EXPLANATORY MEMORANDUM

1.           CONTEXT OF THE PROPOSAL

· Grounds for and objectives of the proposal

In its Communication of 13 February 2008 preparing the next steps in border management in the European Union[1] the Commission suggested the establishment of an entry/exit system (EES). Such a system entails essentially the electronic register of the dates and places of entry and exit of each third-country national admitted for a short stay.

This proposal was endorsed in the Stockholm Programme[2] agreed by the European Council in December 2009.

Following the European Council of 23 and 24 June 2011 asking the smart borders package to be pushed forward rapidly, i.e. work on legislative proposals for an entry/exit system (EES) and a Registered Traveller Programme (RTP)[3], the Commission published a Communication on 25 October 2011,[4] on the implementation options for the EES and the RTP.

This proposal is presented together with a proposal to establish a Registered Traveller Programme and a proposal to amend the Community Code on the rules governing checks at external border crossing points and surveillance at the external border (Schengen Borders Code)[5] for the purpose of the functioning of the two new systems. Impact assessments are presented for each system.

· General context

According to the Schengen Borders Code, EU citizens and other persons enjoying the right of free movement under Union law (e.g. family members of EU citizens) crossing the external border shall be subject to a minimum check, both at entry and exit, consisting of the verification of the travel document in order to establish the identity of the person. All other third country nationals however must be subject, at entry, to a thorough check, which implies a check of their purpose of stay, possession of sufficient means of subsistence, as well as a search in the Schengen Information System (SIS) and in national databases.

There are no provisions in the Schengen Borders Code on the recording of travellers' cross border movements. Currently, stamping the travel document is the sole method to indicate the dates of entry and exit which can be used by border guards and immigration authorities to calculate the duration of the stay of a third-country national in the Schengen area, which shall not exceed 90 days within a period of 180 days. Other measures and tools available at border crossing points, such as databases (SIS and the Visa Information System – VIS), the consultation of which is compulsory at entry, but not at exit, are not intended for the purpose of recording border crossings and do not provide for this functionality. The main purpose of the VIS is to permit the verification of the visa application history and, at entry, to verify whether the person presenting the visa at the border is the same person to whom the visa has been issued.

There are currently no electronic means to check if, where and when a third-country national has entered or left the Schengen area. Difficulties in monitoring the authorised stay of third country nationals are also caused by the use and quality of the stamps (e.g. readability, lengthy process of calculating the stay, forgery and counterfeiting).

For these reasons, there is no consistent EU-wide record of entries and exits of travellers to and from the Schengen area and thus no reliable means for Member States to determine if a third-country national has exceeded his/her right to stay. Thirteen Member States[6] run their own national entry/exit systems collecting alphanumeric data of travellers. All 13 Member States give access for border management as well as law enforcement purposes. To the extent that a person lawfully exits the same Member State through which he or she entered, an overstay would be detected by these systems. Beyond that, the possibilities for using such systems to detect overstayers are none, as entry and exit records cannot be matched when persons leave the Schengen area through another Member State than the one from which they entered and in which their entry was recorded.

Reliable data on the number of irregular immigrants currently staying in the EU does not exist either. Conservative estimates of the number of irregular immigrants within the EU vary between 1.9 and 3.8 million. It is generally agreed that a clear majority of irregular immigrants are so-called overstayers, i.e. persons who have entered legally for a short stay, with a valid visa when required, and then remained in the EU when their authorised stay has expired. In terms of apprehensions of irregular immigrants[7] in the EU the total for 2010 (EU 27) was 505 220, which shows in comparison to the above estimate that only a small proportion of overstayers is apprehended.

In case third country nationals destroy their documentation once they have entered the Schengen area it is very important for the authorities to have access to reliable information to establish the identity of such persons.

The legislative financial statement annexed to this proposal is based on the study on the costs of an EES and an RTP carried out by an external contractor.

The objectives of the present proposal for a Regulation of the European Parliament and the Council are:

– to create an EES and establish a legal basis for the development and implementation of the technical system;

– to define the purpose, the functionalities and responsibilities for use of the EES; and

– to confer on the Agency for the operational management of large-scale information systems in the area of freedom, security and justice[8] (the Agency), the development and operational management of the central system.

This Regulation shall constitute the core instrument for the legal framework for the EES. To complement this legal framework, a proposal for amending the Schengen Borders Code as regards the use of the system as part of the border management process, is presented in parallel with this proposal.

The purpose of the EES will be to improve the management of the external border and the fight against irregular migration, by providing a system that will

· Calculate the authorised stay of each traveller; this includes at entry, in case of a traveller having visited the Schengen area frequently, to quickly and precisely calculate how many days there are left of the maximum of 90 days within 180 days; at exit, to verify that the traveller has respected the authorised stay; and within the territory, in relation to carrying out checks on third-country nationals to verify the legality of their stay;

· Assist in the identification of any person who may not, or may no longer, fulfil the conditions for entry to, or stay on the territory of the Member States; this concerns notably persons who are found during checks within the territory not in possession of their travel documents or any other means of identification;

· To support the analysis of the entries and exits of third-country nationals; this includes notably getting a precise picture of travel flows at the external borders and the number of overstayers eg by nationality of travellers.

The expected impact of the system is further assessed and detailed in the impact assessment and can be summarised as follows:

· Providing precise information in a rapid way to border guards during border checks, by replacing the current slow and unreliable system of manual stamping of passports; this will allow for both a better monitoring of the authorised stay as well as more efficient border checks;

· Providing precise information to travellers on the maximum length of their authorised stay;

· Providing precise information on who is overstaying their authorised stay, which will support controls within the territory and to apprehend irregular migrants;

· Support the identification of irregular migrants; by storing biometrics in the EES on all persons not subject to the visa requirement, and taking into account that the biometrics of visa holders are stored in the VIS, Member States' authorities will be able to identify any undocumented irregular migrant found within the territory that crossed the external border legally; this will in turn facilitate the return process;

· The analysis generated by the system will allow for an evidence-based approach to e.g. visa policy, as the EES will provide precise data on whether there is problem with overstayers of a given nationality or not, which would be an important element when deciding whether to impose or lift, as the case may be, the visa obligation on the third country in question;

· By abolishing the manual element of stamping of passports from the border check it becomes possible to provide for fully automated border controls for certain third-country nationals, under the conditions laid down in the proposal for a Registered Traveller Programme presented in parallel with this proposal.

· Existing provisions in the area of the proposal

Regulation of the European Parliament and of the Council (EC) No 562/2006 establishing a Community Code on the rules governing the movement of persons across borders (Schengen Borders Code).

Regulation of the European Parliament and of the Council (EC) No 1931/2006 laying down rules on local border traffic at the external land borders of the Member States and amending the provisions of the Schengen Convention.

Regulation of the European Parliament and of the Council (EC) No 767/2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation).

Regulation of the European Parliament and of the Council (EC) No 810/2009 establishing a Community Code on Visas.

Regulation of the European Parliament and of the Council (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice.

2.           CONSULTATION OF INTERESTED PARTIES AND IMPACT ASSESSMENT

· Consultation of interested parties

This is described in the accompanying impact assessment.

· Impact assessment

The first impact assessment[9] was carried out in 2008 when preparing the Commission Communication on this subject and the second one was finalised in 2012[10]. The former analysed the policy options and their most likely impacts and concluded that an EES should be established.

Following a consultations and pre-screening process the latter impact assessment analysed key implementation options.

Analysis of the different options and sub-options showed that the preferred solution for an EES should be the following:

The EES will be designed as a centralised system containing both alphanumeric and biometric data. The data retention period would be for ordinary cases six months and in case of overstay five years.

The use of biometrics would be subject to a transitional period of three years to allow for Member States' adapting processes at the border crossing points.

After a period of two years, the EES should be evaluated and, in this context the Commission would evaluate in particular the possible access to the system for law enforcement purposes as well as the retention period, also taking into account the experience of access for such purposes to the VIS. The evaluation would be accompanied, as appropriate, by a Commission proposal to amend the Regulation to define the conditions for such access. Those conditions would need to be strictly defined in order to provide an accurate data protection regime and could be modelled on those foreseen by the VIS legal basis.

The Impact Assessment Board (IAB) reviewed the draft impact assessment and delivered its opinion on 14 March 2012 and (on a revised version) on 8 June 2012. The recommendations for improvement were accommodated in the revised version of the report. In particular, the following changes were made: further information is provided on the consultation of interested parties; the overall logic has been reviewed and streamlined; the problem definition has been further developed and made more detailed, both in relation to the overall problem of irregular migration and in relation to specific implementation problems; the baseline scenario has been extended to better describe how it would evolve without further EU action; the options have been restructured and simplified; the assessment of the options have been refined and done in a more logical manner showing which options are linked and which are not; the explanation of the method used for calculating the costs was expanded; the analysis and description of the preferred option have been revised and linked more directly to data that will become available in the future.

3.           LEGAL ELEMENTS OF THE PROPOSAL

· Summary of the proposed actions

The purpose, functionalities and responsibilities for the EES must be defined. Furthermore, a mandate needs to be given to the Agency for the operational management of large-scale IT systems in the area of freedom, security and justice to develop and operationally manage the system. A detailed explanation of the proposal by article can be found in a separate Commission Staff Working Paper.

· Legal basis

Articles 74 and 77(2)(b) and (d) of the Treaty on the Functioning of the European Union is the legal basis for this Regulation. Article 77(2)(b) and (d) is the appropriate legal basis for further specifying the measures on the crossing of the external borders of the Member States and developing standards and procedures to be followed by Member States in carrying out checks on persons at such borders. Article 74 provides the appropriate legal basis for setting-up and maintaining the EES and for procedures for the exchange of information between Member States, ensuring cooperation between the relevant authorities of the Member States’ as well as between those authorities and the Commission in the areas covered by Title V of the Treaty.

· Subsidiarity principle

Under Article 77(2)(b) of the Treaty on the Functioning of the European Union, the Union has the power to adopt measures relating to the checks on persons and efficient monitoring of the crossing of external borders of the Member States. The current EU provisions on the crossing of the external borders of the Member States need to be modified to take into account that there are currently no reliable means to monitor the travel movements of third-country nationals admitted for a short stay given the complexity and slowness of the current stamping obligation, which is insufficient for allowing Members States' authorities to assess the authorised stay at the border check of the traveller or at checks within the territory and the very limited value of national systems for such purposes in an area without internal border control.

The information on who is on EU territory and who complies with the maximum allowed short stay of 90 days within 180 days, on nationalities and groups (visa exempt/required) of travellers overstaying and to support random checks within the territory to detect irregularly staying persons should be available to increase the efficiency of migration management.

A common regime is needed in order to establish harmonised rules on the records of cross border movements and monitoring of authorised stays for the Schengen area as a whole.

Therefore, the objective of the proposal cannot be sufficiently achieved by the Member States.

· Proportionality principle

Article 5 of the Treaty on the European Union states that action by the Union shall not go beyond what is necessary to achieve the objectives of the Treaty. The form chosen for this EU action must enable the proposal to achieve its objective and be implemented as effectively as possible. The proposed initiative constitutes a further development of the Schengen acquis in order to ensure that common rules at external borders are applied in the same way in all the Schengen Member States. It creates an instrument providing to the European Union information on how many third country nationals enter and leave the territory of the EU, which is indispensible for sustainable and evidence based policy making in the field of migration and visa. Furthermore, it is proportionate in terms of the right to protection of personal data in that it does not require the collection and storage of more data for a longer period than is absolutely necessary to allow the system to function and meet its objectives. It is also proportionate in terms of costs, taking into account the benefits the system will provide to all Member States in managing the common external border and progressing towards a common EU migration policy.

The proposal therefore complies with the proportionality principle.

· Choice of instrument

Proposed instruments: Regulation.

Other means would not be adequate for the following reason(s):

The present proposal will set up a centralised system through which Member States cooperate with each other, something which requires a common architecture and operating rules. Moreover it will lay down rules on border checks at the external borders which are uniform for all Member States. As a consequence, only a Regulation can be chosen as a legal instrument.

•           Fundamental rights

The proposed regulation has an impact on fundamental rights, notably on the protection of personal data (Article 8 of the Charter of Fundamental Rights of the EU), right to liberty and security (Article 6 of the Charter), respect for private and family life (Article 7 of the Charter), right to asylum (Article 18 of the Charter) and protection in the event of removal, expulsion or extradition (Article 19 of the Charter).

The proposal contains safeguards as regards personal data, in particular access thereto, which should be strictly limited only to the purpose of this Regulation and to the therein designated competent authorities. Safeguards as regards personal data also include the right of access to or the right of correction or deletion of data.

4.           BUDGETARY IMPLICATION

The Commission's proposal for the next multi-annual financial framework (MFF) includes a proposal of 4,6 billion EUR for the internal security Fund (ISF) for the period 2014-2020. In the proposal, 1,1 billion EUR is set aside as an indicative amount for the development of an EES and an RTP assuming development costs would start from 2015[11]. 

This financial support would cover not only the costs of central components for the entire MFF period (EU level, both development and operational cost) but also the development costs for the national, Member States, components of these two systems, within the resources available. Providing financial support for national development costs would ensure that difficult economic circumstances at national level do not jeopardise or delay the projects. This includes an amount on 146 million EUR for costs at national level related to hosting the IT systems, the space for hosting the end-user equipment, and the space for operators' offices. It also includes an amount of 341 million EUR for costs at national level related to maintenance such as for hardware and software licenses.

Once the new systems would be operational, future operational costs in the Member States could be supported by their national programmes. It is proposed that Member States may use 50% of the allocations under the national programmes to support operating costs of IT systems used for the management of migration flows across the external borders of the Union. These costs may include the cost for the management of VIS, SIS and new systems set up in the period, staff costs, service costs, rental of secure premises etc. Thus, the future instrument would ensure continuity of funding, where appropriate.

5.           ADDITIONAL INFORMATION

· Participation

This proposal builds upon the Schengen acquis in that it concerns the crossing of external borders. Therefore the following consequences in relation to the various protocols and agreements with associated countries have to be considered:

Denmark: In accordance with Articles 1 and 2 of the Protocol (no 22) on the position of Denmark, annexed to the Treaty on European Union (TEU) and the Treaty on the Functioning of the European Union (TFEU), Denmark does not take part in the adoption by the Council of measures pursuant to Title V of part Three of the TFEU.

Given that this Regulation builds upon the Schengen acquis, Denmark shall, in accordance with Article 4 of that Protocol decide within a period of six months after the Council has decided on this Regulation whether it will implement it in its national law.

United Kingdom and Ireland: In accordance with Articles 4 and 5 of the Protocol integrating the Schengen acquis into the framework of the European Union and Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland, and Council Decision 2002/192/EC of 28 February 2002 concerning Ireland's request to take part in some of the provisions of the Schengen acquis, the United Kingdom and Ireland do not take part in Regulation (EC) No 562/2006 (Schengen Borders Code). Therefore, the United Kingdom and Ireland are not taking part in the adoption of the this Regulation and are not bound by it or subject to its application.

Iceland and Norway: The procedures laid down in the Association Agreement concluded by the Council and the Republic of Iceland and the Kingdom of Norway concerning the latter's association with the implementation, application and development of the Schengen acquis are applicable, since the present proposal builds on the Schengen acquis as defined in Annex A of this Agreement[12].

Switzerland: This Regulation constitutes a development of the provisions of the Schengen acquis, as provided for by the Agreement between the European Union, the European Community and the Swiss Confederation on the latter's association with the implementation, application and development of the Schengen acquis[13].

Liechtenstein: This Regulation constitutes a development of the provisions of the Schengen acquis, as provided for by the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis[14].

Cyprus, Bulgaria and Romenia: This Regulation establishing the EES replaces the respective obligation to verify the length of the stay and to stamp the passport of third country nationals. These provisions were to be applied by the acceding Member States upon accession to the European Union.

2013/0057 (COD)

Proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

establishing an Entry/Exit System (EES) to register entry and exit data of third country nationals crossing the external borders of the Member States of the European Union

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty of the Functioning of the European Union, and in particular Article 74 and Article 77(2)(b) and (d) thereof,

Having regard to the proposal from the European Commission[15],

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Economic and Social Committee[16],

Having regard to the opinion of the Committee of the Regions[17],

After consulting the European Data Protection Supervisor,

Acting in accordance with the ordinary legislative procedure,

Whereas:

(1) The Communication of the Commission of 13 February 2008 entitled 'preparing the next steps in border management in the European Union'[18] outlined the need, as part of the European integrated border management strategy, to establish an Entry/Exit System which registers electronically the time and place of entry and exit of third-country nationals admitted for a short stay to the Schengen area and which calculates the duration of their authorised stay.

(2) The European Council of 19 and 20 June 2008 underlined the importance of continuing to work on the development of the EU's integrated border management strategy, including better use of modern technologies to improve the management of external borders.

(3) The Communication of the Commission of 10 June 2009, entitled 'An area of freedom, security and justice serving the citizens', advocates establishing an electronic system for recording entry to and exit from Member States' territory via the crossing of external borders to ensure more effective management of access to this territory.

(4) The European Council of 23 and 24 of June 2011 called for work on "smart borders" to be pushed forward rapidly. The Commission published a Communication "Smart borders – options and the way ahead" on 25 October 2011.

(5) It is necessary to specify the objectives of the Entry/Exit System (EES) and its technical architecture, to lay down rules concerning its operation and use and to define responsibilities for the system, the categories of data to be entered into the system, the purposes for which the data are to be entered, the criteria for their entry, the authorities authorised to access the data, the interlinking of alerts and further rules on data processing and the protection of personal data.

(6) The EES should not apply to third country nationals who are family members of Union citizens holding a residence card as provided for in Directive 2004/38/EC of the European Parliament and of the Council of 29 April 2004 on the right of citizens of the Union and their family members to move and reside freely within the territory of the Member States[19], or to holders of residence permits referred to in the Schengen Borders Code as their stay is not limited to 90 days within 180 days.

(7) The EES should have the objective of enhancing border control, preventing illegal immigration and facilitating the management of migration flows. The EES should in particular contribute to the identification of any person who may not, or may no longer fulfil the conditions of duration of stay whithin the territory of the Member States.

(8) To meet those objectives, the EES should process alphanumeric data and, after a transitional period, fingerprints. The impact on the privacy of travellers which the fingerprinting constitutes is justified by two reasons. Fingerprints are a reliable method to identify persons who are found within the territory of the Member States not in possession of their travel documents or any other means of identification, a common modus operandi of irregular migrants. Fingerprints also provide for more reliable matching of entry and exit data of legal travellers.

(9) Ten fingerprints should be enrolled in the EES, if physically possible, to allow for accurate verification and identification and to guarantee that sufficient data is available in every circumstance.

(10) The use of fingerprints should be subject to a transitional period to allow Member States to adapt the border check process and handling of passenger flows to avoid increasing waiting time at the border.

(11) The technical development of the system should provide for the possibility of access to the system for law enforcement purposes should this Regulation be amended in the future to allow for such access.

(12) The Agency for the operational management of large-scale information systems in the area of freedom, security and justice, established by Regulation (EU) No 1077/2011 of the European Parliament and of the Council of 25 October 2011[20], should be responsible for the development and operational management of a centralised EES. Such a system should consist of a Central Unit, a Back-up Central Unit, the Uniform Interfaces in each Member State, and the Communication Infrastructure between the Central EES and the Network Entry Points. Member States should be responsible for the development and operational management of their own national systems.

(13) To allow synergies and cost-efficiency, the EES should, to the extent possible, be implemented in parallel with the Registered Traveller System established pursuant to Regulation COM(2013)97 final.

(14) This Regulation should define the authorities of the Member States which can be authorised to have access to the EES to enter, amend, delete or consult data for the specific purposes of the EES and to the extent necessary for the performance of their tasks.

(15) Any processing of EES data should be proportionate to the objectives pursued and necessary for the performance of tasks of the competent authorities. When using the EES, the competent authorities should ensure that the human dignity and integrity of the person, whose data are requested, are respected and should not discriminate against persons on grounds of sex, racial or ethnic origin, religion or belief, disability, age or sexual orientation.

(16) The personal data stored in the EES should be kept for no longer than is necessary for the purposes of the EES. It is appropriate to keep the data for six months since it is the minimum period required for the calculations of the duration of the stay. A longer period of maximum five years would be necessary for persons who have not exited the territory of the Member States within the authorised period of stay. The data should be deleted after the period of five years, unless there are grounds to delete it earlier.

(17) Precise rules should be laid down as regards the responsibilities for the development and operation of the EES, the responsibilities of the Member States for the national systems and the access to data by the national authorities.

(18) Rules on the liability of the Member States in respect to damage arising from any breach of this Regulation should be laid down. The liability of the Commission in respect of such damage is governed by the second paragraph of Article 340 of the Treaty.

(19) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data[21] applies to the processing of personal data by the Member States in the application of this Regulation.

(20) Regulation (EC) No 45/2001 of 18 December 2000 of the European Parliament and the Council on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data[22] applies to the activities of the Union institutions or bodies when carrying out their tasks as responsible for the operational management of EES.

(21) The independent supervisory authorities established in accordance with Article 28 of Directive 95/46/EC should monitor the lawfulness of the processing of personal data by the Member States, whilst the European Data Protection Supervisor as established by Regulation (EC) No 45/2001 should monitor the activities of the Union institutions and bodies in relation to the processing of personal data. The European Data Protection Supervisor and the supervisory authorities should cooperate with each other in the monitoring of the EES.

(22) This Regulation respects the fundamental rights and observes the principles recognised by the Charter of Fundamental Rights of the European Union, in particular the protection of personal data (Article 8 of the Charter), the right to liberty and security (Article 6 of the Charter), the respect for private and family life (Article 7 of the Charter), the right to asylum (Article 18 of the Charter), protection in the event of removal, expulsion or extradition (Article 19 of the Charter), the right to an effective remedy (Article 47 of the Charter) and has to be applied in accordance with those rights and principles.

(23) The effective monitoring of the application of this Regulation requires evaluation at regular intervals. The conditions of giving access to the data stored in the system for law enforcement purposes and to third countries, and of retaining the data for different periods should further be evaluated in order to assess whether and, if so, how the system can contribute most effectively in the fight against terrorist offences and other serious criminal offences. Given the high number of personal data contained in the EES and the need to fully respect the private life of individuals whose personal data are processed in the EES, this evaluation should take place two years after the start of operations and take into consideration the results of the implementation of the VIS.

(24) The Member States should lay down rules on penalties applicable to infringements of the provisions of this Regulation and ensure that they are implemented.

(25) In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commision's exercise of implementing powers[23].

(26) The establishment of a common EES at the level of the area without controls at internal borders and the creation of common obligations, conditions and procedures for use of data cannot be sufficiently achieved by the Member States and can therefore, by reason of the scale and impact of the action, be better achieved at Union level in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, the Regulation does not go beyond what is necessary in order to achieve this objective.

(27) In accordance with Articles 1 and 2 of the Protocol (No 22) on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application. Given that this Regulation builds upon the Schengen acquis, Denmark shall, in accordance with Article 4 of that Protocol, decide within a period of six months after the Council has decided on this Regulation whether it will implement it in its national law.

(28) This Regulation constitutes a development of the provisions of the Schengen acquis in which the United Kingdom does not take part, in accordance with Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis[24]; the United Kingdom is therefore not taking part in its adoption and is not bound by it or subject to its application.

(29) This Regulation constitutes a development of the provisions of the Schengen acquis in which Ireland does not take part, in accordance with Council Decision 2002/192/EC of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen acquis[25]; Ireland is therefore not taking part in its adoption and is not bound by it or subject to its application.

(30) As regards Iceland and Norway, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latters' association with the implementation, application and development of the Schengen acquis[26], which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of that Agreement[27].

(31) As regards Switzerland, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis[28] which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC of 17 May 1999 read in conjunction with Article 3 of Council Decision 2008/146/EC[29].

(32) As regards Liechtenstein, this Regulation constitutes a development of the provisions of the Schengen acquis, as provided for by the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis[30] which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC of 17 May 1999 read in conjunction with Article 3 of Council Decision 2011/350/EU[31].

HAVE ADOPTED THIS REGULATION:

CHAPTER 1 General Provisions

Article 1 Subject matter

A system referred to as the 'Entry/Exit System' (EES) is hereby established for the recording and storage of information on the time and place of entry and exit of third country nationals crossing the external borders and admitted for a short stay in the territory of the Member States, for the calculation of the duration of their stay, and for the generation of alerts to Member States when authorised periods for stay have expired.

Article 2 Set-up of the EES

1.           The EES shall have the structure determined in Article 6.

2.           The Agency for the operational management of large-scale information systems in the area of freedom, security and justice (hereinafter the Agency) is hereby entrusted with the tasks of development and operational management of the EES, including the functionalities for processing biometric data referred to in Article 12.

Article 3 Scope

1.           This Regulation shall apply to any third country national admitted for a short stay in the territory of the Member States subject to border checks in accordance with the Schengen Borders Code when crossing the external borders of the Member States.

2.           This Regulation shall not apply to the crossing of external borders by:

(a)     members of the family of a Union citizen to whom Directive 2004/38/EC applies who hold a residence card referred to in that Directive;

(b)     members of the family of nationals of third countries enjoying the right of free movement under Union law who hold a residence card referred to in Directive 2004/38/EC;

This Regulation shall not apply to family members mentioned in points (a) and (b) even if they are not accompanying or joining the Union citizen or a third-country national enjoying the right of free movement;

(c)     holders of residence permits referred to in Article 2 (15) of the Schengen Borders Code;

(d)     nationals of Andorra, Monaco and San Marino.

Article 4 Purpose

The EES shall have the purpose of improving the management of the external borders and the fight against irregular immigration, the implementation of the integrated border management policy, the cooperation and consultation between border and immigration authorities by providing access by Member States to the information of the time and place of the entry and exit of third country nationals at the external borders and facilitating decisions relating thereto, in order:

– to enhance checks at external border crossing points and combat irregular immigration;

– to calculate and monitor the calculation of the duration of the authorised stay of third-country nationals admitted for a short stay;

– to assist in the identification of any person who may not, or may no longer, fulfil the conditions for entry to, or stay on the territory of the Member States;

– to enable national authorities of the Member States to identify overstayers and take appropriate measures;

– to gather statistics on the entries and exits of third country nationals for the purpose of analysis.

Article 5 Definitions

For the purposes of this Regulation, the following definitions shall apply:

(1) ‘external borders' means external borders as defined in Article 2(2) of the Schengen Borders Code;

(2) 'border authorities' means the competent authorities assigned, in accordance with national law, to carry out checks on persons at the external border crossing points in accordance with the Schengen Borders Code;

(3) ‘immigration authorities’ means the competent authorities assigned, in accordance with national law, to examine the conditions and take decisions related to the stay of third country nationals on the territory of the Member States;

(4) 'visa authorities' means the authorities which are responsible in each Member State for examining and for taking decisions on visa applications or for decisions whether to annul, revoke or extend visas, including the central visa authorities and the authorities responsible for issuing visas at the border in accordance with the Visa Code[32];

(5) 'third‑country national' means any person who is not a citizen of the Union within the meaning of Article 20 of the Treaty, with the exception of persons who under agreements between the Union or the Union and its Member States, on the one hand, and third countries, on the other, enjoy rights of free movement equivalent to those of Union citizens;

(6) ‘travel document’ means a passport or other equivalent document, entitling the holder to cross the external borders and to which a visa may be affixed;

(7) 'short stay' means stays in the territory of the Member States of a duration of no more than 90 days in any 180 days period;

(8) 'Member State responsible’ means the Member State which has entered the data in the EES;

(9) 'verification’ means the process of comparison of sets of data to establish the validity of a claimed identity (one-to-one check);

(10) 'identification’ means the process of determining a person’s identity through a database search against multiple sets of data (one-to-many check);

(11) 'alphanumeric data’ means data represented by letters, digits, special characters, space and punctuation marks;

(12) 'biometric data' means fingerprints;

(13) ‘overstayer’ means a third country national who does not fulfil, or no longer fulfils the conditions relating to the duration of a short stay on the territory of the Member States;

(14) 'Agency' means the agency established by Regulation (EU) No 1077/2011[33];

(15) 'Frontex' means the European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the European Union established by Regulation (EC) No 2007/2004[34];

(16) 'supervisory authority' means the supervisory authority established in accordance with Article 28 of Directive 95/46/EC;

(17) 'operational management' means all the tasks necessary to keep large-scale IT systems functioning, including responsibility for the communication infrastructure used by them;

(18) 'development' means all the tasks necessary to create a large-scale IT system, including the communication infrastructure used by it.

Article 6 Technical architecture of the EES

The EES shall be composed of:

(a) a Central System comprising a Central Unit and a Back-up Central Unit, capable of ensuring all the functionalities of the Central Unit in the event of the failure of the system;

(b) a National System comprising the required hardware, software and national communication infrastructure to connect the end user devices of the competent authorities as defined in Article 7(2) with the Network Entry Points in each Member State;

(c) a Uniform Interface in each Member State based on common technical specifications and identical for all Member States;

(d) the Network Entry Points, which are part of the Uniform Interface and are the national points of access connecting the National System of each Member State to the Central System and

(e) the Communication Infrastructure between the Central System and the Network Entry Points.

Article 7 Access for entering, amending, deleting and consulting data

1.           In accordance with Article 4, access to the EES for entering, amending, deleting and consulting the data referred to in Articles 11 and 12 in accordance with this Regulation shall be reserved exclusively to duly authorised staff of the authorities of each Member State which are competent for the purposes laid down in Articles 15 to 22, limited to the extent needed for the performance of the tasks in accordance with this purpose, and proportionate to the objectives pursued.

2.           Each Member State shall designate the competent authorities, including border, visa and immigration authorities, the duly authorised staff of which shall have access to enter, amend, delete or consult data in the EES. Each Member State shall without delay communicate to the Agency a list of these authorities. That list shall specify for which purpose each authority may have access to the data in the EES.

Within three months after the EES has become operational in accordance with Article 41, the Agency shall publish a consolidated list in the Official Journal of the European Union. Where there are amendments thereto, the Agency shall publish once a year an updated consolidated list.

Article 8 General principles

1.           Each competent authority authorised to access the EES in accordance with this Regulation shall ensure that the use of the EES is necessary, appropriate and proportionate to the performance of tasks of the competent authorities.

2.           Each competent authority shall ensure that in using the EES, it does not discriminate against third country nationals on grounds of sex, racial or ethnic origin, religion or belief, disability, age or sexual orientation and that it fully respects the human dignity and the integrity of the person.

Article 9 Automated calculator

The EES shall incorporate an automated mechanism that indicates the maximum authorised duration of stay in accordance with Article 5(1) of the Schengen Borders Code for each third-country national registered in the EES.

The automated calculator shall:

(a)          inform the competent authorities and the third-country national of the authorised length of stay on border entry;

(b)          identify third country nationals upon exit who have overstayed.

Article 10 Information mechanism

1.           The EES shall include a mechanism that shall automatically identify which entry/exit records do not have exit data immediately following the date of expiry of the authorised length of stay and identify records for which the maximum stay allowance has been exceeded.

2.           A list, generated by the system, containing the data referred to in Article 11 of all identified overstayers shall be available to the designated competent national authorities.

CHAPTER II  Entry and use of data by border authorities

Article 11 Personal data for visa holders

1.           In the absence of a previous registration of a third country national in the EES where a decision to authorise the entry of a visa holder has been taken in accordance with the Schengen Borders Code, the border authority shall create the individual file of the person by entering the following data:

(a)          surname (family name), surname at birth (earlier family name(s)), first name(s) (given names); date of birth, place of birth, country of birth, nationality or nationalities and sex;

(b)          type and number of the travel document or documents, the authority which issued it or them and the date of issue;

(c)          three letter code of the issuing country, and the the date of expiry of the validity of the travel document(s);

(d)          the visa sticker number, including the three letter code of the issuing Member State, and the date of expiry of the validity of the visa, if applicable;

(e)          at the first entry on the basis of the visa, the number of entries and the authorised period of stay as indicated on the visa sticker;

(f)           if applicable, information that the person has been granted access to the Registered Traveller Programme in accordance with Regulation COM(2013)97 final, the unique identifier number and status of participation.

2.           On each entry of that person the following data shall be entered in an entry/exit record, which shall be linked to the individual file of that person using the individual reference number created by the EES upon creation of that file:

(a)          date and time of the entry;

(b)          Member State of entry, the border crossing point and authority that authorised the entry;

(c)          the calculation of the number of days of the authorised stay(s) and the date of the last day of authorised stay.

3.           On exit the following data shall be entered in the entry/exit record linked to the individual file of that person:

(a)          date and time of the exit;

(b)          the Member State and the border crossing point of the exit.

Article 12 Personal data for third country nationals exempt from the visa obligation

1.           In the absence of a previous registration of a third country national in the EES where a decision has been taken to authorise the entry in accordance with the Schengen Borders Code of a national of a third country exempt from the visa obligation, the border authority shall create an individual file and enter ten fingerprints in the individual file of that person, in addition to the data referred to in Article 11, with the exception of the information referred to in Article 11 paragraph 1(d) and(e).

2.           Children under the age of 12 shall be exempt from the requirement to give fingerprints for legal reasons.

3.           Persons for whom fingerprinting is physically impossible shall be exempt from the requirement to give fingerprints for factual reasons.

However, should the impossibility be of a temporary nature, the person shall be required to give the fingerprints at the following entry. The border authorities shall be entitled to request further clarification on the grounds for the temporary impossibility to provide fingerprints.

Member States shall ensure that appropriate procedures guaranteeing the dignity of the person are in place in the event of encountered difficulties with capturing fingerprints.

4.           Where the person concerned is exempt from the requirement to give fingerprints for legal or factual reasons pursuant to paragraphs 2 or 3, the specific data field shall be marked as ‘not applicable’. The system shall permit a distinction to be made between the cases where fingerprints are not required to be provided for legal reasons and the cases where they cannot be provided for factual reasons.

5.           For a period of three years after the EES has started operation only the alphanumeric data referred to in paragraph 1 shall be recorded.

Article 13 Procedures for entering data at border crossing points where a previous file has been registered

If a previous file has been registered, the border authority shall, if necessary, update the file data, enter an entry/exit record for each entry and exit in accordance with Articles 11 and 12 and link that record to the individual file of the person concerned.

Article 14 Data to be added where an authorisation to stay is revoked or extended

1.           Where a decision has been taken to revoke an authorisation to stay or to extend the duration of the authorised stay, the competent authority that has taken the decision shall add the following data to the entry/exit record:

(a)          the status information indicating that the authorisation to stay has been revoked or that the duration of the authorised stay has been extended;

(b)          the authority that revoked the authorisation to stay or extended the duration of the authorised stay;

(c)          the place and date of the decision to revoke the authorisation to stay or to extend the duration of the authorised stay;

(d)          the new expiry date of the authorisation to stay.

2.           The entry/exit record shall indicate the ground(s) for revocation of the authorisation to stay, which shall be:

(a)          the grounds on which the person is being expelled;

(b)          any other decision taken by the competent authorities of the Member State, in accordance with national legislation, resulting in the removal or departure of the third country national who does not fulfil or no longer fulfils the conditions for the entry to or stay in the territory of the Member States.

3.           The entry/exit record shall indicate the grounds for extending the duration of an authorised stay.

4.           When a person has departed or been removed from the territories of the Member States pursuant to a decision, as referred to in paragraph 2(b), the competent authority shall enter the data in accordance with Article 13 in the entry/exit record of that specific entry.

Article 15 Use of data for verification at the external borders

1.           Border authorities shall have access to the EES for consulting the data to the extent the data is required for the performance of border control tasks.

2.           For the purposes referred to in paragraph 1, the border authorities shall have access to search with the data referred to in Article 11(1)(a) in combination with some or all of the following data:

– the data referred to in Article 11(1)(b);

– the data referred to in Article 11(1)(c);

– the visa sticker number referred to in Article 11(1)(d);

– the data referred to in Article 11(2)(a);

– the Member State and border crossing point of entry or exit;

– the data referred to in Article 12.

CHAPTER III Entry of data and use of the EES by other authorities

Article 16 Use of the EES for examining and deciding on visa applications

1.           Visa authorities shall consult the EES for the purposes of the examination of visa applications and decisions relating to those applications, including decisions to annul, revoke or extend the period of validity of an issued visa in accordance with the relevant provisions of the Visa Code.

2.           For the purposes referred to in paragraph 1, the visa authority shall be given access to search with one or several of the following data:

(a)          the data referred to in Article 11(1)(a), (b) and (c);

(b)          the visa sticker number, including the three letter code of the issuing Member State referred to in Article 11(1)(d);         

(c)          the data referred to in Article 12.

3.           If the search with the data listed in paragraph 2 indicates that data on the third country national are recorded in the EES, visa authorities shall be given access to consult the data of the individual file of that person and the entry/exit records linked to it solely for the purposes referred to in paragraph 1.

Article 17 Use of the EES for examining applications for access to the RTP

1.           The competent authorities refered to in Article 4 of Regulation COM(2013)97 final shall consult the EES for the purposes of the examination of RTP applications and decisions relating to those applications, including decisions to refuse, revoke or extend the period of validity of access to the RTP in accordance with the relevant provisions of that Regulation.

2.           For the purposes referred to in paragraph 1, the competent authority shall be given access to search with one or several of the data referred to in Article 11(1)(a), (b) and (c).

3.           If the search with the data listed in paragraph 2 indicates that data on the third country national are recorded in the EES, the competent authority shall be given access to consult the data of the individual file of that person and the entry/exit records linked to it solely for the purposes referred to in paragraph 1.

Article 18 Access to data for verification within the territory of the Member States

1.           For the purpose of verifying the identity of the third country national and/or whether the conditions for entry to or stay on the territory of the Member States are fulfilled, the competent authorities of the Member States, shall have access to search with the data referred to in Article 11(1)(a), (b) and (c), in combination with fingerprints refered to in Article 12.

2.           If the search with the data listed in paragraph 1 indicates that data on the third country national is recorded in the EES, the competent authority shall be given access to consult the data of the individual file of that person and the entry/exit record(s) linked to it solely for the purposes referred to in paragraph 1.

Article 19 Access to data for identification

1.           Solely for the purpose of the identification of any person who may not, or may no longer, fulfil the conditions for entry to, stay or residence on the territory of the Member States, the authorities competent for carrying out checks at external border crossing points in accordance with the Schengen Borders Code or within the territory of the Member States as to whether the conditions for entry to, stay or residence on the territory of the Member States are fulfilled, shall have access to search with the fingerprints of that person.

2.           If the search with the data listed in paragraph 1 indicates that data on the person are recorded in the EES, the competent authority shall be given access to consult the data of the individual file and the linked entry/exit records), solely for the purposes referred to in paragraph 1.

CHAPTER IV Retention and amendment of the data

Article 20  Retention period for data storage

1.           Each entry/exit record shall be stored for a maximum of 181 days.

2.           Each individual file together with the linked entry/exit record(s) shall be stored in the EES for a maximum of 91 days after the last exit record, if there is no entry record within 90 days following that last exit record.

3.           By way of derogation from paragraph 1, if there is no exit record following the date of expiry of the authorised period of stay, the data shall be stored for a maximum period of five years following the last day of the authorised stay.

Article 21 Amendment of data

1.           The competent authorities of the Member States designated in accordance with Article 7 shall have the right to amend data which has been introduced into the EES, by correcting or deleting such data in accordance with this Regulation.

2            The information on persons referred to in Article 10(2) shall be deleted without delay where the third-country national provides evidence in accordance with the national law of the Member State responsible, that he or she was forced to exceed the authorised duration of stay due to unforeseeable and serious event, that he or she has acquired a legal right to stay or in case of errors. The third-country national shall have access to an effective judicial remedy to ensure the data is amended.

Article 22 Advance data deletion

Where, before expiry of the period referred to in Article 20, a third country national has acquired the nationality of a Member State, or has fallen under the derogation of Article 3(2), the individual file and the records linked to it in accordance with Articles 11 and 12, shall be deleted without delay from the EES by the Member State the nationality of which he or she has acquired or the Member State that issued the residence card. The individual shall have access to an effective judicial remedy to ensure the data is deleted.

CHAPTER V Development, Operation and Responsibilities

Article 23 Adoption of implementation measures by the Commission prior to development

              The Commission shall adopt the following measures necessary for the development and technical implementation of the Central System, the Uniform Interfaces, and the Communication Infrastructure including specifications with regard to:

(a) the specifications for the resolution and use of fingerprints for biometric verification in the EES;

(b) the design of the physical architecture of the system including its communication infrastructure;

(c) entering the data in accordance with Article 11 and 12;

(d) accessing the data in accordance with Articles 15 to 19;

(e) keeping, amending, deleting and advance deleting of data in accordance with Articles 21 and 22;

(f) keeping and accessing the records in accordance with Article 30;

(g) performance requirements.

Those implementing acts shall be adopted in accordance with the procedure referred to in Article 42.

The technical specifications and their evolution as regards the Central Unit, the Back-up Central Unit, the Uniform Interfaces, and the Communication Infrastructure shall be defined by the Agency after receiving a favorable opinion of the Commission.

Article 24 Development and operational management

1.           The Agency shall be responsible for the development of the Central Unit, the Back-Up Central Unit, the Uniform Interfaces including the Network Entry Points and the Communication Infrastructure.

The Central Unit, the Back-up Central Unit, the Uniform Interfaces, and the Communication Infrastructure shall be developed and implemented by the Agency as soon as possible after entry into force of this Regulation and adoption by the Commission of the measures provided for in Article 23(1).

The development shall consist of the elaboration and implementation of the technical specifications, testing and overall project coordination.

2.           The Agency shall be responsible for the operational management of the Central Unit, the Back-Up Central Unit, and the Uniform Interfaces. It shall ensure, in cooperation with the Member States at all times the best available technology, subject to a cost-benefit analysis.

The Agency shall also be responsible for the operational management of the Communication Infrastructure between the Central system and the Network Entry Points.

Operational management of the EES shall consist of all the tasks necessary to keep the EES functioning 24 hours a day, 7 days a week in accordance with this Regulation, in particular the maintenance work and technical developments necessary to ensure that the system functions at a satisfactory level of operational quality, in particular as regards the time required for interrogation of the central database by border crossing points, which should be as short as possible.

3.           Without prejudice to Article 17 of the Staff Regulations of Officials of the European Union, the Agency shall apply appropriate rules of professional secrecy or other equivalent duties of confidentiality to its entire staff required to work with EES data. This obligation shall also apply after such staff leave office or employment or after the termination of their activities.

Article 25 National Responsibilities

1.           Each Member State shall be responsible for:

(a)          the development of the National System and the connection to the EES;

(b)          the organisation, management, operation and maintenance of its National System; and

(c)          the management and arrangements for access of duly authorised staff of the competent national authorities to the EES in accordance with this Regulation and to establish and regularly update a list of such staff and their profiles.

2.           Each Member State shall designate a national authority, which shall provide the access of the competent authorities referred to in Article 7 to the EES, and connect that national authority to the Network Entry Point.

3.           Each Member State shall observe automated procedures for processing the data.

4.           Before being authorised to process data stored in the EES, the staff of the authorities having a right to access the EES shall be given appropriate training about data security and data protection rules.

5.           Costs incurred by the National System as well as by hosting the National Interface shall be borne by the Union budget.

Article 26 Responsibility for the use of data

1.           Each Member State shall ensure that the data recorded in the EES is processed lawfully, and in particular that only duly authorised staff have access to the data for the performance of their tasks in accordance with Articles 15 to 19 of this Regulation. The Member State responsible shall ensure in particular that:

(a)          the data is collected lawfully;

(b)          the data is registered lawfully into the EES;

(c)          the data is accurate and up-to-date when it is transmitted to the EES.

2.           The Agency shall ensure that the EES is operated in accordance with this Regulation and the implementing acts referred to in Article 23. In particular, the Agency shall:

(a)          take the necessary measures to ensure the security of the Central System and the communication infrastructure between the Central System and the Network Entry Points, without prejudice to the responsibilities of each Member State;

(b)          ensure that only duly authorised staff has access to data processed in the EES for the performance of the tasks of the Agency in accordance with this Regulation.

3.           The Agency shall inform the European Parliament, the Council and the Commission of the measures it takes pursuant to paragraph 2 for the start of operations of the EES.

Article 27 Communication of data to third countries, international organisations and private parties

1.           Data stored in the EES shall not be transferred or made available to a third country, to an international organisation or any private party.

2.           By way of derogation from paragraph 1, the data referred to in Article 11(1)(a), (b) and (c) and Article 12 (1) may be transferred or made available to a third country or to an international organisation listed in the Annex if necessary in individual cases for the purpose of proving the identity of third-country nationals, including for the purpose of return, only where the following conditions are satisfied:

(a)          the Commission has adopted a decision on the adequate protection of personal data in that third country in accordance with Article 25(6) of Directive 95/46/EC, or a readmission agreement is in force between the Community and that third country, or Article 26(1)(d) of Directive 95/46/EC applies;

(b)          the third country or international organisation agrees to use the data only for the purpose for which they were provided;

(c)          the data are transferred or made available in accordance with the relevant provisions of Union law, in particular readmission agreements, and the national law of the Member State which transferred or made the data available, including the legal provisions relevant to data security and data protection; and

(d)          the Member State which entered the data in the EES has given its consent.

3.           Transfers of personal data to third countries or international organisations pursuant to paragraph 2 shall not prejudice the rights of refugees and persons requesting international protection, in particular as regards non-refoulement.

Article 28 Data security

1.           The Member State responsible shall ensure the security of the data before and during the transmission to the Network Entry Point. Each Member State shall ensure the security of the data it receives from the EES.

2.           Each Member State shall, in relation to its National System, adopt the necessary measures, including a security plan, in order to:

(a)          physically protect data, including by making contingency plans for the protection of critical infrastructure;

(b)          deny unauthorised persons access to national installations in which the Member State carries out operations in accordance with the purposes of the EES (checks at entrance to the installation);

(c)          prevent the unauthorised reading, copying, modification or removal of data media (data media control);

(d)          prevent the unauthorised input of data and the unauthorised inspection, modification or deletion of stored personal data (storage control);

(e)          prevent the unauthorised processing of data in the EES and any unauthorised modification or deletion of data processed in the EES (control of data entry);

(f)           ensure that persons authorised to access the EES have access only to the data covered by their access authorisation, by means of individual user identities and confidential access modes only (data access control);

(g)          ensure that all authorities with a right of access to the EES create profiles describing the functions and responsibilities of persons who are authorised to enter, amend, delete, consult and search the data and make their profiles available to the supervisory authorities without delay at their request (personnel profiles);

(h)          ensure that it is possible to verify and establish to which bodies personal data may be transmitted using data communication equipment (communication control);

(i)           ensure that it is possible to verify and establish what data has been processed in the EES, when, by whom and for what purpose (control of data recording);

(j)           prevent the unauthorised reading, copying, modification or deletion of personal data during the transmission of personal data to or from the EES or during the transport of data media, in particular by means of appropriate encryption techniques (transport control);

(k)          monitor the effectiveness of the security measures referred to in this paragraph and take the necessary organisational measures related to internal monitoring to ensure compliance with this Regulation (self-auditing).

3.           The Agency shall take the necessary measures in order to achieve the objectives set out in paragraph 2 as regards the operation of the EES, including the adoption of a security plan.

Article 29 Liability

1.           Any person who, or Member State which, has suffered damage as a result of an unlawful processing operation or any act incompatible with this Regulation shall be entitled to receive compensation from the Member State which is responsible for the damage suffered. That State shall be exempted from its liability, in whole or in part, if it proves that it is not responsible for the event giving rise to the damage.

2.           If any failure of a Member State to comply with its obligations under this Regulation causes damage to the EES, that Member State shall be held liable for such damage, unless and insofar as the Agency or another Member State participating in EES failed to take reasonable measures to prevent the damage from occurring or to minimise its impact.

3.           Claims for compensation against a Member State for the damage referred to in paragraphs 1 and 2 shall be governed by the provisions of national law of the defendant Member State.

Article 30 Keeping of records

1.           Each Member State and the Agency shall keep records of all data processing operations within the EES. These records shall show the purpose of access referred to in Article 7, the date and time, the type of data transmitted as referred to in Article 11 to 14, the type of data used for interrogation as referred to in Articles 15 to 19 and the name of the authority entering or retrieving the data. In addition, each Member State shall keep records of the staff duly authorised to put in or retrieve the data.

2.           Such records may be used only for the data protection monitoring of the admissibility of data processing as well as to ensure data security. The records shall be protected by appropriate measures against unauthorised access and deleted after a period of one year after the retention period referred to in Article 20 has been expired, if they are not required for monitoring procedures which have already begun.

Article 31 Self-monitoring

Member States shall ensure that each authority entitled to access EES data takes the measures necessary to comply with this Regulation and cooperates, where necessary, with the supervisory authority.

Article 32 Penalties

Member States shall take the necessary measures to ensure that any misuse of data entered in the EES is punishable by penalties, including administrative and/or criminal penalties in accordance with national law, that are effective, proportionate and dissuasive.

CHAPTER VI Rights and supervision on data protection

Article 33 Right of information

1.           Persons whose data are recorded in the EES shall be informed of the following by the Member State responsible:

(a)          the identity of the controller referred to in Article 37(4);

(b)          the purposes for which the data will be processed within the EES;

(c)          the categories of recipients of the data;

(d)          the data retention period;

(e)          that the collection of the data is mandatory for the examination of entry conditions;

(f)           the existence of the right of access to data relating to them, the right to request that inaccurate data relating to them be corrected or that unlawfully processed data relating to them be deleted, including the right to receive information on the procedures for exercising those rights and contact details of the national supervisory authorities, or of the European Data Protection Supervisor if applicable, which shall hear claims concerning the protection of personal data.

2.           The information referred to in paragraph 1 shall be provided in writing.

Article 34 Right of access, correction and deletion

1.           Without prejudice to the obligation to provide other information in accordance with Article 12(a) of Directive 95/46/EC, any person shall have the right to obtain communication of the data relating to him or her recorded in the EES and of the Member State which transmitted it to the EES. Such access to data may be granted only by a Member State. Each Member State shall record any requests for such access.

2.           Any person may request that data relating to him or her which is inaccurate be corrected and that data recorded unlawfully be deleted. The correction and deletion shall be carried out without delay by the Member State responsible, in accordance with its laws, regulations and procedures.

3.           If the request as provided for in paragraph 2 is made to a Member State, other than the Member State responsible, the authorities of the Member State to which the request has been lodged shall contact the authorities of the Member State responsible within a time limit of 14 days. The Member State responsible shall check the accuracy of the data and the lawfulness of its processing in the EES within a time limit of one month.

4.           In the event that data recorded in the EES are inaccurate or have been recorded unlawfully, the Member State responsible shall correct or delete the data in accordance with Article 21. The Member State responsible shall confirm in writing to the person concerned without delay that it has taken action to correct or delete data relating to him.

5.           If the Member State responsible does not agree that data recorded in the EES is inaccurate or has been recorded unlawfully, it shall explain in writing to the person concerned without delay why it is not prepared to correct or delete data relating to him.

6.           The Member State responsible shall also provide the person concerned with information explaining the steps which he can take if he does not accept the explanation provided. This shall include information on how to bring an action or a complaint before the competent authorities or courts of that Member State and any assistance, including from the supervisory authorities that is available in accordance with the laws, regulations and procedures of that Member State.

Article 35 Cooperation to ensure the rights on data protection

1.           The Member States shall cooperate actively to enforce the rights laid down in Article 34.

2.           In each Member State, the supervisory authority shall, upon request, assist and advise the person concerned in exercising his/her right to correct or delete data relating to him/her in accordance with Article 28(4) of Directive 95/46/EC.

3.           The supervisory authority of the Member State responsible which transmitted the data and the supervisory authorities of the Member States to which the request has been lodged shall cooperate to this end.

Article 36 Remedies

1.           In each Member State any person shall have the right to bring an action or a complaint before the competent authorities or courts of that Member State which refused the right of access to or the right of correction or deletion of data relating to him, provided for in Article 35.

2.           The assistance of the supervisory authorities shall remain available throughout the proceedings.

Article 37 Supervision by the supervisory authority

1.           The supervisory authority shall monitor the lawfulness of the processing of personal data, referred to in Articles 11 to 14 by the Member State in question, including their transmission to and from the EES.

2.           The supervisory authority shall ensure that an audit of the data processing operations in the National System is carried out in accordance with relevant international auditing standards at least every four years.

3.           Member States shall ensure that their supervisory authority has sufficient resources to fulfil the tasks entrusted to it under this Regulation.

4.           In relation to the processing of personal data in the EES, each Member State shall designate the authority which is to be considered as controller in accordance with Article 2(d) of Directive 95/46/EC and which shall have central responsibility for the processing of data by this Member State. Each Member State shall communicate this authority to the Commission.

5.           Each Member State shall supply any information requested by the supervisory authorities and shall, in particular, provide them with information on the activities carried out in accordance with Article 28 and grant them access to their records as referred to in Article 30 and allow them access at all times to all their premises.

Article 38 Supervision by the European Data Protection Supervisor

1.           The European Data Protection Supervisor shall check that the personal data processing activities of the Agency are carried out in accordance with this Regulation. The duties and powers referred to in Articles 46 and 47 of Regulation (EC) No 45/2001 shall apply accordingly.

2.           The European Data Protection Supervisor shall ensure that an audit of the Agency's personal data processing activities is carried out in accordance with relevant international auditing standards at least every four years. A report of such audit shall be sent to the European Parliament, the Council, the Agency, the Commission and the supervisory authorities. The Agency shall be given an opportunity to make comments before the report is adopted.

3.           The Agency shall supply information requested by the European Data Protection Supervisor, give him/her access to all documents and to its records referred to in Article 30 and allow him/her access to all its premises, at any time.

Article 39 Cooperation between supervisory authorities and the European Data Protection Supervisor

1.           The supervisory authorities and the European Data Protection Supervisor, each acting within the scope of their respective competences, shall actively cooperate within the framework of their responsibilities and shall ensure coordinated supervision of the EES and the National Systems.

2.           They shall, each acting within the scope of their respective competences, exchange relevant information, assist each other in carrying out audits and inspections, examine difficulties over the interpretation or application of this Regulation, study problems with the exercise of independent supervision or with the exercise of the rights of the data subject, draw up harmonised proposals for joint solutions to any problems and promote awareness of data protection rights, as necessary.

3.           The supervisory authorities and the European Data Protection Supervisor shall meet for that purpose at least twice a year. The costs of these meetings shall be borne by the European Data Protection Supervisor. Rules of procedure shall be adopted at the first meeting. Further working methods shall be developed jointly as necessary.

4.           A joint report of activities shall be sent to the European Parliament, the Council, the Commission and the Agency every two years. This report shall include a chapter of each Member State prepared by the supervisory authority of that Member State.

CHAPTER VII Final provisions

Article 40 Use of data for reporting and statistics

1.           The duly authorised staff of the competent authorities of Member States, of the Agency and of Frontex shall have access to consult the following data, solely for the purposes of reporting and statistics without allowing individual identification:

(a)          status information;

(b)          nationality of the third country national;

(c)          Member State, date and border crossing point of the entry and Member State, date and border crossing point of the exit;

(d)          the type of the travel document;

(e)          number of overstayers referred to in Article 10;

(f)           the data entered in respect of any stay revoked or whose validity is extended;

(g)          the authority that issued the visa, if applicable;

(h)          the number of persons exempt from the requirement to give fingerprints pursuant to Article 12(2) and (3).

Article 41 Start of operations

1.           The Commission shall determine the date from which the EES is to start operations, after the following conditions are met:

(a)          the measures referred to in Article 23 have been adopted;

(b)          the Agency has declared the successful completion of a comprehensive test of the EES, which shall be conducted by the Agency in cooperation with the Member States, and;

(c)          the Member States have validated the technical and legal arrangements to collect and transmit the data referred to in Articles 11 to 14 to the EES and have notified them to the Commission.

2.           The Commission shall inform the European Parliament of the results of the test carried out pursuant to paragraph 1(b).

3.           The Commission decision referred to in paragraph 1 shall be published in the Official Journal.

Article 42 Committee procedure

1.           The Commission shall be assisted by a committee. That committee shall be a committee within the meaning of Regulation (EU) No 182/2011.

2.           Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.

Article 43 Notifications

1.         Member States shall notify the Commission of:

(a)          the authority which is to be considered as controller referred to in Article 37;

(b)          the necessary technical and legal arrangements referred to in Article 41.

2.           Member States shall notify the Agency of the competent authorities which have access to enter, amend, delete, consult or search data, referred to in Article 7.

3.           The Agency shall notify the Commission of the successful completion of the test referred to in Article 41 paragraph 1 (b).

The Commission shall make the information notified pursuant to paragraph 1(a) available to the Member States and the public via a constantly updated electronic public register.

Article 44 Advisory group

An Advisory Group shall be established by the Agency and provide it with the expertise related to the EES in particular in the context of the preparation of its annual work programme and its annual activity report.

Article 45  Training

The Agency shall perform tasks related to training referred to in Article 25 (4).

Article 46 Monitoring and evaluation

1.           The Agency shall ensure that procedures are in place to monitor the functioning of the EES against objectives relating to the technical output, cost-effectiveness, security and quality of service.

2.           For the purposes of technical maintenance, the Agency shall have access to the necessary information relating to the data processing operations performed in the EES.

3.           Two years after the start of operations of the EES and every two years thereafter, the Agency shall submit to the European Parliament, the Council and the Commission a report on the technical functioning of EES, including the security thereof.

4.           Two years after the EES is brought into operation and every four years thereafter, the Commission shall produce an overall evaluation of the EES. This overall evaluation shall include an examination of results achieved against objectives, an assessement of the continuing validity of the underlying rationale, the application of the Regulation, the security of the EES and any implications on future operations. The Commission shall transmit the evaluation report to the European Parliament and the Council.

5.           The first evaluation shall specifically examine the contribution the entry-exit system could make in the fight against terrorist offences and other serious criminal offences and will deal with the issue of access for law enforcement purposes to the information stored in the system, whether, and if so, under which conditions such access could be allowed, whether the data retention period shall be modified and whether access to authorities of third countries shall be granted, taking into account the operation of the EES and the results of the implementation of the VIS.

6.           Member States shall provide the Agency and the Commission with the information necessary to draft the reports referred to in paragraphs 3 and 4 according to the quantitative indicators predefined by the Commission and/or the Agency.

7.           The Agency shall provide the Commission with the information necessary to produce the overall evaluations referred to in paragraphs 4 and 5.

Article 47 Entry into force and applicability

1.           This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

2.           It shall apply from the date referred to in the first paragraph of Article 41.

3.           Articles 23 to 25, 28 and 41 to 45 shall apply as from the date referred to in paragraph 1.

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.

Done at Brussels,

For the European Parliament                       For the Council

The President                                                 The President

Annex

List of international organisations referred to in Article 27 (2)

1.         UN organisations (such as UNHCR);

2.         International Organization for Migration (IOM);

3.         The International Committee of the Red Cross.

LEGISLATIVE FINANCIAL STATEMENT FOR PROPOSALS

1.           FRAMEWORK OF THE PROPOSAL/INITIATIVE

              1.1.    Title of the proposal/initiative

              1.2.    Policy area(s) concerned in the ABM/ABB structure

              1.3.    Nature of the proposal/initiative

              1.4.    Objective(s)

              1.5.    Grounds for the proposal/initiative

              1.6.    Duration and financial impact

              1.7.    Management method(s) envisaged

2.           MANAGEMENT MEASURES

              2.1.    Monitoring and reporting rules

              2.2.    Management and control system

              2.3.    Measures to prevent fraud and irregularities

3.           ESTIMATED FINANCIAL IMPACT OF THE PROPOSAL/INITIATIVE

              3.1.    Heading(s) of the multiannual financial framework and expenditure budget line(s) affected

              3.2.    Estimated impact on expenditure

              3.2.1. Summary of estimated impact on expenditure

              3.2.2. Estimated impact on operational appropriations

              3.2.3. Estimated impact on appropriations of an administrative nature

              3.2.4. Compatibility with the current multiannual financial framework

              3.2.5. Third-party participation in financing

              3.3.    Estimated impact on revenue

LEGISLATIVE FINANCIAL STATEMENT FOR PROPOSALS

1. FRAMEWORK OF THE PROPOSAL/INITIATIVE 1.1. Title of the proposal/initiative

Regulation of the European Parliament and of the Council establishing the Entry/Exit System (EES) to register entry and exit data of third country nationals crossing the external borders of the Member States of the European Union subject to the adoption by the Legislative Authority of the proposal establishing, as part of the Internal Security Fund, the instrument for financial support for external borders and visa (COM(2011)750) and subject to the adoption by the Legislative Authority of the proposal for a Council Regulation laying down the multiannual financial framework for the years 2014-2020 (COM(2011)398) and a sufficient level of resources being available under the expenditure ceiling of the pertinent budget heading.

1.2. Policy area(s) concerned in the ABM/ABB structure[35]

Policy area: Area of Home Affairs (title 18)

1.3. Nature of the proposal/initiative

x The proposal/initiative relates to a new action

¨ The proposal/initiative relates to a new action following a pilot project/preparatory action[36]

¨ The proposal/initiative relates to the extension of an existing action

¨ The proposal/initiative relates to an action redirected towards a new action

1.4. Objectives 1.4.1. The Commission's multiannual strategic objective(s) targeted by the proposal/initiative

The Stockholm Programme agreed by the European Council in December 2009 reaffirmed the potential for an Entry/Exit System (EES) allowing Member States to share data effectively while safeguarding data protection. The proposal to set up an EES was therefore included in the Action Plan Implementing the Stockholm Programme. Financing of the development of the Smart Borders package is one of the priorities of the Internal Security Fund (ISF)[37].

1.4.2. Specific objective(s) and ABM/ABB activity(ies) concerned

The EES shall have the purpose of improving the management of the external borders and the fight against irregular immigration in order:

to register entry and exit records of third-country nationals admitted for a short stay;

to calculate and monitor the duration of the authorised stay of third-country nationals admitted for a short stay;

to gather statistics on the entries and exits of third country nationals for the purpose of analysis.

ABM/ABB activity(ies) concerned

Activities: Solidarity – External borders, return, visa policy and free movement of people (chapter 18.02)

1.4.3. Expected result(s) and impact

Specify the effects which the proposal/initiative should have on the beneficiaries/groups targeted.

It will generate precise information on overstayers for all competent authorities in the Member States, which will help to apprehend and return irregular immigrants and thereby counteract irregular immigration in general.

It will provide precise information on the number of persons crossing the external border of the EU each year, further broken down by nationality and place of border crossing. The same detailed information will be provided specifically on overstayers, which will provide a much stronger evidence base as to whether nationals of a given third country should be subject to the visa obligation or not.

It will provide key data for the purposes of examining the applications of third-country nationals for the Registered Traveller Programme (RTP) (new and subsequent ones). In addition, it will give the competent authorities the information needed to ensure that third-country nationals benefitting from access to the RTP comply fully with all the necessary conditions, including the respect for the duration of the authorised stay.

It will permit the verification by the authorities that regular travellers holding multiple-entry visas do not overstay in the Schengen area.

1.4.4. Indicators of results and impact

Specify the indicators for monitoring implementation of the proposal/initiative.

During the development

After the approval of the draft proposal and the adoption of the technical specifications the technical system will be developed by an external contractor. The development of the systems will take place at central and national level under the overall coordination of the IT Agency. The IT Agency will define an overall governance framework in cooperation with all the stakeholders. As usual in the development of such systems an overall Project Management Plan, together with a Quality Assurance Plan will be defined at the beginning of rhe project. They should include dashboards that will include specific indicators related in particular to

          The overall project status

the timely development according to the agreed schedule (milestones), the risk management,the management of resources ( human and financial) according to the agreed allocations the organisational readiness…

Once the system is operational

According to Article 46 on monitoring and evaluation

"3.      Two years after the start of operations of the EES and every two years thereafter, the Agency shall submit to the European Parliament, the Council and the Commission a report on the technical functioning of EES, including the security thereof.

4.       Two years after the EES is brought into operation and every four years thereafter, the Commission shall produce an overall evaluation of the EES. This overall evaluation shall include an examination of results achieved against objectives, an assessement of the continuing validity of the underlying rationale, the application of the Regulation, the security of the EES and any implications on future operations. The Commission shall transmit the evaluation report to the European Parliament and the Council"

Of particular importance for that evaluation would be the indicators related to the number of overstayers and data on the border crossing time, where for the latter information would be gathered from experiences from the VIS also, as well as an in-depth analysis of the necessity of giving access to data for law enforcement purposes. The Commission should submit the reports on the evaluation to the European Parliament and the Council.

Specific objective: To enhance the efficiency of border checks through monitoring of the rights to authorised stay at entry and exit, and to improve the assessment of the risk of overstay;

Indicator: Processing time at the border crossing points

Numbers of overstayers identified at border crossing points

System availability

Specific objective: To generate reliable information to allow the EU and Member States to make informed policy choices concerning visa and migration;

Indicator: Number of alerts on overstayers by category visa-required/visa-exempt, by type of border land/sea/air, by Member State, by country of origin/nationality

Specific objective: To identify and detect irregular immigrants, especially overstayers, also within the territory and to increase the possibilities for return;

Indicator: Numbers of alerts leading to the apprehension of overstayers

Specific objective: To safeguard the fundamental rights, especially protection of personal data and right to privacy, of third country nationals.

Indicator: Number of false matches of entry/exit records

Number of complaints by individuals to national data protection authorities

1.5. Grounds for the proposal/initiative 1.5.1. Requirement(s) to be met in the short or long term

Irregular immigration into the EU poses a challenge to every Member State. The vast majority are "overstayers", persons having legally entered the European Union but stayed after their entitlement to do so had expired. EU law stipulates that third-country nationals have, as a general rule, the right to enter for a short-stay of up to three months per six months period.

The EES will be an instrument providing the European Union with basic information on the third country nationals entering and leaving the territory of the EU. This information is indispensable to shape sustainable and reasonable policies in the field of migration and visa. The current system of stamps in the passport poses a problem not only for enforcement but also in terms of informing persons of their rights, for example, the exact number of days they are entitled to remain in the Schengen area, following a series of stays lasting a few days each. Moreover, as long as data are not recorded elsewhere than the passport, sharing of data between Member States is physically impossible. It also means that such data would not be available in case the stamped travel documents are replaced or lost.

The EES will allow to calculate the duration of the stay of third country nationals (TCN) and to verify if someone is overstaying, also when carrying out checks within the Schengen area. Currently the stamping of the travel document indicating the dates of entry and exit is the sole instrument available to border guards and immigration authorities. The time a TCN has spent in the Schengen area is calculated based on the stamps, which are however often difficult to interpret; they may be illegible or the target of counterfeiting. Exact calculation of time spent in the Schengen area on the basis of stamps in the travel documents is thus both time-consuming and difficult.

1.5.2. Added value of EU involvement

No Member State is able to build up a common, interoperable entry/exit system alone. As all activities linked to the managemement of migration flows and security threats it is an area where there is obvious added value in mobilising the EU budget.

The abolition of internal border controls must be accompanied by common measures for the effective control and surveillance of the Union's external borders. Some Member States bear a heavy burden due to their specific geographic situation and the length of the external borders of the Union that they have to manage. The entry conditions and border checks for third-country nationals are harmonised through EU law. As persons may enter the Schengen area at a border crossing point in a Member State where a national register of entries/exits is used, but exit through a border crossing point where no such system is used no action can be achieved by the Member States acting alone but only at EU level.

1.5.3. Lessons learned from similar experiences in the past

The experience with the development of the second generation Schengen Information System (SIS II) and of the Visa Information System (VIS) showed the following lessons:

1) As a possible safeguard against cost overruns and delays resulting from changing requirements, any new information system in the area of freedom, security and justice, particularly if it involves a large-scale IT system, will not be developed before the underlying legal instruments setting out its purpose, scope, functions and technical details have been definitely adopted.

2) It proved difficult to fund the national developments for Member States that have not foreseen the respective activities in their multi-annual programming or lack precision in their programming in the framework of the External Border Fund (EBF). Therefore, it is now proposed to include these development costs in the proposal.

1.5.4. Coherence and possible synergy with other relevant instruments

This proposal should be seen as part of the continuous development of the Integrated Border Management Strategy of the European Union, and in particular the Smart Borders Communication[38], as well as in conjunction with the ISF borders proposal[39], as part of the MFF. The legislative financial statement attached to the amended Commission proposal for the Agency[40] covers the costs for the existing IT systems EURODAC, SIS II, VIS but not for the future border management systems that are not yet entrusted to the Agency via a legal framework. Therefore, in the annex to the proposal for a Council Regulation laying down the multi-annual financial framework for the years 2014-2020[41], under heading 3 "Security and Citizenship" it is foreseen to cover the existing IT systems in the rubrique 'IT systems' (822 mio €) and the future border management systems in the rubrique 'Internal Security' (1.1 mio € out of 4.648 mio €). Within the Commission DG HOME is the Directorate General responsible for the establishment of an area of free movement in which persons can cross internal borders without being submitted to border checks and external borders are controlled and managed coherently at the EU level. The system has the following synergies with the Visa Information System:

a) For visa holders, the Biometric Matching System will also be used for the purpose of Entry/Exit;

b) the Entry/Exit System will complement the VIS. The VIS contains only visa applications and issued visas, whereas for visa holders the EES will store also concrete entry and exit data related to the issued visas;

c) There will also be synergies with the RTP, as the entry and exit of the registered travellers will be recorded in the EES, which will monitor the duration of their authorised stay within the Schengen area. Without the EES, fully automated border crossings could not be implemented for the registered travellers.In addition, there is no risk of an overlap with similar initiatives carried out in other DGs.

1.6. Duration and financial impact

¨ Proposal/initiative of limited duration

– ¨  Proposal/initiative in effect from [DD/MM]YYYY to [DD/MM]YYYY

– ¨ Financial impact from YYYY to YYYY

x Proposal/initiative of unlimited duration

– Preparatory period from 2013 to 2015 (establishment of the legal framework)

– Development period from 2015 to 2017,

– followed by full-scale operation.

1.7. Management mode(s) envisaged[42]

x Centralised direct management by the Commission

x Centralised indirect management with the delegation of implementation tasks to:

– ¨  executive agencies

– x bodies set up by the Communities[43]

– ¨  national public-sector bodies/bodies with public-service mission

– ¨  persons entrusted with the implementation of specific actions pursuant to Title V of the Treaty on European Union and identified in the relevant basic act within the meaning of Article 49 of the Financial Regulation

¨ Shared management with the Member States

¨ Decentralised management with third countries

¨ Joint management with international organisations (to be specified)

If more than one management mode is indicated, please provide details in the "Comments" section.

Comments

The proposal for a Regulation of the European Parliament and of the Council establishing, as part of the Internal Security Fund, the instrument for financial support for external borders and visa for the period 2014-2020 (COM(2011)750), foresees the financing of the development of the Entry/Exit System in its Article 15. In accordance with Articles 58 1c) and 60 of the new Financial Regulation (centralised indirect management) the implementing tasks of the abovementioned financial programme will be delegated to the IT Agency.

During the 2015-2017 period, all development activities will be entrusted to the IT Agency through a delegation agreement. This will cover the development part of all strands of the project, i.e. Central system, Member States systems, networks and infrastructure in Member States.

In 2017, at the time of the mid term review, it is envisaged to transfer remaining credits from the 513.000 Mio € to the IT Agency line for operation and maintenance costs of the central system and of the network and to national programmes for operation and maintenance costs of national systems including infrastructure costs (see table below). The Legislative Financial Statement will be revised accordingly by the end of 2016.

Blocks || Management mode || 2015 || 2016 || 2017 || 2018 || 2019 || 2020

Development Central System || Indirect centralised || X || X || X || || ||

Development Member States || Indirect centralised || X || X || X || || ||

Maintenance Central System || Indirect centralised || || || X || X || X || X

Maintenance National Systems || Indirect centralised || || || X || X || X || X

Network (1) || Indirect centralised || X || X || X || X || X || X

Infrastructure Member States || Indirect centralised || X || X || X || X || X || X

(1) network development in 2015-2017, network operations in 2017-2020

2. MANAGEMENT MEASURES 2.1. Monitoring and reporting rules

Specify frequency and conditions.

The rules on monitoring and evaluation of the EES are foreseen in Article 46 of the EES proposal

Article 46       Monitoring and evaluation

1. The Agency shall ensure that procedures are in place to monitor the functioning of the EES against objectives relating to the technical output, cost-effectiveness, security and quality of service.

2. For the purposes of technical maintenance, the Agency shall have access to the necessary information relating to the data processing operations performed in the EES.

3. Two years after the start of operations of the EES and every two years thereafter, the Agency shall submit to the European Parliament, the Council and the Commission a report on the technical functioning of EES, including the security thereof.

4. Two years after the EES is brought into operation and every four years thereafter, the Commission shall produce an overall evaluation of the EES. This overall evaluation shall include an examination of results achieved against objectives, an assessment of the continuing validity of the underlying rationale, the application of the Regulation, the security of the EES and any implications on future operations. The Commission shall transmit the evaluation report to the European Parliament and the Council.

5. The first evaluation shall specifically examine the contribution the entry-exit system could make in the fight against terrorist offences and other serious criminal offences and will deal with the issue of access for law enforcement purposes to the information stored in the system, whether, and if so, under which conditions such access could be allowed, whether the data retention period shall be modified and whether access to authorities of third countries shall be granted, taking into account the operation of the EES and the results of the implementation of the VIS.

6. Member States shall provide the Agency and the Commission with the information necessary to draft the reports referred to in paragraphs 3 and 4 according to the quantitative indicators predefined by the Commission and/or the Agency.

7. The Agency shall provide the Commission with the information necessary to produce the overall evaluations referred to in paragraph 4.

2.2. Management and control system 2.2.1. Risk(s) identified

1) Difficulties with the technical development of the system

Member States have technically different national IT systems. Furthermore, border control processes may differ according to the local circumstances (available space at the border crossing point, travel flows, etc.). The EES needs to be integrated into national IT architecture and the national border control processes. Additionally, the development of the national components of the system needs to be fully aligned with central requirements. There are two main risks identified in this area:

a) The risk that technical and legal aspects of the EES may be implemented in different ways by different Member States, due to insufficient coordination between the central and national sides.

b) The risk of inconsistency in how this future system is used depending on how Member States implement the EES into the existing border control processes.

2) Difficulties with the timely development

From the experience gained during the development of the VIS and the SIS II, it can be anticipated that a crucial factor for a successful implementation of the EES will be the timely development of the system by an external contractor. As a center of excellence in the field of development and management of large-scale IT systems, the IT Agency will also be responsible for the award and management of contracts, in particular for sub-contracting the development of the system. There are several risks related to the use of an external contractor for this development work:

a) in particular, the risk that the contractor fails to allocate sufficient resources to the project or that it designs and develops a system that is not state-of-the-art;

b) the risk that administrative techniques and methods to handle large-scale IT projects are not fully respected as a way of reducing costs by the contractor;

c) finally, in the current economic crisis, the risk of the contractor facing financial difficulties for reasons external to this project cannot be entirely excluded.

2.2.2. Control method(s) envisaged

1) The Agency is meant to become a center of excellence in the field of development and management of large-scale IT systems. It shall be entrusted with the development and the operations of the central part of the system including uniform interfaces in the Member States. This will allow to avoid most of the drawbacks that the Commission met when developing the SIS II and the VIS.

During the development phase (2015-2017), the Commission will keep the overall responsibility, as the project will be developed via indirect central management. The Agency will be responsible for the technical and financial management, notably the award and management of contracts. The delegation agreement will cover the central part via procurements and the national part via grants. According to Article 40 of the Implementing Rules, the Commission will conclude an Agreement laying down the detailed arrangements for the management and control of funds and the protection of the financial interests of the Commission. Such agreement will include the provisions set out in paragraph 2 of Article 40. It will thus enable the Commission to manage the risks described in 2.2.1.

In the context of the mid-term review (foreseen in 2017 in the framework of the Internal Security Fund, Article 15 of the Horizontal Regulation) the management mode will be re-examined.

2) In order to avoid delays at national level, an efficient governance between all stakeholders is foreseen. The Commission has proposed in the draft Regulation that an Advisory Group composed of Member States national experts shall provide the Agency with the expertise related to the EES/RTP. This advisory group shall meet on a regular basis on the system implementation, share gathered experience and provide advice to the Management Board of the Agency. Furthermore, the Commission intends to recommend to Member States to set up a national project infrastructure / project group for both the technical and the operational development including a reliable communication infrastructure with single points of contact.

2.3. Measures to prevent fraud and irregularities

Specify existing or envisaged prevention and protection measures.

The measures foreseen to combat fraud are laid down in Article 35 of Regulation (EU) 1077/2011 which provides as follows:

1.       In order to combat fraud, corruption and other unlawful activities, Regulation (EC) No 1073/1999 shall apply.

2.       The Agency shall accede to the Interinstitutional Agreement concerning internal investigations by the European Anti‑fraud Office (OLAF) and shall issue, without delay, the appropriate provisions applicable to all the employees of the Agency.

3.       The decisions concerning funding and the implementing agreements and instruments resulting from them shall explicitly stipulate that the Court of Auditors and OLAF may carry out, if necessary, on‑the‑spot checks among the recipients of the Agency's funding and the agents responsible for allocating it.

In accordance with this provision, the decision of the Management Board of the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice concerning the terms and conditions for internal investigations in relation to the prevention of fraud, corruption and any illegal activity detrimental to the Union's interests was adopted on 28 June 2012.

Moreover, DG HOME is currently drafting its fraud prevention and detection strategy.

3. ESTIMATED FINANCIAL IMPACT OF THE PROPOSAL/INITIATIVE 3.1. Heading(s) of the multiannual financial framework and expenditure budget line(s) affected

Via the delegation agreement the Agency will be entrusted with the task to set up the appropriate tools at the level of its local financial systems in order to guarantee an efficient monitoring, follow-up and reporting of the costs linked to the implementation of the EES in compliance with Article 60 of the new Financial Regulation. It will take the appropriate measures, in order to be able to report whatever the final budget nomenclature will be.

· Existing expenditure budget lines

In order of multiannual financial framework headings and budget lines.

Heading of multiannual financial framework || Budget line || Type of expenditure || Contribution

Number [Description………………………...……….] || DA/NDA ([44]) || from EFTA[45] countries || from candidate countries[46] || from third countries || within the meaning of Article 21(2)(b) of the Financial Regulation

|| [XX.YY.YY.YY] || DA/ || YES/NO || YES/NO || YES/NO || YES/NO

· New budget lines requested

In order of multiannual financial framework headings and budget lines.

Heading of multiannual financial framework || Budget line || Type of expenditure || Contribution

Number [Heading……………………………………..] || Diff./non-diff. || from EFTA countries || from candidate countries || from third countries || within the meaning of Article 21(2)(b) of the Financial Regulation

3 || [18.02.CC] ISF borders || DA/ || NO || NO || YES || NO

3.2. Estimated impact on expenditure 3.2.1. Summary of estimated impact on expenditure

EUR million (to 3 decimal places)

Heading of multiannual financial framework: || 3 || Security and Citizenship

DG: HOME || || || Year 2015 || Year 2016 || Year 2017[47] || Year 2018 || Year 2019 || Year 2020 || Following years || TOTAL

Ÿ Operational appropriations || || || || || || || ||

Number of budget line 18.02.CC || Commitments || (1) || 122.566 || 30.142 || 119.477 || 80.272 || 80.272 || 80.271 || || 513.000

Payments || (2) || 61.283 || 82.382 || 92.677 || 83.993 || 80.271 || 80.271 || 32.122 || 513.000

Number of budget line || Commitments || (1a) || || || || || || || ||

Payments || (2a) || || || || || || || ||

Appropriations of an administrative nature financed  from the envelop of specific programs[48] || || || || || || || ||

Number of budget line || || (3) || || || || || || || ||

TOTAL appropriations for DG HOME || Commitments || =1+1a +3 || 122.566 || 30.142 || 119.477 || 80.272 || 80.272 || 80.271 || || 513.000

Payments || =2+2a +3 || 61.283 || 82.382 || 92.677 || 83.993 || 80.271 || 80.271 || 32.122 || 513.000

Ÿ TOTAL operational appropriations || Commitments || (4) || || || || || || ||

Payments || (5) || || || || || || ||

Ÿ TOTAL appropriations of an administrative nature financed from the envelop of specific programs || (6) || || || || || || ||

TOTAL appropriations under HEADING <….> of the multiannual financial framework || Commitments || =4+ 6 || || || || || || ||

Payments || =5+ 6 || || || || || || ||

If more than one heading is affected by the proposal / initiative:

Ÿ TOTAL operational appropriations || Commitments || (4) || || || || || || ||

Payments || (5) || || || || || || ||

Ÿ TOTAL appropriations of an administrative nature financed from the envelop of specific programs || (6) || || || || || || ||

TOTAL appropriations under HEADINGS 1 to 4 of the multiannual financial framework (Reference amount) || Commitments || =4+ 6 || || || || || || ||

Payments || =5+ 6 || || || || || || ||

Heading of multiannual financial framework: || 5 || " Administrative expenditure "

EUR million (to 3 decimal places)

|| || || Year 2013 || Year 2014 || Year 2015 || Year 2016 || Year 2017 || Year 2018 || Year 2019 || Year 2020 || Follwing years || TOTAL

DG: HOME || || || ||

Ÿ Human resources || 0.254 || 0.254 || 0.254 || 0.190 || 0.190 || 0.190 || 0.191 || 0.191 || || 1.715

Ÿ Other administrative expenditure || 0.201 || 0.201 || 0.201 || 0.200 || 0.200 || 0.200 || 0.200 || 0.200 || || 1.602

TOTAL DG HOME || Appropriations || 0.455 || 0.455 || 0.455 || 0.390 || 0.390 || 0.390 || 0.391 || 0.391 || || 3.317

TOTAL appropriations under HEADING 5 of the multiannual financial framework || (Total commitments = Total payments) || 0.455 || 0.455 || 0.455 || 0.390 || 0.390 || 0.390 || 0.391 || 0.391 || || 3.317

EUR million (to 3 decimal places)

|| || || Year 2013 || Year 2014 || Year 2015 || Year 2016 || Year 2017 || Year 2018 || Year 2019 || Year 2020 || Follwing years || TOTAL

TOTAL appropriations under HEADINGS 1 to 5 of the multiannual financial framework || Commitments || 0.455 || 0.455 || 123.021 || 30.533 || 119.867 || 80.662 || 80.662 || 80.662 || || 516.317

Payments || 0.455 || 0.455 || 61.738 || 82.773 || 93.067 || 84.383 || 80.662 || 80.662 || 32.122 || 516.317

The human resources required will be met by staff from the DG who are already assigned to management of the action and/or have been redeployed within the DG, together if necessary with any additional allocation which may be granted to the managing DG under the annual allocation procedure and in the light of budgetary constraints.

3.2.2. Estimated impact on operational appropriations

– ¨  The proposal/initiative does not require the use of operational appropriations

– x The proposal/initiative requires the use of operational appropriations, as explained below:

Commitment appropriations in EUR million (to 3 decimal places)

Indicate objectives and outputs ò || || || Year 2015 || Year 2016 || Year 2017 || Year 2018 || Year 2019 || Year 2020 || TOTAL ||

||

Type of output[49] || Average cost of the ouput || Number of ouputs || Cost || Number of ouputs || Cost || Number of ouputs || Cost || Number of ouputs || Cost || Number of ouputs || Cost || Number of ouputs || Cost || Total number of ouputs || Total cost ||

SPECIFIC OBJECTIVE No 1[50]: System Development (Central and National) || || || || || || || || || || || || || || ||

- Output || 1 || 122.566 || 1 || 30.142 || 1 || 43.143 || || || || || || || 1 || 195.851 ||

Sub-total for specific objective N° 1[51] || || 122.566 || || 30.142 || || 43.143 || || || || || || || || 195.851 ||

SPECIFIC OBJECTIVE No 2: System Operations (Central and National)   || || || || || || || || || || || || || || ||

- Output || || || || || 1 || 76.334 || 1 || 80.271 || 1 || 80.272 || 1 || 80.272 || 1 || 317.149 ||

Sub-total for specific objective N° 2[52] || || || || || || 76.334 || || 80.271 || || 80.272 || || 80.272 || || 317.149 ||

TOTAL COST || 1 || 122.566 || 1 || 30.142 || 2 || 119.477 || 1 || 80.271 || 1 || 80.272 || 1 || 80.272 || 2 || 513.000 ||

3.2.3. Estimated impact on appropriations of an administrative nature 3.2.3.1. Summary

– ¨  The proposal/initiative does not require the use of administrative appropriations

– x The proposal/initiative requires the use of administrative appropriations, as explained below:

EUR million (to 3 decimal places)

|| Year 2013 || Year 2014 || Year 2015 || Year 2016 || Year 2017 || Year 2018 || Year 2019 || Year 2020 || TOTAL

HEADING 5 of the multiannual financial framework || || || || || || || || ||

Human resources || 0.254 || 0.254 || 0.254 || 0.190 || 0.190 || 0.190 || 0.191 || 0.191 || 1.715

Other administrative expenditure || 0.201 || 0.201 || 0.201 || 0.200 || 0.200 || 0.200 || 0.200 || 0.200 || 1.602

Subtotal HEADING 5 of the multiannual financial framework || 0.455 || 0.455 || 0.455 || 0.390 || 0.390 || 0.390 || 0.391 || 0.391 || 3.317

Outside HEADING 5[53] of the multiannual financial framework || || || || || || || || ||

Human resources || || || || || || || || ||

Other expenditure of an administrative nature || || || || || || || || ||

Subtotal outside HEADING 5 of the multiannual financial framework || || || || || || || || ||

TOTAL || 0.455 || 0.455 || 0.455 || 0.390 || 0.390 || 0.390 || 0.391 || 0.391 || 3.317

3.2.3.2.  Estimated requirements of human resources

– ¨  The proposal/initiative does not require the use of human resources

– x The proposal/initiative requires the use of human resources, as explained below:

Estimate to be expressed in full time equivalent units (or at most to one decimal place)

|| Year 2013 || Year 2014 || Year 2015 || Year 2016 || Year 2017 || Year 2018 || Year 2019 || Year 2020

· Establishment plan posts (officials and temporary agents)

XX 01 01 01 (Headquarters and Commission’s Representation Offices) || 2 || 2 || 2 || 1,5 || 1,5 || 1,5 || 1,5 || 1,5

XX 01 01 02 (Delegations) || || || || || || || ||

XX 01 05 01 (Indirect research) || || || || || || || ||

10 01 05 01 (Direct research) || || || || || || || ||

· External personnel (in Full Time Equivalent unit: FTE)[54]

XX 01 02 01 (CA, INT, SNE from the "global envelope") || || || || || || || ||

XX 01 02 02 (CA, INT, JED, LA and SNE in the delegations) || || || || || || || ||

  XX 01 04 yy [55] || - at Headquarters[56] || || || || || || || ||

- in delegations || || || || || || || ||

XX 01 05 02 (CA, INT, SNE - Indirect research) || || || || || || || ||

10 01 05 02 (CA, INT, SNE - Direct research) || || || || || || || ||

Other budget lines (specify) || || || || || || || ||

TOTAL || 2 || 2 || 2 || 1,5 || 1,5 || 1,5 || 1,5 || 1,5

XX is the policy area or budget title concerned.

The human resources required will be met by staff from the DG who are already assigned to management of the action and/or have been redeployed within the DG, together if necessary with any additional allocation which may be granted to the managing DG under the annual allocation procedure and in the light of budgetary constraints.

Description of tasks to be carried out:

Officials and temporary agents || 2 during preparatory period from 2013 to 2015 1 administrator for the legislative negotiation, coordination of tasks with the Agency and supervision of the delegation agreement 0,5 administrator for supervision of financial activities and expertise on border control and technical matters 0,5 assistant for administrative and financial activities 1,5 during development period from 2016 to 2020 1 administrator for the follow-up of the delegation agreement (reports, preparation comitology, validation functional and technical specifications, supervision financial activities and coordination Agency), as well as expertise on border control and technical matters 0,5 assistant for administrative and financial activities

External personnel || 0

3.2.4. Compatibility with the current multiannual financial framework

– x Proposal/initiative is compatible with the current and the next multiannual financial framework.

– ¨  Proposal/initiative will entail reprogramming of the relevant heading in the multiannual financial framework.

Explain what reprogramming is required, specifying the budget lines concerned and the corresponding amounts.

– ¨  Proposal/initiative requires application of the flexibility instrument or revision of the multiannual financial framework[57].

Explain what is required, specifying the headings and budget lines concerned and the corresponding amounts.

3.2.5. Third-party contributions

– x The proposal/initiative does not provide for co-financing by third parties

– ¨ The proposal/initiative provides

Appropriations in EUR million (to 3 decimal places)

|| Year N || Year N+1 || Year N+2 || Year N+3 || … enter as many years as necessary to show the duration of the impact (see point 1.6) || Total

Specify the co-financing body || || || || || || || ||

TOTAL appropriations cofinanced || || || || || || || ||

3.3. Estimated impact on revenue

– ¨  Proposal/initiative has no financial impact on revenue.

– x Proposal/initiative has the following financial impact:

i. ¨         on own resources

ii. x        on miscellaneous revenue

EUR million (to 3 decimal places)

Budget revenue line: || Appropriations available for the ongoing budget exercise || Impact of the proposal/initiative[58]

Year 2015 || Year 2016 || Year 2017 || Year 2018 || Year 2019 || Year 2020 || Following years

Article 6313…………. || || 3,729 || 5,013 || 5,639 || 5,111 || 4,884 || 4,884 || 1,954

For miscellaneous assigned revenue, specify the budget expenditure line(s) affected.

18.02.CC ISF borders

Specify the method for calculating the impact on revenue.

The budget shall include a contribution from countries associated with the implementation, application and development of the Schengen acquis and the Eurodac related measures as laid down in the respective agreements. The estimates provided are purely indicative and are based on recent calculations for revenues for the implementation of the Schengen acquis from the States that currently contribute (Iceland, Norway and Switzerland) to the general budget of the European Union (consumed payments) an annual sum for the relevant financial year, calculated in accordance with its gross domestic product as a percentage of the gross domestic product of all the participating States. The calculation is based on June 2012 figures from EUROSTAT which are subject to considerable variation depending on the economic situation of the participating States.

[1]               COM (2008) 69 final. The Communication was accompanied by an Impact Assessment SEC(2008) 153.

[2]               'An open and secure Europe serving and protecting the citizens', Official Journal of the European Union of 4.5.2010, C 115/1.

[3]               EUCO 23/11.

[4]               COM (2011) 680 final.

[5]               OJ L 105, 13.4.2006.

[6]               Bulgaria, Estonia, Spain, Cyprus, Latvia, Lithuania, Hungary Malta, Poland, Portugal, Romania, Slovakia, and Finland.

[7]               http://epp.eurostat.ec.europa.eu/portal/page/portal/population/data/database This figure includes overstayers as well as persons having entered irregularly, and includes persons apprehended at the border as well as within the Schengen territory.

[8]               OJ L 286, 1.11.2011.

[9]               SEC (2008) 153.

[10]             SWD (2013) 48.

[11]             Subject to the adoption by the Legislative Authority of the proposal establishing, as part of the Internal Security Fund, the instrument for financial support for external borders and visas (COM(2011) 750 final) and subject to the adoption by the Legislative Authority of the proposal for a Council Regulation laying down multiannual financial framework for the years 2014-2020 (COM(2011)398) and a sufficient level of resources being available under the expenditure ceiling of the pertinent budget heading.

[12]             OJ L 176, 10.7.1999, p. 36.

[13]             OJ L 53, 27.2.2008, p. 52.

[14]             OJ L 160, 18.6.2011, p. 19.

[15]             OJ C , , p. .

[16]             OJ C , , p. .

[17]             OJ C , , p. .

[18]             COM (2008) 69 final

[19]             OJ L 158, 30.4.2004, p. 77.

[20]             OJ L 286, 1.11.2011, p 1.

[21]             OJ L 281, 23.11.1995, p. 31.

[22]             OJ L 8, 12.1.2001, p. 1.

[23]             OJ L 55, 28.2.2011, p. 13.

[24]             OJ L 131, 1.6.2000, p. 43.

[25]             OJ L 64, 7.3.2002, p. 20.

[26]             OJ L 176, 10.7.1999, p. 36.

[27]             OJ L 176, 10.7.1999, p. 31.

[28]             OJ L 53, 27.2.2008, p. 52.

[29]             OJ L 53, 27.2.2008, p. 1.

[30]             OJ L 160, 18.6.2011, p. 21.

[31]             OJ L 160, 18.6.2011, p. 19.

[32]             OJ L 243,15.9.2009, p.1

[33]             OJ L 286,1.11.2011,p.1

[34]             OJ L 349,25.11.2004,p.1

[35]             ABM: Activity-Based Management – ABB: Activity-Based Budgeting.

[36]             As referred to in Article 49(6)(a) or (b) of the Financial Regulation.

[37]             Proposal for a Regulation of the European Parliament and of the Council establishing, as part of the Internal Security Fund, the instrument for financial support for external borders and visa (COM(2011)750.

[38]             Communication from the Commission to the European Parliament and the Council – Smart Borders – options and the way ahead (COM(2011)680.

[39]             Proposal for a Regulation of the European Parliament and of the Council establishing, as part of the Internal Security Fund, the instrument for financial support for external borders and visa (COM(2011)750.

[40]             COM(2010)93 of 19 March 2010.

[41]             COM(2011)398 of 29 June 2011.

[42]             Details of management modes and references to the Financial Regulation may be found on the BudgWeb site: http://www.cc.cec/budg/man/budgmanag/budgmanag_en.html

[43]             As referred to in Article 185 of the Financial Regulation.

[44]             DA= Differentiated appropriations / DNA= Non-Differentiated Appropriations

[45]             EFTA: European Free Trade Association.

[46]             Candidate countries and, where applicable, potential candidate countries from the Western Balkans.

[47]             The variation of costs and especially the high costs in 2015 and 2017 can be explained as follows: at the beginning of the development period, in 2015, commitments for the development will be made (one-time costs to cover three years of hardware, software and contractor costs). At the end of the development period, in 2017, the required commitments for the operations will be made. Costs for the administration of hardware and software vary depending on the period.

[48]             Technical and/or administrative assistance and expenditure in support of the implementation of EU programmes and/or actions (former "BA" lines), indirect research, direct research.

[49]             Outputs are products and services to be supplied (e.g.: number of student exchanges financed, number of km of roads built, etc.).

[50]             As described in Section 1.4.2. "Specific objective(s)…"

[51]             This amount includes for the central development in particular the network infrastructure, required hardware and software licenses and costs for the external contractor to develop the central system. For the national development it also includes the costs for the required hardware and software licenses as well as external contractual development

[52]             This amount covers the required costs to keep the central system up and running, in particular the running of the network, the maintenance of the central system by an external contractor and the required hardware and software licenses. For the national operations, it covers the required costs for the running the national systems, in particular licenses for hardware and software, incident management, and costs for required external contractors.

[53]             Technical and/or administrative assistance and expenditure in support of the implementation of EU programmes and/or actions (former "BA" lines), indirect research, direct research.

[54]             CA= Contract Agent; INT= agency staff ("Intérimaire"); JED= "Jeune Expert en Délégation" (Young Experts in Delegations); LA= Local Agent; SNE= Seconded National Expert;

[55]             Under the ceiling for external personnel from operational appropriations (former "BA" lines).

[56]             Essentially for Structural Funds, European Agricultural Fund for Rural Development (EAFRD) and European Fisheries Fund (EFF).

[57]             See points 19 and 24 of the Interinstitutional Agreement.

[58]             As regards traditional own resources (customs duties, sugar levies), the amounts indicated must be net amounts, i.e. gross amounts after deduction of 25% for collection costs.