In 1992 the European Community Member States created a framework for the security of information systems by adopting the INFOSEC programme. The European Commission has now published a report on "INFOSEC '94: Security investigations" which summarizes the results of study and investigation projects carried out under the programme. The aim of the INFOSEC programme is to develop overall strategies which provide users and producers of electronically stored, processed or transmitted information with appropriate information security systems against accidental or deliberate threats. A number of INFOSEC projects were established to consider appropriate security solutions by analysing issues and requirements, in close cooperation with relevant sectors and national administrations. A future action plan now needs to be established to provide solutions for the requirements of electronic commerce.