WEBGUIDE

Page tree

Purpose

The Commission websites must assure adequate protection of data, including personal data, sent over the Internet against various types of risks, including risks to the data’s confidentiality and integrity.

Rules

All Commission websites must use the Transport Layer Security (TLS/SSL) protocol (over which internet protocols like HTTP can work) to protect the communication between client and server side. The combination of the HTTP protocol over SSL/TLS protocol is known as HTTPS, therefore a connection to a secure website is recognised by its URL starting with https:// instead of simply http://.

In addition:

  • all pages within any given website must be available under HTTPS
  • the secure connection to the website must be enforced by automatically redirecting web browsers from the http:// to the https:// version of the website
  • special care should be applied to cover and verify the secured connection especially on transactional pages containing data in transit, for example contact forms
  • the TLS/SSL encryption level of the secure connection must be TLS 1.1 or higher.

Further good practice include:

  • couple the use of TLS with a secure management of the relevant cryptographic keys
  • oblige the web client to use HTTPS through HTTP Strict Transport Security
  • mitigate the consequences of a compromise of cryptographic keys through Forward Secrecy.

Data protection

Any personal data that is processed as part of any task relating to the development of the European Commission's web presence must be done so in compliance with the Regulation on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (EU 2018/1725). Please refer to this guide's section on data protection for more information. 

the URL structure section of this guide provides information on how URLs for European Commission websites should be structured.

Contact and support

Need further assistance on this topic? Please contact the team in charge of Europa Domain Management (EU Login required).


Expand all   Collapse all
  • No labels
Attention: Public content on the Europa Web Guide has moved to the EC core website: Europa Web Guide. Restricted pages are now on SharePoint: European Commission website content governance.
Important note: Please update any links to the guide in your documentation or intranet pages accordingly.

The Europa Web Guide is the official rulebook for the European Commission's web presence, covering editorial, legal, technical, visual and contractual aspects.
All European Commission web sites must observe the rules and guidelines it contains.
Web practitioners are invited to observe its contents and keep abreast of updates. More information about the web guide.