The General Intelligence and Security Service (GISS) and State Security (VSSE) worked for a long time in a legal vacuum. The Organic Law of 18 July 1991 governing the review of the police forces and intelligence services marked a turning point with the introduction of the Committee R/I’s review of the intelligence services.

Since then, legislation relating to the intelligence and security sector has continued to develop.

The Law of 30 November 1998 governing the intelligence and security services (Intelligence Services Act) set out, for the first time, the missions and responsibilities of the civil and military intelligence services.

Two other important laws were adopted on 11 December 1998. Firstly, the law on classification and security clearances, certificates and advice, which has since undergone major legislative changes. It governs the system of classification and declassification (in particular the degrees of classification) and organises the system of security clearances and advice.

At the same time, a law was also passed to set up an Appeal Body for security clearances, certificates and advice (since renamed the Appeal Body for Security Clearances and Advice), with Committee R/I acting as Chair and Secretary.

In 2006, CUTA was established by the Act of 10 July 2006 on threat analysis. Since the creation of CUTA, Committee R/I has reviewed its operations together with Committee P.

The Law of 4 February 2010, the so-called “SIM Law” (Special Intelligence Methods) introduced a series of new methods for collecting information in the Act of 30 November 1998. Based on this law, supplemented in 2017, the intelligence services can use three categories of methods to collect data: ordinary, specific and exceptional methods, depending on the level of intrusion into the individual’s private life. The more intrusive the method, the more its use will be subject to strict procedures and controls. After the initial a priori control by the Administrative Commission responsible for monitoring the specific and exceptional methods of data collection by the intelligence and security services (the SIM Commission), Committee R/I is responsible for the a posteriori control of the legality of decisions relating to specific and exceptional methods and respect for proportionality and subsidiarity.

In 2016, the common databases Terrorist fighters and Hate propagandists were set up (merged in 2024 into a single database ‘Terrorism, Extremism, Radicalisation process’ (CDB T.E.R.)), for which Committee R/I has been designated oversight body jointly with the Supervisory Body for Police Information (COC).

Also in 2016, the General Data Protection Regulation 2016/679 (GDPR) and Direction 2016/680 were adopted at European level. These laws regulate the way in which public and private actors must act when collecting, safeguarding, storing and communicating personal data. Substantial changes were then introduced in national legislation, to better regulate the processing of personal data. In particular, the Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data appointed Committee R/I as the competent supervisory authority for the processing of personal data relating to national security.

The Act of 8 December 2022 on reporting channels and the protection of whistleblowers in federal public sector bodies and the integrated police (known as the Whistleblowers Act) entered into force in 2023. This act appointed Committee R/I as the external reporting channel, responsible for receiving reports of breaches of integrity within GISS and State Security.