Actors for this study – clarifying “actorness”

In an HI analysis it is also necessary to define the actors operating within the institution under examination. Current EU scholarship traditionally considers the Union’s Member States to be the actors operating within a particular institutional setting (Bulmer and Padgett, 2005; Pierson, 1996). An example of this is Bulmer’s (2009) examination of the evolution of the European Coal and Steel Community (ECSC) into the present European Union. This study focussed on the relationship between the supranational institutions of the EU and the Member States. This thesis, however, will consider the seven formal institutions of the EU – the European Commission, the European Parliament, the Council of the European Union, the European Council, the Court of Auditors, the Court of Justice and the European Central Bank – as the actors whose choices will be examined.

There are two reasons for considering these bodies as actors. The first reason is that this thesis seeks to understand why the European Union and not the Member States developed a particular cyber security policy. To do this it is necessary to examine policy development in the context of the interaction of the formal institutions of the EU. That

interaction occurs according to the formal rules, compliance procedures, customary practices and norms defined by Union competences. Within this context, each formal institution operates as a single, gestalt entity.

The second reason is a matter of practicality concerning nomenclature. The term “formal institution” has particular legal meaning when discussing the bodies of the European Union. The term refers explicitly to the seven principal, organisational bodies listed above. Referring to these entities as “institutions” in an institutionalist analysis can lead to confusion. By considering these entities as actors, and referring to them as such, this confusion is avoided.

To further justify the consideration of these bodies as actors, the thesis will adopt Scharpf’s (1997, p. 52) conceptualisation of “composite actors”. Scharpf argues that entities with an intentional capacity over and above the individuals which comprise them are better described as composite actors, entities with their own preferences and strategy choices. The reasoning behind this argument is that such gestalt entities – for example the European Council or the European Commission – are existent organisational bodies with an independent capacity for purposive action: they have a life and “actorness” of their own. Such a term suits the formal institutions of the European Union. Within the architecture of the EU these entities have specific purposes and roles which influence the choices and actions of the others. Furthermore, there is a capacity for one actor, such as the European Court of Auditors, to hold another to account, further emphasising the independence of those entities within the EU context.

This conceptualisation of composite actors lends itself to the analysis in this thesis as it will examine the internal machinations of the Union itself in which the Commission, Parliament et al take part, rather than the actions of Member States within the European Council, party political groups within the Parliament or potential business interests within the ECB. In addition, the use of the term “composite actor” resolves the difficulty of nomenclature by not employing the confusing term “formal institution” in an institutional analysis. Such a resolution more accurately portrays these bodies’ functions and roles in the EU policy development process and internal Union architecture.

Further support for considering these “formal institutions” as actors can be found in Bretherton and Vogler’s (2006, pp. 24–35) framework of “actorness”. Although this framework was designed to provide evidence and support for the notion that the EU as a

whole is an actor on the global stage, the framework can be effectively applied to the “formal institutions” of the EU.

4.3.1.

Defining “Actorness”

According to Bretherton and Vogler, the definition of an actor in international relations hinges on an entity’s presence, opportunity and capability to act in the circumstances under examination. The seven “formal institutions” of the EU are existent bodies, constituted by Union Treaties. These Treaties confer on these bodies a presence in the policy process. They establish their parameters of action within the policy development process and also identify them as contributors to that process in their own right. As such presence does not necessarily equate to purposive action, but is “a consequence of being” (Kaunert and Zwolski, 2014, p. 595).

Opportunity is defined by Bretherton and Vogler as “the context which frames and shapes EU action or inaction” (Bretherton and Vogler, 2006, p. 24). In other words, there needs to be a policy area or issue in which the entity can act. The “formal institutions” of the EU, in particular the European Commission, are tasked with ensuring that availability. In the field of cyber security, opportunity for the “formal institutions” to act is provided by the need to ensure the security of the pan-European ICT infrastructure in the context of its relevance to the internal market. The European Council had the opportunity in the late 1980s and early 1990s to take action to ensure that viability by tasking the Commission with formulating concrete proposals to boost jobs and growth. One of the resulting avenues was through the promotion of ICT.

Finally, the EU’s entities need more than a reason and an opportunity to act. They must also have the capabilities to do so. They must “capitalise on presence and respond to opportunity” (Bretherton and Vogler, 2006, p. 29). By virtue of the competences conferred upon, for example, the Commission, that entity can take some form of affirmative action in seeking to resolve policy or practical issues. In the case of cyber security, it can assign specific tasks to various agencies such as ENISA, Europol or eu-LISA.

This thesis proposes to merge Scharpf’s postulation of “composite actors” with Bretherton and Vogler’s conceptualisation and characterisation of “actorness”. This new “Scharpf- Bretherton-Vogler” model of actorness can be applied to the formal institutions of the EU. By accepting the gestalt nature of the Commission, the Parliament, the European Council and the Council of the European Union these bodies can be considered as composite

actors, entities which speak with their own voice. In the field of cyber security these bodies have presence, opportunity and capability to act, thereby conferring upon them “actorness” under Bretherton and Vogler’s definition.

The actors of relevance for this study are therefore the formal institutions of the EU. However, only four of the seven bodies which make up the modern EU are directly involved in the cyber security policy-making process: the European Commission, the European Council, the Council of the European Union and the European Parliament. The final three – the Court of Auditors, the Court of Justice and the European Central Bank – will not be examined in this thesis. The reason for this is that their purpose, function and tasks do not relate to the development of EU cyber security policy. While the Commission can refer Member States to the Court of Justice for failing to ensure ratification and implementation of legislation as per the Treaty regulations, the Court does not produce, determine or otherwise approve that legislation or make any policy decisions. The Court of Auditors is a body which exists solely to examine the financial actions of the other institutions while the ECB operates exclusively in financial and economic services. As such it may be a user of cyber security policy, but does not contribute to its developmental processes.

4.3.1.1. The Role of the Formal Institutions in EU Policy-making

Before embarking on an examination of the interaction of the relevant actors within an institutional setting, it is beneficial to set out their roles in the policy development process. The European Council sits at the apex of EU decision-making. It is comprised of the heads of state and government of the EU’s Member States and, since the entry into force of the Treaty of Lisbon, is presided over by a permanent President. As of 1 December 2014, this is Donald Tusk, a former Prime Minister of Poland (European Council, 2014). This institution meets to discuss and steer the overall strategic direction of the Union as a whole, respond to major problems such as the 2008 economic crisis (Interview, Senior Official, DG MARKT, European Commission, 2014) and provide leadership for the EU at the highest political level (Dinan, 2010, p. 205). Despite having no legislative powers, its pronouncements – published as Conclusions and Resolutions – form the basis for subsequent strategy paths and policy development. Alongside the Treaties, these Resolutions establish and govern patterns of behaviour and procedural norms for the EU’s constituent actors.

In line with the overall strategic direction set by the European Council, Union legislation is passed into law by two representative bodies – the Council of the European Union, and the European Parliament. The Council of the European Union is the institution representing Member State governments. It is where national, policy-specific ministers meet (European Council & Council of the European Union, 2014). Since the entry into force of the Treaty of Lisbon, the Council of the European Union shares legislative co-decision with the European Parliament. The Parliament is the only directly-elected EU body (European Parliament, n.d.). It represents the citizens of the Union. Its members do not sit in national blocs, but rather in larger groupings of Member State parties which share political ideology such as the European Peoples’ Party26

or the Socialists and Democrats27.

The final institution involved in policy development is the European Commission (the Commission). Described as the engine room of EU policy and analogous to a national civil service (Robinson, 2012, p. 162) the Commission is responsible for the preparation, implementation and monitoring of EU policy and legislation and describes itself as the guardian of the Treaties (Interview, Senior Official, DG HOME, European Commission, 2014). It is divided into 28 departments called Directorates-General (DG). These are comparable to national ministries. They are each responsible for a policy portfolio and headed by a Commissioner. Commissioners are representatives from each of the EU Member States and are known collectively as the College of Commissioners. In the field of cyber security, the most relevant DGs are those responsible for Communications Networks, Content and Technology (DG Connect), Migration and Home (DG HOME) and Internal Market, Industry, Entrepreneurship and SMEs (DG GROWTH, formerly DG MARKT until the appointment of the Junker Commission in 2014). This thesis will therefore concentrate on the roles, actions and interactions of these four actors.