Republic of Lithuania
Law on

State Secrets and Official Secrets

 

25 November 1999 No VIII-1443

(As last amended on 13 June 2017 – No XIII-437)

 

Vilnius

 

CHAPTER ONE

GENERAL PROVISIONS

 

Article 1. Purpose of the Law

1. This Law shall regulate the principles of and the procedure for marking, classifying, storing, using and declassifying the information comprising a state secret or an official secret, coordinating and controlling/supervising protection actions and shall set minimum requirements for specific areas of protection of classified information (ensuring of personnel security, administration of classified information, physical security of classified information, security of classified contracts, protection of classified information communications and information systems).

2. The classified information of foreign states, the European Union or international organisations released to the Republic of Lithuania shall be stored and used in accordance with the procedure laid down by international treaties of the Republic of Lithuania, the decisions of international organisations based on these treaties and implementing them, legal acts of the European Union and this Law. In the cases when international treaties of the Republic of Lithuania and/or the decisions of international organisations based on the treaties and/or implementing them and legal acts of the European Union set forth other requirements for the storage and use of classified information of foreign states, the European Union or international organisations than specified in this Law, the provisions of the international treaties and/or the decisions of international organisations based on the treaties and/or implementing them and the legal acts of the European Union shall apply.

 

Article 2. Definitions

1. Classification of information shall mean the recognition of information as a state secret or an official secret, application of a certain classification, laying down of a time limit for classification and establishment of the required protection.

2. Classification guide shall mean a document approved for the execution of a classified contract and specifying the classified information to be classified which is in use or is planned to be created, establishing classifications of this information, time periods for classification and conditions of changing of the classifications or declassification of information.

3. Classified information shall mean data in any form, regardless of the manner of their recording or transmission, which constitute a state secret or an official secret.

4. Classified document shall mean the recorded information recognised as a state secret or an official secret, regardless of the manner and form of its recording and information-carrying media, also copies, transcripts, extracts or translations of such information made in any manner or by any means.

5. Classified contract shall mean an agreement on the supply of products, provision of services or carrying out of works whose conclusion and/or performance will involve familiarisation with classified information, the entrusting, use or creation of such information.

6. Digital copy of a classified document shall mean an image of a classified document obtained by information technology tools by transferring the image of the document into a computer file.

7. Administration of classified information shall mean the procedures covering the preparation, documenting, registration, sending, transportation, receipt, reproduction, storage, destruction, accounting and carrying out of an inventory of classified information.

8. Physical security of classified information shall mean the totality of means and methods ensuring the protection of the territories, premises and other places wherein classified information is handled or is stored against unauthorised access thereto and the protection of the classified information stored therein against seizure, other unauthorised acquisition, disclosure, damage and loss.

9. Recipient of classified information shall mean an entity of secrets or structural division thereof, an agency subordinate to the entity of secrets or assigned to the area of regulation thereof, an undertaking, a supplier and an employee for whom the classified information prepared by another entity of secrets is intended.

10. Declassification of classified information shall mean cancellation of a classification applied to information and established protection.

11. Originator of classified information shall mean an entity of secrets, an agency subordinate to or assigned to the area of regulation of the entity of secrets and an undertaking that has prepared and classified information or the successor to rights thereof.

12. Classified information communications and information system (hereinafter: ‘CICIS’) shall mean an infrastructure which consists of one or more computers, external devices and software and operates on the basis of information technologies for the processing of classified information and the electronic communications networks used for the transmission of classified information (excluding public communications networks).

13. Protection of CICISs shall mean the totality of mechanical, software, procedural and electronic protection measures ensuring the confidentiality of the classified information processed and transmitted via CICISs, availability to authorised users of classified information and the integrity and authenticity of such information.

14. Security of classified contracts shall mean the application of classified information protection measures and procedures in the course of conclusion and/or execution of classified contracts.

15. Institution ensuring the security of classified contracts shall mean an institution implementing requirements for the security of classified contracts and exercising control of compliance with requirements for the protection of classified information prior to signing a classified contract and/or in the course of execution of such a contract.

16. Authorisation to handle or familiarise with classified information shall mean a document confirming a person’s right to handle or familiarise with the information of the Republic of Lithuania classified ‘Top Secret’, ‘Secret’ and ‘Confidential’, also with the classified information released by foreign states, the European Union or international organisations to which the classifications equivalent to ‘Top Secret’, ‘Secret’ and ‘Confidential’ are applied or to store or transport such information.

17. Entity of secrets shall mean a state and municipal institution the activities whereof are related to the classification and declassification of information, the use and/or protection of classified information, an agency subordinate to or assigned to the area of regulation of such an institution, an undertaking which has been granted the status of an entity of secrets subject to approval of the Commission for Secrets Protection Coordination of the Republic of Lithuania (hereinafter: the ‘Commission for Secrets Protection Coordination’).

18. Employee of an entity of secrets or a supplier shall mean a person who is bound by a service or employment relationship with the entity of secrets or the supplier, also a person who, having entered into a contract for practical training, voluntary practice or professional activity, undergoes practical training in the entity of secrets or the supplier.

19. Ensuring of personnel security shall mean the establishment of conditions of handling or familiarisation with classified information and procedures for screening the persons applying for authorisations to handle or familiarise with classified information or the right to handle or familiarise with the information classified ‘Restricted’ which allow to decide whether a person may be entrusted with classified information, also the control/supervision and periodic instruction of these persons on requirements for the protection of classified information and liability for breaches of such requirements.

20. Security area shall mean a protected territory or premises intended for handling of classified information and storage of such information.

21. Official secret shall mean the classified information whose loss or unauthorised disclosure may cause prejudice to interests of state institutions or create preconditions for the rise of a hazard to human health.

22. Supplier shall mean an economic entity eligible to offer or offering products, services or works wherewith an entity of secrets is planning to conclude or has concluded a classified contract.

23. Supplier’s authorisation to handle or familiarise with classified information shall mean a document issued to a supplier who is a natural person and confirming his right to handle or familiarise with classified information and to store it and granting the right to conclude classified contracts.

24. Supplier’s security clearance shall mean a document issued to a supplier that is a legal person, another organisation or a division thereof confirming its security and right to conclude classified contracts whose conclusion and performance will involve familiarisation with the information classified ‘Top Secret’, ‘Secret’ and ‘Confidential’, the entrusting, use or creation of such information.

25. Person responsible for the protection of classified information shall mean a specific employee (where necessary, a division) of an entity of secrets or a supplier appointed/designated by a decision of the head of the entity of secrets or a person authorised by him or the supplier and performing the functions of the protection of classified information.

26. State secret shall mean the classified information whose loss or unauthorised disclosure may pose a threat to the sovereignty, territorial integrity and defence power of the Republic of Lithuania, cause damage to state interests and pose a hazard to human life or health or create preconditions for the rise of the hazard to human life.

27. Executor shall mean an employee who has prepared classified information and/or performs the assignments directly related to classified information.

28. Departmental security accreditation authority shall mean a structural division of an entity of secrets designated or established by a decision of the head of the entity of secrets or a person authorised by him, an institution or an agency exercising supervision of the security of CICISs and issuing authorisations for the use of CICISs.

 

Article 3. Basic principles of organisation of the protection of classified information

1. Information must be classified and declassified in conformity with the principles of lawfulness, validity and timeliness.

2. Information must be classified where it conforms to at least one of the categories of information indicated in Article 7 of this Law and where its disclosure or loss would pose a threat to the sovereignty, territorial integrity and defence capabilities of the Republic of Lithuania, cause damage to state interests, cause prejudice to interests of state institutions, pose a hazard or create preconditions for the rise of a hazard to human life or health.

3. A classification applied to information and the level of protection established for such information must be commensurate with the importance of the information to be classified and the extent of the damage likely to be caused in the event of an unauthorised disclosure or loss of such information.

4. An entity of secrets that has classified information must ensure that classified information, upon the cessation of the necessity for classification or where the previously established level of protection of information, according to its importance, is not required any longer, is declassified not later than within five working days from the transpiration of the mentioned circumstances or such information is downgraded and recipients of such classified information are notified thereof.

5. At all stages of administration of classified information, such information must be afforded required protection throughout the time limit for classification thereof.

6. Classified information must be entrusted in strict compliance with the need-to-know principle. The need-to-know principle shall mean that the information classified ‘Top Secret’, ‘Secret’ and ‘Confidential’ and the classified information released to the Republic of Lithuania by foreign states, the European Union or international organisations and applied the classifications equivalent to ‘Top Secret’, ‘Secret’ or ‘Confidential’ may be entrusted only to the persons who hold appropriate authorisations to handle or familiarise with classified information and who need, in performing their official duties, to familiarise with and handle such information, whereas the information classified ‘Restricted’ and the classified information released to the Republic of Lithuania by foreign states, the European Union or international organisations and applied the classification equivalent to ‘Restricted’ may be entrusted only to the persons who have the right to handle or familiarise with the information classified ‘Restricted’ or who hold an authorisation to handle or familiarise with classified information and who need, in performing their official duties, to familiarise with and handle such information.

7. In order to ensure the protection of classified information, requirements for all areas of the protection of classified information (ensuring of personnel security, administration of classified information, physical security of classified information, security of classified contracts, protection of CICISs) must be applied in the aggregate.

 

Article 4. Right of ownership of classified information, release of classified information to foreign states, the European Union, international organisations or economic entities

1. Classified information, except for the information comprising a secret of foreign states, the European Union or international organisations, shall be the property of the Republic of Lithuania.

2. When acquiring into the ownership of the State the information which, by virtue of its nature and importance, should be classified, but belongs by the right of ownership to a natural or legal person that is not an entity of secrets, he/it must be rewarded fairly. A decision on the acquisition of information into the ownership of the State shall be taken by the Government of the Republic of Lithuania (hereinafter: the ‘Government’). The Commission for Secrets Protection Coordination shall, on a recommendation of entities of secrets, assess the validity of the acquisition of such information and determine a possible reward to the holder of the information. Where the holder of the information agrees with the proposed reward, the entity of secrets shall refer to the Government for a relevant decision thereon to be taken. Where the holder of the information does not agree with the proposed reward, the information shall be taken into the ownership of the State by a decision of the Government subject to rewarding the holder of such information at the price established by the Commission for Secrets Protection Coordination. The holder of the information may appeal against such a decision of the Government to court.

3. The information comprising a state secret shall be released only to the foreign states, the European Union or international organisations wherewith the Republic of Lithuania has signed agreements on the reciprocal protection of classified information. Such information shall be released to the foreign states, the European Union or international organisations wherewith the Republic of Lithuania has not signed the agreements on the reciprocal protection of classified information by a decision of the Commission for Secrets Protection Coordination.

4. The information comprising an official secret shall be released to foreign states, the European Union or international organisations by a decision of the head of an entity of secrets or a person authorised by him, where this is required for the performance of functions of the entity of secrets.

5. When releasing classified information to enterprises of strategic importance to national security or enterprises of importance to ensuring national security which need to familiarise with classified information, to use or create such information, requirements of Chapter Seven of this Law shall apply mutatis mutandis.

 

CHAPTER TWO

MARKING, CLASSIFICATION AND DECLASSIFICATION OF CLASSIFIED INFORMATION

 

Article 5. Categorisation and marking of classified information

1. Classified information shall be categorised into top secret, secret, confidential and restricted information according to its importance, the extent of prejudice likely to be caused to the State, institutions thereof or persons in the event of a loss or disclosure of this information to unauthorised persons and the level of protection required to protect such information.

2. The classification ‘Top Secret’ shall be applied to the information comprising a state secret, a loss or unauthorised disclosure whereof may pose a threat to the sovereignty or territorial integrity of the Republic of Lithuania or cause exceptionally grave prejudice to state interests or pose a hazard to human life.

3. The classification ‘Secret’ shall be applied to the information comprising a state secret, a loss or unauthorised disclosure whereof may impair the defence capabilities of the State or cause prejudice to state interests or create preconditions for the rise of a hazard to human life or pose a hazard to human health.

4. The classification ‘Confidential’ shall be applied to the information comprising an official secret, a loss or unauthorised disclosure whereof may cause exceptionally grave prejudice to interests of state institutions or create preconditions for the rise of a hazard to human health.

5. The classification ‘Restricted’ shall be applied to the information comprising an official secret, a loss or unauthorised disclosure whereof may cause prejudice to interests of state institutions.

6. Classifications, in decreasing order of importance, shall be the following:

1) ‘Top Secret’;

2) ‘Secret’;

3) ‘Confidential’;

4) ‘Restricted’.

7. The application of the classifications of information specified in this Article to the information not governed by this Law shall be prohibited.

 

Article 6. Classification of information

1. Information shall be classified based on the list of categories of information to be classified presented in Article 7 of this Law, detailed lists of information to be classified which have been drawn up and approved by entities of secrets on the basis of the list and the contents of specific information to be classified.

2. Classifications of information shall be applied and changed and time periods for classification thereof shall be established by the entities of secrets which have prepared the information in accordance with the procedure laid down by this Law.

3. An entity of secrets, an agency or an enterprise which is subordinate to the entity of secrets or assigned to its area of regulation and which has at its disposal or uses in its activities the information obtained in any manner, being of any nature and origin and prepared, classified and communicated thereto by another entity of secrets shall not be considered as the originator of classified information.

4. Responsibility for the validity of application and change of classifications of information or establishment of time periods for classification shall be borne by the head of an entity of secrets or a person authorised by him, the head of an agency or an enterprise which is subordinate to the entity of secrets or assigned to its area of regulation and which has prepared and, in accordance with the established procedure, classified the information.

 

Article 7. List of categories of information to be classified

1. A state secret may comprise:

1) detailed data on the state defence reserve and consolidated detailed data on the mobilisation reserve of material resources;

2) detailed data revealing the State's mobilisation capacities and the capabilities and capacities of the State’s preparedness for defence;

3) detailed data on the creation, use, production technologies and technical data of the technological protection measures used for the protection of secure documents, secure document forms, banknotes and coins against forgery;

4) detailed information on the use of technological processes for upgrading of armaments, military equipment and the technical means used in activities of criminal intelligence entities and intelligence institutions;

5) detailed information on negotiations with foreign states, the European Union or international organisations; the information related to the foreign states, the European Union or international organisations, a loss or unauthorised disclosure whereof may cause prejudice to relations between the states, state interests or conclusion of treaties;

6) detailed information on the course, subject-matter, contents and results of cooperation with the security, intelligence and criminal intelligence services of foreign states, the European Union or international organisations;

7) detailed data on the physical security system of a nuclear facility, the site of the nuclear facility and nuclear materials;

8) detailed data on cable lines of the networks intended for the transmission of classified information, systems of launching of installations, electricity supply and non-cryptographic protection and detailed schemes thereof;

9) data on ciphers, enciphering equipment intended for the encryption of classified information or protection thereof and on related documents, organisation and carrying out of encryption operations;

10) data on the CICIS equipment, its operation and vulnerability, the protection measures applied and the results of measurement of the informative electromagnetic radiation of the CICIS equipment and the premises wherein classified information is stored;

11) detailed data on the use of radio frequencies and call signs in the event of a war or state of emergency, also the structure of telecommunications networks, communication schemes and the use of interconnectors and telecommunications networks for the purposes of state security and defence;

12) plans of state defence, control and command of the Armed Forces and other defence forces;

13) detailed data on the air space surveillance and control system used for state defence;

14) mobilisation arrangement plans for the Armed Forces and their types as well as other defence forces, mobilisation reporting and mobilisation arrangement management scheme, also information on the assignment of a combat readiness category to a military unit;

15) consolidated detailed data of a register managed by the Weaponry Fund of the Republic of Lithuania under the Ministry of the Interior of the Republic of Lithuania (hereinafter: the ‘Weaponry Fund’), where the owner, manager or user of a weapon is an institution of the national defence system, an institution of the system of the Interior or a criminal intelligence entity or an intelligence institution;

16) the information likely to disclose the identity of covert participants in criminal intelligence, classified intelligence officers and covert human intelligence sources;

17) detailed data on the record file of the covert participants in criminal intelligence and classified intelligence officers who are insured with state social insurance and compulsory health insurance, their state social insurance and compulsory health insurance contributions and income tax contributions and data of property and income declarations of these persons and their family members;

18) detailed data on intelligence tasks, organisation, course and results of activities of intelligence institutions, the use of methods, technical and other means and materials, the funding and material and technical supply of intelligence institutions, also intelligence information and the analytical information prepared on the basis thereof;

19) detailed data on the organisation, course and results of the criminal intelligence and intelligence as well as counterintelligence activities involving covert participants in criminal intelligence, classified intelligence officers and covert human intelligence sources, the use of means and methods, the funding and material and technical supply thereof, the information obtained by the covert participants in criminal intelligence, classified intelligence officers and covert human intelligence sources in the course of criminal intelligence and intelligence as well as counterintelligence activities and the analytical information prepared on the basis thereof;

20) the information which has been voluntarily submitted by present or former employees of or the persons engaged in covert cooperation with the security and/or intelligence services of other states to criminal intelligence entities and intelligence institutions;

21) the classified data of a pre-trial investigation or a criminal case file assisting in the identification of a witness or a victim;

22) detailed data on the organisation of the protection of the persons who have been granted statutory protection against criminal pressure and financing of such protection, information on the income tax contributions of these persons, also the data allowing for disclosure of the identity of the persons whose identity and biographical data or appearance have been changed for the purposes of protection against criminal pressure;

23) plans of operations to combat terrorism and sabotage;

24) the information related to covert intelligence officers and the persons engaged in covert cooperation with intelligence services and the special guarantees applied thereto;

25) the information related to the legal persons ensuring and facilitating activities of entities of criminal intelligence and intelligence institutions;

26) the analytical information prepared by the institutions ensuring national security and related to the assessment of external risks and threats;

27) data on the course of operations and composition of special mission military units of the national defence system;

28) detailed data on the new technologies, scientific research, tests and results thereof which are of particular importance to state interests;

29) codes of code locks and electronic access control systems used for the protection of the information comprising a state secret.

2. An official secret may comprise:

1) detailed data revealing the capacities and tasks of state and municipal institutions in the event of a state of emergency or martial law;

2) detailed data on the organisation of protection of classified information and administration of such information;

3) detailed data on the procedure for and course of screening of candidates applying for an authorisation to handle or familiarise with classified information as well as the detailed data collected thereon in the course of the screening, where such data are not assigned to a state secret;

4) detailed plans of pre-trial investigation bodies on the search for and detention of the persons who have committed, are suspected of or are charged with the commission of criminal acts and on the organisation of complex measures and operations;

5) detailed data on the organisation of protection of the persons protected by state institutions or structural divisions thereof and of important state and military facilities, the protection systems in use, documents of design, construction and repairs of such objects;

6) information on the interaction of entities of criminal intelligence and intelligence institutions with municipal institutions, agencies, enterprises and organisations for the purposes of criminal intelligence and intelligence;

7) consolidated detailed data on the material and technical supply of the Lithuanian Armed Forces, the quantitative composition and personnel thereof, also the structure and operational methods of special mission units of the Lithuanian Armed Forces;

8) consolidated detailed data on the state reserve of supplies;

9) data on a record file managed by special mission units of the Lithuanian Armed Forces, entities of criminal intelligence and intelligence institutions of their officers insured with state social insurance and data on the funds of the mentioned entities allocated for the state social insurance contributions and income tax contributions of officers thereof;

10) detailed data on the organisation and tactics of transportation of special cargoes;

11) detailed data on systems of the management of the Lithuanian Armed Forces, other institutions of the national defence system, institutions of the system of the interior, entities of criminal intelligence and intelligence institutions using means of communication;

12) the information related to financial market supervision;

13) data on participants of Government securities auctions and their bids as well as the liquidity loans granted by the Bank of Lithuania;

14) consolidated detailed data on the organisation and implementation of guarding of the state border and related plans;

15) detailed data on the provision of supplies of weapons, firearms, explosives, combat equipment and special means to the Lithuanian Armed Forces, other institutions of the national defence system and defence forces, institutions of the system of the Interior, entities of criminal intelligence, intelligence institutions, the Prosecutor’s Office, the Bank of Lithuania and the Weaponry Fund, provision of technical means to the entities of criminal intelligence and intelligence institutions, also rules for storing and accounting of personal safety and active defence, radiation and chemical safety, special de-gassing means and engineering equipment, the distribution and organisation of protection thereof;

16) detailed data on programmes and plans of production of weapons, firearms, explosives, combat equipment and special means as well as the technical means intended for activities of entities of criminal intelligence and intelligence institutions;

17) detailed data on funds of entities of criminal intelligence and intelligence institutions and expenditure for criminal intelligence and intelligence as well as counterintelligence activities and for the procurement of the special and technical means intended for such activities;

18) detailed data on the structure, material and technical supply of entities of criminal intelligence and intelligence institutions, their quantitative composition and personnel, the organisation and course of criminal intelligence and intelligence as well as counterintelligence, the use of measures and methods, tasks, operations, their financing and results;

19) the information obtained from criminal intelligence and intelligence as well as counterintelligence activities, where such information is not attributed to state secrets, also the analytical and information materials prepared by entities of criminal intelligence and intelligence institutions which make use of the information obtained from criminal intelligence and intelligence as well as counterintelligence activities;

20) characteristics of strategic facilities;

21) conclusion of a polygraph test and audio and/or video recordings made during the test (excluding the final conclusion of the test);

22) information on conclusion of the contracts concerning privatisation of the enterprises of strategic importance to national security referred to in the Law on Enterprises and Facilities of Strategic Importance to National Security and Other Enterprises of Importance to Ensuring National Security, where disclosure of such information would cause prejudice to state economic and political interests;

23) the information prepared by state institutions on the personal and professional characteristics of a candidate for the position of a diplomatic representative of the Republic of Lithuania which affect the taking of a decision on his appointment;

24) the content of a task at matura examinations or part thereof;

25) information on cooperation of intelligence institutions with legal and natural persons of the Republic of Lithuania, also with intelligence and security institutions of foreign states and the European Union and with international organisations, unless such information comprises a state secret;

26) the information related to the lodging and examination of an application for asylum;

27) codes of code locks and electronic access control systems used for the protection of the information comprising an official secret.

3. The classified information referred to in paragraph 1 of this Article may be classified as an official secret by a decision of the head of an entity of secrets preparing classified information or a person authorised by him, where according to its contents and the extent of the prejudice likely to be caused to the State upon an unauthorised disclosure or loss thereof, such information does not require a higher level of protection.

4. Entities of secrets shall, on the basis of the list of categories of information to be classified, compile detailed lists of the information to be classified which is related to their activities. The detailed lists of the information to be classified must provide for classifications of the information to be classified, time periods for classification or conditions of declassification of such information. The detailed lists of the information to be classified shall, subject to endorsement of the chair of the Commission for Secrets Protection Co-ordination, be approved and amended by heads of entities of secrets,

 

Article 8. Time limits for classification of information

1. The periods of classification of information shall be as follows:

1) the information classified ‘Top Secret’ – for a time period of 30 years;

2) the information classified ‘Secret’ – for a time period of 15 years;

3) the information classified ‘Confidential’ – for a time period of 10 years;

4) the information classified ‘Restricted’ – for a time period of 5 years.

2. The information whose disclosure may pose a hazard to human life or health or create preconditions for the rise of the hazard to human life shall be classified for a time period of 75 years.

3. In the cases when it is expedient to classify information for a shorter time period than stipulated in paragraph 1 of this Article or until a certain event upon taking place whereof classification of information ceases to be relevant, a specific time limit or a specific event or other conditions of declassification of the information shall be specified next to the classification.

4. In the cases when the time period for classification of the information comprising a state secret must be longer than the one referred to in paragraph 1 of this Article, a decision on this issue shall be taken and the time period for classification shall be extended by the Commission for Secrets Protection Coordination on a recommendation of an entity of secrets.

5. In the cases when the time period for classification of the information comprising an official secret must be longer than the one referred to in paragraph 1 of this Article, a decision on this issue shall be taken and the time period for classification shall be extended by the head of an entity of secrets which has prepared the classified information or a person authorised by him. The time period for classification of the information classified ‘Top Secret’ and ‘Secret’ may be extended for a period of up to ten years, and the information classified ‘Confidential’ and ‘Restricted’ – for a period of up to five years. The number of extensions shall not be restricted.

 

Article 9. Change of classifications of classified information and time limits for classification

1. The head of the entity of secrets which has prepared classified information or a person authorised by him shall have the right, in accordance with the procedure established by this Law, to change the established classification and the time limit for classification of the information. All recipients of classified information shall be informed in writing of any such changes.

2. Where in performing his functions, the recipient of classified information needs to change a classification applied or a time period for classification, he must, by submitting a justified request, refer to the head of an entity of secrets which has prepared the classified information or a person authorised by him. The recipient of classified information may change the classification applied and the time period for classification only subject to obtaining of a written consent of the head of the entity of secrets which has prepared the classified information or the person authorised by him.

 

Article 10. Declassification of classified information

1. Classified information shall be declassified where:

1) the time limit for classification as established in Article 8 of this Law expires;

2) the expediency of classification ceases to exist, although the established time limit for classification has not expired yet.

2. The classified information whose time limit for classification has not expired shall be declassified only by a decision of the head of the entity of secrets which has prepared the classified information or a person authorised by him.

3. Upon the expiry of the established time limit for classification, the information classified ‘Top Secret’, ‘Secret’ and ‘Confidential’ shall be declassified by a decision of the originator of the classified information. The decision to declassify the information must be taken not later than in the course of the next carrying out of an inventory of classified information.

4. Upon the expiry of the established time limit for classification, the information classified ‘Restricted’ shall be considered declassified without taking a separate decision, where the information has not been applied the supplementary marking of ‘Declassified by a decision of an entity of secrets’ (DDES) and the originator of the information has not notified of the extension of the time limit for classification of the information.

 

CHAPTER THREE

POWERS OF STATE INSTITUTIONS IN THE AREA OF PROTECTION OF CLASSIFIED INFORMATION

 

Article 11. Powers of the Government in the area of protection of classified information

The Government shall perform the following functions:

1) approve the regulations of the Commission for Secrets Protection Coordination;

2) specify the remit and functions of the Security Accreditation Authority, the National Communications Security Authority and the National Distribution Authority and the authorities protecting against electromagnetic radiation in ensuring the protection of the classified information of the Republic of Lithuania, the classified information released to the Republic of Lithuania by foreign states, the European Union or international organisations;

3) establish a procedure for security clearance of the persons applying for the issuance of an authorisation to handle or familiarise with classified information or for granting the right to handle or familiarise with information classified ‘Restricted’;

4) establish a procedure for administration and declassification of classified information;

5) establish requirements for the physical security of classified information and a procedure for implementing them;

6) establish a procedure for assessing the security of suppliers;

7) establish a procedure for establishing departmental security accreditation authorities and approve general rules for activities thereof;

8) approve rules for the development and accreditation of CICISs;

9) specify requirements for security measures of CICISs, measures of protection of telecommunications and measures of protection of CICISs against electromagnetic radiation;

10) establish a procedure for administering cryptographic means;

11) establish a procedure for administering the media used for recording classified information.

 

Article 12. Commission for Secrets Protection Coordination

1. The implementation of actions of the protection of classified information of the Republic of Lithuania and the implementation, at institutions of the Republic of Lithuania, of actions of the protection of the classified information released to the Republic of Lithuania by foreign states, the European Union or international organisations or the classified information prepared by joint actions of foreign states, the European Union or international organisations and institutions of the Republic of Lithuania shall be coordinated by a collegial institution, namely, the Commission for Secrets Protection Coordination. The Commission for Secrets Protection Coordination shall have its blank and seal.

2. The Commission for Secrets Protection Coordination shall consist of six members – the President of the Republic, the Speaker of the Seimas and the Prime Minister shall each delegate two members. A citizen of the Republic of Lithuania who has service or work experience in the area of implementation of the classified information protection policy and who conforms to the requirements necessary for the issuance of an authorisation to handle or familiarise with the information classified “Top Secret” may be appointed as a member of the Commission for Secrets Protection Coordination. The chair of the Commission for Secrets Protection Coordination shall be appointed by the Prime Minister from among the appointed members of the Commission. The deputy chair of the Commission for Secrets Protection Coordination shall be elected by members of the Commission.

3. The Commission for Secrets Protection Coordination shall perform the following functions:

1) coordinate the implementation of provisions of international treaties of the Republic of Lithuania on reciprocal protection of classified information, where necessary, initiate the conclusion of such treaties or denunciation of concluded treaties;

2) exercise supervision of the implementation of actions of the protection of the classified information released to the Republic of Lithuania by foreign states, the European Union or international organisations, perform other functions in ensuring the security of the classified information released to the Republic of Lithuania according to legal acts of the European Union or international treaties of the Republic of Lithuania with the foreign states or international organisations;

3) decide, on a recommendation of the institutions ensuring the security of classified contracts, the issues related to the possibility of issuance of a supplier’s security clearance to the supplier whose participant holds at least 1/3 of votes at the meeting of participants and is registered in the states other than the EU Member States or North Atlantic Treaty Organisation (hereinafter: ‘NATO’) member countries and the states parties to the Agreement on the European Economic Area or in the countries with which the Republic of Lithuania has not concluded a treaty on reciprocal protection of classified information;

4) establish the registry systems necessary for the administration of the classified information released to the Republic of Lithuania by foreign states, the European Union or international organisations, take decisions on the expediency of establishment of new registries of the classified information released to the Republic of Lithuania or cancellation of previously established registries;

5) make proposals regarding the improvement or repeal of this Law and other legal acts related to the protection of classified information, the improvement of the current system of legal regulation of the protection of classified information, also submit, in accordance with the procedure laid down by the legal acts establishing requirements for drafting legal acts submitted to the Government, conclusions regarding the draft legislation submitted to the Government and related to the protection of classified information;

6) provide recommendations, clarifications and methodological support to entities of secrets and suppliers on issues of the protection of classified information;

7) assess draft decisions of entities of secrets on the granting of the status of an entity of secrets to the agencies and enterprises subordinate to them or assigned to their area of regulation;

8) approve recommendations for compiling detailed lists of the information to be classified;

9) resolve, through the mediation of entities of secrets, issues on the possibility of issuance of authorisations to handle or familiarise with classified information to the persons having dual citizenship or to the persons not meeting the qualification of permanent residence in the Republic of Lithuania, an EU Member State or a NATO member country referred to in Article 17(2)(1) of this Law;

10) resolve disputes between entities of secrets, also disputes between entities of secrets and other persons arising over the classification of information, the storage, use, declassification and control/supervision of the protection of classified information;

11) submit conclusions regarding the validity of the declassification of information or application of classifications to information;

12) submit proposals to entities of secrets on the validity of acquisition of the information which, by virtue of its nature and importance, should be classified, but belongs by the right of ownership to a natural or legal person other than an entity of secrets and the amount of a possible reward to the holder of the information;

13) resolve, on a recommendation of entities of secrets, issues on the possibility of releasing the information comprising a state secret to foreign states, the European Union or international organisations wherewith no international treaties have been concluded on the reciprocal protection of classified information;

14) approve, on a recommendation of entities of secrets, a list of supplementary markings indicating restrictions on the use of classified information;

15) take, on a recommendation of entities of secrets, decisions on the possibility of terminating the execution of a classified contract related to the information classified ‘Top Secret’, ‘Secret’ and ‘Confidential’ in the event of revocation of a supplier’s security clearance;

16) specify criteria for compiling lists of the positions related to major threats for the security of classified information.

4. The chair of the Commission for Secrets Protection Coordination shall, without convening a sitting of the Commission for Secrets Protection Coordination, approve or refuse to approve the detailed lists, as prepared or amended by entities of secrets, of information to be classified which is related to their activities, at the request of the relevant institutions of foreign states, the European Union or international organisations or the entities of secrets, submit the certificates confirming that persons are authorised to handle or familiarise with classified information or that the supplier holds a supplier’s security certificate or a supplier’s authorisation to handle or familiarise with classified information.

5. In performing the function referred to in point 2 of paragraph 3 of this Article, the Commission for Secrets Protection Coordination shall have the right to assign to the institutions responsible for the protection of classified information to carry out the actions provided for in international treaties of the Republic of Lithuania or legal acts of the European Union.

6. Decisions of the Commission for Secrets Protection Coordination taken in performing the functions referred to in paragraph 3 of this Article shall be binding on entities of secrets and suppliers.

7. The division of the State Security Department of the Republic of Lithuania (hereinafter: the ‘State Security Department’) which implements and controls/supervises actions of the protection of classified information shall perform the functions of the Secretariat of the Commission for Secrets Protection Coordination. The Secretariat of the Commission for Secrets Protection Coordination shall prepare materials for sittings of the Commission for Secrets Protection Coordination, carry out the decisions taken by the Commission on the assignment of the Commission for Secrets Protection Coordination, control/supervise the implementation of the decisions of the Commission for Secrets Protection Coordination by entities of secrets and suppliers.

8. Decisions of the Commission for Secrets Protection Coordination shall be appealed against in accordance with the procedure laid down by the Law of the Republic of Lithuania on Administrative Proceedings.

 

Article 13. Implementation of the protection of classified information

1. The head of an entity of secrets shall be responsible for an overall organisation and condition of the protection of the classified information which is at the disposal of the entity of secrets. Responsibility for compliance with requirements for the protection of classified information at the agencies and enterprises which are subordinate to the entity of secrets or assigned to the area of its regulation and which store or use classified information shall be borne by heads of those agencies and enterprises. A person entrusted with classified information shall be held liable for a loss or unauthorised disclosure of the said information.

2. A person responsible for the protection of classified information must be appointed by a decision of the head of an entity of secrets or a person authorised by him.

3. An entity of secrets shall approve a list of the agencies and enterprises which are subordinate to the entity of secrets or assigned to the area of its regulation and which handle classified information or store the information classified ‘Top Secret’, ‘Secret’ or ‘Confidential’.

4. Entities of secrets shall compile a list of the positions subject to authorisations to handle or familiarise with classified information. It shall contain the name of an entity of secrets, an agency or an enterprise subordinate to the entity of secrets or assigned to its area of regulation, also its division having within its structure the position concerned and the highest classification of the classified information which the persons who hold the positions indicated in the list may handle or become familiar with.

5. Entities of secrets, the agencies and enterprises subordinate to an entity of secrets or assigned to its area of regulation which have at their disposal the classified information of the Republic of Lithuania, foreign states, the European Union or international organisations must compile a list of the persons who have been issued authorisations to handle or familiarise with classified information. This list must contain the highest classification of classified information which a person is authorised to handle or familiarise with, the registration number, date of issue and the period of validity of an authorisation to handle or familiarise with classified information.

6. The Minister of National Defence or a person authorised by him shall compile a list of the positions in continuous rifleman’s service and rifleman’s service in combat units of the Lithuanian Riflemen’s Union which are subject to the requirement to hold an authorisation to handle or familiarise with classified information or to have the right to handle or familiarise with the information classified ‘Restricted’.

 

Article 14. Special commission of experts

1. In entities of secrets, the protection of classified information shall be coordinated by special standing commissions of experts formed by a decision of the head of an entity of secrets. These commissions shall:

1) draft the legal acts of the entity of secrets related to the protection of classified information and supervise the implementation of these legal acts;

2) submit to the head of the entity of secrets proposals regarding the issuance to persons of authorisations to handle or familiarise with classified information or revocation of issued authorisations;

3) submit to the head of the entity of secrets proposals and conclusions regarding the validity of classification of information, changing of classifications, declassification or destruction of classified information;

4) organise checks of the condition of protection of the classified information at the disposal of the entity of secrets and submit to the head of the entity of secrets proposals regarding the prevention of breaches of requirements for the protection of classified information and decide other issues related to the protection of classified information.

2. Taking into consideration the volume of classified information, the head of an entity of secrets shall be permitted not to form a special commission of experts and to assign the performance of its functions to a person responsible for the protection of classified information.

3. Only the persons who have obtained, in accordance with the procedure laid down by this Law, an authorisation to handle or familiarise with classified information may be members of a special commission of experts or the persons responsible for the protection of classified information. The authorisations to handle or familiarise with classified information issued to members of the special commission of experts or to the persons responsible for the protection of classified information must conform to the highest classification of the classified information which is at the disposal of an entity of secrets.

 

CHAPTER FOUR

ENSURING OF PERSONNEL SECURITY

 

Article 15. Conditions of handling or familiarisation with classified information

1. The information of the Republic of Lithuania classified ‘Top Secret’, ‘Secret’ or ‘Confidential’ and the classified information released to the Republic of Lithuania by foreign states, the European Union or international organisations and applied the classifications equivalent to ‘Top Secret’, ‘Secret’ or ‘Confidential’ may be used, stored or such information may be transported only by the persons who hold appropriate authorisations to handle or familiarise with classified information.

2. The information of the Republic of Lithuania classified ‘Restricted’ and the classified information released to the Republic of Lithuania by foreign states, the European Union or international organisations and applied the classification equivalent to ‘Restricted’ may be used, stored or such information may be transported only by the persons who have the right to handle or familiarise with the information classified ‘Restricted’ or who hold an authorisation to handle or familiarise with classified information.

3. The post held by the President of the Republic, the Speaker of the Seimas and the Prime Minister shall entitle them to familiarise with classified information and to use it.

4. The Members of the Seimas and members of municipal councils may familiarise with the information classified ‘Restricted’ when this is necessary for the duties performed.

5. Judges of courts of the Republic of Lithuania shall, in exercising their powers, have the right to familiarise with classified information and to use it.

6. In the course of a pre-trial investigation or hearing a criminal case the case file whereof contains classified information, the suspect, the accused and the defence counsel of the suspect or the accused shall have the right, in accordance with the procedure laid down by the Code of Criminal Procedure, to familiarise with the classified information contained in the case file, except for the data assisting in the identification of the victim or the witness who has been granted anonymity. In these cases, requirements of Article 24(1)(5), Article 24(2)(5) and Article 25 of this Law shall not apply.

7. Upon the declaration in the Republic of Lithuania of a state of war or emergency or in the course of military operations and by a decision of the head of an entity of secrets or a person authorised by him, a person who does not hold an authorisation to handle or familiarise with classified information may be granted the right to familiarise with it, with the exception of the information classified ‘Top Secret’, where such information is necessarily required for the performance of the functions or carrying out of the assignments given to him.

8. In exceptional cases as specified in NATO normative documents regulating the protection of classified information, the head of an entity of secrets may issue to a person who does not hold an authorisation to handle or familiarise with classified information a written provisional authorisation to familiarise the classified information of NATO released by the Republic of Lithuania. This authorisation must specify the type of the classified information which the person is granted the right to familiarise with.

81. Familiarisation with or use of classified information shall be allowed for the members of the Lithuanian Riflemen’s Union who are entered on a list compiled by the Minister of National Defence or a person authorised by him, who fulfil a continuous rifleman’s service in the Lithuanian Riflemen’s Union, who serve in combat units of the Lithuanian Riflemen’s Union or other members of the Lithuanian Riflemen’s Union in respect whereof a decision of the Minister of National Defence or a person authorised by him has been taken regarding the necessity to familiarise with classified information when fulfilling their service. Authorisations to handle or familiarise with classified information shall be issued to such members of the Lithuanian Riflemen’s Union or the right to handle or familiarise with the information classified ‘Restricted’ shall be granted to them in accordance with the procedure laid down in this Chapter.

9. The persons listed in paragraphs 6, 7 and 8 of this Article shall, prior to granting to them the right to familiarise with classified information, be warned of liability for an unauthorised disclosure or loss of classified information and must submit to a person responsible for the protection of classified information a written pledge to protect classified information.

 

Article 16. Right to handle or familiarise with the information classified ‘Restricted’

1. Employees of an entity of secrets shall be granted the right to handle or familiarise with the information classified ‘Restricted’ by the head of the entity of secrets or a person authorised by him, and riflemen – by the Minister of National Defence or a person authorised by him. The head of an entity of secrets shall be granted the right to handle or familiarise with the information classified ‘Restricted’ by the person appointing the head of the entity of secrets to his position or a person authorised by him. This right shall be granted until employment/service relationships are terminated or until the powers of the persons elected or appointed to a position expire.

2. The right to handle or familiarise with the information classified ‘Restricted’ shall not be granted or shall be revoked where a person:

1) has been found guilty, by an effective judgment, of a grave or serious crime and has an unexpired or unexpunged conviction;

2) has been found guilty, by an effective judgment, of a disclosure of a state secret or an official secret, unauthorised holding of the information comprising a state secret, loss of a state secret, seizure or other unauthorised acquisition of an official secret and has an unexpired or unexpunged conviction or, in the case of a misdemeanour, less than three years have lapsed from the date when the judgment of conviction became effective;

3) has been dismissed from office for a breach of the procedure for handling classified information or his authorisation to handle or familiarise with classified information or the right to handle or familiarise with the information classified ‘Restricted’ has been revoked for such breaches, and less than five years have lapsed from the taking of such a decision;

4) has been dismissed from office for a breach of an oath or a pledge, degrading of the name of the officer, breach of professional ethics, and less than three years have lapsed from the date of dismissal;

5) is or, within the last five years, has been entered in records of a health care institution for alcohol or drug addiction or has been convicted more than twice over the last three years of the commission of administrative offences under the influence of alcohol, narcotic, psychotropic or other psychoactive substances;

6) suffers from mental or other health disorders, as provided for in a list approved by the Minister of Health, which pose a threat to the security of the classified information entrusted to him.

3. The information regarding the compliance of a person with the conditions specified in paragraph 2 of this Article shall be collected by the head of an entity of secrets or a person authorised by him or, if the person subject to screening is a rifleman, by the Minister of National Defence or a person authorised by him from state registers/cadastres, classifications and other data banks or by applying to law enforcement, control and other institutions, bodies or enterprises managing the relevant information to provide the information available to them about such a person not later than within ten working days. The head of the entity of secrets or the person authorised by him may request that the person subject to screening submit the information or documents required for the screening.

 

4. The screening of a person for the granting of the right to handle or familiarise with the information classified ‘Restricted’ shall commence upon the receipt of the person’s written consent to undergo the screening. A decision on the granting of the right to handle or familiarise with the information classified ‘Restricted’ must be taken not later than within 20 working days from the commencement of the screening.

5. The persons holding an authorisation to handle or familiarise with the information classified ‘Top Secret’, ‘Secret’ or ‘Confidential’ shall not be subject to screening as regards the granting of the right to handle or familiarise with the information classified ‘Restricted’.

6. If an authorisation to handle or familiarise with classified information or the right to handle or familiarise with the information classified ‘Restricted’ has been revoked in respect of a person upon termination of an employment/service relationship or expiry of the powers of the persons elected or appointed to a position, the right to handle or familiarise with the information classified ‘Restricted’ shall be granted to a person anew without screening if less than 12 months have lapsed from the termination of the employment/service relationship or the expiry of the powers of the persons elected or appointed to the position and less than ten years have lapsed from the last screening of the person for the issuance of the authorisation to handle or familiarise with classified information or the granting of the right to handle or familiarise with the information classified ‘Restricted’.

 

Article 17. Conditions of issuance and term of validity of an authorisation to handle or familiarise with classified information and appeal against decisions

1. A person applying for the issuance of an authorisation to handle or familiarise with classified information shall be issued such an authorisation if the person meets all of the following conditions:

1) the person is a citizen of the Republic of Lithuania;

2) the person submits a completed questionnaire of the set form and provides a signed consent for his screening;

3) the person pledges against his signature to protect classified information;

4) in the course of the screening, none of the circumstances, as referred to in paragraph 2 of this Article, due to which the person cannot be considered as secure and loyal to the State of Lithuania is established.

2. A person shall not be secure and loyal to the State of Lithuania and an authorisation to handle or familiarise with classified information shall not be issued thereto where:

1) the person has permanently resided in the Republic of Lithuania, other European Union Member States or NATO countries for less than five last years, and the Commission for Secrets Protection Coordination has taken a decision not to issue the authorisation to handle or familiarise with classified information;

2) the person has, over the last five years, applied to relevant state institutions for renunciation of citizenship of the Republic of Lithuania;

3) the person has dual citizenship, and the Commission for Secrets Protection Coordination has taken a decision not to issue the authorisation to handle or familiarise with classified information;

4) the person has been found guilty, by an effective judgment, of a grave crime or a crime against the independence of the State of Lithuania, its territorial integrity and constitutional order or a crime against public security, regardless of the fact whether the conviction has expired or has been expunged;

5) the person has been found guilty, by an effective judgment, of a serious or less serious crime or a criminal act related to a seizure of an official secret or other unauthorised acquisition or disclosure thereof or a criminal act against civil service and public interests and has an unexpired or unexpunged conviction or, in the case of a misdemeanour, less than three years have lapsed from the date when the judgment of conviction became effective;

6) the person has been adjudicated as incapacitated or of limited legal capacity;

7) the person collaborates or collaborated, or maintains or maintained relations with an intelligence or security service of a foreign state or with a person collaborating or maintaining relations with the intelligence or security service of a foreign state due to the interests hostile to the Republic of Lithuania;

8) the person maintains or, within the last five years, has maintained relations with a person who has an unexpired or unexpunged conviction for a criminal act committed by an organised group or a criminal association or with a person who is subject to preventive measures in accordance with the Law of the Republic of Lithuania on Organised Crime Prevention, if maintaining of such relations poses a threat to the security of the classified information entrusted to him;

9) the person participates or participated in the activities of a terrorist organisation or terrorist group or maintains or maintained relations with a person belonging to the terrorist organisation or group, if maintaining of such relations poses a threat to the security of the classified information entrusted to him;

10) the person participated or, within the last five years, has participated in activities of an unregistered movement, if such participation poses a threat to the security of the classified information entrusted to him’

11) the person concealed or, within the last five years, has concealed or submitted to the institutions performing his screening false biographical facts or other information about himself, his relations affecting a decision to issue an authorisation to handle or familiarise with classified information;

12) the person has been dismissed from office for a breach of the procedure for handling classified information or for such breaches his authorisation to handle or familiarise with classified information has been revoked, and less than five years have lapsed from the taking of such a decision;

13) the person has been dismissed from office for a breach of an oath or a pledge, degrading of the name of the officer, breach of professional ethics, and less than three years have lapsed from the date of dismissal;

14) the person is subject to or, within the last five years, has been subject to preventive measures under the Law of the Republic of Lithuania on Organised Crime Prevention;

15) the person receives or has received income from military, intelligence or security services of foreign states, where this is not provided for in international treaties or agreements of the Republic of Lithuania;

16) the person cannot prove the lawfulness of acquisition of the property which he manages, uses or has at his disposal or it is established that his standard of living does not correspond to actual income;

17) the person is or, within the last five years, has been entered in records of a health care institution for alcohol or drug addiction or has been convicted more than twice over the last three years of the commission of administrative offences under the influence of alcohol, narcotic, psychotropic or other psychoactive substances;

18) the person suffers from mental or other health disorders, as provided for in a list approved by the Minister of Health, which pose a threat to the security of the classified information entrusted to him;

19) the person incites infringement upon the independence of the State of Lithuania, its territorial integrity and constitutional order and/or supports the movements that incite infringement upon these interests of the State;

20) the person’s traits, other activities or relationships or other circumstances related to the person or facts which pose a threat to the security of the classified information entrusted to him were established in the course of the screening or have been established within the last three years.

3. The persons holding authorisations granting the right to handle or familiarise with the classified information applied a higher classification shall not need a separate authorisation to handle or familiarise with the classified information applied a lower classification. When transferring a person holding an authorisation granting the right to handle or familiarise with the classified information applied a higher classification to a position subject to the holding of an authorisation granting the right to handle or familiarise with the classified information applied a lower classification, such an authorisation shall be issued without screening. The period of validity of the newly issued authorisation shall be calculated in accordance with paragraph 5 of this Article, including the period of validity of the previously issued authorisation. When a new authorisation is issued to the person, a previously issued authorisation shall be considered invalid.

4. Where a person needs to handle or familiarise with the classified information applied a higher classification than specified in an authorisation to handle or familiarise with classified information issued to him, the person shall be subject to screening anew. Where the person is issued an authorisation to handle or familiarise with the classified information applied a higher classification, a previously issued authorisation to handle or familiarise with classified information shall be considered invalid. Where, upon the declaration in the Republic of Lithuania of a state of war or emergency or in the course of military operations, the person needs to handle or familiarise with the classified information applied a higher classification specified in an authorisation to handle or familiarise with classified information issued to him, the person shall not be subject to screening anew.

5. An authorisation to handle or familiarise with the information classified ‘Top Secret’ shall be issued for a time period not exceeding five years and that to handle or familiarise with the information classified ‘Secret’, ‘Confidential’ – for a time period not exceeding ten years.

6. A repeated screening of a person shall commence six months prior to the expiry of the period of validity of an authorisation to handle or familiarise with classified information.

7. If a person’s authorisation to handle or familiarise with classified information has been revoked in accordance with Article 20(1)(3) of this Law, a new authorisation to handle or familiarise with classified information shall be issued to the person without a screening where less than 12 months have lapsed from the revocation of the authorisation to handle or familiarise with classified information and not less than 6 months remain until the expiry of the time period specified in paragraph 5 of this Article. The period of validity of the new authorisation to handle or familiarise with classified information issued to the person may not exceed the period of validity of the previously issued authorisation to handle or familiarise with classified information, and the classification may not be higher than that of the previously issued authorisation to handle or familiarise with classified information.

8. A person shall be subject to additional screening prior to the expiry of the time limits specified in paragraph 5 of this Article in the event of receipt of data regarding the emergence of the circumstances provided for in paragraph 2 of this Article. In such a case, in the course of the screening a decision of the head of an entity of secrets or a person authorised by him shall be taken prohibiting the person from handling or familiarising with the information applied the classification ‘Confidential’ and higher classifications or equivalents thereof. The screening may not last longer than specified in Article 18(8) of this Law. If the head of the entity of secrets or the person authorised by him decides that a person who is prohibited from handling or familiarising with classified information cannot perform the functions assigned to him without accessing the classified information, the person shall be transferred to other positions for which there is no requirement to hold an authorisation to handle or familiarise with classified information, and if there are no positions to which this person could be transferred – the person shall be removed from office. The person shall be transferred to another position or removed from office for a time period not exceeding the time limit for the person’s screening specified in Article 18(8) of this Law.

9. Decisions refusing the issuance of an authorisation to handle or familiarise with classified information and prohibition to handle or familiarise with classified information may be appealed against in accordance with the procedure laid down by the Law of the Republic of Lithuania on Administrative Proceedings.

 

Article 18. Screening of a person

1. The main aim of the screening of a person shall be to determine whether the person applying for the issuance of an authorisation to handle or familiarise with classified information may be entrusted with the classified information and whether the person subject to screening is secure and loyal to the State of Lithuania, that is, there are no circumstances indicated in Article 17(2) of this Law. Persons shall be subject to screening on a recommendation of an entity of secrets, an institution of a foreign state, the European Union or an international organisation.

2. The screening of a person for the issuance of an authorisation to handle or familiarise with classified information shall commence upon the receipt of a duly completed questionnaire of the set form and a written consent of the person to undergo screening. The person’s written consent to undergo screening shall not be required to commence an additional screening of the person.

3. In the course of the screening of a person, the methods and means of collection of criminal intelligence information may not be employed, with the exception of an interview and review of the data stored in a criminal intelligence information system.

4. Upon receipt, in the course of the screening of a person, of the information that the person subject to screening may be suffering from mental disorders, the person must, at the request of the institution performing the screening, submit a conclusion of a state psychiatric institution regarding his health status. If the person refuses to submit the conclusion of the state psychiatric institution, the institution performing the screening of the person shall suspend the person’s screening procedures for a period not longer than 20 working days. If the person fails to submit the conclusion of the state psychiatric institution within the period of suspension of the screening of the person, the person’s screening procedure shall be terminated and the authorisation to handle or familiarise with classified information shall not be issued to him, whereas the issued authorisation to handle or familiarise with classified information shall be revoked on the ground specified in Article 20(1)(4) of this Law.

5. The institutions performing the screening of a person may invite him for an interview, request the person to provide written explanations or the documents necessary for the screening and, in the cases and in accordance with the procedure specified in the Law of the Republic of Lithuania on the Use of a Polygraph, conduct a polygraph test. If the person refuses to appear for the interview, to provide the written explanations or the documents or to undergo the polygraph test, the institution performing the screening of the person shall suspend the person’s screening procedure for a period not longer than 20 working days. If the person fails to appear for the interview, to provide the written explanations or the documents or to appear for the polygraph test within the period of suspension of the screening of the person, the person’s screening procedure shall be terminated and the authorisation to handle or familiarise with classified information shall not be issued to him, whereas the issued authorisation to handle or familiarise with classified information shall be revoked on the ground specified in Article 20(1)(4) of this Law.

6. The persons applying for the issuance of an authorisation to handle or familiarise with classified information shall be screened by:

1) the Second Investigation Department under the Ministry of National Defence, where the person subject to screening holds or applies for a position within the system of national defence, is a rifleman or applies to become a rifleman;

2) institutions authorised by the Minister of the Interior, where the person subject to screening holds or applies for a position within the system of the interior;

3) entities of secrets, where the person subject to screening is or applies for becoming a covert participant in criminal intelligence, a classified intelligence officer or a covert human intelligence source;

4) the State Security Department, where a person other than indicated in points 1, 2 and 3 of this paragraph applies for the issuance of the authorisation to handle or familiarise with classified information.

7. A person whose security regarding the handling of classified information is requested to be screened by the institutions authorised by foreign states, the European Union or international organisations shall be subject to screening for the issuance of an authorisation to handle or familiarise with classified information and, if necessary, the authorisation to handle or familiarise with classified information shall be issued by the State Security Department. The State Security Department shall provide to the Commission for Secrets Protection Coordination information on an authorisation to handle or familiarise with classified information issued to a person, and the Commission shall submit to the relevant institution of a foreign state, the European Union or international organisation a certificate confirming that the person has the right to handle or familiarise with the classified information of foreign states, the European Union or international organisations applied the relevant classification.

8. The institutions performing the screening of a person must check the person applying for the issuance of an authorisation to handle or familiarise with classified information not later than within 40 working days if the person applying for the issuance of the authorisation to handle or familiarise with classified information is a candidate for judges or has been selected for a position related to the use or protection of the information classified ‘Confidential’ or applied a higher classification, in other cases – not later than within 120 working days.

9. If the information or conclusions necessary for screening are not obtained from institutions or professionals or a person undergoes a polygraph test, the period of screening of 40 working days as referred to in paragraph 8 of this Article shall be extended by a decision of the head of the institution performing the person’s screening or a person authorised by him, but not more than for 40 working days.

10. The institutions performing the screening of a person shall have the right to receive free of charge data on the person subject to screening from state registers/cadastres, classifications and other data banks, also other information about the person subject to screening from all state and municipal institutions, judicial officers, notaries, other enterprises, agencies, legal or natural persons.

11. The institutions performing the screening of a person shall process personal data by automatic means without prior checking as specified in the Law of the Republic of Lithuania on Legal Protection of Personal Data.

12. A decision to terminate the screening of a person may be appealed against in accordance with the procedure set forth in the Law of the Republic of Lithuania on Administrative Proceedings.

 

Article 19. Issuance of an authorisation to handle or familiarise with classified information and security instructing

1. An authorisation to handle or familiarise with classified information shall be issued by the head of an entity of secrets or a person authorised by him upon evaluating a conclusion submitted by the institution which has performed the screening of a person. The head of the entity of secrets shall be issued the authorisation to handle or familiarise with classified information by the person appointing the head of the entity of secrets to his position or a person authorised by him. Riflemen shall be issued authorisations to handle or familiarise with classified information by the Minister of National Defence or a person authorised by him.

2. A decision on the issuance of an authorisation to handle or familiarise with classified information may be appealed against in accordance with the procedure laid down by the Law of the Republic of Lithuania on Administrative Proceedings. The timely filing of an appeal over the decision on the issuance of the authorisation to handle or familiarise with classified information and the acceptance thereof shall suspend the period of validity of the authorisation to handle or familiarise with classified information until completion of the examination of the appeal.

3. An entity of secrets must, by the end of each month, inform the State Security Department of the issued authorisations to handle or familiarise with classified information.

4. When a person is issued an authorisation to handle or familiarise with the information classified ‘Top Secret’, he shall undergo a security instruction. The security instruction shall be conducted by the institution which has performed the screening of the person. The security instruction shall also be conducted upon the issuance of an authorisation to handle or familiarise with the information classified ‘Secret’ and ‘Confidential’ if the position held or applied for by the person is related to major threats to the security of classified information.

 

Article 20. Revocation of an authorisation to handle or familiarise with classified information

1. An authorisation to handle or familiarise with classified information shall be revoked where:

1) a person renounces or loses citizenship of the Republic of Lithuania;

2) due to a gross breach of the procedure for handling classified information as committed by the person, the threat of a loss or unauthorised disclosure of the classified information has arisen;

3) employment/service relationships are terminated with an entity of secrets, powers of the persons elected or appointed to a position expire;

4) any of the circumstances referred to in Article 17(2) of this Law is established upon performing a repeated or additional screening of the person.

2. The institution which has performed the screening of a person must, not later than within five working days, give a notice of the emergence of the circumstances provided for in point 4 of paragraph 1 of this Article to the institution which has issued an authorisation to handle or familiarise with classified information.

3. An authorisation to handle or familiarise with classified information shall be revoked by a reasoned decision of the institution which has issued the authorisation not later than within five working days from the receipt of the information provided for in paragraph 2 of this Article, the information regarding the emergence of the circumstances provided for in point 1 of paragraph 1 of this Article or the transpiration of the circumstance provided for in point 2 of paragraph 1 of this Article. In the event of the emergence of the circumstance indicated in point 3 of paragraph 1 of this Article, a decision to revoke the authorisation to handle or familiarise with classified information issued to a person shall not be taken - the authorisation to handle or familiarise with classified information shall be considered invalid from the termination of employment/service relationships with an entity of secrets, expiry of powers of the persons elected or appointed to a position.

4. The institution which has revoked an authorisation to handle or familiarise with classified information shall, not later than within five working days, give a notice thereof to the State Security Department, the institution which has performed the screening of a person and the person whose authorisation has been revoked. Where the authorisation to handle or familiarise with classified information is revoked in the case indicated in point 3 of paragraph 1 of this Article, the person shall not be notified thereof.

5. A decision on the revocation of an authorisation to handle or familiarise with classified information may be appealed against in accordance with the procedure laid down by the Law of the Republic of Lithuania on Administrative Proceedings.

6. The revocation of an authorisation to handle or familiarise with classified information or the expiry of its period of validity shall not release a person from the duty not to disclose the classified information which has become known thereto.

 

Article 21. Duties of the person who has been issued an authorisation to handle or familiarise with classified information or has been granted the right to handle or familiarise with the information classified ‘Restricted’

The person who has been issued an authorisation to handle or familiarise with classified information or has been granted the right to handle or familiarise with the information classified ‘Restricted’ must:

1) know requirements of the legal acts regulating the protection of classified information and comply with them;

2) not disclose, lose and release the classified information which has been entrusted or become known to him to unauthorised persons as well as to the persons who, although having the right to handle classified information, are not authorised to familiarise with it;

3) protect the classified information which was entrusted or became known to him during the period of service for the entire time period of classification of such information;

4) act on a need-to-know basis;

5) prevent the unlawful acts of third parties which may result in a disclosure, loss, seizure or other unauthorised acquisition of classified information and, without delay, but not later than within one working day from the emergence of the mentioned circumstances, report these facts and other circumstances of a disclosure or loss of classified information to a person responsible for the protection of classified information or to the head of an entity of secrets;

6) notify the person responsible for the protection of classified information of a loss or disclosure of the classified information entrusted to him, also of breaches of requirements for the protection of classified information without delay, but not later than within one working day from the emergence of the mentioned circumstances;

7) return all the classified information entrusted to him to the person responsible for the protection of classified information when terminating employment/service relationships, moving to a position not involving the use of classified information;

8) provide information, oral or written explanations to the persons authorised to exercise control/supervision of the protection of classified information;

9) give a notice, within ten working days, to the person responsible for the protection of classified information of changes in the personal data submitted to the institutions which have performed the screening of a person;

10) until the commencement of the repeated screening of the person referred to in Article 17(6) of this Law, also in the case of the additional screening performed by the institutions performing the screening of the person, submit the documents necessary for the screening to the person responsible for the protection of classified information.

 

Article 22. Functions of a person responsible for the protection of classified information in ensuring personnel security

A person responsible for the protection of classified information shall:

1) organise the issuance of authorisations to handle or familiarise with classified information and keep accounts thereof;

2) control/supervise that all the persons handling or familiarising with classified information comply with requirements of the legal acts regulating the protection of classified information;

3) inform the institutions performing the screening of a person of changes in the personal data likely to influence the issuance or revocation of an authorisation to handle or familiarise with classified information;

4) organise, by the commencement of the period indicated in Article 17(6) of this Law, a repeated screening of the person;

5) obtain from the persons who are issued authorisations to handle or familiarise with classified information or are granted the right to handle or familiarise with the information classified ‘Restricted’ written pledges of the set form to protect classified information of the set form;

6) familiarise, when necessary, the persons who have been issued authorisations to handle or familiarise with classified information or have been granted the right to handle or familiarise with the information classified ‘Restricted’ against their signature with a detailed list of the classified information related to activities of an entity of secrets;

7) inform, once per year, the persons entrusted with classified information of liability for unauthorised holding of classified information, disclosure, loss, seizure or other unauthorised acquisition of classified information;

8) familiarise, once per year, the persons whose duties are related to the use or protection of classified information against their signature with requirements of the legal acts regulating the protection of classified information.

 

CHAPTER FIVE

ADMINISTRATION OF CLASSIFIED INFORMATION

 

Article 23. Application of a classification to a document or part thereof

1. The head of an entity of secrets or a person authorised by him, the head of an agency or an enterprise subordinate to the entity of secrets or assigned to its area of regulation shall consider a proposal of the person who has drafted a document and take a decision on the application of a classification to the document and the establishment of a time period for classification thereof and be responsible for the validity of the decision taken.

2. A document shall not be applied a classification solely for the reason of its topic or the classification of a document in reply to which it has been drafted.

3. The classification of a document shall be determined according to the highest classification of the information contained in the text of the document.

4. Where a document consists of separate parts each applied a different classification or contains annexes whose classifications are different from the classification of the document, clear references must be provided in the document about different classifications of the parts of the document and annexes thereto – in the text of the document, or a list of annexes or the parts of the document (contents) as well as at the beginning of the said parts of the document’s text or on the annexes to the document.

5. Where parts of or annexes to a document are an integral part of the document, the said document shall be included in the accounting records of classified documents and stored according to its most highly classified part or annexes. The parts of the document or annexes thereto which may be detached shall be distributed, entered in accounting records and stored according to the classification of the said parts of the document or annexes thereto.

 

Article 24. Requirements for the administration of classified documents

1. The documents classified ‘Top Secret’ shall be administered in the following manner:

1) stored and handled in a Class I or Class II security area;

2) transmitted and received using the means which establish the identity of the recipient or executor of classified information;

3) registered;

4) copies, translations, transcripts and extracts are made, information is transferred to other documents or to CICISs by a written decision of the head of an entity of secrets or a person authorised by him upon receipt of a written consent of the originator of the classified information;

5) released by the recipient of classified information to another entity of secrets only with the written consent of the originator of information;

6) must contain attached lists of the persons familiarised with the contents of a document;

7) destroyed by a decision of the head of an entity of secrets or a person authorised by him by drawing up a statement of destruction. Upon destroying a document prepared by another originator of classified information, the originator of classified information which has prepared this documented shall be informed.

2. The documents classified ‘Secret’ shall be administered in the following manner:

1) stored and handled in a Class I or Class II security area;

2) transmitted and received using the means which establish the identity of the recipient or executor of classified information;

3) registered;

4) copies, translations, transcripts and extracts are made, information is transferred to other documents or to CICISs by a written decision of the head of an entity of secrets or a person authorised by him, unless a document is affixed the marking ‘Consent of the originator of classified information required’;

5) released by the recipient of classified information to another entity of secrets only with the written consent of the originator of classified information;

6) destroyed by a decision of the head of an entity of secrets or a person authorised by him by drawing up a statement of destruction.

3. The documents classified ‘Confidential’ shall be administered in the following manner:

1) stored and handled in a Class I or Class II security area;

2) transmitted and received using the means which establish the identity of the recipient or executor of classified information;

3) registered;

4) copies, translations, transcripts and extracts are made, information is transferred to other documents or to CICISs by a decision of the person responsible for the protection of classified information and for the control of performance of the task of a document, unless a document is affixed the marking ‘Consent of the originator of classified information required’;

5) destroyed by a decision of the head of an entity of secrets or a person authorised by him by drawing up a statement of destruction. Copies of the documents shall be destroyed by a decision of the head of a division of the entity of secrets responsible for the performance of the task or a person authorised by him.   The fact of destruction of a copy of a document shall be recorded in registers of the documents, and a statement of destruction shall not be drawn up.

4. The documents classified ‘Restricted’ shall be administered in the following manner:

1) stored and handled in an administrative, Class I or Class II security area;

2) registered;

3) copies, translations, transcripts and extracts are made, information is transferred to other documents or to CICISs by a decision of the executor and submitted to other persons for familiarisation in compliance with the need-to-know principle, unless a document is affixed the marking ‘Consent of the originator of classified information required’;

4) destroyed by a decision of the head of an entity of secrets or a person authorised by him by drawing up a statement of destruction. Copies of documents shall be destroyed by a decision of the executor without drawing up the statement of destruction.

5. The administration of digital copies of classified documents shall not be subject to requirements of points 3, 6 and 7 of paragraph 1, points 3 and 6 of paragraph 2, points 3 and 5 of paragraph 3, points 2 and 4 of paragraph 4 of this Article.

6. Where it is necessary to familiarise with classified information, an electronic classified document or a digital copy of a classified document shall be printed out by a decision of the person responsible for the protection of classified information. When printing out the electronic classified document or the digital copy of the classified document applied the classification ‘Top Secret’ or affixed the marking ‘Consent of the originator of classified information required’, the consent of the originator of such information shall not be required.

7. Classified information must be destroyed so that contents of the classified information or part thereof could not be reconstituted.

 

Article 25. Familiarisation with the classified information at the disposal of another entity of secrets

1. The right to familiarise with the information classified ‘Top Secret’, ‘Secret’ or ‘Confidential’ and being at the disposal of another entity of secrets shall be granted to a person by the head of the entity of secrets having the information at its disposal or a person authorised by him in compliance the need-to-know principle. The person must submit a letter of targeted authorisation of the head of the institution wherewith he is employed. This letter must confirm that the person holds an authorisation to handle or familiarise with the classified information applied a relevant classification and specify the need, based on the performance of immediate duties, to familiarise with specific classified information as well as the volume of the classified information which the person needs to familiarise with.

2. A decision of the head of the entity of secrets having classified information at its disposal or a person authorised by him prohibiting a person from familiarising with the classified information specified in a letter of targeted authorisation may, within one month from the date of receipt of the said decision, be appealed against to the Commission for Secrets Protection Coordination.

 

Article 26. Transportation of classified information outside a security area

1. The information classified ‘Top Secret’ must be transported by at least two unarmed military or diplomatic couriers or persons authorised by the head of an entity of secrets or one military courier armed with a firearm or a person authorised by the head of the entity of secrets armed with a firearm.

2. The information classified ‘Secret’ must be transported by at least two unarmed military or diplomatic couriers or couriers of courier services or the persons authorised by the head of an entity of secrets or one military courier or courier of courier services armed with a firearm or a person authorised by the head of the entity of secrets armed with a firearm.

3. The information classified ‘Confidential’ must be transported by military or diplomatic couriers or couriers of courier services or persons authorised by the head of an entity of secrets.

4. The information classified ‘Restricted’ must be transported by military or diplomatic couriers or couriers of courier services or persons authorised by the head of an entity of secrets or executors.

5. The information classified ‘Top Secret’ and ‘Secret’ must be transported in foreign states by at least two military couriers or persons authorised by the head of an entity of secrets.

6. Classified information must be transported to and from diplomatic missions of the Republic of Lithuania in foreign states, missions of the Republic of Lithuania to international organisations, consular posts and special missions by diplomatic couriers.

7. The persons authorised to transport the information classified ‘Top Secret’ and ‘Secret’ or ‘Confidential’ must hold authorisations to handle or familiarise with the classified information applied a classification not lower than that applied to the classified information being transported.

8. The persons transporting classified information must:

1) ensure the security of the documents, products and other objects conveyed;

2) transport the classified information so that unauthorised persons could not identify that classified information is being transported and could not familiarise with the contents of the said information.

9. The persons transporting classified information shall be prohibited from familiarising with the classified information being transported.

 

Article 27. Evacuation or destruction of classified information in the event of a state of war, a state of emergency or an emergency situation

1. Entities of secrets and suppliers must approve plans of the evacuation or destruction of classified information in the event of a state of war, a state of emergency or an emergency situation.

2. Evacuation or destruction plans must establish the order in which the evacuation or destruction of classified information will be carried out in the event of an actual threat that classified information may be lost, damaged or disclosed. The classified information which has been applied a higher classification shall be evacuated or destroyed first.

3. In the cases of destruction of classified information in the event of a state of war, a state of emergency or an emergency situation, the requirements of Article 24(1)(7), Article 24(2)(6) and Article 24(3)(5) shall not apply.

 

Article 28. Requirements for the administration of drafts of classified documents

1. The drafts of documents containing the information to be classified ‘Top Secret’, ‘Secret’ and ‘Confidential’ shall be prepared and stored in a Class I or Class II security area, the drafts of documents containing the information which should be classified ‘Restricted’ – in an administrative, Class I or Class II security area. During the performance of service assignments, military operations, training and exercises, drafts of documents may, by a decision of the head of an entity secrets or a person authorised by him, be prepared or stored also at other places that are not designated as a security area in the cases when the physical security measures that ensure the protection of classified information are applied thereat.

2. The drafts of documents containing the information to be classified ‘Top Secret’, ‘Secret’ and ‘Confidential’ shall be transmitted and received using the means which establish the identity of the sender and recipient of the information. These drafts of classified documents shall be transmitted to other entities of secrets only with the written consent of the head of an entity of secrets or a person authorised by him.

3. Prints, copies, translations, transcripts and extracts of drafts of classified documents shall be made, the drafts shall be destroyed, information shall be transferred to other documents or to CICISs by a decision of the originator of a draft of a document. The drafts of documents containing the information to be classified ‘Top Secret’, ‘Secret’ and ‘Confidential’ shall be printed, copied and destroyed identifying the person who has performed the said action.

 

Article 29. Functions of a person responsible for the protection of classified information in the area of administration of classified information

A person responsible for the protection of classified information shall:

1) organise the accounting of classified information and control/supervise the circulation thereof;

2) select classified information for destruction, declassification or extension of a time period for classification of the said information;

3) transmit classified information to executors and entities of secrets;

4) notify entities of secrets of changes in classifications, declassification or extension of a time period for classification of classified information;

5) familiarise, by a decision of the head of an entity of secrets or a person authorised by him, the persons authorised by other entities of secrets with the information classified ‘Top Secret’, ‘Secret’ or ‘Confidential’;

6) organise the making of inventory of classified information;

7) organise the destruction of classified information;

8) ensure that classified information is handled or familiarised with only by the persons who hold relevant authorisations to handle or familiarise with classified information or have been granted the right to handle or familiarise with the information classified ‘Restricted’ and in strict compliance with the need-to-know principle;

9) ensure that the classification applied to the classified information which a person handles or familiarises with is not higher than the one specified in an authorisation to handle and familiarise with classified information as issued to the person.

 

CHAPTER SIX

PHYSICAL SECURITY OF CLASSIFIED INFORMATION

 

Article 30. Implementation of physical security

1. The head of an entity of secrets or a person authorised by him and a supplier must, having regard to the classification applied to the classified information security at their disposal, its form and scope, divide the premises and territories wherein classified information is handled or stored into security areas and to apply therein physical security measures ensuring the protection of the classified information.

2. By a decision of the head of an entity of secrets or a person authorised by him, during the performance of service assignments, military operations, training and exercises classified information may be handled or familiarised with and, in the event of a state of war, a state of emergency or an emergency situation, may be stored in the premises, territories and other places that are not designated as a security area, provided that the physical security measures ensuring the protection of classified information are applied therein.

3. Classified information may only be handled, familiarised with or stored in the premises, territories or other places that are recognised as suitable for the storage of classified information applied a relevant classification or for its handling.

4. Premises, territories and other places shall be assessed and recognised as suitable for the storage of classified information or for the handling thereof by:

1) the Second Investigation Department under the Ministry of National Defence, where the premises and territories of institutions of the system of national defence and their suppliers are assessed;

2) the divisions authorised by the Minister of the Interior, where the premises and territories of institutions of the system of the interior and their suppliers are assessed;

3) the State Security Department, where the premises and territories of other entities of secrets or their suppliers are assessed;

4) the persons authorised by the head of an entity of secrets, where the premises, territories or other places not designated as a security area are assessed for recognition of their suitability for the handling of and familiarisation with classified information during the performance of service assignments, military operations, training and exercises or for the storage of such information in the event of a state of war, a state of emergency or an emergency situation.

5. Persons implementing the physical security of the information classified ‘Top Secret’, ‘Secret’ or ‘Confidential’ must hold an authorisation to handle or familiarise with the classified information applied a classification not lower than the highest classification applied to the information which they can directly access, as stored in those premises, territory or another place.

 

Article 31. Requirements for physical security

1. The territories and premises wherein classified information is handled or stored shall be divided into an administrative area and Class II and Class I security areas.

2. An administrative security area shall be subject to the following requirements:

1) the entry of persons and vehicles shall be controlled;

2) the information classified ‘Restricted’, except for the electronic media wherein classified information is kept in an encrypted format by means of the cryptographic methods and products approved by the National Distribution Authority, shall be kept in lockable metal cabinets or in safes.

3. A Class II security area shall be subject to the following requirements:

1) the area shall be accessed only via an administrative security area;

2) the entry and movement of persons shall be controlled;

3) the area may be accessed only by the persons holding an authorisation to handle or familiarise with the classified information applied a classification not lower than the highest classification applied to the information stored in this security area. Other persons must be accompanied by the person responsible for the protection of classified information;

4) the information classified ‘Secret’ or ‘Top Secret’ must be kept in safes. The information classified ‘Confidential’ shall be kept in lockable metal cabinets or in safes. The information classified ‘Restricted’ shall be kept in lockable office furniture, metal cabinets or in safes. These requirements shall not apply to the electronic media wherein classified information is kept in an encrypted format by means of the cryptographic methods and products approved by the National Distribution Authority.

4. A Class I security area shall be subject to the following requirements:

1) the area shall be accessed only via an administrative security area or a Class II security area;

2) the entry and movement of persons shall be controlled;

3) the area may be accessed only by the persons holding an authorisation to handle or familiarise with the classified information applied a classification not lower than the highest classification applied to the information stored in this security area. Other persons must be accompanied by the person responsible for the protection of classified information upon ensuring that the classified information kept in the security area will be protected against unauthorised disclosure or loss;

4) no video or audio equipment, information recording and transmission equipment and electronic media may be brought into the area, and the equipment used for work purposes may be brought into it only by a decision of the head of an entity of secrets or a person authorised by him;

5) if the information classified ‘Top Secret’ is stored in the area, the approach to the area shall be under video surveillance. The requirement shall not apply if the area is accessed via a Class II security area the approach whereto is under video surveillance.

5. The persons authorised by the head of an entity of secrets shall have the right to establish the identity of the persons entering an administrative security area and to examine the belongings of the persons entering and exiting a Class I or Class II security area.

6. The premises, territories or other places not designated as a security area wherein classified information is handled and familiarised with during military operations, training and exercises and the performance of service assignments and wherein it is stored in the event of a state of war, a state of emergency or an emergency situation must be protected against unauthorised entry, loss of classified information, eavesdropping or unauthorised access to classified information. In such places, only the classified information necessary for the conduct of the military operations, training and exercises and for the performance of the service assignments, also the classified information evacuated in the event of the state of war, the state of emergency or the emergency situation may be kept.

7. At the meetings and deliberations during which the information classified ‘Top Secret’ or ‘Secret’ is used, the measures of protection against unauthorised recording and transmission of information, as specified by the Government, shall be applied in addition to the physical security requirements provided for in this Article. The inspection of premises, territories and other places as regards their protection against unauthorised recording and transmission of information shall be carried out by the institutions indicated in Article 30(4) of this Law.

 

Article 32. Functions of a person responsible for the protection of classified information in implementing the physical security of classified information

A person responsible for the protection of classified information shall:

1) ensure that required physical security measures are in place and operate properly in the territories, premises and other places wherein classified information is handled or stored;

2) draft the documents regulating physical security procedures, control/supervise compliance with the established procedures and carry out periodic inspections of the physical security measures in place;

3) organise trainings of employees of an entity of secrets on the issues of the protection of classified information;

4) submit proposals to the head of an entity of secrets or of a supplier or a person authorised by him on the subdivision of territories and premises into security areas;

5) notify the head of an entity of secrets or of a supplier of detected damage to the protection measures and installations of repositories, premises, safes and metal cabinets and take remedial measures.

 

CHAPTER SEVEN

SECURITY OF CLASSIFIED CONTRACTS

 

Article 33. Classified contracts

1. In performing the functions assigned to them, entities of secrets shall have the right to conclude classified contracts. The entities of secrets may assign the conclusion of the classified contracts to their divisions, the agencies and enterprises which are subordinate to an entity of secrets or assigned to its area of regulation and to which the rights of a contracting authority have been granted.

2. A classified contract may only be concluded with a supplier whereto a supplier's security clearance has been issued in accordance with the procedure established by this Law, a certificate confirming conformity to requirements for the protection of the information classified ‘Restricted’ or a supplier’s authorisation to handle or familiarise with classified information.

3. A supplier shall, subject to obtaining of the consent of the contracting authority executing the classified contract, have the right to engage for the execution of a part of the classified contract a sub-supplier of goods, sub-provider of services or sub-contractor which mutatis mutandis is subject to the provisions of this Law applicable to suppliers. The requirement to obtain the consent of the contracting authority executing the classified contract shall not apply when engaging the sub-supplier of goods, sub-provider of services or subcontractor for the parts of the classified contract in the course of execution whereof classified information will not be familiarised with, such information will not be entrusted, used or created.

4. The suppliers participating in the selection published by foreign states, the European Union or international organisations on the awarding of a classified contract shall be subject to the requirements referred to in this Chapter, where a foreign state, the European Union or an international organisation requests to provide a proof of their security.

5. The enterprises, agencies and organisations operating or registered in the foreign states with which international treaties have been concluded on reciprocal protection of classified information or with which classified information is exchanged under EU or NATO legal acts or the citizens of such foreign states engaged in economic activities may participate in the selection published by entities of secrets of the Republic of Lithuania on the awarding of a classified contract in the course of execution whereof the classified information of the Republic of Lithuania will be released, where a foreign institution ensuring the security of classified contracts confirms that an enterprise, agency, organisation or a natural person participating in the selection is secure and conforms to the requirements of the foreign state set forth for the suppliers concluding respective classified contracts.

6. A classified contract shall be terminated unilaterally if a supplier fails to comply with the requirements set forth for the protection of classified information, which poses a threat of the loss or unauthorised disclosure of classified information.

7. A supplier shall not be considered to be the originator of classified information. The entire information created in the course of execution of a classified contract shall be considered the property of the Republic of Lithuania as of the moment of creation thereof and shall be stored and administered in compliance with the provisions of this Law.

8. An entity of secrets planning to conclude, or having concluded, a classified contract must:

1) appoint persons responsible for the supervision of the protection of the classified information released in the course of conclusion and execution of the classified contract or created in the course of execution of the contract and compliance with requirements of the classified contract;

2) organise the release of classified information to a supplier;

3) provide to suppliers the necessary methodological support on the issues of the protection of classified information;

4) approve a classification guide, where the execution of the classified contract will involve the creation of classified information;

5) supervise the ensuring, by the supplier, of the protection of the classified information released and created;

6) notify the State Security Department and the institution ensuring the security of classified contracts of breaches, by the supplier, of requirements for the protection of classified information which resulted or could have resulted in an unauthorised disclosure or loss of classified information without delay, but not later than within five working days from the day of detection of the above circumstances;

7) notify the institution ensuring the security of classified contracts within five working days from the conclusion of a classified contract of the conclusion of such a contract and indicate the highest classification of the classified information to be released or created in the course of execution of the contract.

9. A supplier planning to conclude, or having concluded, a classified contract must:

1) organise and carry out the protection of the classified information entrusted or created in the course of execution of the classified contract in accordance with the procedure laid down by this Law and other legal acts regulating the protection of classified information;

2) ensure that classified information will be handled or familiarised with only by the persons who hold an authorisation to handle or familiarise with classified information or have been granted the right to handle or familiarise with the information classified ‘Restricted’ and only in compliance with the need-to-know principle;

3) appoint a person/persons responsible for the protection of classified information;

4) give a notice, not later than within five working days, to the State Security Department and to the institution ensuring the security of classified contracts of any changes in the information indicated in points 3, 4 and 5 of  Article 35(1) of this Law or the emergence of the circumstances indicated in points 1, 4, 5, 8, 9 and 11 of Article 37(1) of this Law;

5) upon completion of execution of a classified contract or in the event of its early termination, transfer to an entity of secrets all the classified information obtained or created during the execution of the classified contract and, if in the course of execution of the contract the CICIS belonging to the supplier was used for the processing or transmission of the classified information, irrecoverably delete this information;

6) not disclose information about concluded or completed classified contracts without the consent of the entity of secrets wherewith a classified contract has been concluded;

7) give a notice to the person of an entity of secrets who is responsible for the protection of classified information, to the State Security Department and to the institution ensuring the security of classified contracts of any occurring breaches of requirements for the protection of classified information which have resulted or could have resulted in an unauthorised disclosure or loss of classified information or if such breaches are suspected to have occurred without delay, but not later than within five working days from the day of emergency of the above circumstances;

8) comply with lawful requirements of the institutions ensuring the security of classified contracts;

9) give a notice, not later than within five working days, to the person of an entity of secrets who is responsible for the protection of classified information and to the institution ensuring the security of classified contracts of termination of a contract with the sub-supplier, sub-provider of services or sub-contractor executing a part of the classified contract, also of termination of employment relationships with the employees of the entity of secrets who have been issued authorisations to handle or familiarise with classified information or who have been granted the right to handle or familiarise with the information classified ‘Restricted’.

 

Article 34. Institutions ensuring the security of classified contracts

1. The security of suppliers and their conformity to the requirements set forth for the protection of the information classified ‘Restricted’ shall be assessed and the supervision of the protection of classified information shall be exercised by:

1) the State Security Department, with the exception of the cases provided for in points 2 and 3 of this paragraph;

2) the Second Investigation Department under the Ministry of National Defence - in the cases when classified contracts are concluded and executed by institutions of the national defence system;

3) the divisions authorised by the Minister of the Interior - in the cases when classified contracts are concluded and executed by the institutions of the system of the interior.

2. In exercising the supervision of the protection of classified information, officers of the institution ensuring the security of classified contracts shall have the rights provided for in Article 47(7) of this Law.

3. The institution ensuring the security of classified contracts must ensure the security of the commercial secrets which become known to it when assessing a supplier’s security or supervising the protection of classified information in the course of execution of classified contracts.

 

Article 35. Issuance of a supplier’s security clearance or a certificate confirming conformity to requirements for the protection of the information classified ‘Restricted’

1. The suppliers applying for the issuance of a supplier’s security clearance must, when applying to the institution ensuring the security of classified contracts, submit the following:

1) an application for initiation of the supplier’s screening procedure;

2) a classified contracts security questionnaire as completed by the supplier and its written consent for screening;

3) the supplier’s administrative manager, chief accountant or the head of the accounting division or an employee of another supplier that keeps accounts of the supplier subject to screening, the persons responsible for the protection of  classified information, their substitutes and the employees or authorised persons who will participate in the preparation and submission of commercial offers to entities of secrets regarding the conclusion of classified contracts, completed questionnaires, written consents of these persons for screening;

4) the information required to assess the premises wherein classified information is to be handled or stored for their recognition as suitable for the handling of the classified information or storage of such information;

5) the information required for the accreditation of CICISs.

2. The suppliers applying for the issuance of a certificate confirming conformity to requirements for the protection of the information classified ‘Restricted’ must, when applying to the institution ensuring the security of classified contracts, submit the information indicated in points 1, 3, 4 and 5 of paragraph 1 of this Article.

3. The information specified in point 4 of paragraph 1 of this Article shall not be provided and the premises of a supplier shall not be inspected if a classified contract is to be executed in the premises of an entity of secrets. The information specified in point 5 of paragraph 1 of this Article shall not be provided and the CICISs used by the supplier shall be not checked if the classified contract is to make use of the CICISs belonging to the entity of secrets or CICISs are not to be used at all.

4. A supplier’s security clearance and a certificate confirming conformity to requirements for the protection of the information classified ‘Restricted’ shall be issued by the State Security Department upon evaluating conclusions of the institution ensuring the security of classified contracts.

5. A supplier’s security clearance shall be issued for a fixed term:

1) three years – a security clearance granting the right to conclude classified contracts in the course whereof access will be provided to the information classified ‘Top Secret’ and such information will be entrusted, used or created;

2) five years – a security clearance granting the right to conclude classified contracts in the course whereof access will be provided to the information classified ‘Secret’ or ‘Confidential’ and such information will be entrusted, used or created.

6. A certificate confirming conformity to requirements for the protection of the information classified ‘Restricted’ shall be issued for a period of five years.

7. The authorisations to handle or familiarise with classified information issued to employees of a supplier shall be valid until the expiry of the period of validity of a supplier’s security clearance issued to the supplier, but not longer than established in Article 17(5) of this Law. The employees of the supplier shall be granted the right to handle or familiarise with the information classified ‘Restricted’ for a period not longer than the period of validity of a certificate confirming conformity to requirements for the protection of the information classified ‘Restricted’ issued to the supplier or until termination of employment relationships.

 

Article 36. Assessment of a supplier’s security or conformity to requirements for the protection of the information classified ‘Restricted’

1. When performing an assessment of the security of a supplier applying for the issuance of a supplier’s security clearance, the following shall be verified:

1) the supplier’s capital and management structure, the origin of the capital, its owners and formal registration;

2) the criminal acts committed by the supplier’s employees, owners or members of the management bodies;

3) the supplier’s business relations, the relations of a subsidiary of the supplier that is a legal person and participants of the supplier that is a legal person holding at least 1/3 of votes at the meeting of participants, the head of the supplier, members of the supplier’s management body, the chief accountant or the head of a division keeping accounts  or an entity/person keeping accounts (hereinafter: the ‘supplier or the persons related thereto’) with the persons convicted of the criminal acts committed by an organised group or a criminal association or with the persons who have been imposed preventive measures under the Law of the Republic of Lithuania on Organised Crime Prevention, relations with the security and/or intelligence services of foreign states whose activities are hostile to the interests of the State of Lithuania;

4) the implementation of requirements for the protection of classified information;

5) the security of the supplier’s employees applying for the issuance of an authorisation to handle or familiarise with classified information or for the granting of the right to handle or familiarise with the information classified ‘Restricted’.

2. When performing an assessment of a supplier’s conformity to requirements for the protection of the information classified ‘Restricted’, the following shall be verified:

1) the implementation of the requirements for the protection of classified information;

2) the security of the supplier’s employees applying for the issuance of an authorisation to handle or familiarise with classified information or for the granting of the right to handle or familiarise with the information classified ‘Restricted’.

3. Employees of a supplier shall be screened regarding the issuance of an authorisation to handle or familiarise with classified information or the granting of the right to handle or familiarise with the information classified ‘Restricted’ and shall be issued the authorisations or granted the right by the State Security Department.

4. The premises of a supplier wherein classified information is to be handled or stored shall be assessed and an authorisation to handle classified information or to store such information therein shall be issued by the institutions referred to in Article 34(1) of this Law.

5. A supplier’s CICISs providing for the processing of classified information or providing for the transmission of such information shall, at the request of the institution ensuring the security of classified contracts, be assessed and authorisations for the use of CICISs shall be issued by the institution performing the functions of the Security Accreditation Authority or by a departmental security accreditation authority.

6. A decision on the issuance of a supplier’s security clearance must be taken not later than within six months from the application for initiation of the supplier’s screening procedure. Where institutions or professionals do not provide the information necessary for the screening or conclusions, this time limit shall be extended by a decision of the head of the State Security Department or a person authorised by him, but not longer than for one month. The conformity of the supplier to the requirements for the protection of the information classified ‘Restricted’ must be verified and the decision on the issuance of the clearance must be taken no later than within 20 working days from the application for initiation of the supplier’s screening procedure. Where the institutions or professionals do not provide the information necessary for the screening or conclusions, this time limit shall be extended by a decision of the head of the State Security Department or a person authorised by him, but not longer than for ten working days. In the absence of a decision on the issuance of an authorisation for the use of CICISs, the time limit for the supplier’s screening may be extended until the taking of such a decision.

7. The institution ensuring the security of classified contracts shall, when performing an assessment of a supplier’s security or its conformity to requirements for the protection of the information classified ‘Restricted’, have the right to obtain, free of charge, all the information related to the security assessment of the supplier and its employees from state registers/cadastres, classifications and other data banks, state and municipal institutions, other enterprises, agencies, organisations, legal and natural persons.

 

Article 37. Conditions of refusal to issue a supplier’s security clearance or a certificate confirming conformity to requirements for the protection of the information classified ‘Restricted’

1. A supplier’s security clearance shall not be issued where, in the course of a screening, it is established that:

1) the supplier is registered outside the Republic of Lithuania;

2) the supplier, in providing the information indicated in Article 35(1) of this Law, has provided falsified or false data or has concealed the data likely to affect the supplier’s security assessment;

3) the supplier is in operation for a period less than six months;

4) the supplier or the persons related thereto have been convicted of crimes against the independence, territorial integrity and constitutional order of the State of Lithuania, regardless of whether the conviction has expired or has been expunged;

5) a judgment of conviction has come into effect within the last five years against the supplier for premeditated criminal acts against human life, property, property rights and property interests, the economy and the order of business, the financial system, social security, civil service and public interests as well as government order or the persons related to the supplier have an unexpired or unexpunged conviction for these acts;

6) there are data confirming the fact that the supplier or the persons related thereto are related to the financing of terrorism;

7) there are data confirming the fact that the supplier or the persons related thereto, due to the interests hostile to the Republic of Lithuania, collaborated or collaborates/collaborate or maintains/maintain relations with an intelligence and/or security service of a foreign state or with the persons collaborating or maintaining relations with the intelligence and/or security service of the foreign state;

8) there are data confirming the fact that the supplier or the persons related thereto performed the actions which are in conflict with international treaties of the Republic of Lithuania and the international sanctions implemented pursuant to the Law of the Republic of Lithuania on the Enforcement of Economic and Other International Sanctions;

9) there are data confirming the fact that the supplier, a subsidiary of the supplier that is a legal person, a participant of the supplier that is a legal person holding at least 1/3 of votes at the meeting of participants has violated requirements of the Law of the Republic of Lithuania on Control of Strategic Goods over the past three years;

10) the persons indicated in Article 35(1)(3) of this Law do not meet the requirements set forth for the issuance of an authorisation to handle or familiarise with classified information or the granting of the right to handle or familiarise with the information classified ‘Restricted’ and cannot be replaced by other persons;

11) a participant of the supplier that is a legal person holding at least 1/3 of votes at the meeting of participants is registered in the states other than the EU Member States or NATO member countries and the states parties to the Agreement on the European Economic Area or other than the countries with which the Republic of Lithuania has concluded a treaty on reciprocal protection of classified information, and the Commission for Secrets Protection Coordination has not taken a decision on the issuance of a security clearance in respect of the supplier;

12) the supplier has failed to comply with requirements for ensuring the protection of classified information;

13) the supplier, through its own fault, was previously subject to refusal to issue a supplier’s security clearance, the supplier’s security clearance was revoked and reasons for the said refusal to issue or revocation of the clearance have not been removed;

14) the facts collected in the course of security assessment of the supplier raise doubts as regards the supplier’s security in ensuring the security of classified information.

2. Where a supplier or the persons related thereto are given a notice of suspicion in the pre-trial investigation being carried out in respect of the criminal acts referred to in points 4 and 5 of paragraph 1 of this Article or an indictment is drawn up in respect of such acts, or a prosecutor applies to the court for the termination of proceedings by a penal order or for the hearing of the case under the accelerated procedure, the supplier’s security assessment process shall be suspended until the pre-trial investigation is terminated, the court judgment allowing for the adoption of a decision on the issuance of a supplier’s security clearance becomes effective.

3. A certificate confirming conformity to requirements for the protection of the information classified “Restricted” shall not be issued where, in the course of a screening, it is established that:

1) the supplier is registered outside the Republic of Lithuania;

2) the persons indicated in Article 35(1)(3) of this Law do not meet the requirements set forth for the granting of the right to handle or familiarise with the information classified ‘Restricted’ and cannot be replaced by other persons;

3) the supplier has failed to comply with requirements for ensuring the protection of classified information.

4. Decisions of the State Security Department refusing to issue a supplier’s security clearance or a certificate confirming conformity to requirements for the protection of the information classified ‘Restricted’ may be appealed against in accordance with the procedure laid down by the Law of the Republic of Lithuania on Administrative Proceedings.

 

Article 38. Revocation of a supplier’s security clearance or a certificate confirming conformity to requirements for the protection of the information classified ‘Restricted’ and termination of a classified contract

1. A supplier’s security clearance or a certificate confirming conformity to requirements for the protection of the information classified ‘Restricted’ shall be revoked and a classified contract concluded previously shall be terminated where:

1) the supplier or an employee thereof grossly breaches the requirements set forth for the protection of classified information, which results in an unauthorised disclosure or loss of the classified information entrusted to the supplier or poses a threat of an unauthorised disclosure or loss of classified information, or the supplier or the employee thereof has breached the requirements set forth for the protection of classified information at least twice;

2) at least one circumstance referred to in Article 37(1) or (3) of this Law transpires.

2. The State Security Department shall, not later than within five working days from the receipt or transpiration of information about the circumstances provided for in paragraph 1 of this Article, revoke a supplier’s security clearance or a certificate confirming conformity to requirements for the protection of the information classified ‘Restricted’ and shall give a notice thereof to the entity of secrets which has concluded the classified contract.

3. The entity of secrets which has concluded a classified contract shall, not later than within five working days from the receipt of the information referred to in paragraph 2 of this Article, terminate the classified contract concluded previously.

4. In the event of revocation of a supplier’s security clearance or a certificate confirming conformity to requirements for the protection of the information classified ‘Restricted’, a classified contract concluded previously may remain in force (with the exception of the cases when the circumstances indicated in Article 37(1)(6), (7), (8) and (9) of this Law are established), provided that the contract is approaching completion and the damage as a result of termination of the contract would be disproportionately larger than the potential threat to classified information. A decision permitting completion of the classified contract related to the information classified ‘Top Secret’, ‘Secret’ and ‘Confidential’ shall be taken by the Commission for Secrets Protection Coordination on a recommendation of an entity of secrets and of the contract related to the information classified ‘Restricted’ – by the institution ensuring the security of classified contracts.

5. Decisions of the State Security Department to revoke a previously issued supplier’s security clearance or a certificate confirming conformity to requirements for the protection of the information classified ‘Restricted’ may be appealed against in accordance with the procedure laid down by the Law of the Republic of Lithuania on Administrative Proceedings.

 

Article 39. Conclusion of classified contracts with a natural person

1. Classified contracts may be concluded and executed by a natural person who has been issued a supplier’s authorisation to handle or familiarise with classified information. The supplier’s authorisation to handle or familiarise with classified information shall be issued where the person meets the conditions specified by this Law for the issuance of an authorisation to handle or familiarise with classified information or for the granting of the right to handle or familiarise with the information classified ‘Restricted’.

2. If a classified contract is executed in the premises belonging to a natural person and/or the CICISs belonging to the natural person are used for the processing or transmission of classified information, the requirements of Article 36(4) and (5) of this Law shall apply.

3. A supplier’s authorisation to handle or familiarise with classified information shall be issued by the State Security Department.

4. A supplier’s authorisation to handle or familiarise with classified information shall be issued for a fixed term:

1) three years – an authorisation granting the right to conclude classified contracts in the course whereof access will be provided to the information classified ‘Top Secret’ or such information will be created;

2) five years – an authorisation granting the right to conclude classified contracts in the course whereof access will be provided to the information classified ‘Secret’, ‘Confidential’ and ‘Restricted’ or such information will be created.

5. A natural person who has entered into a classified contract shall be subject to the requirements of point 1 and points 5-8 of Article 33(9) of this Law.

6. Where a supplier’s authorisation to handle or familiarise with classified information is revoked in accordance with the procedure laid down by this Law, the classified contracts concluded with this supplier shall be terminated.

7. A decision of the State Security Department to revoke a supplier’s authorisation to handle or familiarise with classified information may be appealed against in accordance with the procedure laid down by the Law of the Republic of Lithuania on Administrative Proceedings.

 

CHAPTER EIGHT

PROTECTION OF CLASSIFIED INFORMATION COMMUNICATIONS AND INFORMATION SYSTEMS

 

Article 40. Departmental security accreditation authority

1. Entities of secrets shall have the right to designate or establish departmental security accreditation authorities.

2. The institution performing the functions of the Security Accreditation Authority shall coordinate the activities of departmental security accreditation authorities related to the supervision of the protection of CICISs and the issuance of authorisations for the use of CICISs.

 

Article 41. Accreditation of CICISs

1. Classified information may be subject to processing and transmission only via accredited CICISs. A CICIS shall be considered accredited when an entity of secrets, an agency or an enterprise which is subordinate to the entity of secrets or assigned to its area of regulation is issued an authorisation for the use of CICISs. The authorisation for the use of CICISs shall be issued by an institution performing the functions of the Security Accreditation Authority or a departmental security accreditation authority. A decision on the issuance of the authorisation for the use of CICISs must be taken not later than within three months from the receipt of the documents required for the issuance of the authorisation by the institution performing the functions of the Security Accreditation Authority or the departmental security accreditation authority.

2. In the absence of the possibility to process and transmit classified information via the accredited CICISs indicated in paragraph 1 of this Article, by a decision of the head of an entity of secrets or a person authorised by him, the classified information shall be processed and transmitted via the CICISs of foreign states, the European Union or international organisations with which the Republic of Lithuania has signed treaties on reciprocal protection of classified information which have been respectively recognised as suitable for the processing and transmission of classified information and regarding the use whereof agreements have been concluded.

 

Article 42. Requirements for the security of CICISs

1. The protection measures used for the security of CICISs must ensure:

1) the confidentiality of the classified information processed or transmitted;

2) the possibility to identify users of CICISs;

3) the integrity and accessibility to authorised users of the classified information processed or transmitted as well as services and resources of CICISs;

4) the recording of deliberate or accidental breaches of the confidentiality, integrity or accessibility of the classified information processed or transmitted via CICISs as well as services and resources of CICISs;

5) the control of connection of CICISs;

6) the assessment and verification of adequacy of the protection mechanisms included in CICISs;

7) the recording of the actions of users of CICISs related to the use of CICISs services and the management of electronic classified documents.

2. CICISs must be equipped with the protection mechanisms and security management procedures preventing the occurrence of breaches of security, detecting the breaches of security which have occurred and restoring the confidentiality, integrity and accessibility to authorised users of classified information as well as services and resources of CICISs as affected by the breaches of security.

3. All operations of the installation and modification of CICISs must be carried out with the participation and under the supervision of a person responsible for the protection of classified information. The persons carrying out the technical maintenance of CICISs must hold authorisations to handle or familiarise with the classified information applied the highest classification of the information processed or transmitted via such CICISs.

 

Article 43. Transmission of classified information via CICISs

1. When transmitting classified information via CICISs, the confidentiality, integrity and accessibility to authorised users of the classified information must be ensured.

2. When transmitting classified information via CICISs, the confidentiality thereof must be ensured by implementing requirements for telecommunications protection and using the cryptographic methods and/or products approved by the National Distribution Authority.

3. Cryptographic measures shall be administered by the National Distribution Authority and the entities of secrets under its supervision.

4. Transmission of classified information via public telecommunications networks in clear text, with the exception of the cases referred to in paragraph 5 of this Article, shall be prohibited.

5. If, after the declaration of a state of war or a state of emergency, means of encryption of information are not available and the speed of delivery is more important than the risk of disclosure of such information, the information classified ‘Restricted’, ‘Confidential’ and ‘Secret’ shall be transmitted by public communications networks in clear text by a decision of the head of an entity of secrets, a division of the entity of the secrets, an agency or an enterprise subordinate to the entity of secrets or assigned to its area of regulation having classified information at its disposal.

6. The protection of cryptographic products, mechanisms and classified information must be commensurate with the extent of prejudice likely to be caused by unauthorised disclosure of classified information.

 

Article 44. Protection of the media used for recording of classified information

All media used for recording classified information must be administered according to the requirements set forth for the protection of the information, as contained therein, which has been applied the highest classification.

 

Article 45. Functions of a person responsible for the protection of classified information in organising the protection of CICISs

A person responsible for the protection of classified information must:

1) ensure the installation, operation and maintenance of protection measures at workstations with CICIS elements;

2) ensure that, in involving the entities carrying out the technical maintenance of CICISs, telecommunications plans and schemes be developed and the location of wires, cables, their amount, types and numbers be specified therein;

3) acting in compliance with requirements for the security of CICISs, prepare, implement and control/supervise the CICIS security management procedures of entities of secrets and suppliers and periodically familiarise therewith the administrators and users of CICISs;

4) prepare the documents necessary for the receipt of an authorisation for the use of CICISs, organise the receipt of such an authorisation;

5) ensure the use of CICISs by the persons authorised to familiarise with the classified information processed or transmitted via CICISs, also control/supervise the actions of the users of CICISs;

6) exercise control/supervision of the administration of the passwords and/or installations for user identification as provided to the users of CICISs;

7) organise the administration of the media used for recording of classified information;

8) organise and check the backup and recovery of the information of CICISs;

9) verify the information collected about occurrences (process errors, unauthorised users and operation of CICISs);

10) notify the head of an entity of secrets or a supplier or a person authorised by him of any gaps known to exist in the protection of CICISs of the entity of secrets or the supplier and the breaches which have occurred and take remedial measures.

 

CHAPTER NINE

CONTROL OF THE PROTECTION OF CLASSIFIED INFORMATION

 

Article 46. Carrying out of an inventory of classified information

1. The objective of the carrying out of an inventory of classified information shall be to determine whether the classified information of the Republic of Lithuania and the classified information released to Lithuania by foreign states, the European Union or international organisations which is at the disposal of an entity of secrets has not been lost, damaged or unlawfully destroyed.

2. An inventory of classified information shall be carried out by the persons authorised by the head of an entity of secrets.

3. An inventory of classified information shall be carried out in accordance with the following periodicity:

1) the information classified ‘Top Secret’ and ‘Secret’ – once per year;

2) the information classified ‘Confidential’ – once per three years.

4. The periodicity of the carrying out of an inventory of the information classified ‘Restricted’ shall be determined by the head of an entity of secrets or a person authorised by him.

5. Classified information shall be deemed to not have been lost, damaged or unlawfully destroyed if:

1) classified information can be seen;

2) classified information has been transferred to another entity of secrets or supplier;

3) classified information has been declassified or destroyed.

6. The conclusions of the carrying out of an inventory shall be documented in a statement approved by the head of an entity of secrets or a person authorised by him.

 

Article 47. Checks of the condition of protection of classified information

1. The purpose of checking the condition of protection of classified information shall be to determine whether entities of secrets, the agencies and enterprises subordinate to the entities of secrets or assigned to their area of regulation comply with requirements for the protection of classified information.

2. Checks of the condition of protection of the classified information of the Republic of Lithuania shall be carried out:

1) by the State Security Department – in entities of secrets;

2) by entities of secrets or the persons authorised by their heads – in the agencies and enterprises subordinate to the entities of secrets or assigned to their area of regulation which have not been granted the status of an entity of secrets and which handle classified information or store classified information.

3. If it transpires or there is a suspicion that the agencies and enterprises subordinate to entities of secrets or assigned to their area of regulation which have not been granted the status of an entity of secrets and which handle classified information or store such information fail to comply with requirements for the protection of classified information, the State Security Department shall have the right to carry out a check of the condition of protection of classified information in such agencies and enterprises subordinate to the entities of secrets or assigned to their area of regulation.

4. Checks of the condition of protection of the classified information released to the Republic of Lithuania by foreign states, the European Union and international organisations shall be carried out by the Commission for Secrets Protection Coordination and, in accordance with Article 12(5) of this Law, the institutions authorised by the Commission for Secrets Protection Coordination.

5. The condition of protection of the classified information of the Republic of Lithuania shall be checked not less than once per four years, and the condition of protection of the classified information released to the Republic of Lithuania by foreign states, the European Union and international organisations – not less than once per two years.

6. The persons checking the condition of protection of classified information must hold authorisations to handle or familiarise with the classified information applied a classification not lower than applied to the entity of secrets, agency and enterprise subject to check.

7. The persons checking the condition of protection of classified information shall have the right:

1) to access the territories and premises wherein classified information is processed, stored or transmitted and to bring into the necessary technical means;

2) to obtain the information necessary for the check, to receive, if necessary, copies, transcripts, extracts of classified and unclassified information, to make copies of the information contained in the electronic media of an entity of secrets;

3) to request oral and written explanations from persons regarding compliance with requirements for the protection of classified information.

8. Results of checks of the condition of protection of classified information shall be documented in a check conclusion, which shall be approved by heads of the institutions provided for in paragraph 2 of this Article or the persons authorised by them.

9. A check conclusion shall be submitted to the entity subject to check, which, if breaches of requirements for the protection of classified information have been detected, must, within the time limit set by the institution that has carried out the check, eliminate the detected breaches and give a written notice thereof to the institution that has carried out the check.

 

Article 48. Detection of breaches of requirements for the protection of classified information

1. If there is any suspicion or if it transpires that a loss or unauthorised disclosure of classified information has occurred, an investigation shall be conducted on the assignment of the head of an entity of secrets. A suspected or transpired loss or unauthorised disclosure of classified information shall be notified to the originator of classified information, and if it is suspected or transpires that a loss or unauthorised disclosure of the classified information released to the Republic of Lithuania by foreign states, the European Union or international organisations has occurred – also to the Commission for Secrets Protection Coordination.

2. The persons conducting an investigation shall have the rights provided for in Article 47(7) of this Law.

3. If during an investigation features of a criminal act, an administrative offence or a misconduct in office/disciplinary offence are detected, the conclusions of the investigation shall be submitted to the relevant state institutions authorised to conduct a pre-trial investigation, an investigation of administrative offences or an investigation of misconduct in office/disciplinary offences. If during the investigation it is confirmed that a loss or unauthorised disclosure of classified information has occurred, the State Security Department shall be notified thereof.

4. Upon transpiration of breaches of requirements for the protection of classified information which may result or have resulted in a loss or unauthorised disclosure of classified information, the head of an entity of secrets must take all necessary measures to prevent the occurrence of negative consequences, to reduce possible threats or the damage caused.

 

I promulgate this Law passed by the Seimas of the Republic of Lithuania.

 

 

 

PRESIDENT OF THE REPUBLIC                                                 VALDAS ADAMKUS