EXPLANATORY MEMORANDUM

1.           CONTEXT OF THE PROPOSAL

· Grounds for and objectives of the proposal

The potential offered by new technologies in the area of Integrated Border Management (IBM) has been under active consideration at EU level since 2008 when the Commission published its Communication "Preparing the next steps in border management in the European Union"[1]. In its Communication the Commission suggested the establishment of a Registered Traveller Programme (RTP) for pre-vetted, frequent third country travellers in order to allow for facilitated border crossings.

The RTP was endorsed in the "Stockholm Programme"[2] agreed by the European Council in December 2009.

The European Council in June 2011 called for "pushing forward rapidly with work on 'smart borders'". As the first response to this call, the Commission published a Communication on 25 of October 2011[3], on the implementation options for an Entry Exit System and the RTP.

This proposal is presented together with a proposal to establish an Entry Exit System and a proposal to amend the Community Code on the rules governing checks at external border crossing points and surveillance at the external border (Schengen Borders Code; SBC)[4] for the purpose of the functioning of the two new systems. Impact assessments are presented for each system.

This proposal does not affect Customs controls i.e. control of goods.

· General context

For the purpose of laying down the conditions, criteria and detailed rules governing checks at external border crossing points and surveillance at the external border, the SBC was adopted on 15 March 2006. In accordance with Article 7, all persons shall be subject to checks at the external borders.

Thorough checks are normally carried out on third-country nationals, and minimum checks on EU citizens and persons enjoying the right of free movement.[5] However, current rules for third-country nationals could be described as "one-size-fits-all" as the same checks apply regardless of any differences in risk between different travellers or their frequency of travel. This is because current legislation does not allow for exceptions to the principle of thorough border checks except for those categories of third-country nationals that are specifically mentioned in the SBC or in the Local Border Traffic Regulation[6] such as Heads of States, cross-border workers and border residents.

Only a very small minority of persons crossing the external border are able to benefit from the above-mentioned exceptions: approximately two million equivalent to 0,2 % of total passenger flows. This number can be expected to remain largely constant, with a marginal increase due to an increased take up of local border traffic regimes. By the end of 2010, 110 000 local border traffic permits were issued by Member States.

In order to fulfil the requirements of the SBC, a border guard shall establish that the third-country national fulfils all EU entry requirements on each entry (purpose of stay in the EU, whether he or she possesses sufficient means of subsistence and intention to return the country of origin). This is done by interviewing a traveller and checking necessary documents such as booking confirmation for an accomodation and for a return flight/ferry/train. The border guard shall also monitor the authorised stay in the Schengen area which is currently done by calculating stamps in the travel document.

Taking into account the foreseen increase in passenger flows at the external borders, an alternative border check procedure should be offered for frequent third-country travellers moving gradually away from a "country-centric" approach towards a "person-centric" approach.

In practice the RTP would work at the border the following way: A registered traveller would be issued a token in the form of a machine-readable card containing only a unique identifier (i.e. application number), which is swiped on arrival and departure at the border using an automated gate. The gate would read the token and the travel document (and visa sticker number, if applicable) and the fingerprints of the travellers, which would be compared to the ones stored in the Central Repository and other databases, including the Visa Information system (VIS) for visa holders. If all checks are successful, the traveller is able to pass through the automated gate. In case of any issue, the traveller would be assisted by a border guard.

Facilitation of border crossings would take place also during the manual border checks as border guards would not need to ask the "additional" questions from the registered traveller such as the destination of travel and existence of sufficient means of subsistence.

The establishment of an Entry/Exit System (EES) with or without biometrics which would record entries and exits of third-country nationals for short stays at the external borders would be the precondition for allowing full automation of the border checks for registered travellers as described above. The EES would allow the elimination of the obligation to stamp the travel document foreseen under the Schengen Borders Code as the manual stamping would be replaced by automatic recording and calculation of stay. Once the stamping obligation has disappeared, consultation of the EES would become mandatory at the external border to ensure that the third-country national has not exceeded his/her legal entitlement of stay in the Schengen area. This consultation could be done automatically using the Machine Readable Zone of the travel document or fingerprints.

The RTP together with the EES will improve management and control of travel flows at the border substantially by reinforcing checks while speeding up border crossings for frequent, pre-vetted non EU travellers.

The legislative financial statement annexed to this proposal is based on the study on the costs of an EES and an RTP carried out by an external contractor.

Based on the considerations above, the objective of the present proposal for a Regulation of the European Parliament and the Council is:

– to establish the procedures and conditions for access to the RTP,

– to define the purpose, the functionalities and responsibilities for a token[7]-Central Repository as a system for the storage of data on registered travellers and

– to confer on the Agency for the operational management of large-scale information systems in the area of freedom, security and justice[8] (the Agency), the development and operational management of the Central Repository and the definition of technical specifications for a token.

This Regulation shall constitute the core instrument for the legal framework for the RTP. In order to complement this legal framework, an amendment of the SBC is also necessary as regards facilitated border crossings for third-country nationals, and is presented in parallel with this proposal. Furthermore, a proposal for an Entry/Exit System which records the entries and exists of third-country nationals is presesented simultaneously.

· Existing provisions in the area of the proposal

Regulation of the European Parliament and of the Council (EC) No 562/2006 establishing a Community Code on the rules governing the movement of persons across borders (Schengen Borders Code).

Regulation of the European Parliament and of the Council (EC) No 1931/2006 laying down rules on local border traffic at the external land borders of the Member States and amending the provisions of the Schengen Convention.

Regulation of the European Parliament and of the Council (EC) No 767/2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation).

Regulation of the European Parliament and of the Council (EC) No 810/2009 establishing a Community Code on Visas.

Regulation of the European Parliament and of the Council (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice.

2.           CONSULTATION OF INTERESTED PARTIES AND IMPACT ASSESSMENT

· Consultation of interested parties

The consultation of interested parties is described in the accompanying impact assessment.

· Impact assessment

The first impact assessment[9] was carried out in 2008 when preparing the Commission Communication on this subject and the second one was finalised in 2013[10]. The former analysed the policy options and their most likely impacts and concluded that an RTP for third-country nationals should be established.

Following a consultation and pre-screening process the latter impact assessment analysed key implementation options.

After the analysis of the options and their sub-options, a fee based RTP for pre-vetted and pre-screened frequent third-country travellers with the data (biometrics, alphanumeric data and unique identifier number) stored in a Central Repository and the unique identifier (application number) stored in a token was found to be the most feasible option to guarantee smooth passenger flows at the external borders without decreasing the level of security at the EU. This option minimises the use of personal data in an EU IT-system as no personal data is retrieved by the border guards at the first line control and it avoids the main security drawbacks of the pure token-based system. The application of the same data protection provisions as for the VIS and the status quo including the retention of information for a maximum of five years would be necessary to ensure adequate data protection provisions for the preferred option. The personal data stored in the central repository (biometrics and alphanumeric data from applications) should be kept for no longer than is necessary for the purposes of the RTP. It is appropriate to keep the data for a maximum period of five years, in order to enable data on previous applications to be taken into account for the assessment of the subsequent RTP applications, renewal of the access to the RTP and also taking into account the re-use of fingerprints stored in the repository (59 months). Furthermore, a five year retention period would allow granting access to the RTP for five years without a new application. An initial access to the RTP should be granted for one year. Access may be extended for two years, followed by a further two years without a new application. A new application would need to be submitted to renew the access once the period of five years validity has expired.This would be in line with the issuance of a multiple-entry visa for travellers (maximum period five years) whose data is kept in the VIS for five years.

Four fingerprints should be stored in the central repository to ensure accurate verification of a registered traveller at the external border crossing point. The storage of fingerprints data for four fingers guarantees that sufficient data is available in every circumstances, while keeping the amount of data to a reasonable level. Storing only one or two fingerprints may cause problems for the travellers and for border authorities at the external borders as fingerprints may be smudged, distorted or fragmented. This is especially relevant with the RTP as the access can be granted for five years and the same fingerprints may be re-used (59 months) if a new application is lodged by the registered traveller.

The data stored in the Central Repository would be available for border guards only when assessing an application, revoking/extending access to the RTP, a token is lost or stolen or any problems occur with facilitating registered travellers' border crossings. During the border check a border guard would receive only hit/no hit information from the Central Repository. Therefore, the preferred option provides for a proportionate balance between security, facilitation and data protection.

In order to guarantee easy access to the RTP, third-country nationals should be able to lodge an application for the RTP at the consulate of any Member State or at any external border crossing point. This would guarantee a larger number of participants in the programme, thus helping Member States to manage their passenger flows at the external border crossing points. Applications should be examined on the basis of the same criteria as for issuing multiple-entry visa. However, examination of applications lodged by family members of citizens of the Union shall be done by using the same criteria as used when examining their entry visa applications. Member States may decide whether to use and install Automated Border Control systems at their external border crossing points. It is clear that the total impact of combining the same vetting criteria as for multiple-entry visas with fully automated border control has the highest impact on facilitating registered travellers' border crossings. Furthermore, it maintains a high level of security while respecting fundamental rights. It is also the least expensive approach taking into account the costs associated with stricter vetting procedure and semi-automated border control. Full automation would be a cost-effective tool especially at the busiest border crossing points where capacity problem and queues exist already nowadays. However, each Member State would have to assess for each individual border crossing point, whether Automated Border Control system would bring added value to the throughput capacity of the border crossing point and thus decrease travellers’ border crossing time, release human resources and give a tool for a Member State to manage its increasing passenger flows. Whether or not Automated Border Control facilities are used, the facilitation of border crossing should apply at all external border crossing points for third-country nationals granted access to the RTP. In order to ensure reliable verification of applicants, it will be necessary to process biometric data (fingerprints) in the Central Repository and to verify biometrics at the external border crossing points.[11]

The Impact Assessment Board (IAB) reviewed the draft impact assessment and delivered its opinion on 14 March 2012. The recommendations for improvement were accommodated in the final version of the report. In particular, the following changes were made: baseline scenario was sharpened and clarified; problem definition was widened including lessons learnt from the development of other large scale IT-systems and lessons learnt from Automated Border Control systems and national RTPs implemented in Member States and non-EU states; links to the Annexes and to the 2008 impact assessment were improved; stakeholders views were reported as widely as possible taking into account that views expressed by the stakeholders were quite general; the explanation of method used for calculating the costs was expanded and the expected costs and benefits for different stakeholders were more rigorously reported; re-affectation of border guards taking into account the expected increase in travel flows was clarified; and finally a clear overview on the European Data Protection Supervisor's views was added.

3.           LEGAL ELEMENTS OF THE PROPOSAL

· Summary of the proposed actions

The purpose and functionalities of the RTP including a token-Central Repository and the responsibilities for these must be defined. Furthermore, a mandate needs to be given to the Agency for the operational management of large-scale IT systems in the area of freedom, security and justice to develop, establish and operationally manage the Central Repository and to define technical specifications for a token on the basis of prior definition of business requirements. The procedures and conditions for examining an RTP application and the storage of data on registered travellers shall be established. A detailed explanation of the proposal by article can be found in a separate Commission Staff Working paper.

· Legal basis

Articles 74, 77(2)(b) and 77(2)(d) of the Treaty on the Functioning of the European Union are the legal basis for this Regulation. Article 77(2)(b) and (d) provides the appropriate legal basis for further specifying the measures on the crossing of the external borders of the Member States and develop standards and procedures to be followed by Member States in carrying out checks on persons at such borders. Article 74 provides the appropriate legal basis for setting-up and maintaining the RTP and for procedures for the exchange of information between Member States, ensuring cooperation between the relevant authorities of the Member States’ as well as between those authorities and the Commission in the areas covered by Title V of the Treaty.

· Subsidiarity principle

Under Articles 74, 77(2)(b) and 77(2)(d) of the Treaty on the Functioning of the European Union, the Union has the power to adopt measures relating to the checks on persons and efficient monitoring of the crossing of external borders of the Member States. The current EU provisions on the crossing of the external borders of the Member States need to be modified to take into account the increasing passenger flows and possibilities offered by the new technology. A common regime is needed in order to establish harmonised rules on facilitated border crossings for registered travellers so that the facilitation applies at all Schengen border crossing points without separate vetting and without decreasing security.

Therefore, the objective of the proposal cannot be sufficiently achieved by the Member States.

· Proportionality principle

Article 5 of the Treaty on the European Union states that action by the Union shall not go beyond what is necessary to achieve the objectives of the Treaty. The form chosen for this EU action must enable the proposal to achieve its objective and be implemented as effectively as possible. The proposed initiative constitutes a further development of the Schengen acquis in order to ensure that common rules at external borders are applied in the same way in all the Member States. The proposal therefore complies with the proportionality principle.

· Choice of instrument

Proposed instruments: regulation.

Other means would not be adequate for the following reason(s):

The present proposal will lay down rules on border checks at the external borders which are uniform for all Member States. As a consequence, only a Regulation can be chosen as a legal instrument.

· Fundamental rights

The proposed regulation may have an impact on fundamental rights, notably on the protection of personal data (Article 8 of the Charter of Fundamental Rights of the EU) and right to an effective remedy (Article 47 of the Charter).

The proposal contains safeguards, in particular under Articles 15 and 16 in cases the access granted to the RTP is refused or revoked, which provide for the right to an effective remedy, and under Articles 48 and 49 concerning the right of information, access, correction and deletion concerning the data used for the purpose of the Regulation which also include the right to an effective remedy as provided for under Article 51.

4.           BUDGETARY IMPLICATION

The Commission's proposal for the next multi-annual financial framework (MFF) includes a proposal of 4,6 billion EUR for the Internal Security Fund (ISF) for the period 2014-2020. In the proposal, 1,1 billion EUR is set aside as an indicative amount for the development of an EES and an RTP assuming development costs would only start from 2015.[12]

This financial support would cover not only the costs of central components for the entire MFF period (EU level, both development and operational cost) but also the development costs for the national, Member States, components of these two systems, within the resources available. Providing financial support for national development costs would ensure that difficult economic circumstances at national level do not jeopardise or delay the projects. This includes an amount of 145 million EUR for costs at national level related to hosting the IT systems, the space for hosting the end-user equipment, and the space for operators' offices. It also includes an amount of 341 million EUR for costs at national level related to maintenance such as for hardware and software licenses.

Once the new systems would be operational, future operational costs in the Member States could be supported by their national programmes. It is proposed that Member States may use 50% of the allocations under the national programmes to support operating costs of IT systems used for the management of migration flows across the external borders of the Union. These costs may include the cost for the management of VIS, SIS and new systems set up in the period, staff costs, service costs, rental of secure premises etc. Thus, the future instrument would ensure continuity of funding, where appropriate.

The costs on automation would greatly vary depending on the number of automated gates that would be implemented.

5.           ADDITIONAL INFORMATION

· Participation

This proposal builds upon the Schengen acquis in that it concerns the crossing of external borders. Therefore the following consequences in relation to the various Protocols and Agreements with associated countries have to be considered:

Denmark:

In accordance with Articles 1 and 2 of the Protocol (no 22) on the position of Denmark, annexed to the Treaty on European Union (TEU) and the Treaty on the Functioning of the European Union (TFEU), Denmark does not take part in the adoption by the Council of measures pursuant to Title V of part Three of the TFEU.

Given that this Regulation builds upon the Schengen acquis, Denmark shall, in accordance with Article 4 of that Protocol decide within a period of six months after the Council has decided on this Regulation whether it will implement it in its national law.

United Kingdom and Ireland:

In accordance with Articles 4 and 5 of the Protocol integrating the Schengen acquis into the framework of the European Union and Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland, and Council Decision 2002/192/EC of 28 February 2002 concerning Ireland's request to take part in some of the provisions of the Schengen acquis, the United Kingdom and Ireland do not take part in the adoption of the Registered Traveller Programme Regulation and are not bound by them or subject to its application.

Iceland and Norway:

The procedures laid down in the Association Agreement concluded by the Council and the Republic of Iceland and the Kingdom of Norway concerning the latter's association with the implementation, application and development of the Schengen acquis are applicable, since the present proposal builds on the Schengen acquis as defined in Annex A of this Agreement[13].

Switzerland:

This Regulation constitutes a development of the provisions of the Schengen acquis, as provided for by the Agreement between the European Union, the European Community and the Swiss Confederation on the latter's association with the implementation, application and development of the Schengen acquis[14].

Liechtenstein:

This Regulation constitutes a development of the provisions of the Schengen acquis, as provided for by the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis[15].

Cyprus:

This Regulation constitutes an act building on the Schengen acquis or otherwise related to it, as provided for by Article 3(2) of the 2003 Act of Accession.

Bulgaria and Romania:

This Regulation constitutes an act building on the Schengen acquis or otherwise related to it, as provided for by Article 4(2) of the 2005 Act of Accession.

2013/0059 (COD)

Proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

establishing a Registered Traveller Programme

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty of the Functioning of the European Union, and in particular Article 74 and 77(2)(b) and (d) thereof,

Having regard to the proposal from the European Commission[16],

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Economic and Social Committee[17],

Having regard to the opinion of the Committee of the Regions[18],

After consulting the European Data Protection Supervisor,

Acting in accordance with the ordinary legislative procedure,

Whereas:

(1) Border checks must ensure a high level of security while limiting waiting times to the greatest extent possible. Increasing travel flows at the external borders contributes to the need for finding new solutions to meet these objectives. A greater differentiation of border checks will allow Member States to use simplified checks for third-country nationals who are assesed as low risk.

(2) Automated border control systems can be used by EU citizens and have proven their efficiency in speeding up border checks. Their use should be made possible for third-country nationals also, to contribute to limiting waiting time while ensuring a high level of security.

(3) The Communication of the Commission of 13 February 2008 entitled 'preparing the next steps in border management in the European Union'[19] outlined the need for the setting-up of a Registered Traveller Programme (RTP) for frequent third-country national travellers and the introduction of Automated Border Control facilities in order to facilitate the crossing of the external border as part of the European integrated border management strategy.

(4) The European Council of 19 and 20 June 2008 underlined the importance of continuing to work on the development of the EU's integrated border management strategy, including better use of modern technologies to improve the management of external borders.

(5) The Communication of the Commission of 10 June 2009 entitled 'an area of freedom, security and justice serving the citizens'[20] highlighted the need for the establishment of a RTP to ensure smooth entry into the Union.

(6) The European Council of 23 and 24 of June 2011 called at its meeting for work on "smart borders" to be pushed forward rapidly. As a first response to this call, the Commission published a Communication "Smart borders – options and the way ahead" on 25 of October 2011.

(7) The RTP should have the purpose of facilitating the crossing of the external borders of the Union by frequent, pre-screened and pre-vetted third-country travellers.

(8) The provisions on the RTP should be common to all Member States, in order to allow a registered traveller to benefit from facilitated border checks at all Member States' external border crossing points without the need for separate pre-screening and pre-vetting by each individual Member State.

(9) It is necessary to specify the objectives of the RTP and its technical architecture, to lay down rules concerning its operation and use and to define responsibilities for the system, the categories of data to be entered into the system, the purposes for which the data are to be entered, the criteria for their entry, the authorities authorised to access the data and further rules on data processing and the protection of personal data.

(10) The Agency for the operational management of large-scale information systems in the area of freedom, security and justice established by Regulation EU No 1077/2011 of the European Parliament and of the Council of 25 October 2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice[21] (hereinafter the Agency) should be responsible for the development and operational management of a centralised system consisting of a Central Repository, a Backup Central Repository, the Uniform interfaces in each Member States, the Network Entry Points and the communication infrastructure between the Central Repository and the Network Entry Points. Furthermore, the Agency should be responsible for the definition of technical specifications for a token to guarantee interoperability of the RTP across the Union. Member States should be responsible for the development and operational management of their own national systems.

(11) The Central Repository should be connected to the national systems of the Member States, in order to enable competent Member States' authorities to process data related to RTP applications.

(12) In order to ensure reliable verification of a registered traveller, it is necessary to store the unique identifier (application number), biometric data (fingerprints) and alphanumeric data taken from the application in a Central Repository and the unique identifier in a token and verify biometrics at the external borders. The alphanumeric data and fingerprints should be stored in separate sections in a Central Repository and they should not be linked. The link between the alphanumeric data and fingerprints should be established only by the unique identifier.

(13) Third-country nationals wishing to particiapte in the RTP should prove the need or justify the intention to travel frequently or regularly, in particular due to their occupational or family status, such as business person, civil servant engaged in regular official contacts with Member States and the Union institutions, representative of civil society organisations travelling for the purpose of educational training, seminars and conferences, researcher, participating in economic activities, family member of a citizen of the Union, family member of a third-country national legally residing in a Member State.

(14) Third-country nationals holding a multiple-entry visa or D-visa valid for at least one year or holders of a residence permit issued by a Member State should, as a general rule, be granted access to the RTP, if they so request.

(15) Where a third-country national applies for a multiple-entry visa and for access to the RTP, the competent authorities may decide to examine and decide on both applications at the same time, on the basis of the same interview and the same supporting documents.

(16) Family members of citizens of the Union should, as a general rule, be granted access to the RTP. Family members of citizens of the Union should also able to benefit from the RTP even if they are not residing within the Union territory but travel frequently to a Member State in order to accompany or to join the Union citizen concerned. Checks on family members of citizens of the Union crossing the external borders should be carried out in accordance with Directive 2004/38/EC of the European Parliament and of the Council of 29 April 2004 on the right of citizens of the Union and their family members to move and reside freely within the territory of the Member States[22].

(17) The criteria used for the examination of applications lodged by family members of citizens of the Union should be the same as those used for the examination of visa applications lodged by family members of citizens of the Union. This would be in line with the existing border management policy.

(18) It is necessary to define the competent Member States’ authorities, the duly authorised staff of which have access to enter, amend, delete, consult or search data for the specific purposes of the RTP in accordance with this Regulation to the extent necessary for the performance of their tasks.

(19) Any processing of RTP data stored in the Central Repository should be proportionate to the objectives pursued and necessary for the performance of tasks of the competent authorities. When using the RTP, the competent authorities should ensure that the human dignity and integrity of the persons whose data are requested are respected and should not discriminate against persons on grounds of sex, racial or ethnic origin, religion or belief, disability, age or sexual orientation.

(20) Contingency plans should be in place and those plans should be made clear to travellers, airlines/carriers and all authorities working at the border crossing point. If a registered traveller, for example, is unable, for any reason, to use the Automated Border Control system, and is redirected towards a manual border check, due attention should be made that the ensuing procedures are in full compliance with fundamental rights.

(21) The personal data stored in the Central Repository (biometrics and alphanumeric) should be kept for no longer than is necessary for the purposes of the RTP. It is appropriate to keep the data for a maximum period of five years, in order to enable alphanumeric data on previous applications to be taken into account for the assessment of subsequent RTP applications and also taking into account the re-use of fingerprints stored in the repository (59 months). A shorter period would not be sufficient for those purposes. The data should be deleted after the period of five years, unless there are grounds to delete it earlier. The maximum period of validity for access to the RTP should be five years.

(22) In order to facilitate the procedure for any subsequent application, it should be possible to copy fingerprints from the first entry into the Central Repository within a period of 59 months. Once this period of time has elapsed, the fingerprints should be collected again.

(23) In order to facilitate the application procedure, it should be possible for an applicant to lodge an application for access to the RTP at the consulate of any Member State or at any external border crossing point. Any Member State should be able to examine and decide on the application based on the common application form and common eligibility rules and criteria. As a general rule, an interview should be conducted.

(24) Due to the registration of biometric data in the Central Repository, the personal appearance of the applicant - at least for the first application - should be a basic requirement for the examination of requests for access to the RTP and decisions related thereto.

(25) During the automated border check procedure verification of identity at the external borders should be done against the biometrics stored in the Central Repository. Verification should only be possible by physically producing the token and fingerprints at the same time. During the automated and manual border check procedure verification of access granted should be done against the alphanumeric data stored in the Central Repository by physically producing the token at the borders. Verification of identity and access granted should produce only a hit/no hit result for border guards carrying out first line border checks.

(26) Appropriate measures for the monitoring and evaluation of this Regulation should be established. The effective monitoring of the application of this Regulation requires evaluation at regular intervals.

(27) Statistical data is an important means for monitoring border check procedures and can serve as an efficient management tool. Such data should therefore be compiled regularly in a common format.

(28) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data[23] applies to the processing of personal data by the Member States in application of this Regulation. However, certain points should be set out in more detail in respect to the legitimacy of processing of personal data, the responsibility for the processing of data, safeguarding the rights of the data subjects and the supervision on data protection.

(29) Regulation (EC) No 45/2001 of 18 December 2000 of the European Parliament and the Council on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data[24] applies to the activities of the Union institutions or bodies when carrying out their tasks as responsible for the operational management of the token-repository. However, certain points should be set out in more detail in respect to the legitimacy of processing of personal data, the responsibility for the processing of data and the supervision on data protection.

(30) The supervisory authorities established in accordance with Article 28 of Directive 95/46/EC should monitor the lawfulness of the processing of personal data by the Member States, whilst the European Data Protection Supervisor as established by Regulation (EC) No 45/2001 should monitor the activities of the Union institutions and bodies in relation to the processing of personal data, taking into account the limited tasks of the Union institutions and bodies with regard to the data themselves.

(31) The European Data Protection Supervisor and the supervisory authorities should actively cooperate with each other to ensure coordinated supervision of the RTP.

(32) The Member States should lay down rules on penalties applicable to infringements of the provisions of this Regulation and ensure that they are implemented.

(33) In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred to the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission's exercise of implementing powers[25].

(34) In order to adopt technical amendments of the annexes, the power to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union should be delegated to the Commission in respect of the adoption of technical amendments to the annexes in accordance with Article 58. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level. The Commission, when preparing and drawing-up delegated acts, should ensure a simultaneous, timely and appropriate transmission of relevant documents to the European Parliament and to the Council.

(35) This Regulation respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union, notably the protection of personal data (Article 8) and the right to an effective remedy (Article 51), and has to be applied in accordance with those rights and principles.

(36) Since the establishment of a common RTP and the creation of common obligations, conditions and procedures for the storage of data on registered travellers cannot be sufficiently achieved by the Member States alone and can therefore, by virtue of the scale and impact of the action, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, the Regulation does not go beyond what is necessary in order to achieve this objective.

(37) In accordance with Articles 1 and 2 of the Protocol (No 22) on the position of Denmark, annexed to the Treaty on European Union and the Treaty on the Functioning of the European Union, Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application. Given that this Regulation builds upon the Schengen acquis, Denmark shall, in accordance with Article 4 of that Protocol, decide within a period of six months after the Council has decided on this Regulation whether it will implement it in its national law.

(38) This Regulation constitutes a development of the provisions of the Schengen acquis in which the United Kingdom does not take part, in accordance with Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis[26], the United Kingdom is therefore not taking part in its adoption and is not bound by it or subject to its application.

(39) This Regulation constitutes a development of the provisions of the Schengen acquis in which Ireland does not take part, in accordance with Council Decision 2002/192/EC of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen acquis[27]; Ireland is therefore not taking part in its adoption and is not bound by it or subject to its application.

(40) As regards Iceland and Norway, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latters' association with the implementation, application and development of the Schengen acquis[28], which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of that Agreement[29].

(41) As regards Switzerland, this Regulation constitutes a development of the provisions of the Schengen acquis withing the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis[30] which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC of 17 May 1999 read in conjunction with Article 3 of Council Decision 2008/146/EC[31].

(42) As regards Liechtenstein, this Regulation constitutes a development of the provisions of the Schengen acquis, as provided for by the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis[32] which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC of 17 May 1999 read in conjunction with Article 3 of Council Decision 2011/350/EU[33].

(43) As regards Cyprus, this Regulation constitutes an act building upon, or otherwise related to, the Schengen acquis, within the meaning of Article 3(2) of the 2003 Act of Accession.

(44) This Regulation constitutes an act building upon, or otherwise related to, the Schengen acquis within the meaning of Article 4(2) of the 2005 Act of Accession.

(45) As the registered travellers have been subjected to all necessary controls and pre-screening by those Member States fully implementing the Schengen acquis and do not represent any risk for Bulgaria, Romania and Cyprus, the latter Member States may recognise unilaterally the RTP membership of the registered traveller to benefit from facilitation of border checks at their external borders.

HAVE ADOPTED THIS REGULATION:

CHAPTER I

General provisions

Article 1

Subject matter

This Regulation establishes the conditions and procedures for access to the Registered Traveller Programme (RTP) and defines the purpose, the functionalities and responsibilities for the token-Central Repository as a system for the storage of data on registered travellers within the RTP.

Article 2

Set-up of the RTP

1. The RTP shall be based on a system for the storage of data on registered travellers which relies on tokens kept by the individual travellers on the one hand and on a Central Repository, a centrally located physical storage of the RTP data, on the other, together referred to as the "token-Central Repository".

2. The technical architecture of the token-Central Repository is further determined in Article 21.

3. The Agency for the operational management of large-scale information systems in the area of freedom, security and justice (hereinafter the Agency) is hereby entrusted with the tasks of development and operational management of the Central Repository, the Uniform Interface in each Member State, the Network Entry Points and the Communication Infrastructure between the Central Repository and the Network Entry Points. The Agency shall also be responsible for the definition of technical specifications for a token.

Article 3

Definitions

For the purposes of this Regulation, the following definitions shall apply:

(1) 'Registered Traveller Programme' (RTP) means a programme which allows third-country nationals who have been pre-vetted and granted access to the RTP to benefit from facilitation of border checks at the Union external border;

(2) 'Registered traveller' means a third-country national who has been granted access to the RTP in accordance with this Regulation;

(3) 'Agency' means the European Аgency for the operational management of large-scale IT systems in the area of freedom, security and justice established by Regulation (EU) No 1077/2011;

(4) 'Central Repository' means the centrally located physical storage of the RTP data;

(5) 'token' means a device used to store a unique identifier given to a registered traveller. The unique identifier links the traveller and his/her data entered in the Central Repository;

(6) 'operational management' means all the tasks necessary to keep large-scale IT systems functioning, including responsibility for the communication infrastructure used by them;

(7) 'development' means all the tasks necessary to create a large-scale IT system, including the communication infrastructure used by it;

(8) 'competent authorities' means visa and border authorities within the meaning of Article 4(3) of Regulation (EC) No 767/2008 of the European Parliament and of the Council[34] and authorities assigned, in accordance with national law to carry out checks on persons at the external border crossing points in accordance with Regulation (EC) No 562/2006 of the European Parliament and of the Council[35];

(9) 'third‑country national' or 'third-country traveller' means any person who is not a citizen of the Union within the meaning of Article 20 of the Treaty or a citizen of a third country who under agreements between the Union and its Member States, on the one hand, and those third countries, on the other hand, enjoy rights of free movement equivalent to those of Union citizens;

(10) 'application form' means a uniform application form for access to the RTP as set out in Annex 1;

(11) 'biometric data' means fingerprints;

(12) 'travel document' means a passport or other equivalent document entitling the holder to cross the external borders and to which a visa may be affixed;

(13) 'verification' means the process of comparison of sets of data to establish the validity of a claimed identity (one-to-one check);

(14) 'alphanumeric data' means data represented by letters, digits, special characters, space and punctuation marks;

(15) 'National System' means the hardware, software and national communication infrastructure to connect the end user devices of the competent authorities as defined in Article 23(2) with the Network Entry Points in each Member State.

(16) 'token-Central Repository' means a system for the storage of data on registered travellers consisting of a Central Repository and a token;

(17) 'Member State responsible' means the Member State which has entered the data in the Central Repository;

(18) 'common application centre' means a centre as referred to in Article 41(2) of Regulation (EC) No 810/2009 of the European Parliament and of the Council[36];

(19) 'supervisory authority" means the supervisory authority established in accordance with Article 28 of Directive 95/46/EC.

Chapter II

Procedures and conditions for lodging an application for access to the RTP

Article 4

Authorities and Member States competent for examining and deciding on an application for access to the RTP

The competent authorities for examining and deciding on an application for access to the RTP shall be the duly authorised staff of visa and border authorities of any Member State.

Article 5

Lodging an application

1. A third-country national may lodge an application for access to the RTP at any Member State's consulate, at any common application centre or at any external border crossing point. An online application form may be accepted, where available.

2. Applicants may be required to obtain an appointment for the lodging of an application. The appointment shall, as a general rule, take place within a period of two weeks from the date when the appointment was requested.

3. Where an applicant is applying for access to the RTP for the first time, he/she shall be required to appear in person, in order to provide his/her fingerprints, for interview and for the travel document to be checked.

4. Where an applicant submits an on-line application or falls within the scope of paragraph 5, the biometric data shall be collected, the travel document checked and an interview carried out, if applicable, when the decision on the application is made and the token is issued.

5. Without prejudice to Article 8, the competent authorities may waive the requirement referred to in paragraph 3 if the applicant is the holder of a residence permit or a residence card or if the applicant is known to them for his/her integrity and reliability.

6. When lodging the application, the applicant shall:

(a) be at least 12 years old;

(b) present an application form in accordance with Article 6;

(c) present a travel document in accordance with Article 7;

(d) allow collection of his/her fingerprints in accordance with Article 8;

(e) provide supporting documents in accordance with Article 9 and Annex II, if applicable;

(f) pay the fee in accordance with Article 10.

7. The applicant may withdraw his/her application at any time before a decision has been taken on the application.

Article 6

Application form

1. Each applicant shall submit a completed and signed application form. Minors shall submit an application form signed by a person exercising permanent parental authority or legal guardianship.

2. Member States shall make the application form widely available and easily accessible to applicants free of charge.

3. The application form shall be available in at least the following languages: official language(s) of the Member State in question, the official language(s) of the third country or countries where the application may be lodged and the official language(s) of neighbouring third countries, where applicable.

4. Member States shall inform applicants of the language(s) which may be used when filling in the application form.

Article 7

Travel document

The applicant shall present a Machine Readable Travel Document (MRTD) or an electronic Machine Readable Travel Document (eMRTD) which is valid for at least the period of access requested to the RTP and has been issued within the previous five years. The travel document shall have the requisite visa affixed to it or be accompanied by the requisite machine readable residence permit or residence card. Alternatively, the applicant may apply for a visa at the same time as applying for access to the RTP, where applicable.

Article 8

Biometric data

1. Where the applicant has not previously applied for access to the RTP, Member States shall collect biometric data from applicants comprising their four fingerprints taken flat and collected digitally in accordance with the safeguards laid down in the Council of Europe's Convention for the Protection of Human Rights and Fundamental Freedoms, in the Charter of Fundamental Rights of the European Union and in the United Nations Convention on the Rights of the Child.

2. If it is not possible to collect four fingerprints the maximum number of fingerprints shall be collected. Member States shall ensure that appropriate procedures guaranteeing the dignity of the applicant are in place should difficulties be encountered with collecting fingerprints.

3. Where fingerprints collected from the applicant as part of an earlier application were entered in the Central Repository for the first time less than 59 months before the date of the new application, they may be copied to the subsequent application.

However, where there is reasonable doubt regarding the identity of the applicant or it cannot be immediately confirmed that the fingerprints were collected within the period specified in the first subparagraph, the competent authorities shall collect fingerprints from the applicant.

4. The specifications for the resolution and use of fingerprints for biometric verification in the RTP shall be decided by the Commission in accordance with Article 37.

5. The fingerprints shall be collected by qualified and duly authorised staff of the competent authorities.

6. The fingerprints shall not be linked with the alphanumeric data and they shall be entered in separate sections in the Central Repository.

Article 9

Supporting documents

1. When applying for access to the RTP, the applicant shall present:

(a) documents indicating the purposes of the journeys;

(b) proof of sufficient means of subsistence in relation to the travel and accommodation for the next two trips;

(c) documents establishing his/her occupational or family status, such as business person, civil servant engaged in regular official contacts with Member States and the Union institutions, representative of civil society organisations, person travelling for the purpose of educational training, seminars and conferences, person participating in economic activities, family member of a citizen of the Union, family member of a third-country nationals legally residing in a Member State.

2. Where the applicant is a family member of a citizen of the Union enjoying the right to free movement, the applicant shall only be required to present a residence card issued by a Member State, where applicable, and evidence of his/her identity, nationality and family ties with a Union citizen to whom Directive 2004/38/EC applies.

3. Where a third-country national lodges an application for a multiple-entry visa and an application for access to the RTP at the same time and in the same place, only one set of supporting documents shall be required.

4. If a multiple-entry visa holder lodges an application for a RTP at the same place where a multiple-entry visa was issued but does not do so at the same time, the supporting documents provided for the multiple-entry visa application may be used in the assessment of the RTP application. If there is any doubt whether the supporting documents provided earlier are up to date, a Member State may request new supporting documents within a period of ten working days.

A non-exhaustive list of supporting documents which competent authorities may request from the applicant is set out in Annex II.

5. Member States may require applicants to present proof of sponsorship and/or private accommodation by completing a form drawn up by the Member State concerned. Such proof may be requested for the next two trips as a maximum. That form shall indicate in particular:

(a) the validity period of sponsorship and/or of accommodation;

(b) whether its purpose is proof of sponsorship and/or of accommodation;

(c) whether the host is an individual person, a company or an organisation;

(d) the host's identity and contact details;

(e) the invited applicant(s);

(f) the address of the accommodation;

(g) possible family ties with the host.

In addition to the Member State's official language(s) the form shall be drawn up in at least one other official language of the institutions of the European Union. The form shall provide the person signing such a form with the information specified in Article 48(1). A specimen of the form shall be notified to the Commission.

6. The competent authorities may waive one or more of the requirements laid down in paragraph 1 if the applicant holds a residence permit or if the applicant is known to them for his/her integrity and reliability.

Article 10

Fee

1. Applicants shall pay a fee as specified in Annex III.

2. The fee shall be revised regularly in order to reflect the administrative costs. The Commission shall be empowered to adopt delegated acts concerning the adjustment of the fee in accordance with Article 59.

3. The fee shall be charged in euro, in the national currency of the third country or in the currency usually used in the third country where the application is lodged and shall not be refundable regardless of the outcome of the application or if an application is withdrawn.

4. When charged in a currency other than euro, the amount of the fee charged in that currency shall be determined and regularly reviewed in application of the euro foreign exchange reference rate established by the European Central Bank. The amount charged may be rounded up.

5. The applicant shall be given a printed or electronic receipt for the fee paid.

CHAPTER III

Examination of and decision on applications

Article 11

Admissibility

1. The competent authorities shall verify that:

– the applicant is at least 12 years old;

– the application contains the items referred to in Article 5(6)(b), (c) and (e);

– the biometric data of the applicant have been collected;

– the fee has been collected.

2. Where the competent authorities find that the conditions referred to in paragraph 1 have been fulfilled, the application shall be admissible and the competent authorities shall:

– follow the procedures described in Article 24;

– further examine the application.

3. Where the competent authorities find that the conditions referred to in paragraph 1 have not been fulfilled, the application shall be inadmissible and the competent authorities shall not examine the application and without delay:

– return the application form and any documents submitted by the applicant;

– destroy the collected biometric data.

Article 12

Examination of an application

1. The examination of applications and interviews, where appropriate, shall only be carried out by the competent authorities referred to in Article 4.

2. In the examination of an application, the competent authority shall verify:

(a) that the applicant fulfils the entry conditions set out in Article 5(1) of Regulation (EU) No 562/2006;

(b) that the applicant's travel document, visa, residence permit or residence card presented, as applicable, are valid and not false, counterfeited or forged;

(c) that the applicant proves the need for or justifies the intention to travel frequently and/or regularly;

(d) that the applicant has not previously exceeded the maximum duration of authorised stay in the territory of the Member States and that he/she proves his/her integrity and reliability, in particular a genuine intention to leave the territory in due time;

(e) the applicant's justification of the purpose and conditions of the intended stays;

(f) that the applicant proves his/her financial situation in the country of origin or residence and possesses sufficient means of subsistence both for the duration of the intended stay(s) and for the return to his/her country of origin or residence, or that he/he is in a position to acquire such means lawfully;

(g) that the applicant is not a person for whom an alert has been issued in the Schengen Information System (SIS);

(h) that the applicant is not considered to be a threat to public policy, internal security, public health or the international relations of any of the Member States, in particular where no alert has been issued in Member States’ national databases for the purpose of refusing entry on the same grounds;

(i) whether the applicant's access to the RTP has previously been granted, extended, refused or revoked.

When verifying that the applicant fulfils the entry conditions set out in Article 5(1) of Regulation No 562/2006, particular consideration shall be given to assessing whether the applicant presents a risk of illegal immigration or a risk to the security of the Member States and whether the applicant intends to leave the territory of the Member States within the authorised stay.

3. The means of subsistence for the intended stays shall be assessed according to the duration(s) and the purpose(s) of the stay(s) and by reference to average prices in the Member State(s) concerned for board and lodging in budget accommodation, on the basis of the reference amounts set by the Member States in accordance with Article 34 of the Schengen Borders Code. A proof of sponsorship and/or private accommodation may also constitute evidence of sufficient means of subsistence.

4. The examination of an application shall be based in particular on the authenticity and reliability of the documents submitted and on the veracity and reliability of the statements made by the applicant. If a Member State responsible for examining an application has any doubts on the applicant, his/her statements or supporting documents that have been provided, it may consult other Member States before any decision on the application is taken.

5. During the examination of an application, the competent authorities may, in justified cases, request additional documents as laid down in Article 9.

6. A previous refusal of access to the RTP shall not lead to an automatic refusal of a new application. A new application shall be assessed on the basis of all available information.

7. The criteria used for the examination of applications lodged by family members of citizens of the Union shall be the same as those used for the examination of their visa applications.

Article 13

Decision on the application

1. An application which is admissible pursuant to Article 11 shall be decided on by the competent authorities within 25 calendar days from the date of submission.

2. Unless the application has been found inadmissible or has been withdrawn by the applicant, a decision shall be taken to:

(a) grant access to the RTP, in accordance with Article 14, or

(b) refuse access to the RTP, in accordance with Article 15.

CHAPTER IV

Granting, extending, refusing and revoking access to the RTP

Article 14

Grant and extension of access to the RTP

1. Initial access to the RTP shall be granted for one year. Access may be extended for two years upon request, followed by a further two years without a new application in the case of travellers who have followed the rules and regulations laid down for crossing the external border and for staying in the Schengen area. The period of access granted shall not exceed the validity of the travel document(s), visa, residence permit or residence card, if applicable, and shall be based on the examination conducted in accordance with Article 12.

2. Access to the RTP shall be granted without further procedural requirements, subject to fulfilment of the substantive requirements set out in this Regulation, to persons holding or being issued a multiple-entry visa or D-visa valid for at least one year, persons holding a residence permit and family members of citizens of the Union.

3. The data set out in Article 26 shall be entered into the Central Repository when a decision granting access to the RTP has been taken.

4. The data set out in Article 27 shall be entered into the token when a decision granting access to the RTP has been taken.

5. The data set out in Article 30 shall be entered into the Central Repository when a decision extending access to the RTP has been taken.

Article 15

Refusal of access to the RTP

1. Access to the RTP shall be refused if the applicant:

(a) presents a travel document which is not valid or it is false, counterfeited or forged;

(b) does not have a valid residence permit, residence card or a visa, if required pursuant to Council Regulation (EC) No 539/2001[37] and does not fulfil the requirements to be issued therewith;

(c) does not prove the need or justify the intention to travel frequently and/or regularly;

(d) has previously exceeded the maximum duration of authorised stay in the territory of the Member States and he/she does not prove his/her integrity and reliability, in particular his/her genuine intention to leave the territory in due time;

(e) does not provide justification of the purpose and conditions of the intended stays;

(f) does not prove his/her financial situation in the country of origin or residence and does not possess sufficient means of subsistence both for the duration of the intended stay(s) and for the return to his/her country of origin or residence, or he/she is not in a position to acquire such means lawfully;

(g) is a person for whom an alert has been issued in the SIS;

(h) is considered to be a threat to public policy, internal security, public health or the international relations of any of the Member States, in particular where an alert has been issued in Member States’ national databases for the purpose of refusing entry on the same grounds;

or

(i) if there are reasonable doubts as to the authenticity of the supporting documents submitted by the applicant or the veracity of their contents or the reliability of the statements made by the applicant.

2. A decision on refusal and the reasons on which it is based shall be notified to the applicant by means of the standard form set out in Annex IV.

3. Without prejudice to the right to judicial review, in accordance with the procedural law of the Member State that has taken the final decision on the application, the applicant whose access has been refused to the RTP shall have the right to review of the refusal for challenging or correcting potential errors in accordance with the Right to effective remedy[38]. Appeals shall be conducted against the Member State that has taken the decision on the application and in accordance with the national law of that Member State. Member States shall provide applicants with information regarding the procedure to be followed in case of review, as specified in Annex IV.

4. Where an application for access to the RTP is refused, data shall be added to the Central Repository in accordance with Article 28.

Article 16

Revocation

1. Access to the RTP shall be revoked:

(a) when it becomes evident that the conditions for granting access to the RTP were not met;

(b) when it becomes evident that the conditions for granting access to the RTP are no longer met;

(c) at the request of the registered traveller.

2. Access may be revoked by the competent authorities of any Member State at any time pursuant to paragraph 1.

3. If authorities other than competent authorities have evidence to suggest that access to the RTP should be revoked pursuant to paragraph 1, they shall inform the competent authorities without delay.

4. A decision on revocation of access to the RTP and the reasons on which it is based shall be notified to the registered traveller by means of the standard form set out in Annex IV.

5. Without prejudice to the right to judicial review, in accordance with the procedural law of the Member State that has revoked access to the RTP, a registered traveller whose access to the RTP has been revoked shall have the right to review of the revocation for challenging or correcting potential errors in accordance with the Right to effective remedy[39] unless the access has been revoked at the request of the registered traveller in accordance with paragraph 1(c). Appeals shall be conducted against the Member State that has taken the decision on the revocation and in accordance with the national law of that Member State. Member States shall provide applicants with information regarding the procedure to be followed in case of review, as specified in Annex IV.

6. Where the access to the RTP is revoked, data shall be added to the Central Repository in accordance with Article 29.

7. Where the revocation of access was requested by the registered traveller, the registered traveller shall have the right to ask for immediate deletion of his/her data. Member States shall inform the registered traveller about this right.

CHAPTER V

Administrative management and organisation

Article 17

Administration

1. The competent authorities shall keep archives of applications. Each individual application file shall contain the application form, copies of relevant supporting documents, a record of checks made and the reference number of access granted to the RTP, in order for staff to be able to reconstruct, if needed, the background for the decision taken on the application.

2. Individual application files shall be kept as long as access is granted to the RTP.

3. Where access to the RTP is refused or revoked, the application files shall be kept for a maximum of two years. That period shall start on the date of the decision of the competent authority to refuse or revoke access. Applications withdrawn by the applicants shall be deleted without delay. Member States may store the application files including supporting documents in an electronic form.

Article 18

Resources for examining applications, issuing tokens, monitoring and statistics

1. Each Member State shall be responsible for organising the procedures related to submission and examination of applications as well as issuing tokens.

2. Member States shall deploy appropriate staff in sufficient numbers to carry out the tasks relating to the examination of applications, in such a way as to ensure reasonable and harmonised quality of service to the public.

3. The competent authorities shall provide adequate training to their staff and shall be responsible for providing them with complete, precise and updated information on the relevant Union and national law.

4. The competent authorities shall ensure frequent and adequate monitoring of the conduct of examination of applications, issuing tokens and take corrective measures when deviations from provisions and procedures of this Regulation are detected.

5. Member States shall compile annual statistics on the RTP, in accordance with the table set out in Annex V. These statistics shall be submitted to the Agency by 1 March of each year. The Agency shall publish them.

Article 19

Conduct of staff

1. The competent authorities shall ensure that applicants are received courteously.

2. The competent authorities shall, in the performance of their duties, respect human dignity. Any measures taken shall be proportionate to the objectives pursued by such measures.

3. While performing their tasks, the competent authorites shall not discriminate against applicants or registered travellers on grounds of sex, racial or ethnic origin, religion or belief, disability, age or sexual orientation.

Article 20

Information to the general public

Member States shall provide the general public with all relevant information in relation to the applications for access to the RTP, in particular:

(a) the criteria, conditions and procedures for applying;

(b) the time limits for examining applications;

(c) the fee;

(d) where applications may be submitted.

CHAPTER VI

Technical architecture of the token-Central Repository, categories of data and entry of data by the competent authorities

Article 21

Technical architecture of the token-Central Repository

The token-Central Repository shall be composed of:

(a) a Central Repository comprising a Principal repository and a Back-up repository, capable of ensuring all the functionalities of the Principal repository in the event of failure of the latter;

(b) a Uniform Interface in each Member State based on common technical specifications and identical for all Member States;

(c) the Network Entry Points which are part of the Uniform Interface and are the national points of access connecting the National System as defined in Article 3(15) of each Member State to the Central Repository;

(d) a Communication Infrastructure between the Central Repository and the Network Entry Points; and

(e) a token based on common technical standards.

Article 22

Categories of data in the token-Central Repository

1. Only the following categories of data shall be recorded in the Central Repository:

(a) alphanumeric data on the applicant and on access granted, refused, revoked or extended referred to in Article 25(1) to (4), Article 26 and Articles 28, 29 and 30;

(b) biometric data referred to in Article 25(5).

The alphanumeric data and the biometric data shall be recorded in separate sections in the Central Repository.

2. Only the unique identifier number shall be recorded in the token referred to in Article 27.

Article 23

Entering, amending, deleting, consulting and searching data

1. Access to the Central Repository and the token for entering, amending, deleting, directly consulting or searching the data referred to in Article 22(1) in accordance with this Regulation shall be reserved exclusively to duly authorised staff of the competent authorities for the purposes laid down in this Regulation. Access by those authorities shall be limited to the extent required for the performance of the tasks in accordance with these purposes, and shall be proportionate to the objectives pursued.

2. Each Member State shall designate the competent authorities, the duly authorised staff of which shall have access to enter, amend, delete, consult or search the data recorded in the Central Repository or in the token. Each Member State shall without delay communicate to the Agency a list of those authorities, including those referred to in Article 52(4), and any amendments thereto.

3. Within 4 months after this Regulation enters into force, the Agency shall publish a consolidated list of authorities referred to in paragraph 2 in the Official Journal of the European Union. Where there are amendments thereto, the Agency shall publish an updated consolidated list once a year.

Article 24

Procedures for entering data from the application

1. Where an application is admissible pursuant to Article 11, the competent authority shall create the application file without delay, by entering the data referred to in Article 25 in the Central Repository, as far as those data are required to be provided by the applicant.

2. Where specific data are not required to be provided for legal reasons, the specific data field(s) shall be marked as ‘not applicable’.

Article 25

Data to be entered upon lodging of an application for access to the RTP

The competent authority shall enter the following data in the application file:

(1) the unique application number;

(2) status information, indicating that access to the RTP has been requested;

(3) the authority with which the application has been lodged, including its location;

(4) the following data to be taken from the application form:

(a) surname (family name); first name(s) (given names);

(b) surname at birth (earlier family name(s)), country of birth, nationality(ies); and sex;

(c) date of birth, place of birth;

(d) type and number of the travel document(s), the authority which issued it and the date of issue and of expiry;

(e) place and date of the application;

(f) if applicable, pursuant to Article 9(5), details of the person liable to pay the applicant's subsistence costs during the stay, being:

(i)      in the case of a natural person, the surname and first name, address of the person and telephone number;

(ii)      in the case of a company or other organisation, the name and address of the company/other organisation, surname and first name of the contact person in that company/organisation and telephone number;

(g) main purposes of the journeys;

(h) the applicant's home address and telephone number;

(i) if applicable, the visa sticker number;

(j) if applicable, the residence permit or residence card number;

(k) current occupation and employer; for students: name of educational establishment;

(l) in the case of minors, surname and first name(s) of the applicant's parental authority or legal guardian.

(5) fingerprints, in accordance with Article 8.

Article 26

Data to be added in the Central Repository when granting or withdrawing access to the RTP

1. Where a decision has been taken to grant access to the RTP, the competent authority that granted access shall add the following data to the application file:

(a) status information indicating that access to the RTP has been granted;

(b) the authority that granted access, including its location;

(c) the place and date of the decision taken to grant access to the RTP;

(d) the commencement and expiry dates of the validity of the access.

2. Where an application is withdrawn by the applicant before a decision has been taken whether to grant access to the RTP, the competent authority shall indicate that the application has been closed for this reason, the date when the application was closed and delete the data from the application file.

Article 27

Data to be entered in the token when granting access to the RTP

1. Where a decision has been taken to grant access to the RTP, the competent authority that granted access shall enter a unique identifier number in the token. The unique identifier number shall be the same as the application number.

2. The token shall be given to the applicant.

Article 28

Data to be added in the Central Repository when refusing access to the RTP

1. Where a decision has been taken to refuse access to the RTP, the competent authority that refused access shall add the following data to the application file:

(a) status information indicating that access to the RTP has been refused;

(b) the authority that refused access to the RTP, including its location;

(c) place and date of the decision to refuse access to the RTP.

2. The application file shall also indicate the ground(s) on which access to the RTP was refused, which shall be one or more of the reasons listed in Article 15(1).

Article 29

Data to be added in the Central Repository when revoking access to the RTP

1. Where a decision has been taken to revoke access to the RTP, the competent authority that has taken the decision shall add the following data to the application file:

(a) status information indicating that access to the RTP has been revoked;

(b) authority that revoked access, including its location;

(c) place and date of the decision to revoke access to the RTP.

2. The application file shall indicate the ground(s) for revocation of access to the RTP, which shall be one or more of the reasons listed in Article 16(1).

Article 30

Data to be added in the Central Repository when extending access to the RTP

Where a decision has been taken to extend access to the RTP, the competent authority that has taken the decision shall add the following data to the application file:

(a) status information indicating that access to the RTP has been extended;

(b) authority that extended access, including its location;

(c) place and date of the decision;

(d) the commencement and expiry dates of the extended period.

CHAPTER VII

Use of data

Article 31

Use of data for examining applications, lost or stolen token or problems occur with facilitating registered travellers' border crossings

1. The competent authority shall consult the Central Repository for the purposes of the examination of applications and the decisions relating to those applications, including the decision whether to revoke or extend access to the RTP. Furthermore, the competent authorities shall consult the Central Repository in case of lost or stolen token or if any problems occur with facilitating registered travellers' border crossing.

2. For the purposes referred to in paragraph 1, the competent authority shall search with one or several of the following data:

(a) the unique application number;

(b) the data referred to in Article 25(4)(a), (b) and (c);

(c) the data on the travel document, referred to in Article 25(4)(d);

(d) the visa sticker, residence permit or residence card number, if applicable.

3. If the search with one or several of the data listed in paragraph 2 indicates that data on the applicant is recorded in the Central Repository, the competent authority shall be given access to the application file but not to the separate section containing biometric data.

4. The competent authority shall search the separate section of the Central Repository with biometric data for extending access to the RTP and if any problems occur with facilitating registered travellers' border crossing only if the token and fingerprints are presented by the registered traveller at the same time. If this search indicates that data on the registered traveller is recorded in the Central Repository, the competent authority shall be given access to the application file including biometric data.

5. The competent authority shall search the separate section of the Central Repository with biometric data alone, without the token, only for the examination of applications, deciding whether to revoke access to the RTP and in case the token is lost or stolen. If this search indicates that data on the applicant is recorded in the Central Repository, the competent authority shall be given access to the application file including biometric data.

Article 32

Use of data at external border crossing points for border checks

1. For the purpose of facilitating the registered travellers border crossing by verifying the identity of the registered traveller and by verifying that access has been granted to the RTP and/or whether the conditions for entry to or exit from the territory of the Member States in accordance with the Schengen Borders Code are fulfilled, the competent authority shall have access to search the Central Repository using the unique identifier number (token) and the number of the travel document in order to verify that access has been granted to the RTP in combination with verification of identity of a registered traveller by verifying fingerprints of the registered traveller.

2. If the search with the data listed in paragraph 1 indicates that data on the registered traveller is recorded in the Central Repository, the competent authority shall be given a hit/no hit information.

3. Where a manual border check is carried out, without prejudice to paragraph 1, verification of the identity of a registered traveller may be done manually by checking the travel document visually.

Article 33

Use of data for reporting and statistics

The competent authorities shall consult the following data solely for the purposes of reporting and statistics, without allowing the identification of individual applicants:

(1) status information;

(2) current nationality of the applicant;

(3) date and place of the application;

(4) the types(s) and ground(s) of the decision concerning access to the RTP;

(5) the type and issuing country of the travel document(s);

(6) the competent authority, including its location, where a decision has been taken granting, refusing, revoking or extending access to the RTP and the date of the decision;

(7) purposes of journeys;

(8) lost or stolen tokens.

CHAPTER VIII

Retention period, amendment of data and lost or stolen token

Article 34

Retention period for data storage

1. Each individual application file shall be stored in the Central Repository for a maximum of five years, without prejudice to the deletion referred to in Articles 16(7), 26(2) and 35 and to the keeping of records referred to in Article 45.

That period shall start:

(a) on the date of expiry date of granted or extended access to the RTP;

(b) on the date of the creation of the application file in the Central Repository, if the application has been withdrawn;

(c) on the date of the decision of the competent authority if access to the RTP has been refused or revoked.

2. Upon expiry of the period referred to in paragraph 1, the Central Repository shall automatically delete the individual application file.

3. The registered traveller may keep the token.

Article 35

Amendment of data and advance data deletion

1. Only the Member State responsible shall have the right to amend data which it has entered in the Central Repository, by correcting or deleting such data.

2. If the Member State responsible has evidence that data processed in the Central Repository are inaccurate or that data were processed in the Central Repository contrary to this Regulation, it shall check the data concerned and, if necessary, correct or delete them without delay. This may also be done at the request of the registered traveller.

3. If a Member State other than the Member State responsible has evidence that data processed in the Central Repository are inaccurate or that data were processed in the Central Repository contrary to this Regulation, it shall inform the Member State responsible without delay. The Member State responsible shall check the data concerned and, if necessary, correct or delete them without delay.

4. Where, prior to expiry of the period referred to in Article 34(1) an applicant has acquired the nationality of a Member State, the application files shall be deleted without delay from the Central Repository by the competent authority of the Member State of which the nationality has been acquired.

5. If the refusal of access to the RTP has been annulled by a court or an appeal board, the Member State which refused access to the RTP shall delete the data referred to in Article 28 without delay after the decision to cancel the refusal of access to the RTP has become final. The individual application subject to the court or appeal board decision mentioned above shall be re-examined by the competent authority taking into account the opinion of the court or the appeal board.

Article 36

Lost or stolen token

1. The registered traveller shall inform the issuing authority if the token has been lost or stolen.

2. Where the loss or theft of a token is reported by a third party to the competent authorities, the competent authorities shall block the access granted to the RTP and inform the Member State which granted access. The Member State responsible shall inform the registered traveller on the lost or stolen token by phone, fax, mail or e-mail.

3. Where the loss or theft of a token is reported by the registered traveller, the Member State responsible shall verify whether access has been granted to the RTP. The Member State responsible shall, at the request of the registered traveller, issue a new token. Otherwise, the access granted shall be blocked.

4. The registered traveller shall be liable to pay the cost of a new token.

CHAPTER IX

Development, operation and responsibilities

Article 37

Adoption of implementation measures by the Commission

1. The Commission shall adopt the measures necessary for the development, technical implementation and evolution of the Central Repository, the Uniform Interfaces and the Communication Infrastructure, in particular:

(a) for the specifications for the resolution and use of fingerprints for biometric verification in the RTP in accordance with Article 8;

(b) for the design of the physical architecture of the system including its communication infrastructure;

(c) for entering the data in accordance with Article 24;

(d) for accessing the data in accordance with Article 31, 32 and 33;

(e) for keeping, amending, deleting and advance deleting of data in accordance with Articles 34 and 35;

(f) for blocking the access granted in case of lost or stolen tokens in accordance with Article 36;

(g) for keeping and accessing the records in accordance with Article 45;

(h) the performance requirements;

(i) the definition of the business requirements including lay out for a token.

Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 57.

Article 38

Development and operational management

1. The Agency shall be responsible for the development of the Principal repository, the Back-up repository, the Uniform Interfaces including the Network Entry Points, the Communication Infrastructure between the national systems and the Network Entry Points and for the definition of the technical specifications for a token as soon as possible after entry into force of this Regulation and the adoption, by the Commission, of the measures foreseen in Article 37. The Ageny shall adopt the technical specifications for the token and for the Central Repository, the Uniform Interfaces and the Communication Infrastructure subject to a favourable opinion of the Commission.

The development shall consist of the elaboration and implementation of the technical specifications, testing and overall project coordination.

The Agency shall carry out a comprehensive test of the Central Repository together with the Member States. The Commission shall inform the European Parliament of the results of the test.

2. The Agency shall be responsible for the operational management of the Principal repository, the Back-up repository and the Uniform Interfaces. It shall ensure, in cooperation with the Member States, that at all times the best available technology, subject to a cost-benefit analysis, is used. The Agency shall also be responsible for the operational management of the Communication Infrastructure between the Central Repository and the Network Entry Points.

Operational management of the Central Repository shall consist of all the tasks necessary to keep the Central Repository functioning 24 hours a day, 7 days a week in accordance with this Regulation, in particular the maintenance work and technical developments necessary to ensure that the system functions at a satisfactory level of operational quality, in particular as regards the time required for interrogation of the Central Repository by consular posts and border crossing points, which should be as short as possible.

3. Without prejudice to Article 17 of the Staff Regulations of Officials of the European Union, the Agency shall apply appropriate rules of professional secrecy or other equivalent duties of confidentiality to its entire staff required to work with RTP data. This obligation shall also apply after such staff leave office or employment or after the termination of their activities.

Article 39

National responsibilities

1. Each Member State shall be responsible for:

(a) the development of its National System, the connection to the Central Repository and issuance of tokens;

(b) the organisation, management, operation and maintenance of its National System;

(c) the management and arrangements for access of the competent authorities to the Central Repository in accordance with this Regulation and the establishment and regular updating of a list of such staff and their profiles.

2. Each Member State shall designate a national authority, which shall provide the access of the competent authorities to the Central Repository, and connect that national authority to the Network Entry Point.

3. Each Member State shall observe automated procedures for processing the data.

4. Before being authorised to process data stored in the Central Repository, the staff of the authorities having a right to access or use the Central Repository shall receive appropriate training about data security and data protection rules.

5. Costs incurred by the National Systems as well as by hosting the National Interface shall be borne by the Union budget.

Article 40

Responsibility for the use of data

1. Each Member State shall ensure that the data are processed lawfully, and in particular that only duly authorised staff have access to data processed in the Central Repository for the performance of the tasks in accordance with this Regulation. The Member State responsible shall ensure in particular that:

(a) the data is collected lawfully;

(b) the data is transmitted lawfully to the Central Repository;

(c) the data is accurate and up-to-date when it is transmitted to the Central Repository.

2. The Agency shall ensure that the Central Repository is operated in accordance with this Regulation and its implementing measures referred to in Article 37. In particular, the Agency shall:

(a) take the necessary measures to ensure the security of the Central Repository and the communication infrastructure between the Central Repository and the Network Entry Points, without prejudice to the responsibilities of each Member State;

(b) ensure that only duly authorised staff have access to data processed in the Central Repository for the performance of the tasks of the Agency in accordance with this Regulation.

3. The Agency shall inform the European Parliament, the Council and the Commission of the measures it takes pursuant to paragraph 2 for the start of operations of the RTP.

Article 41

Keeping of data in national files

1. A Member State may keep in its national files the alphanumeric data which that Member State entered in the Central Repository, in accordance with the purposes of the RTP and in accordance with the relevant legal provisions including those concerning data protection.

2. The data shall not be kept in the national files longer than it is kept in the Central repository.

3. Any use of data which does not comply with paragraph 1 shall be considered a misuse under the national law of each Member State.

4. This Article may not be construed as requiring any technical adaptation of the Central Repository. Member States may keep data in accordance with this Article only at their own cost, risk and with their own technical means.

Article 42

Communication of data to third countries or international organisations

Data processed in the Central Repository or during the examination of applications pursuant to this Regulation shall not be transferred or made available to a third country or to an international organisation under any circumstances.

Article 43

Data security

1. The Member State responsible shall ensure the security of the data before and during the transmission to the Network Entry Point. Each Member State shall ensure the security of the data it receives from the Central Repository.

2. Each Member State shall, in relation to its National System, adopt the necessary measures, including a security plan, in order to:

(a) physically protect data, including by making contingency plans for the protection of critical infrastructure;

(b) deny unauthorised persons access to national installations in which the Member State carries out operations in accordance with the purposes of the RTP (checks at entrance to the installation);

(c) prevent the unauthorised reading, copying, modification or removal of data media (data media control);

(d) prevent the unauthorised input of data and the unauthorised inspection, modification or deletion of stored personal data (storage control);

(e) prevent the unauthorised processing of data in the Central Repository and any unauthorised modification or deletion of data processed in the Central Repository (control of data entry);

(f) ensure that persons authorised to access the Central Repository have access only to the data covered by their access authorisation, by means of individual and unique user identities and confidential access modes only (data access control);

(g) ensure that all authorities with a right of access to the Central Repository create profiles describing the functions and responsibilities of persons who are authorised to enter, amend, delete, consult and search the data and make their profiles available to the supervisory authorities referred to in Article 52 without delay at their request (personnel profiles);

(h) ensure that it is possible to verify and establish to which bodies personal data may be transmitted using data communication equipment (communication control);

(i) ensure that it is possible to verify and establish what kind of data has been processed in the Central Repository, when, by whom and for what purpose (control of data recording);

(j) prevent the unauthorised reading, copying, modification or deletion of personal data during the transmission of personal data to or from the Central Repository or during the transport of data media, in particular by means of appropriate encryption techniques (transport control);

(k) monitor the effectiveness of the security measures referred to in this paragraph and take the necessary organisational measures related to internal monitoring to ensure compliance with this Regulation (self-auditing).

3. The Agency shall take the necessary measures in order to achieve the objectives mentioned in paragraph 2 as regards the operation of the Central Repository, including the adoption of a security plan.

Article 44

Liability

1. Any person who, or Member State which, has suffered damage as a result of an unlawful processing operation or any act incompatible with this Regulation shall be entitled to receive compensation from the Member State which is responsible for the damage suffered. That State shall be exempted from its liability, in whole or in part, if it proves that it is not responsible for the event giving rise to the damage.

2. If any failure of a Member State to comply with its obligations under this Regulation causes damage to the RTP, that Member State shall be held liable for such damage, unless and insofar as the Agency or another Member State participating in the RTP failed to take reasonable measures to prevent the damage from occurring or to minimise its impact.

3. Claims for compensation against a Member State for the damage referred to in paragraphs 1 and 2 shall be governed by the provisions of national law of the defendant Member State.

Article 45

Keeping of records

1. Each Member State and the Agency shall keep records of all data processing operations within the Central Repository. These records shall show the purpose of use of the data referred to in Article 23(1) and 31 to 33, the date and time, the type of data transmitted as referred to in Articles 25 to 26 and 28 to 30, the type of data used for interrogation as referred to in Articles 31 to 33 and the name of the authority entering or retrieving the data. In addition, each Member State shall keep records of the staff duly authorised to enter or retrieve the data.

2. Such records may be used only for the data-protection monitoring of the admissibility of data processing as well as to ensure data security. The records shall be protected by appropriate measures against unauthorised access and deleted after a period of one year after the retention period of five years referred to in Article 33(1) has been expired, if they are not required for monitoring procedures which have already begun.

Article 46

Self-monitoring

Member States shall ensure that each authority entitled to access the Central Repository takes the measures necessary to comply with this Regulation and cooperates, where necessary, with the supervisory authority.

Article 47

Penalties

Member States shall take the necessary measures to ensure that any misuse of data entered in the Central Repository is punishable by penalties, including administrative and/or criminal penalties in accordance with national law, that are effective, proportionate and dissuasive.

CHAPTER X

Rights of the data subject and supervision

Article 48

Right of information

1. Applicants and the persons referred to in Article 25(4)(f) shall be informed of the following by the Member State responsible:

(a) the identity of the controller referred to in Article 52(4), including his/her contact details;

(b) the purposes for which the data will be processed within the RTP;

(c) the categories of recipients of the data;

(d) the data retention period;

(e) that the collection of the data is mandatory for the examination of the application;

(f) the existence of the right of access to data relating to them, and the right to request that inaccurate data relating to them be corrected or that unlawfully processed data relating to them be deleted, including the right to receive information on the procedures for exercising those rights and contact details of the supervisory authorities referred to in Article 52(1), which shall hear claims concerning the protection of personal data.

2. The information referred to in paragraph 1 shall be provided in writing to the applicant when the data from the application form and the fingerprint data as referred to in Article 25(4) and (5) are collected.

3. The information referred to in paragraph 1 shall be provided to the persons referred to in Article 25(4)(f) in the forms to be signed by those persons providing proof of invitation, sponsorship and accommodation.

In the absence of such a form signed by those persons, this information shall be provided in accordance with Article 11 of Directive 95/46/EC.

Article 49

Right of access, correction and deletion

1. Without prejudice to the obligation to provide other information in accordance with Article 12(a) of Directive 95/46/EC, any person shall have the right to obtain communication of the data relating to him recorded in the Central Repository and of the Member State which transmitted it to the Central Repository. Such access to data may be granted only by a Member State. Each Member State shall record any requests for such access.

2. Any person may request that data relating to him/her which are inaccurate be corrected and that data recorded unlawfully be deleted. The correction and deletion shall be carried out without delay by the Member State which transmitted the data, in accordance with its laws, regulations and procedures.

3. If the request as provided for in paragraph 2 is made to a Member State, other than the Member State responsible, the authorities of the Member State to which the request has been lodged shall contact the authorities of the Member State responsible within a time limit of 14 days. The Member State responsible shall check the accuracy of the data and the lawfulness of its processing in the Central Repository within a time limit of one month.

4. If it emerges that data recorded in the Central Repository are inaccurate or have been recorded unlawfully, the Member State which transmitted the data shall correct or delete the data in accordance with Article 35(2) and (3). The Member State responsible shall confirm in writing to the person concerned without delay that it has taken action to correct or delete data relating to him.

5. If the Member State responsible does not agree that data recorded in the Central Repository is inaccurate or has been recorded unlawfully, it shall explain in writing to the person concerned without delay why it is not prepared to correct or delete data relating to him.

6. The Member State responsible shall also provide the person concerned with information explaining the steps which he/she can take if he/she does not accept the explanation provided. This shall include information on how to bring an action or a complaint before the competent authorities or courts of that Member State and any assistance, including from the supervisory authorities referred to in Article 52 that is available in accordance with the laws, regulations and procedures of that Member State.

Article 50

Cooperation to ensure the rights on data protection

1. The Member States shall cooperate actively to enforce the rights laid down in Article 49(2) and (3).

2. In each Member State, the supervisory authority shall, upon request, assist and advise the person concerned in exercising his/her right to correct or delete data relating to him/her in accordance with Article 28(4) of Directive 95/46/EC.

3. The supervisory authority of the Member State responsible which transmitted the data and the supervisory authorities of the Member States to which the request has been lodged shall cooperate to this end.

Article 51

Remedies

1. In each Member State any person shall have the right to bring an action or a complaint before the competent authorities, as well the right to an effective remedy before a tribunal of that Member State which refused the right of access to or the right of correction or deletion of data relating to him, provided for in Article 49(1) and (2).

2. The assistance of the supervisory authorities shall remain available throughout the proceedings.

Article 52

Supervision by the National Supervisory Authority

1. The supervisory authority shall monitor the lawfulness of the processing of personal data, referred to in Article 22(1), by the Member State in question, including their transmission to and from the Central Repository.

2. The supervisory authority shall ensure that an audit of the data processing operations in the National System is carried out in accordance with relevant international auditing standards at least every four years.

3. Member States shall ensure that their supervisory authority has sufficient resources to fulfil the tasks entrusted to it under this Regulation.

4. In relation to the processing of personal data in the RTP, each Member State shall designate the authority which is to be considered as controller in accordance with Article 2(d) of Directive 95/46/EC and which shall have central responsibility for the processing of data by this Member State. Each Member State shall communicate this authority to the Commission.

5. Each Member State shall supply any information requested by the supervisory authorities and shall, in particular, provide them with information on the activities carried out in accordance with Articles 39 and 40(1), grant them access to the lists referred to in Article 39(1)(c) and to their records as referred to in Article 45 and allow them access at all times to all their premises.

Article 53

Supervision by the European Data Protection Supervisor

1. The European Data Protection Supervisor shall check that the personal data processing activities of the Agency are carried out in accordance with this Regulation. The duties and powers referred to in Articles 46 and 47 of Regulation (EC) No 45/2001 shall apply accordingly.

2. The European Data Protection Supervisor shall ensure that an audit of the Agency's personal data processing activities is carried out in accordance with relevant international auditing standards at least every four years. A report of such audit shall be sent to the European Parliament, the Council, the Agency, the Commission and the supervisory authorities. The Agency shall be given an opportunity to make comments before the report is adopted.

3. The Agency shall supply information requested by the European Data Protection Supervisor, give him/her access to all documents and to its records referred to in Article 45(1) and allow him/her access to all its premises, at any time.

Article 54

Cooperation between supervisory authorities and the European Data Protection Supervisor

1. The supervisory authorities and the European Data Protection Supervisor, each acting within the scope of their respective competences, shall cooperate actively within the framework of their responsibilities and shall ensure coordinated supervision of the RTP.

2. They shall, each acting within the scope of their respective competences, exchange relevant information, assist each other in carrying out audits and inspections, examine difficulties over the interpretation or application of this Regulation, study problems with the exercise of independent supervision or with the exercise of the rights of the data subject, draw up harmonised proposals for joint solutions to any problems and promote awareness of data protection rights, as necessary.

3. The supervisory authorities and the European Data Protection Supervisor shall meet for that purpose at least twice a year. The costs of these meetings shall be borne by the European Data Protection Supervisor. Rules of procedure shall be adopted at the first meeting. Further working methods shall be developed jointly as necessary.

4. A joint report of activities shall be sent to the European Parliament, the Council, the Commission and the Agency every two years. This report shall include a chapter of each Member State prepared by the supervisory authority of that Member State.

CHAPTER XI

Final Provisions

Article 55

Start of transmission

1. Each Member State shall notify the Commission that it has made the necessary technical and legal arrangements to transmit the data referred to in Article 22(1) to the Central Repository.

2. The Agency shall notify the Commission that it has made the necessary technical arrangements referred to in Article 38(1).

Article 56

Start of operations

The Commission shall determine the date from which the RTP is to start operations, when:

(a) the measures referred to in Article 37(1) and (2) have been adopted;

(b) after validation of technical arrangements, the Member States have notified the Commission that they have made the necessary technical and legal arrangements to collect and transmit the data referred to in Article 22(1) to the Central Repository;

(c) the Agency has declared the successful completion of a comprehensive test of the Central Repository provided for in Article 38(1), and;

(d) the Agency has notified the Commission that the Central Repository is ready to start operations.

Article 57

Committee procedure

1. The Commission shall be assisted by a committee. That committee shall be a committee within the meaning of Regulation (EU) No 182/2011.

2. Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.

Article 58

Amendments to the annexes

The Commission shall be empowered to adopt delegated acts in accordance with Article 59 to the annexes to this Regualtion.

Article 59

Exercise of delegation

1. The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.

2. The delegation of power referred to in Articles 10(2) and 58 shall be conferred for an indeterminate period of time from X.X.201X. (Date of entry into force of this Regulation).

3. The delegation of powers referred to in Articles 10(2) and 58 may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.

4. As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.

5. A delegated act adopted pursuant to Articles 10(2) and 58 shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of two months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by two months at the initiative of the European Parliament or the Council.

Article 60

Notification

1. Member States shall notify the Commission of:

(a) the national form for proof of sponsorship and/or private accommodation referred to in Article 9(5), if applicable;

(b) the authority which is to be considered as controller referred to in Article 52(4);

(c) necessary technical and legal arrangements referred to in Article 56.

2. Member States shall notify the Agency of:

(a) competent authorities which have access to enter, amend, delete, consult or search data, referred to in Article 23;

(b) statistics compiled in accordance with Article 18(5) and Annex V.

3. The Agency shall notify the Commission that that it has made the necessary technical arrangements and the Central Repository is ready to start operations.

4. The Commission shall make the information notified pursuant to paragraph 1(a) available to the Member States and the public via a constantly updated electronic publication.

5. Bulgaria, Cyprus and Romania shall notify the Commission within 10 working days whether to recognise unilaterally the RTP membership of the registered traveller to benefit from facilitation of border checks at their external borders. The Commission shall publish the information communicated by those Member States in the Official Journal of the European Union.

Article 61

Advisory group

An Advisory Group shall provide the Agency with the expertise related to the RTP in particular in the context of the preparation of its annual work programme and its annual activity report.

Article 62

Training

The Agency shall perform tasks related to training on the technical use of the Central Repository.

Article 63

Monitoring and evaluation

1. The Agency shall ensure that procedures are in place to monitor the functioning of the Central Repository against objectives relating to output, cost-effectiveness, security and quality of service.

2. For the purposes of technical maintenance, the Agency shall have access to the necessary information relating to the processing operations performed in the Central Repository.

3. Two years after the RTP is brought into operation and every two years thereafter, the Agency shall submit to the European Parliament, the Council and the Commission, a report on the technical functioning of the RTP including the security thereof.

4. Three years after the RTP is brought into operation and every four years thereafter, the Commission shall produce an overall evaluation of the RTP. This overall evaluation shall include an examination of results achieved against objectives and an assessment of the continuing validity of the underlying rationale, the application of this Regulation in respect of the RTP, the security of the RTP, the implementation of the collection and use of biometric data, compliance with data protection rules and the organisation of the procedures related to applications and issuance of tokens. The Commission shall transmit the evaluation to the European Parliament and the Council. The report shall be accompanied, where necessary, by appropriate proposals to amend this Regulation.

5. Member States shall provide the Agency and the Commission with the information necessary to draft the reports referred to in paragraphs 3 and 4 according to the quantitative parameters predefined by the Agency and the Commission respectively.

6. The Agency shall provide the Commission with the information necessary to produce the overall evaluations referred to in paragraph 4.

Article 64

Entry into force and applicability

1. This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

2. It shall apply from the date referred to in Article 56.

3. Articles 37, 38, 39, 43, 55, 56, 57, 58, 59 and 60 shall apply as from the date referred to in paragraph 1.

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.

Done at Brussels,

For the European Parliament                       For the Council

The President                                                 The President                                                                       

ANNEX I

HARMONISED APPLICATION FORM[40]

Application for a Registered

Traveller Programme

1. Surname (Family name) (x) || FOR OFFICIAL USE ONLY

2. Surname at birth (Earlier family name(s)) (x) || Date of application : Application number: Application lodged at □ Embassy/consulate □ CAC □ Border crossing point Name: File handled by : Supporting documents: □ Travel document □ Means of subsistence □ Invitation □ Means of transport □ Other : Decision: □ Refused □ Granted Valid: From Until

3. First name(s) (Given name(s)) (x)

4. Date of birth (day-month-year) || 5. Place of birth 5a. Country of birth || 6.Current nationality 6a. Nationality at birth, if different:

7. Gender □ Male □ Female □ Unspecified || 8. Civil status □ Single □ Married □ Separated □ Divorced □ Widow(er) □ Other (please specify)

9. In the case of minors: Surname, first name, address (if different from applicant´s) and nationality of parental authority/legal guardian

10. Type of travel document □ Ordinary passport □ Diplomatic passport □ Service passport □ Official passport □ Special passport □ Other travel document (please specify)

11. Number of travel document || 12. Date of issue || 13. Valid until || 14. Issued by

15. Applicant’s home address and e-mail address ||  Telephone number(s)

16. Residence in a country other than the country of current nationality □ No □ Yes. Residence permit or equivalent ______No.______________Valid until

* 17. Current occupation and length of employment

* 18. Employer and employer’s address and telephone number. For students, name and address of educational establishment.

19. Main purposes of the journeys: □ Tourism □ Business □ Visit of family or friends □ Cultural □ Sports □ Official visit □ Medical reasons □ Study □ Other (please specify)

* The fields marked with * shall not be filled in by family members of EU, EEA or CH citizens (spouse, child or dependent ascendant) while exercising their right to free movement. Family members of EU, EEA or CH citizens shall present documents to prove this relationship and fill in fields no 25 and 26.

(x) Fields 1-3 shall be filled in accordance with the data in the travel document.

20. Valid Schengen visa □ No______________ □ Yes. Date(s) of validity from ___________________ to Visa's identification number: ||

21.Fingerprints collected previously for the purpose of applying for a Registered Traveller Programme □ No [……………………………….] □ Yes. […………………………………….] Date, if known

*22. Surname and first name of the inviting person(s) in the Member State(s). If not applicable, name of hotel(s) or temporary accommodation(s) in the Member State(s) ||

Address and e-mail address of inviting person(s)/hotel(s)/temporary accommodation(s) || Telephone and telefax ||

*23. Name and address of inviting company/organisation || Telephone and telefax of company/organisation ||

Surname, first name, address, telephone, telefax, and e-mail address of contact person in company/organisation ||

||

*24. Cost of travelling and living during the applicant's stay is covered ||

□ by the applicant himself/herself Means of support □ Cash □ Traveller's cheques □ Credit Card □ Pre-paid accommodation □ Pre-paid transport □ Other (please specify) || □ by a sponsor (host, company, organisation), please specify [… …] □ referred to in field 18 or 19 [….…] □ other (please specify) Means of support □ Cash □ Accommodation provided □ All expenses covered during the stay(s) □ Pre-paid transport □ Other (please specify) ||

||  

25. Personal data of the family member who is a EU, EEA or CH citizen ||

Surname || First name(s) ||

Date of birth || Nationality || Number of travel document or ID card ||

Address || Telephone || e-mail address ||

26. Family relationship with an EU, EEA or CH citizen □ spouse □ child □ grandchild □ dependent ascendant ||

27. Place and date || 28. Signature (for minors, signature of parental authority/legal guardian) ||

I am aware that the RTP application fee is not refunded under any circumstances.

I am aware of the need to have an adequate travel medical insurance for my first stay and any subsequent visits to the territory of Member States.

I am aware of and consent to the following: the collection of the data required by this application form and the taking of fingerprints, if applicable, are mandatory for the examination of the Registered Traveller Programme (RTP) application. Any personal data concerning me which appear on the RTP application form, as well as my fingerprints will be supplied to the relevant authorities of the Member States and processed by those authorities, for the purposes of a decision on my RTP application.

Such data as well as data concerning the decision taken on my application or a decision whether to revoke or extend access to the RTP will be entered into, and stored in the Central Repository for a maximum period of five years, during which it will be accessible to the competent visa or border authorities. The authority of the Member State responsible for processing the data is: [(…)].

I am aware that I have the right to obtain in any of the Member States notification of the data relating to me recorded in the Central Repository and of the Member State which transmitted the data, and to request that data relating to me which are inaccurate be corrected and that data relating to me processed unlawfully be deleted. At my express request, the authority examining my application will inform me of the manner in which I may exercise my right to check the personal data concerning me and have them corrected or deleted, including the related remedies according to the national law of the State concerned. The supervisory authority of that Member State [contact details] will hear claims concerning the protection of personal data.

I declare that to the best of my knowledge all particulars supplied by me are correct and complete. I am aware that any false statements will lead to my application being rejected or to the revocation of access already granted to the RTP and may also render me liable to prosecution under the law of the Member State which deals with the application.

I undertake to leave the territory of the Member States in due time.

Place and date || Signature (for minors, signature of parental authority/legal guardian):

ANNEX II

NON-EXHAUSTIVE LIST OF SUPPORTING DOCUMENTS

The supporting documents, referred to in Article 9, to be submitted by a registered traveller applicant may include the following:

1. Documentation relating to the purpose of the journeys

(1) for business trips:

(a) an invitation from a company or an authority to attend meetings, conferences or events connected with trade, industry or work;

(b) other documents which show the existence of trade relations or relations for work purposes;

(c) documents proving the business activities of the company;

(d) documents proving the applicant's employment [status][situation] in the company.

(2) for journeys undertaken for the purposes of study or other types of training:

(a) a certificate of enrolment at a teaching institute for the purposes of attending vocational or theoretical courses in the framework of basic and further training;

(b) student cards or certificates of the courses to be attended.

(3) for journeys undertaken for the purposes of tourism or for private reasons:

(a) documents relating to lodging(s):

(i)      an invitation from the host if staying with one;

(ii)      document from the establishment providing lodging or any other appropriate document indicating the accommodation envisaged;

(b) documents relating to the itinerary:

(i)      confirmation of the bookings done during the last year or any other appropriate document indicating the envisaged and/or done journey(s).

(4) for journeys undertaken for political, scientific, cultural, sports or religious events or other reasons:

(a) invitation(s), enrolments or programmes stating (wherever possible) the name of the host organisation and the length of stay(s) or any other appropriate document indicating the purpose of the visit(s).

(5) for journeys of members of official delegations who, following an official invitation, addressed to the government of the third country concerned, participate in meetings, consultations, negotiations or exchange programmes, as well as in events held in the territory of a Member State by intergovernmental organisations:

(a) a letter issued by an authority of the third country concerned confirming that the applicant is a member of the official delegation travelling to a Member State to participate in the aforementioned events, accompanied by a copy of the official invitation(s).

2. Documentation allowing for the assessment of the applicant's intention to leave the territory of the Member States

(a) proof of financial means in the country of residence;

(b) proof of employment: bank statements;

(c) proof of real estate property;

(d) proof of integration into the country of residence: family ties; professional status.

3. Documentation in relation to the applicant's family situation

(a) parental consent (when a minor does not travel with parents);

(b) proof of family ties with the host/inviting person;

(c) residence permit.

ANNEX III

REGISTRATION FEE

1. Applicants shall pay a registration fee of 20 EUR.

2. If the RTP application is examined at the same time with the multiple-entry visa application, the applicant shall pay a fee of 10 EUR.

ANNEX IV

STANDARD FORM FOR NOTIFYING AND MOTIVATING REFUSAL OR REVOCATION AN ACCESS TO A REGISTERED TRAVELLER PROGRAMME[41]

___________

__________________________________________________________________________

REFUSAL/REVOCATION

Ms/Mr _______________________________,

 The ________________ Embassy/Consulate-General/Consulate/Common Application Centre in _________ ______;

 The border authority of the ____________________[name of the border crossing point and country].

has/have

 examined your application;

 examined your access to the Registered Traveller Programme, number: __________, granted:_______________ [date/month/year].

 Access to the RTP has been refused  Access to the RTP has been revoked

This decision is based on the following reason(s):

1.    you do not have a valid residence permit/a residence card if applicable or a visa as required in accordance with the Council Regulation (EC) No 539/2001 of March 2001

2.    a false/counterfeited/forged travel document was presented

3.    you do not proof the need or justify the intention to travel frequently and/or regularly;

4.    justification of the purpose and conditions of the intended stay(s) was not provided

5.    you have not proved your economic situation in the country of origin or residence or you have not provided proof of sufficient means of subsistence, for the duration of the intended stay(s) or for the return to the country of origin or residence or you are not in a position to acquire such means lawfully

6.    you have previously exceeded the maximum duration of authorised stay in the territory of the Member States and you do not prove your integrity and reliability

7.    an alert has been issued in the SIS for the purpose of refusing entry by ……………… (indication of Member State)

8.    one or more Member State(s) consider you to be a threat to public policy, internal security, public health as defined in Article 2 point 19 of the Schengen Borders Code or the international relations of one or more of the Member States

9.    the information submitted regarding the justification of the purpose and conditions of the intended stay was not reliable

10. your intention to leave the territory of the Member States in due time could not be ascertained

11.  revocation was requested by the Registered Traveller[42].

Remarks:

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

Comments: The person concerned may appeal against the decision to refuse or revoke access to a Registered Traveller Programme as provided for in national law and in Article 47(1) of the Charter. The person concerned receives a copy of this document (each Member State must indicate the references to the national law and the procedure relating to the right of appeal (including the competent authority to whom an appeal can be lodged, as well as the time-limit for lodging such an appeal).

Date and stamp of embassy/consulate-general/consulate/border authority/of other competent authorities.

Signature of person concerned[43]

ANNEX V

ANNUAL STATISTICS ON REGISTERED TRAVELLER PROGRAMME

Data to be submitted to the Agency within the deadline set out in Article 18 for each border crossing point and each location where individual Member States grant access to the RTP:

– Total of access applied

– Total of access granted

– Total of access refused

– Total of access revoked

– Total of access applied, granted, refused, revoked or extended for third country nationals holding a visa

– Total of access applied, granted, refused, revoked or extended for third country nationals without a visa

– Average time of enrolment

– Processing time at the border crossing point

– Central Repository availability rate

– Error rates e.g. FTE, false match etc.

General rules for the submission of data:

– The data for the complete previous year shall be compiled in one single file.

– The data shall be provided using the common template (provided by the Agency).

– Data shall be available for the individual border crossing points and the individual locations where the Member State concerned examine applications for the RTP and grouped by third country.

In case a data is neither available nor relevant for one particular category and a third country, Member States shall leave the cell empty (and not entering “0” (zero), “N.A.” (non applicable) or any other value).

LEGISLATIVE FINANCIAL STATEMENT FOR PROPOSALS

1.           FRAMEWORK OF THE PROPOSAL/INITIATIVE

              1.1.    Title of the proposal/initiative

              1.2.    Policy area(s) concerned in the ABM/ABB structure

              1.3.    Nature of the proposal/initiative

              1.4.    Objective(s)

              1.5.    Grounds for the proposal/initiative

              1.6.    Duration and financial impact

              1.7.    Management method(s) envisaged

2.           MANAGEMENT MEASURES

              2.1.    Monitoring and reporting rules

              2.2.    Management and control system

              2.3.    Measures to prevent fraud and irregularities

3.           ESTIMATED FINANCIAL IMPACT OF THE PROPOSAL/INITIATIVE

              3.1.    Heading(s) of the multiannual financial framework and expenditure budget line(s) affected

              3.2.    Estimated impact on expenditure

              3.3.    Estimated impact on revenue

LEGISLATIVE FINANCIAL STATEMENT FOR PROPOSALS

1. FRAMEWORK OF THE PROPOSAL/INITIATIVE 1.1. Title of the proposal/initiative

Regulation of the European Parliament and of the Council establishing the Registered Traveller Programme (RTP) subject to the adoption by the Legislative Authority of the proposal establishing, as part of the Internal Security Fund, the instrument for financial support for external borders and visa (COM(2011)750) and subject to the adoption by the Legislative Authority of the proposal for a Council Regulation laying down the multiannual financial framework for the years 2014-2020 (COM(2011)398) and a sufficient level of resources being available under the expenditure ceiling of the pertinent budget heading.

1.2. Policy area(s) concerned in the ABM/ABB structure[44]

Policy area: Area of Home Affairs (title 18)

1.3. Nature of the proposal/initiative

x The proposal/initiative relates to a new action

¨ The proposal/initiative relates to a new action following a pilot project/preparatory action[45]

¨ The proposal/initiative relates to the extension of an existing action

¨ The proposal/initiative relates to an action redirected towards a new action

1.4. Objectives 1.4.1. The Commission's multiannual strategic objective(s) targeted by the proposal/initiative

The Stockholm Programme agreed by the European Council in December 2009 reaffirmed the potential for a Registered Traveller Programme (RTP) with the aim to facilitate legal access to the territory of Member States. The proposal to set up an RTP was therefore included in the Action Plan implementing the Stockholm programme. The financing of the development of the Smart Borders package is one of the priorities of the Internal Security Fund (ISF)[46].

1.4.2. Specific objective(s) and ABM/ABB activity(ies) concerned

Specific objectives No. 1 "System Development" and No. 2 "System Operations"

The objective of the RTP and the token-Central Repository system is to facilitate the crossing of the European Union external borders by frequent, pre-vetted third-country travellers.

ABM/ABB activity(ies) concerned

Activities: Solidarity – External borders, return, visa policy and free movement of people (chapter 18.02)

1.4.3. Expected result(s) and impact

Specify the effects which the proposal/initiative should have on the beneficiaries/groups targeted.

By exploiting new technologies the RTP will decrease the time and costs of border crossings for Registered Travellers and will increase the throughput capacity of border crossing points thus giving Member States a new tool to manage their passenger flows efficiently and cost-effectively. Border checks of Registered Travellers should not take more than 20-40 seconds on average.

Furthermore, the RTP will free up border control resources by 25% from checking cross border movements of frequent and pre-vetted travellers and will enable better focus on checking higher risk travellers.

1.4.4. Indicators of results and impact

Specify the indicators for monitoring implementation of the proposal/initiative.

During the development

After the approval of the draft proposal and the adoption of the technical specifications the technical system will be developed by an external contractor. The development of the systems will take place at central and national level under the overall coordination of the IT Agency. The IT Agency will define an overall governance framework in cooperation with all the stakeholders. As usual in the development of such systems an overall Project Management Plan, together with a Quality Assurance Plan will be defined at the beginning of the project. They should include dashboards that will include specific indicators related in particular to

          The overall project status

the timely development according to the agreed schedule (milestones),

the risk management,

the management of resources ( human and financial) according to the agreed allocations

the organisational readiness

…

Once the system is operational

Number of persons in the programme by category (visa required/visa exempt) and by grounds of access requested (business persons/students/workers etc);

Number of persons whose access to the RTP is revoked or refused;

Average time of enrolment at the border crossing point and at the consulate;

Time needed for RTs to cross an external border;

System availability;

Error rates e.g. false hits, Failure to Enrol Rate (FTE) and False Acceptance Rate (FAR);

Number of complaints by individuals to the national Supervisory Authority (data protection authority);

Number of complaints lodged against the authorities on wrong decisions and/or discrimination;

The throughput capacity of border crossing point increased by XX per cent;

Border guard resources replaced/made available by the RTP to focus on checking higher risk travellers and/or carrying out other relevant tasks.

1.5. Grounds for the proposal/initiative 1.5.1. Requirement(s) to be met in the short or long term

There are some 700 millions border crossings every year at the external border crossing points (land, sea, air). Taking into account that border crossing at the largest and busiest border crossing points have been increasing and will continue to do so in the future, doing nothing at the EU level would mean that third-country nationals' border crossings could not be facilitated except those specifically mentioned in the Schengen Borders Code and the Local Border Traffic Regulation meaning that thorough checks would be applicable for third-country nationals and no access to Automated Border Control systems could be given for them. Several Member States already face issues in managing queues. These Member States would have no other solution than hiring more staff and rebuilding infrastructure; any future increase in travel flows would lead to more problems of this kind.

Therefore, the RTP is needed for facilitating Registered Travellers border crossings, for releasing border guard resources and for introducing person centric approach to border checks.

1.5.2. Added value of EU involvement

The need for intervention at European level is clear. No Member State alone is able to build up an RTP providing facilitated border checks across the Member States. The RTP needs to be implemented at all EU external border crossing points and will have positive implications on the border guard resources of all Member States, allowing for an efficient use of these resources.

The RTP proposal ensures that the EU has a common approach to the RTP based on common legislation and thus it guarantees that rules continue to be the same at all Schengen borders. For third-country national travellers, this means that the RTP is available to them at all Schengen border crossing points without separate vetting. In other words, a person vetted by one Member State may benefit from facilitation when crossing the external borders of any other Member State. Without common rules this would not be possible, i.e. without EU involvement the RTP would not meet its objectives.

1.5.3. Lessons learned from similar experiences in the past

The experience with the development of the second generation Schengen Information System (SIS II) and of the Visa Information System (VIS) showed the following lessons:

1) As a possible safeguard against cost overruns and delays resulting from changing requirements, any new information system in the area of freedom, security and justice, particularly if it involves a large-scale IT system, will not be developed before the underlying legal instruments setting out its purpose, scope, functions and technical details have been definitely adopted.

2) It proved difficult to fund the national developments for Member States that have not foreseen the respective activities in their multi-annual programming or lack precision in their programming in the framework of the External Border Fund (EBF). Therefore, it is now proposed to include these development costs in the proposal.

1.5.4. Coherence and possible synergy with other relevant instruments

This proposal should be seen as part of the continuous development of the Integrated Border Management Strategy of the European Union, and in particular the Smart Borders Communication[47], as well as in conjunction with the ISF borders proposal[48], as part of the MFF. The legislative financial statement attached to the amended Commission proposal for the Agency[49] covers the costs for the existing IT systems EURODAC, SIS II, VIS but not for the future border management systems that are not yet entrusted to the Agency via a legal framework. Therefore, in the annex to the proposal for a Council Regulation laying down the multi-annual financial framework for the years 2014-2020[50], under heading 3 "Security and Citizenship" it is foreseen to cover the existing IT systems in the rubrique 'IT systems' (822 mio €) and the future border management systems in the rubrique 'Internal Security' (1.1 mio € out of 4.648 mio €). Within the Commission DG HOME is the Directorate General responsible for the establishment of an area of free movement in which persons can cross internal borders without being submitted to border checks and external borders are controlled and managed coherently at the EU level. The RTP is fully coherent with EU border policy: security and prevention of irregular immigration is not diminished during the border crossing, while the EU's openness to the world and its capacity to facilitate cross-border people-to-eople contacts, trade and cultural exchange is boosted. Furthermore, it is coherent with the Community Code on Visas (810/2009) and the VIS Regulation (767/2008). Amendment of the Schengen Borders Code is needed to give access for third-country nationals to fully automated border control systems.

Technical synergies can be found with the Visa Information System. There will also be synergies with the EES, as the EES will register the entry and exit of the registered travellers and monitor the permitted duration of stay within the Schengen area. Without the EES fully automated border crossings could not be implemented for the registered travellers.

In addition, there is no risk of an overlap with similar initiatives carried out in other DGs.

1.6. Duration and financial impact

¨ Proposal/initiative of limited duration

– ¨  Proposal/initiative in effect from [DD/MM]YYYY to [DD/MM]YYYY

– ¨Financial impact from YYYY to YYYY

x Proposal/initiative of unlimited duration

– Preparatory period from 2013 to 2015 (establishment of the legal framework)

– Development period from 2015 to 2017,

– followed by full-scale operation.

1.7. Management mode(s) envisaged[51]

x Centralised direct management by the Commission

x Centralised indirect management with the delegation of implementation tasks to:

– ¨  executive agencies

– x bodies set up by the Communities[52]

– ¨  national public-sector bodies/bodies with public-service mission

– ¨  persons entrusted with the implementation of specific actions pursuant to Title V of the Treaty on European Union and identified in the relevant basic act within the meaning of Article 49 of the Financial Regulation

¨ Shared management with the Member States

¨ Decentralised management with third countries

¨ Joint management with international organisations (to be specified)

If more than one management mode is indicated, please provide details in the "Comments" section.

Comments

The proposal for a Regulation of the European Parliament and of the Council establishing, as part of the Internal Security Fund, the instrument for financial support for external borders and visa for the period 2014-2020 (COM(2011)750), foresees the financing of the development of the Registered Traveller Programme in its Article 15. In accordance with Articles 58 1c) and 60 of the new Financial Regulation (centralised indirect management) the implementing tasks of the abovementioned financial programme will be delegated to the IT Agency.

During the 2015-2017 period, all development activities will be entrusted to the IT Agency through a delegation agreement. This will cover the development part of all strands of the project, i.e. Central system, Member States systems, networks and infrastructure in Member States.

In 2017, at the time of the mid term review, it is envisaged to transfer remaining credits from the 587.000 Mio € to the IT Agency line for operation and maintenance costs of the central system and of the network and to national programmes for operation and maintenance costs of national systems including infrastructure costs (see table below). The Legislative Financial Statement will be revised accordingly by the end of 2016.

Blocks || Management mode || 2015 || 2016 || 2017 || 2018 || 2019 || 2020

Development Central System || Indirect centralised || X || X || X || || ||

Development Member States || Indirect centralised || X || X || X || || ||

Maintenance Central System || Indirect centralised || || || X || X || X || X

Maintenance National Systems || Indirect centralised || || || X || X || X || X

Network (1) || Indirect centralised || X || X || X || X || X || X

Infrastructure Member States || Indirect centralised || X || X || X || X || X || X

(1) network development in 2015-2017, network operations in 2017-2020

2. MANAGEMENT MEASURES 2.1. Monitoring and reporting rules

Specify frequency and conditions.

The rules on monitoring and evaluation of the RTP are foreseen in Article 63 of the RTP proposal.

Article 63

Monitoring and evaluation

1. The Agency shall ensure that procedures are in place to monitor the functioning of the central repository against objectives relating to output, cost-effectiveness, security and quality of service.

2. For the purposes of technical maintenance, the Agency shall have access to the necessary information relating to the processing operations performed in the Central Repository.

3. Two years after the RTP is brought into operation and every two years thereafter, the Agency shall submit to the European Parliament, the Council and the Commission, a report on the technical functioning of the RTP including the security thereof.

4. Three years after the RTP is brought into operation and every four years thereafter, the Commission shall produce an overall evaluation of the RTP. This overall evaluation shall include an examination of results achieved against objectives and an assessment of the continuing validity of the underlying rationale, the application of this Regulation in respect of the RTP, the security of the RTP, the implementation of the collection and use of biometric data, compliance with data protection rules and the organisation of the procedures related to applications and issuance of tokens. .The Commission shall transmit the evaluation to the European Parliament and the Council. The report shall be accompanied, where necessary, by appropriate proposals to amend this Regulation.

5. Member States shall provide the Agency and the Commission with the information necessary to draft the reports referred to in paragraphs 3 and 4 according to the quantitative parameters predefined by the Agency and the Commission respectively.

6. The Agency shall provide the Commission with the information necessary to produce the overall evaluations referred to in paragraph 4.

2.2. Management and control system 2.2.1. Risk(s) identified

1) Difficulties with the technical development of the system

Member States have technically different national IT systems. Furthermore, border control processes may differ according to the local circumstances (available space at the border crossing point, travel flows, etc.). The RTP needs to be integrated into national IT architecture and the national border control processes. Additionally, the development of the national components of the system needs to be fully aligned with central requirements. There are two main risks identified in this area:

a) The risk that technical and legal aspects of the RTP may be implemented in different ways by different Member States, due to insufficient coordination between the central and national sides.

b) The risk of inconsistency in how this future system is used depending on how Member States implement the RTP into the existing border control processes.

2) Difficulties with the timely development of the system

From the experience gained during the development of the VIS and the SIS II, it can be anticipated that a crucial factor for a successful implementation of the RTP will be the timely development of the system by an external contractor. As a center of excellence in the field of development and management of large-scale IT systems, the IT Agency will also be responsible for the award and management of contracts, in particular for sub-contracting the development of the system. There are several risks related to the use of an external contractor for this development work:

a) in particular, the risk that the contractor fails to allocate sufficient resources to the project or that it designs and develops a system that is not state-of-the-art;

b) the risk that administrative techniques and methods to handle large-scale IT projects are not fully respected as a way of reducing costs by the contractor;

c) finally, in the current economic crisis, the risk of the contractor facing financial difficulties for reasons external to this project cannot be entirely excluded.

2.2.2. Control method(s) envisaged

1) The Agency is meant to become a center of excellence in the field of development and management of large-scale IT systems. It shall be entrusted with the development and the operations of the central part of the system including uniform interfaces in the Member States. This solution should allow to avoid most of the drawbacks that the Commission met when developing the SIS II and the VIS.

During the development phase (2015-2017), the Commission will keep the overall responsibility, as the project will be developed via indirect central management. The Agency will be responsible for the technical and financial management, notably the award and management of contracts. The delegation agreement will cover the central part via procurements and the national part via grants. According to Article 40 of the Implementing Rules, the Commission will conclude an Agreement laying down the detailed arrangements for the management and control of funds and the protection of the financial interests of the Commission. Such agreement will include the provisions set out in paragraph 2 of Article 40. It will thus enable the Commission to manage the risks described in 2.2.1.

In the context of the mid-term review (foreseen in 2017 in the framework of the Internal Security Fund, Article 15 of the Horizontal Regulation) the management mode will be re-examined.

2) In order to avoid delays at national level, an efficient governance between all stakeholders is foreseen. The Commission has proposed in the draft Regulation that an Advisory Group composed of Member States national experts shall provide the Agency with the expertise related to the RTP/EES. This advisory group shall meet on a regular basis on the system implementation and to share gathered experience and provide advice to the Management Board of the Agency. Furthermore, the Commission intends to recommend to Member States to set up a national project infrastructure / project group for both the technical and the operational development including a reliable communication infrastructure with single points of contact.

2.3. Measures to prevent fraud and irregularities

Specify existing or envisaged prevention and protection measures.

The measures foreseen to combat fraud are laid down in Article 35 of Regulation (EU) No 1077/2011 which provides as follows:

1.       In order to combat fraud, corruption and other unlawful activities, Regulation (EC) No 1073/1999 shall apply.

2.       The Agency shall accede to the Interinstitutional Agreement concerning internal investigations by the European Anti‑fraud Office (OLAF) and shall issue, without delay, the appropriate provisions applicable to all the employees of the Agency.

3.       The decisions concerning funding and the implementing agreements and instruments resulting from them shall explicitly stipulate that the Court of Auditors and OLAF may carry out, if necessary, on‑the‑spot checks among the recipients of the Agency's funding and the agents responsible for allocating it.

In accordance with this provision, the decision of the Management Board of the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice concerning the terms and conditions for internal investigations in relation to the prevention of fraud, corruption and any illegal activity detrimental to the Union's interests was adopted on 28 June 2012.

Moreover, DG HOME is currently drafting its fraud prevention and detection strategy.

3. ESTIMATED FINANCIAL IMPACT OF THE PROPOSAL/INITIATIVE 3.1. Heading(s) of the multiannual financial framework and expenditure budget line(s) affected

Via the delegation agreement the Agency will be entrusted with the task to set up the appropriate tools at the level of its local financial systems in order to guarantee an efficient monitoring, follow-up and reporting of the costs linked to the implementation of the RTP in compliance with Article 60 of the new Financial Regulation. It will take the appropriate measures, in order to be able to report whatever the final budget nomenclature will be.

· Existing expenditure budget lines

In order of multiannual financial framework headings and budget lines.

Heading of multiannual financial framework || Budget line || Type of expenditure || Contribution

Number [Description………………………...……….] || DA/ ([53]) || from EFTA[54] countries || from candidate countries[55] || from third countries || within the meaning of Article 21(2)(b) of the Financial Regulation

|| [XX.YY.YY.YY] || DA/ || YES/NO || YES/NO || YES/NO || YES/NO

· New budget lines requested

In order of multiannual financial framework headings and budget lines.

Heading of multiannual financial framework || Budget line || Type of expenditure || Contribution

Number [Heading……………………………………..] || Diff./non-diff. || from EFTA countries || from candidate countries || from third countries || within the meaning of Article 21(2)(b) of the Financial Regulation

3 || [18.02.CC] ISF borders || DA/ || NO || NO || YES || NO

3.2. Estimated impact on expenditure 3.2.1. Summary of estimated impact on expenditure

The table below covers annual costs for Member States and central system, as well as development and operational costs. The costs for automated border control gates will be borne by the Member States.

EUR million (to 3 decimal places)

Heading of multiannual financial framework: || 3 || Security and Citizenship

DG: HOME || || || Year 2015 || Year 2016 || Year 2017[56] || Year 2018 || Year 2019 || Year 2020 || Following years || TOTAL

Ÿ Operational appropriations || || || || || || || ||

Number of budget line 18.02.CC || Commitments || (1) || 137.674 || 34.836 || 167.402 || 82.362 || 82.363 || 82.363 || || 587.000

Payments || (2) || 68.837 || 93.222 || 145.148 || 101.198 || 88.013 || 68.585 || 21.996 || 587.000

Number of budget line || Commitments || (1a) || || || || || || || ||

Payments || (2a) || || || || || || || ||

Appropriations of an administrative nature financed  from the envelop of specific programs[57] || || || || || || || ||

Number of budget line || || (3) || || || || || || || ||

TOTAL appropriations for DG HOME || Commitments || =1+1a +3 || 137.674 || 34.836 || 167.402 || 82.362 || 82.363 || 82.363 || || 587.000

Payments || =2+2a +3 || 68.837 || 93.222 || 145.148 || 101.198 || 88.013 || 68.585 || 21.996 || 587.000

Ÿ TOTAL operational appropriations || Commitments || (4) || || || || || || ||

Payments || (5) || || || || || || ||

Ÿ TOTAL appropriations of an administrative nature financed from the envelop of specific programs || (6) || || || || || || ||

TOTAL appropriations under HEADING <….> of the multiannual financial framework || Commitments || =4+ 6 || || || || || || ||

Payments || =5+ 6 || || || || || || ||

If more than one heading is affected by the proposal / initiative:

Ÿ TOTAL operational appropriations || Commitments || (4) || || || || || || ||

Payments || (5) || || || || || || ||

Ÿ TOTAL appropriations of an administrative nature financed from the envelop of specific programs || (6) || || || || || || ||

TOTAL appropriations under HEADINGS 1 to 4 of the multiannual financial framework (Reference amount) || Commitments || =4+ 6 || || || || || || ||

Payments || =5+ 6 || || || || || || ||

Heading of multiannual financial framework: || 5 || " Administrative expenditure "

EUR million (to 3 decimal places)

|| || || Year 2013 || Year 2014 || Year 2015 || Year 2016 || Year 2017 || Year 2018 || Year 2019 || Year 2020 || Following years || TOTAL

DG: HOME || || || ||

Ÿ Human resources || 0.254 || 0.254 || 0.254 || 0.190 || 0.190 || 0.190 || 0.191 || 0.191 || || 1.715

Ÿ Other administrative expenditure || 0.201 || 0.201 || 0.201 || 0.200 || 0.200 || 0.200 || 0.200 || 0.200 || || 1.602

TOTAL DG HOME || Appropriations || 0.455 || 0.455 || 0.455 || 0.390 || 0.390 || 0.390 || 0.391 || 0.391 || || 3.317

TOTAL appropriations under HEADING 5 of the multiannual financial framework || (Total commitments = Total payments) || 0.455 || 0.455 || 0.455 || 0.390 || 0.390 || 0.390 || 0.391 || 0.391 || || 3.317

EUR million (to 3 decimal places)

|| || || Year 2013 || Year 2014 || Year 2015[58] || Year 2016 || Year 2017 || Year 2018 || Year 2019 || Year 2020 || Following years || TOTAL

TOTAL appropriations under HEADINGS 1 to 5 of the multiannual financial framework || Commitments || 0.455 || 0.455 || 138.129 || 35.226 || 167.793 || 82.753 || 82.753 || 82.753 || || 590.317

Payments || 0.455 || 0.455 || 69.292 || 93.613 || 145.539 || 101.589 || 88.403 || 68.975 || 21.996 || 590.317

The human resources required will be met by staff from the DG who are already assigned to management of the action and/or have been redeployed within the DG, together if necessary with any additional allocation which may be granted to the managing DG under the annual allocation procedure and in the light of budgetary constraints.

3.2.2. Estimated impact on operational appropriations

– ¨  The proposal/initiative does not require the use of operational appropriations

– x The proposal/initiative requires the use of operational appropriations, as explained below:

Commitment appropriations in EUR million (to 3 decimal places)

Indicate objectives and outputs ò || || || Year 2015 || Year 2016 || Year 2017 || Year 2018 || Year 2019 || Year 2020 || TOTAL ||

||

Type of output[59] || Average cost of the ouput || Number of ouputs || Cost || Number of ouputs || Cost || Number of ouputs || Cost || Number of ouputs || Cost || Number of ouputs || Cost || Number of ouputs || Cost || Total number of ouputs || Total cost ||

SPECIFIC OBJECTIVE No 1[60]: System Development (Central and National) || || || || || || ||

- Output || 1 || 137.674 || 1 || 34.836 || 1 || 50.356 || || || || || || || 1 || 222.866 ||

Sub-total for specific objective N° 1[61] || || 137.674 || || 34.836 || || 50.356 || || || || || || || || 222.866 ||

SPECIFIC OBJECTIVE No 2: System Operations (Central and National)   || || || || || || ||

- Output || || || || || 1 || 117.047 || 1 || 82.362 || 1 || 82.362 || 1 || 82.363 || 1 || 364.134 ||

Sub-total for specific objective N° 2[62] || || || || || || 117.047 || || 82.362 || || 82.362 || || 82.363 || || 364.134 ||

TOTAL COST || 1 || 137.674 || 1 || 34.836 || 2 || 167.403 || 1 || 82.362 || 1 || 82.362 || 1 || 82.363 || 2 || 587.000 ||

3.2.3. Estimated impact on appropriations of an administrative nature 3.2.3.1. Summary

– ¨  The proposal/initiative does not require the use of administrative appropriations

– x The proposal/initiative requires the use of administrative appropriations, as explained below:

EUR million (to 3 decimal places)

|| Year 2013 || Year 2014 || Year 2015 || Year 2016 || Year 2017 || Year 2018 || Year 2019 || Year 2020 || TOTAL

HEADING 5 of the multiannual financial framework || || || || || || || || ||

Human resources || 0.254 || 0.254 || 0.254 || 0.190 || 0.190 || 0.190 || 0.191 || 0.191 || 1.715

Other administrative expenditure || 0.201 || 0.201 || 0.201 || 0.200 || 0.200 || 0.200 || 0.200 || 0.200 || 1.602

Subtotal HEADING 5 of the multiannual financial framework || 0.455 || 0.455 || 0.455 || 0.390 || 0.390 || 0.390 || 0.391 || 0.391 || 3.317

Outside HEADING 5[63] of the multiannual financial framework || || || || || || || || ||

Human resources || || || || || || || || ||

Other expenditure of an administrative nature || || || || || || || || ||

Subtotal outside HEADING 5 of the multiannual financial framework || || || || || || || || ||

TOTAL || 0.455 || 0.455 || 0.455 || 0.390 || 0.390 || 0.390 || 0.391 || 0.391 || 3.317

3.2.3.2.  Estimated requirements of human resources

– ¨  The proposal/initiative does not require the use of human resources

– x The proposal/initiative requires the use of human resources, as explained below:

Estimate to be expressed in full time equivalnet units (or at most to one decimal place)

|| Year 2013 || Year 2014 || Year 2015 || Year 2016 || Year 2017 || Year 2018 || Year 2019 || Year 2020

· Establishment plan posts (officials and temporary agents)

XX 01 01 01 (Headquarters and Commission’s Representation Offices) || 2 || 2 || 2 || 1,5 || 1,5 || 1,5 || 1,5 || 1,5

XX 01 01 02 (Delegations) || || || || || || || ||

XX 01 05 01 (Indirect research) || || || || || || || ||

10 01 05 01 (Direct research) || || || || || || || ||

· External personnel (in Full Time Equivalent unit: FTE)[64]

XX 01 02 01 (CA, INT, SNE from the "global envelope") || || || || || || || ||

XX 01 02 02 (CA, INT, JED, LA and SNE in the delegations) || || || || || || || ||

  XX 01 04 yy [65] || - at Headquarters[66] || || || || || || || ||

- in delegations || || || || || || || ||

XX 01 05 02 (CA, INT, SNE - Indirect research) || || || || || || || ||

10 01 05 02 (CA, INT, SNE - Direct research) || || || || || || || ||

Other budget lines (specify) || || || || || || || ||

TOTAL || 2 || 2 || 2 || 1,5 || 1,5 || 1,5 || 1,5 || 1,5

XX is the policy area or budget title concerned.

The human resources required will be met by staff from the DG who are already assigned to management of the action and/or have been redeployed within the DG, together if necessary with any additional allocation which may be granted to the managing DG under the annual allocation procedure and in the light of budgetary constraints.

Description of tasks to be carried out:

Officials and temporary agents || 2 during preparatory period from 2013 to 2015: 1 administrator for the legislative negotiation, coordination of tasks with the Agency and supervision of the delegation agreement 0,5 administrator for supervision of financial activities and expertise on border control and technical matters 0,5 assistant for administrative and financial activities 1,5 during development period from 2016 to 2020 1 administrator for the follow-up of the delegation agreement (reports, preparaiton comitology, validation functional and technical specifications, supervision financial activities and coordination Agency), as well as expertise on border control and technical matters 0,5 assistant for administrative and financial activities

External personnel || 0

3.2.4. Compatibility with the current multiannual financial framework

– x Proposal/initiative is compatible with the current and the next multiannual financial framework.

– ¨  Proposal/initiative will entail reprogramming of the relevant heading in the multiannual financial framework.

Explain what reprogramming is required, specifying the budget lines concerned and the corresponding amounts.

– ¨  Proposal/initiative requires application of the flexibility instrument or revision of the multiannual financial framework[67].

Explain what is required, specifying the headings and budget lines concerned and the corresponding amounts.

3.2.5. Third-party contributions

– x The proposal/initiative does not provide for co-financing by third parties

– ¨ The proposal/initiative provides

Appropriations in EUR million (to 3 decimal places)

|| Year N || Year N+1 || Year N+2 || Year N+3 || … enter as many years as necessary to show the duration of the impact (see point 1.6) || Total

Specify the co-financing body || || || || || || || ||

TOTAL appropriations cofinanced || || || || || || || ||

3.3. Estimated impact on revenue

– ¨  Proposal/initiative has no financial impact on revenue.

– x Proposal/initiative has the following financial impact:

– ¨         on own resources

– x        on miscellaneous revenue

EUR million (to 3 decimal places)

Budget revenue line: || Appropriations available for the ongoing budget exercise || Impact of the proposal/initiative[68]

Year 2015 || Year 2016 || Year 2017 || Year 2018 || Year 2019 || Year 2020 || Following years

Article 6313 || || 4,188 || 5,672 || 8,832 || 6,157 || 5,355 || 4,173 || 1,338

For miscellaneous assigned revenue, specify the budget expenditure line(s) affected.

18.02.CC ISF borders

Specify the method for calculating the impact on revenue.

The budget shall include a contribution from countries associated with the implementation, application and development of the Schengen acquis and the Eurodac related measures as laid down in the respective agreements. The estimates provided are purely indicative and are based on recent calculations for revenues for the implementation of the Schengen acquis from the States that currently contribute (Iceland, Norway and Switzerland) to the general budget of the European Union (consumed payments) an annual sum for the relevant financial year, calculated in accordance with its gross domestic product as a percentage of the gross domestic product of all the participating States. The calculation is based on June 2012 figures from EUROSTAT which are subject to considerable variation depending on the economic situation of the participating States.

[1]               COM(2008) 69 final.

[2]               OJ C 115/1, 4.5.2010.

[3]               COM(2011) 680 final.

[4]               OJ L 105, 13.4.2006.

[5]               OJ L 158, 30.4.2004; Directive 2004/38/EC.

[6]               OJ L 405, 30.12.2006

[7]               In the context of a RTP, a token is a physical device given to the authorised user to prove his/her access granted to the RTP electronically. The token acts like an electronic key to access something, in this case to the automated gate. Technical specifications will determine whether only a bar code is used or a chip in which the unique identifier (application number) is stored.

[8]               OJ L 286, 1.11.2011.

[9]               SEC(2008) 153.

[10]             SWD(2013) 50.

[11]             Impact assessment can be found from the following web page: http://ec.europa.eu/governance/impact/ia_carried_out/cia_2013_en.htm

[12]             Subject to the adoption by the Legislative Authority of the proposal establishing, as part of the Internal Security Fund, the instrument for financial support for external borders and visas (COM(2011) 750 final) and subject to the adoption by the Legislative Authority of the proposal for a Council Regulation laying down multiannual financial framework for the years 2014-2020 (COM(2011)398) and a sufficient level of resources being available under the expenditure ceiling of the pertinent budget heading.

[13]             OJ L 176, 10.7.1999, p. 36.

[14]             OJ L 53, 27.2.2008, p. 52.

[15]             OJ L 160, 18.6.2011, p. 19.

[16]             OJ C , , p. .

[17]             OJ C , , p. .

[18]             OJ C , , p. .

[19]             COM(2008) 69 final, 13.2.2008.

[20]             COM(2009) 262 final, 10.6.2009.

[21]             OJ L 286, 1.11.2011, p 1.

[22]             OJ L 158, 29.4.2004, p. 77

[23]             OJ L 281, 23.11.1995, p. 31.

[24]             OJ L 8, 12.1.2001, p. 1.

[25]             OJ L 55, 28.2.2011, p.13

[26]             OJ L 131, 1.6.2000, p. 43.

[27]             OJ L 64, 7.3.2002, p. 20.

[28]             OJ L 176, 10.7.1999, p. 36.

[29]             OJ L 176, 10.7.1999, p. 31.

[30]             OJ L 53, 27.2.2008, p. 52.

[31]             OJ L 53, 27.2.2008, p. 1.

[32]             OJ L 160, 18.6.2011, p. 21.

[33]             OJ L 160, 18.6.2011, p. 19.

[34]             OJ L 218, 13.8.2008, p 60.

[35]             OJ L 105, 13.4.2006, p 1.

[36]             OJ L 243, 15.9.2009, p 1.

[37]             OJ L 81, 21.3.2001, p. 1.

[38]             Article 47(1) of the Charter of Fundamental Rights of the EU.

[39]             Article 47(1) of the Charter of Fundamental Rights of the EU.

[40]             No logo is required for Norway, Iceland, Switzerland and Liechtenstein.

[41]             No logo is required for Norway, Iceland, Switzerland and Liechtenstein.

[42]             Revocation on this reason is not subject to the right of appeal.

[43]             If required by national law.

[44]             ABM: Activity-Based Management – ABB: Activity-Based Budgeting.

[45]             As referred to in Article 49(6)(a) or (b) of the Financial Regulation.

[46]             Proposal for a Regulation of the European Parliament and of the Council establishing, as part of the Internal Security Fund, the instrument for financial support for external borders and visa (COM(2011)750.

[47]             Communication from the Commission to the European Parliament and the Council – Smart Borders – options and the way ahead (COM(2011)680.

[48]             Proposal for a Regulation of the European Parliament and of the Council establishing, as part of the Internal Security Fund, the instrument for financial support for external borders and visa (COM(2011)750.

[49]             COM(2010)93 of 19 March 2010.

[50]             COM(2011)398 of 29 June 2011.

[51]             Details of management modes and references to the Financial Regulation may be found on the BudgWeb site: http://www.cc.cec/budg/man/budgmanag/budgmanag_en.html

[52]             As referred to in Article 185 of the Financial Regulation.

[53]             DA= Differentiated appropriations / DNA= Non-Differentiated Appropriations

[54]             EFTA: European Free Trade Association.

[55]             Candidate countries and, where applicable, potential candidate countries from the Western Balkans.

[56]             The variation of costs and especially the high costs in 2015 in 2017 can be explained as follows: At the beginning of the development period, in 2015, commitments for the development will be made (one-time costs to cover three years of hardware, software and contractor costs). At the end of the development period, in 2017, the required commitments for the operations will be made. Costs for the administration of hardware and software vary depending on the period.

[57]             Technical and/or administrative assistance and expenditure in support of the implementation of EU programmes and/or actions (former "BA" lines), indirect research, direct research.

[58]             Year N is the year in which implementation of the proposal/initiative start

[59]             Outputs are products and services to be supplied (e.g.: number of student exchanges financed, number of km of roads built, etc.).

[60]             As described in Section 1.4.2. "Specific objective(s)…"

[61]             This amount includes for the central development in particular the network infrastructure, required hardware and software licenses and costs for the external contractor to develop the central system. For the national development it also includes the costs for the required hardware and software licenses as well as external contractual development

[62]             This amount covers the required costs to keep the central system up and running, in particular the running of the network, the maintenance of the central system by an external contractor and the required hardware and software licenses. For the national operations, it covers the required costs for the running the national systems, in particular licenses for hardware and software, incident management, and costs for required external contractors.

[63]             Technical and/or administrative assistance and expenditure in support of the implementation of EU programmes and/or actions (former "BA" lines), indirect research, direct research.

[64]             CA= Contract Agent; INT= agency staff ("Intérimaire"); JED= "Jeune Expert en Délégation" (Young Experts in Delegations); LA= Local Agent; SNE= Seconded National Expert;

[65]             Under the ceiling for external personnel from operational appropriations (former "BA" lines).

[66]             Essentially for Structural Funds, European Agricultural Fund for Rural Development (EAFRD) and European Fisheries Fund (EFF).

[67]             See points 19 and 24 of the Interinstitutional Agreement.

[68]             As regards traditional own resources (customs duties, sugar levies), the amounts indicated must be net amounts, i.e. gross amounts after deduction of 25% for collection costs.