Ga verder naar contentGa verder naar content en skip ook inhoudsopgave
In- en Uitvoer
Home

Commission Regulation (EU) 2018/1798 of 21 November 2018 implementing Regulation (EC) No 808/2004 of the European Parliament and of the Council concerning Community statistics on the information society for the reference year 2019 (Text with EEA relevance.)

Commission Regulation (EU) 2018/1798 of 21 November 2018 implementing Regulation (EC) No 808/2004 of the European Parliament and of the Council concerning Community statistics on the information society for the reference year 2019 (Text with EEA relevance.)

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EC) No 808/2004 of the European Parliament and of the Council of 21 April 2004 concerning Community statistics on the information society(1), and in particular Article 8(2) thereof,

Whereas:

  1. Regulation (EC) No 808/2004 establishes a common framework for the systematic production of European statistics on the information society.

  2. Implementing measures are needed to determine the data to be supplied in order to prepare the statistics in Module 1: ‘Enterprises and the information society’ and Module 2: ‘Individuals, households and the information society’, and to set the deadlines for their transmission.

  3. The measures provided for in this Regulation are in accordance with the opinion of the European Statistical System Committee,

HAS ADOPTED THIS REGULATION:

Article 1

The data to be transmitted in order to produce European statistics on the information society, as referred to in Article 3(2) and Article 4 of Regulation (EC) No 808/2004 in Module 1, ‘Enterprises and the information society’ and Module 2, ‘Individuals, households and the information society’, shall be as specified in Annexes I and II to this Regulation.

Article 2

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels, 21 November 2018.

For the Commission

The President

Jean-Claude Juncker

ANNEX I

Module 1: Enterprises and the information society

A. Subjects and their characteristics

(1) The subjects to be covered for the reference year 2019, drawn from the list in Annex I to Regulation (EC) No 808/2004, shall be as follows:

  1. ICT systems and their usage in enterprises;

  2. use of the internet and other electronic networks by enterprises;

  3. e-commerce;

  4. e-business processes and organisational aspects;

  5. ICT competence in the enterprise unit and the need for ICT skills;

  6. barriers to the use of ICT, the internet and other electronic networks, e-commerce and e-business processes;

  7. ICT security.

(2) The following enterprise characteristics shall be collected:

(a) ICT systems and their usage in enterprises

  1. for all enterprises:

    • computer usage;

  2. for enterprises using computers:

    • (optional) persons employed or percentage of the total number of persons employed who use computers for business purposes.

(b) Use of the internet and other electronic networks by enterprises

  1. for enterprises using computers:

    • internet access;

  2. for enterprises with internet access:

    • persons employed or percentage of the total number of persons employed who use computers with access to the internet for business purposes;

    • (optional) use of voice or video call applications over the internet for business purposes;

    • internet connection: any type of fixed connection;

    • internet connection: provision of portable devices that allow a mobile connection using mobile telephone networks, for business purposes;

    • (optional) having a website;

    • use of social networks, not solely used for paid adverts;

    • use of the enterprise's blogs or microblogs, not solely used for paid adverts;

    • use of multimedia content sharing websites, not solely used for paid adverts;

    • use of wiki based knowledge sharing tools, not solely used for paid adverts;

  3. for enterprises having any type of fixed connection to the internet:

    • maximum contracted download speed of the fastest fixed internet connection in Mbit/s in the ranges: [0,< 2], [2,< 10], [10,< 30], [30,< 100], [> = 100];

  4. for enterprises that provide their persons employed with portable devices that allow a mobile internet connection using mobile telephone networks, for business purposes:

    • persons employed or percentage of the total number of persons employed using a portable device provided by the enterprise which allows internet connection via mobile telephone networks, for business purposes;

  5. for enterprises having a website, information about the provision of the following facilities:

    • (optional) description of goods or services, price lists;

    • (optional) online ordering, reservation or booking;

    • (optional) possibility for visitors to customise or design online goods or services;

    • (optional) tracking or status of placed orders;

    • (optional) personalised content on the website for regular/recurrent visitors;

    • (optional) links or references to the enterprise's social media profiles;

    • (optional) use of information about visitors' behaviour on enterprise's website such as clicks, items viewed, for example for advertising or improving customer satisfaction;

  6. for enterprises using social media (not solely for paid adverts) referring specifically to social networks, the enterprise's blogs or microblogs, multimedia content-sharing websites or wiki-based knowledge-sharing tools:

    • use of social media to develop the enterprise's image or market products such as advertising or launching products;

    • use of social media to obtain or respond to customer opinions, reviews or questions;

    • use of social media to involve customers in development or innovation of goods or services;

    • use of social media to collaborate with business partners (such as suppliers) or other organisations (such as public authorities or non-governmental organisations);

    • use of social media to recruit employees;

    • use of social media to exchange views, opinions or knowledge within the enterprise.

(c) E-commerce

  1. for enterprises using computers:

    • receipt of orders for goods or services placed via a website or apps (web sales), in the previous calendar year;

    • receipt of orders for goods or services via EDI-type messages (EDI-type sales), in the previous calendar year;

  2. for enterprises having received orders for goods or services placed via a website or apps in the previous calendar year:

    • value of the turnover, expressed in absolute figures or as a percentage of total turnover, of e-commerce sales resulting from orders received via a website or apps, in the previous calendar year;

    • percentage of turnover from orders received via a website or apps, broken down by sales to private consumers (Business to Consumers: B2C), and sales to other enterprises (Business to Business: B2B) and to public authorities (Business to Government: B2G), in the previous calendar year;

    • receipt of orders for goods or services via the enterprise's own website or apps (including those of parent or affiliate enterprises, extranets), in the previous calendar year;

    • receipt of orders for goods or services via an e-commerce marketplace website or apps used by several enterprises for trading products, in the previous calendar year;

    • percentage of turnover from orders received via a website or apps broken down by orders received via the enterprise's own website or apps (including those of parent or affiliate enterprises, extranets) and by orders received via an e-commerce marketplace website or apps used by several enterprises for trading products, in the previous calendar year;

    • receipt of orders that were placed by customers via a website or apps by origin: own country, in the previous calendar year;

    • receipt of orders that were placed by customers via a website or apps by origin: other Member States, in the previous calendar year;

    • receipt of orders that were placed by customers via a website or apps by origin: rest of the world, in the previous calendar year;

    • (optional) the percentage of turnover from orders received via a website or apps in the previous calendar year broken down by origin: own country, other Member States and rest of the world;

  3. for enterprises having received orders for goods or services via EDI-type messages, in the previous calendar year:

    • value of the turnover, expressed in absolute figures or as a percentage of the total turnover, of e-commerce sales resulting from orders received via EDI-type messages, in the previous calendar year;

    • receipt of orders that were placed by customers via EDI-type messages, by origin: own country, in the previous calendar year;

    • receipt of orders that were placed by customers via EDI-type messages, by origin: other Member States, in the previous calendar year;

    • receipt of orders that were placed by customers via EDI-type messages, by origin: rest of the world, in the previous calendar year.

(d) E-business processes and organisational aspects

  1. for enterprises using computers:

    • use of an ERP (Enterprise Resource Planning) software package to share information among different functional areas;

    • use of any software application for managing information on customers (Customer Relationship Management — CRM software) that makes it possible to collect, store and make available to other business functions information about the enterprise's customers;

    • use of any software application for managing information on customers (Customer Relationship Management — CRM software) that enables information about customers to be analysed for marketing purposes.

(e) ICT competence in the enterprise unit and the need for ICT skills

  1. for enterprises using computers:

    • (optional) employment of ICT specialists;

    • (optional) provision of any type of training to develop ICT-related skills for ICT specialists, in the previous calendar year;

    • (optional) provision of any type of training to develop ICT-related skills for other persons employed, in the previous calendar year;

    • (optional) recruitment of or the attempt to recruit ICT specialists in the previous calendar year;

    • (optional) performance of ICT functions (such as maintenance of ICT infrastructure, support for office software, development or support of business management software/systems and/or web solutions, security and data protection) by own employees (including those employed in parent or affiliated enterprises) in the previous calendar year;

    • (optional) performance of ICT functions (such as maintenance of ICT infrastructure, support for office software, development or support of business management software/systems and/or web solutions, security and data protection) by external suppliers in the previous calendar year;

  2. for enterprises using computers and which have recruited or tried to recruit ICT specialists in the previous calendar year:

    • (optional) vacancies for ICT specialists that were difficult to fill.

(f) Barriers to the use of ICT, the internet and other electronic networks, e-commerce and e-business processes

  1. for enterprises that received orders placed by customers in other Member States, via a website or apps, during the previous calendar year: information about the following difficulties when selling to other Member States:

    • high costs of delivering or returning products;

    • difficulties related to resolving complaints and disputes;

    • adapting product labelling for sales to other Member States;

    • lack of knowledge of foreign languages to communicate with customers in other Member States;

    • restrictions imposed by the enterprise's business partners on sales to certain Member States.

(g) ICT security

  1. for enterprises with computers:

    • use as an ICT security measure: strong password authentication;

    • use as an ICT security measure: keeping the software (including operating systems) up-to-date;

    • use as an ICT security measure: user identification and authentication via biometric methods implemented by the enterprise;

    • use as an ICT security measure: encryption techniques for data, documents or e-mails;

    • use as an ICT security measure: data backup to a separate location (including backup to the cloud);

    • use as an ICT security measure: network access control (management of access by devices and users to the enterprise's network);

    • use as an ICT security measure: VPN (Virtual Private Network, which extends the private network across a public network to enable secure exchange of data over public network);

    • use as an ICT security measure: maintaining log files for analysis after security incidents;

    • use as an ICT security measure: ICT risk assessment, i.e. periodically assessment of probability and consequences of ICT security incidents;

    • use as an ICT security measure: ICT security tests such as performing penetration tests, testing security alert systems, reviewing security measures, testing backup systems;

    • making persons employed aware of their obligations in ICT security related issues through voluntary training or internally available information (such as information on the intranet);

    • making persons employed aware of their obligations in ICT security related issues through compulsory training courses or viewing compulsory material;

    • making persons employed aware of their obligations in ICT security related issues through a contract (such as a contract of employment);

    • ICT security related activities such as security testing, ICT training on security, resolving ICT security incidents (excluding upgrades of pre-packaged software) carried out by enterprise's own employees (including those employed in parent or affiliate enterprises);

    • ICT security related activities such as security testing, ICT training on security, resolving ICT security incidents (excluding upgrades of pre-packaged software) carried out by external suppliers;

    • availability of document(s) on measures, practices or procedures on ICT security;

    • problems experienced at least once in the previous calendar year due to ICT related incidents: unavailability of ICT services, for example denial of service attacks, ransomware attacks, hardware or software failures excluding mechanical failure, theft;

    • problems experienced at least once in the previous calendar year due to ICT related incidents: destruction or corruption of data, for example due to infection of malicious software or unauthorised intrusion, hardware or software failures;

    • problems experienced at least once in the previous calendar year due to ICT related incidents: disclosure of confidential data, for example due to intrusion, pharming, phishing attack, actions by enterprise's own employees (intentionally or unintentionally);

    • availability of an insurance against ICT security incidents;

  2. for enterprises having document(s) on measures, practices or procedures on ICT security:

    • (optional) document(s) on measures, practices or procedures on ICT security in the enterprise addressing: management of access rights for the usage of ICT, such as computers, network;

    • (optional) document(s) on measures, practices or procedures on ICT security in the enterprise addressing: storage, protection, access or processing of data;

    • (optional) document(s) on measures, practices or procedures on ICT security in the enterprise addressing: procedures or rules to prevent or respond to security incidents, such as pharming, phishing attacks, ransomware;

    • (optional) document(s) on measures, practices or procedures on ICT security in the enterprise addressing: responsibility, rights and duties of persons employed in the field of ICT, such as use of e-mails, mobile devices, social media;

    • (optional) document(s) on measures, practices or procedures on ICT security in the enterprise addressing: training of persons employed in the safe usage of ICT;

    • most recent definition or review of enterprise's document(s) on measures, practices or procedures on ICT security (such as risk assessment, evaluation of ICT security incidents): within the last 12 months; more than 12 months and up to twenty-four months ago; more than twenty-four months ago.

(3) The following background information shall be collected from all enterprises, or obtained from alternative sources:

  • the enterprise's main economic activity in the previous calendar year;

  • the average number of persons employed in the previous calendar year;

  • the total value of turnover, excluding VAT, in the previous calendar year.

B. Coverage

The characteristics specified in headings A (2) and (3) shall be collected for the following categories of enterprises:

  1. Economic activity: enterprises classified by the following NACE Rev. 2 categories:

    NACE Rev. 2 category

    Description

    Section C

    Manufacturing

    Section D, E

    Electricity, gas and steam and air conditioning supply, water supply, sewerage, waste management and remediation activities

    Section F

    Construction

    Section G

    Wholesale and retail trade; repair of motor vehicles and motorcycles

    Section H

    Transportation and storage

    Section I

    Accommodation and food service activities

    Section J

    Information and communication

    Section L

    Real estate activities

    Divisions 69-74

    Professional, scientific and technical activities

    Section N

    Administrative and support service activities

    Group 95.1

    Repair of computers and communication equipment;

  2. Enterprise size: enterprises with 10 or more persons employed. Enterprises with less than 10 persons employed may be covered optionally;

  3. Geographical scope: enterprises located in any part of the territory of the Member State.

C. Reference periods

The reference period is 2018 for the characteristics referring to the previous calendar year. The reference period is 2019 for the other characteristics.

D. Breakdown of data

The following background characteristics shall be provided in respect of the subjects and their characteristics listed in heading (2) of Part A:

  1. Economic activity breakdown: according to the following NACE Rev. 2 aggregates:

    NACE Rev. 2 aggregationfor possible calculation of national aggregates

    10 + 11 + 12 + 13 + 14 + 15 + 16 + 17 + 18

    19 + 20 + 21 + 22 + 23

    24 + 25

    26 + 27 + 28 + 29 + 30 + 31 + 32 + 33

    35 + 36 + 37 + 38 + 39

    41 + 42 + 43

    45 + 46 + 47

    47

    49 + 50 + 51 + 52 + 53

    55

    58 + 59 + 60 + 61 + 62 + 63

    68

    69 + 70 + 71 + 72 + 73 + 74

    77 + 78 + 79 + 80 + 81 + 82

    26.1 + 26.2 + 26.3 + 26.4 + 26.8 + 46.5 + 58.2 + 61 + 62 + 63.1 + 95.1

    NACE Rev. 2 aggregationfor possible calculation of European aggregates

    10 + 11 + 12

    13 + 14 + 15

    16 + 17 + 18

    26

    27 + 28

    29 + 30

    31 + 32 + 33

    45

    46

    55 + 56

    58 + 59 + 60

    61

    62 + 63

    77 + 78 + 80 + 81 + 82

    79

    95.1

  2. size class breakdown: data shall be broken down according to the following size classes by number of persons employed:

    Size class

    10 or more persons employed

    10 to 49 persons employed

    50 to 249 persons employed

    250 or more persons employed

    Where covered, a breakdown of the data shall be provided in accordance with the following table:

    Size class

    0 to 9 persons employed (optional)

    2 to 9 persons employed (optional)

    0 to 1 persons employed (optional)

E. Periodicity

The data stipulated in this Annex shall be provided once for 2019.

F. Deadlines for transmission of results

(1) The aggregate data referred to in Article 6 and Annex I (6) of Regulation (EC) No 808/2004, where necessary flagged for confidentiality or unreliability, shall be transmitted to Eurostat by 5 October 2019. By that date, the dataset shall be finalised, validated and accepted.

(2) The metadata referred to in Article 6 of Regulation (EC) No 808/2004 shall be sent to Eurostat by 31 May 2019.

(3) The quality report referred to in Article 7(3) of Regulation (EC) No 808/2004 shall be sent to Eurostat by 5 November 2019.

(4) The data and metadata shall be supplied to Eurostat, using the Single Entry Point services, in accordance with the exchange standard specified by Eurostat. The metadata and the quality report shall be provided in the standard metadata structure defined by Eurostat.

ANNEX II