that information, i.e. at the beginning of the performance of a task of the agency that results in classified information.

In determining the level of classification, the authorised person shall assess the possible adverse effects of the disclosure of information to unauthorised persons on the security of the country or on its political or economic interests. On the basis of that assessment the authorised person shall determine the level of classification, after which the information shall receive the markings prescribed by this Act.

The assessment on the basis of which information is given the level of classification shall be in written form.

Article 12

An authorised person shall also designate as classified the information created by uniting or linking pieces of information which, taken separately, are not sensitive but which, joined together, represent information or a document that must be protected for reasons specified by this Act.

Where only a smaller part of a document contains classified information, that part shall be detached from and annexed to the document as a separate enclosure bearing the appropriate classification markings.

Article 13

Classified information referred to in Article 5 of this Act shall, in view of possible adverse effects its disclosure to unauthorised persons might have on the security of the country or on its political or economic interests, be given one of the following levels of classification:

1. A TOP SECRET classification shall be applied to classified information the disclosure of which to unauthorised persons would put in jeopardy or do irreparable damage to the vital interests of the Republic of Slovenia.

2. A SECRET classification shall be applied to classified information the disclosure of which to unauthorised persons could seriously harm the security or interests of the Republic of Slovenia.

3. A CONFIDENTIAL classification shall be applied to classified information the disclosure of which to unauthorised persons could harm the security or interests of the Republic of Slovenia.

4. A RESTRICTED classification shall be applied to classified information the disclosure of which to unauthorised persons could harm the activity or performance of tasks of the agency.

In determining the levels of classification of information, agencies shall only apply the levels set out in the preceding paragraph.

Article 14

In classifying information an authorised person shall give the lowest level of classification that still ensures such a degree of protection as is necessary to safeguard the interests and ensure the security of the country.

A document composed of already classified pieces of information shall be given at least such a level and duration of classification as the piece of information with the highest level and longest duration of classification.

Article 15

An authorised person shall declassify classified information once the conditions which this Act provides for such a status have ceased to exist.

The reasons for declassification of information shall be given in writing.

Declassification of information may be requested by a person whose request for classified information has been turned down.

The request from the preceding paragraph shall be decided on by the director of the agency concerned.

Article 16

The level of classification may be changed by the authorised person who determined the level.

The authorised person shall change the level of classification once the conditions for individual levels as provided by this Act have changed.

Article 17

All classified information and all documents containing classified information shall be furnished with the following markings:

The markings from the preceding paragraph shall be used in a manner appropriate to the kind and characteristics of the medium.

An information or a document shall be treated as classified even if it is marked only with the level of classification.

The Government of the Republic of Slovenia (hereinafter: the government) shall prescribe in detail the methods and forms of marking the secrecy of information and documents.

Article 18

The classification of information shall terminate:

Where, due to the nature or content of information, the termination as set out in the preceding paragraph cannot be applied, classification shall terminate with the expiry of the time period laid down in the law governing archival materials and archives.

An authorised person may change the prescribed method of termination of classification provided well-founded reasons for the change exist. In that case the authorised person shall immediately notify thereof all those who have received or have access to the classified information involved.

Article 19

If confirmation of the existence of classified information might adversely affect the interests and security of the country, the agency receiving a request for classified information shall not be obliged to either confirm or deny the existence of the requested information.

Article 20

The markings of the classified information of a foreign country or international organisation shall, as a rule, remain in the form in which they are used in that country or international organisation. Such information may also be marked as provided by this Act, on condition that the levels of classification are comparable and ensure an equal degree of protection.

The method of marking classified information of the Republic of Slovenia in a foreign country or international organisation, and the determination of such a degree of protection of that information as will compare with the provisions of this Act, should be specified in an international treaty on the exchange or provision of classified information between a foreign country or international organisation and the Republic of Slovenia.

Article 21

Users that have legally received classified information may propose to the authorised person that a particular classification that they deem unjustified or incorrect be changed.

The authorised person shall consider the proposal from the preceding paragraph and notify the proposer of the decision taken.

CHAPTER III
PERMISSION TO ACCESS CLASSIFIED INFORMATION

Article 22

Permission to access classified information of the CONFIDENTIAL, SECRET and TOP SECRET levels shall be issued by the Ministry of the Interior, the Ministry of Defence and the Slovenian Intelligence and Security Agency (hereinafter: competent bodies).

For officials and employees of the Ministry of the Interior, Ministry of Defence and Slovenian Intelligence and Security Agency who need access to classified information in order to discharge their function or tasks, permission shall be issued by the minister responsible for the interior, the minister responsible for defence or the director of the Slovenian Intelligence and Security Agency, in accordance with the provisions of this Act and the regulations based thereon. Notification of the issuing of permission shall be forwarded to the Office of the Republic of Slovenia for the Protection of Classified Information (hereinafter: the Office).

For persons who require access to classified information in order to discharge their function or tasks in another agency, permission shall be issued by the minister responsible for the interior or, if the performance of defence duties or military service is involved, the minister responsible for defence, at the proposal of the director of that agency. Notification of the issuing of permission shall be forwarded to the Office.

Security clearance for the issuing of permission in cases involving the performance of defence duties and military service shall be regulated by means of special regulations.

Article 23

The competent body shall issue permission if security clearance does not reveal any of the security restrictions set out in this Act.

The competent body shall, within the framework of security clearance, assess the statements in the completed security clearance questionnaire and collect from the person involved, from other agencies, organisations and persons or from databases kept on the basis of laws, personal and other information of importance for the identification of security restrictions.

The competent body shall issue permission if security clearance does not reveal any security restrictions, and shall refuse to issue permission if security restrictions exist. The rejection notice need not contain an indication of the sources used for security clearance.

The head of an agency who assigns the person who has been denied permission to a function or task at which such a person has access to classified information shall be bound to notify the Office thereof.

The competent body shall, in addition to the permission or rejection notice, send to the head of the agency who requested the issuing of permission the person's consent to security clearance and the completed security clearance questionnaire. The competent body shall also send the permission or a rejection notice to the person who was subjected to security clearance.

A person who has been denied permission may file an objection within 15 days of the day of receipt of the rejection notice. The objection shall be filed in writing or communicated orally and entered in the record with the agency at which the person gave consent to security clearance.

The government shall prescribe the manner and procedure of security clearance and the procedure for the issuing and withdrawal of permission.

Article 24

In carrying out security clearance, the competent bodies may cooperate with the security clearance agencies of foreign countries and international organisations, in accordance with international treaties concluded between foreign countries or international organisations and the Republic of Slovenia, and in accordance with regulations on personal data protection in the Republic of Slovenia.

Article 25

Security clearance may only be carried out with the written consent of the person concerned.

After giving written consent to security clearance, the person concerned shall enter the following data in the security clearance questionnaire:

1. name(s), including any previous names;

2. date and place of birth;

3. nationality, including previous and dual;

4. place of residence;

5. marital status and number of children;

6. common household members (their names, including any previous names, dates of birth and relation to the person undergoing security clearance);

7. name, date of birth and address of parents, step-parents or foster parents;

8. education and occupation of the person undergoing security clearance;

9. previous employers;

10. military service;

11. criminal record (unerased record of convictions for premeditated offences prosecuted ex officio, or unerased record of final decisions on convictions for an offence cited in this Act);

12. ongoing criminal proceedings for a suspected premeditated offence referred to in chapters XVI, XXVI, XXVII, XXXIII and XXXV of the Penal Code of the Republic of Slovenia;

13. alcohol, drug or other addiction;

14. contacts with foreign intelligence and security services;

15. disciplinary measures pronounced in the past two years;

16. debt arising from financial commitments or guarantees undertaken;

17. previous security clearances.

The aforementioned data shall represent the contents of security clearance.

Security clearance shall apply only to persons with access to the TOP SECRET, SECRET and CONFIDENTIAL levels of classification.

The competent body may check data from points 1 to 12 of the second paragraph of this Article with managers of personal databases who manage such data about the person undergoing security clearance, data from point 13 with the doctor of the person undergoing security clearance, data from point 14 with the Slovenian Intelligence and Security agency and the intelligence and security service of the Ministry of Defence, data from points 15 and 17 with the former employers of the person undergoing security clearance, and data from point 16 with the competent agency for tax affairs and the court.

In providing data from point 14, the Slovenian Intelligence and Security Agency and the intelligence and security service of the Ministry of Defence shall not be required to disclose information that might endanger the sources used to identify or check the information provided.

Article 26

Persons with access to the CONFIDENTIAL level of classification shall undergo security clearance every ten years at least. Those with access to the SECRET and TOP SECRET levels shall undergo security clearance every five years at least.

The security clearance review procedure shall be identical with the first security clearance procedure, unless otherwise provided by law or an international treaty.

If the competent body establishes during a repeat security clearance procedure that security restrictions for the issuing of permission exist, the competent body shall withdraw permission and notify the head of the agency in which the person is discharging a function or working, as well as the person undergoing clearance.

If a disciplinary procedure for a violation of the rules relating to the handling of classified information, or criminal proceedings for a suspected premeditated offence prosecuted ex officio, or criminal proceedings for some other offence from point 12 of the second paragraph of the preceding Article is opened against a permission holder, the head of the agency shall render access to classified information for that person impossible until conclusion of the procedure.

Article 27

Security restrictions for which the issuing of permission may be denied shall include:

Article 28

An agency shall keep the permission, the written consent to security clearance and the completed questionnaire in a special part of the personnel file that which may only be used in connection with the implementation of the provisions of this Act or the regulations based thereon.

Written consent to security clearance, the completed questionnaire and the permission shall be kept at the agency at which the person applied but did not take a function or task for which permission was required.

Article 29

Agencies which, within the framework of their duties, handle classified information of the CONFIDENTIAL, SECRET or TOP SECRET levels shall keep records of permission. The records shall include identification data for the permission holder, data about the permission, and the dates and findings of repeated security clearances.

Data about security clearance may only be used for the purposes for which it was collected.

Data shall be kept for as long as the person has the right of access to classified information. After that it shall be treated in accordance with the provisions of the law governing archival material and archives.

The person shall, in accordance with the law governing personal data protection, have the right to view data relating to his security clearance, with the exception of data that would endanger the sources of security clearance.

Article 30

The head of the agency may, for tasks that must not be delayed, allow the person temporary access to classified information before security clearance is completed if he assesses, on the basis of the security clearance questionnaire, that there are no security restrictions thereon.

Temporary permission shall remain in force until the issuing of permission.

CHAPTER IV
ACCESS TO AND PROTECTION OF CLASSIFIED INFORMATION

Article 31

Only persons who have permission and must use such information in order to fill their function or perform their tasks may have access to classified information. Such persons shall only have access to the level of classification indicated in the permission.

No person shall be permitted to obtain classified information before it is needed, or more information than is indispensable for the exercise of their function or the performance of their tasks.

Article 32

A person who has been granted permission shall confirm in writing that he is acquainted with this Act and with other regulations governing the protection of classified information, and shall bind himself to handling classified information in accordance with such regulations. If this is not done, permission shall be revoked.

Article 33

A person who becomes acquainted with classified information in the course of performing his duties shall use such information for no purposes other than the exercise of his function or the performance of his tasks.

The head of an agency may, at the request of competent bodies, relieve a person of the obligation to keep information secret solely for the purposes and to the extent specified in the request of the competent body.

The head of an agency may, at the request of competent bodies, be relieved of the obligation to keep information secret by the agency that appointed him.

Article 34

Classified information may be transmitted to other agencies which must abide by this Act, or to persons in such agencies, only on the basis of written permission from the head of the agency that designated the information as classified, or where so provided by law.

Article 35

An authorised person may transmit classified information to organisations referred to in the third paragraph of Article 1 of this Act if:

1. the organisation meets the physical, organisational and technical requirements for the protection of classified information in accordance with this Act and the regulations based thereon;

2. all persons who, in the course of their duties in the organisation, have access to classified information are given security clearance for permission to access classified information;

3. the persons referred to in the preceding point confirm in writing that they have been acquainted with this Act and other regulations governing the protection of classified information and bind themselves to handling classified information in accordance with such regulations;

4. the organisation guarantees that only persons who must be able to view such information for the purpose of executing the procurement contract for an agency may have access to classified information.

Measures for the protection of classified information arising from the preceding paragraph shall be included in the procurement contract concluded between the agency and the organisation.

The request for a competent body to issue permission to a person who shall have access to classified information in connection with the procurement contract shall be made by the agency that awarded the contract to the organisation.

The manner and procedure of verifying whether the conditions from the first paragraph of this Article are being met shall be prescribed by the government.

Article 36

Users that have received classified information from an agency may not transmit that information to other users without the consent of the agency, except in cases defined by regulations.

Article 37

The authorised person of an agency shall establish the record and supervision of the distribution of classified information outside the agency. The record shall be kept up-to-date and show clearly when and to whom the classified information was transmitted.

Article 38

Each agency shall, in accordance with this Act and the regulations based thereon, establish a system of security procedures and measures that meets the requirements of the specific levels of classification and renders the disclosure of classified information to unauthorised persons impossible.

The procedures and measures from the preceding paragraph shall include:

Article 39

Agencies shall keep classified information in a manner that ensures that access to such information is permitted only to those persons who have permission to access and need such information for the exercise of their function or tasks.

Classified information may only be sent outside the premises of the agency provided the security measures and procedures ensuring that the information will be received by the person with permission and right to use it are respected.

Security procedures and measures for the sending of classified information outside the premises of the agency shall be prescribed in accordance with the level of classification of such information.

Agencies may not transmit or send classified information using unprotected means of communication.

Detailed physical, organisational and technical measures and procedures for the protection of classified information shall be prescribed by the government.

Article 40

Officials, employees and other personnel in agencies who establish that a loss or unauthorised disclosure of classified information has occurred shall immediately notify the authorised person thereof.

A recipient of classified information from Articles 34 and 35 of this Act who establishes that classified information has been lost, or transmitted or delivered to an unauthorised person, shall immediately notify the authorised person of the agency that sent or reported the classified information to him.

The authorised person shall immediately take all necessary steps to identify the circumstances that occasioned the loss of classified information or its disclosure to an unauthorised person, remove any harmful effects, and prevent further losses and unauthorised disclosures of such information.

CHAPTER V
SUPERVISION

Article 41

Internal control of the implementation of this Act and of the regulations based thereon shall be the responsibility of the heads of agencies.

In the Ministry of the Interior, the Ministry of Foreign Affairs and the Slovenian Intelligence and Security Agency, and if necessary in other agencies as well, a special post within the job classification system shall be provided for internal supervision and other duties in connection with the determination and protection of classified information, or else an existing organisational unit of the ministry or agency shall be charged with the execution of such tasks.

In the Ministry of Defence, internal supervision of the implementation of this Act and the regulations based thereon shall be carried out by the Inspectorate of the Republic of Slovenia for Defence.

Article 42

All agencies shall, through internal supervision, ensure the regular monitoring and assessment of individual activities and of the activity of the agency as a whole in respect of the implementation of this Act and of the regulations and measures based thereon.

The government shall prescribe in detail the method and content of internal supervision of the implementation of this Act and of the regulations based thereon.

Article 43

For the purpose of implementing this Act and the regulations based thereon, the government shall found an Office of the Government of the Republic of Slovenia for the Protection of Classified Information (hereinafter: the Office).

The Office shall do the following in particular:

1. monitor the situation in the field of classification and protection of information, and ensure the development and enforcement of physical, organisational and technical standards of protection of classified information in government agencies, local community agencies, holders of public authorisations, and those commercial companies and organisations that obtain or have at their disposal classified information;

2. attend to the implementation of assumed international obligations and international treaties on the protection of classified information, and cooperate in this field with the corresponding agencies of foreign countries and international organisations;

3. draw up proposals for the regulations required for the implementation of this Act;

4. give an opinion as to the compliance with this Act of general acts on the determination and protection of and access to classified information;

5. coordinate the activity of government agencies responsible for security clearance;

6. keep records of permission issued;

7. keep records of persons referred to in the fourth paragraph of Article 23 of this Act;

8. propose measures to improve the protection of classified information;

9. perform other tasks provided for by regulations passed on the basis of this Act.

CHAPTER VI
PUNITIVE PROVISIONS

Article 44

The responsible person of an agency shall be fined between SIT 50,000 and 100,000:

Article 45

An authorised person shall be fined between SIT 50,000 and 100,000 if he:

CHAPTER VII
TRANSITIONAL AND FINAL PROVISIONS

Article 46

The Government of the Republic of Slovenia shall, no later than six months after the entry into force of this Act, issue the regulations referred to in the fourth paragraph of Article 17, the seventh paragraph of Article 23, the fourth paragraph of Article 35, the fifth paragraph of Article 39 and the second paragraph of Article 42 of this Act.

The minister responsible for defence, in agreement with the minister responsible for the interior, shall issue the regulation referred to in the sixth paragraph of Article 10 of this Act no later than six months after the entry into force of this Act.

The Government of the Republic of Slovenia shall found the Office referred to in Article 43 of this Act no later than six months after the entry into force of this Act.

Article 47

No later than one year after the entry into force of this Act, agencies shall pass regulations and prepare organisationally for the entry into force thereof, or shall bring existing acts and the organisation of their activities in line with the provisions of this Act.

Agencies shall ensure that all employees and officials who in the course of their duties or functions must have access to classified information are issued with permission to access such information no later than two years after the entry into force of this Act.

Article 48

Classified information for which the level of classification was determined before the entry into force of this Act shall have the level of classification determined in accordance with this Act no later than two years after the entry into force of this Act. Otherwise, the secrecy of such information shall terminate.

During the transitional period, classified information referred to in the preceding paragraph shall be treated as follows:

Article 49

This Act shall enter into force on the fifteenth day after its publication in the Uradni list Republike Slovenije (Official Gazette of the Republic of Slovenia).

Publicised: 8.11.2001; Official Gazette of the Republic of Slovenia, No 87/2001
Enter into force: 23.11.2001