EXPLANATORY MEMORANDUM

1.           CONTEXT OF THE PROPOSAL

· Grounds for and objectives of the proposal

Member State public administrations responsible for applying EU law are increasingly required by EU law to cooperate with their counterparts in other Member States. To support them in their tasks, the Internal Market Information System (‘IMI’) was designed and developed by the European Commission as a generic, customisable administrative cooperation platform and has been offered as a free service to Member States since 2008. It provides more than 6 000 registered authorities in the 27 Member States and three EEA countries with a fast and secure communication channel for cross-border information exchange with their counterparts, effectively overcoming barriers due to different languages and administrative structures. IMI is currently used for the exchange of information pursuant to Directive 2005/36/EC of the European Parliament and of the Council of 7 September 2005 on the recognition of professional qualifications[1] (‘the Professional Qualifications Directive’) and Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market[2] (‘the Services Directive’). In 2010, some 2 000 requests for information were exchanged through IMI.

Cross-border administrative cooperation frequently involves processing and exchanging personal data of EU citizens, as is the case under the Services Directive and the Professional Qualifications Directive. From a legal point of view, IMI operates on the basis of a Commission decision, a ‘comitology’ decision, and a Commission recommendation[3]. The lack of a single legal instrument adopted by the European Parliament and the Council underlying its operations came to be seen as an obstacle to further expansion of IMI. In practice, IMI guarantees a high level of technical and procedural data protection. Thanks to the many procedural and technical privacy-enhancing features that were built into the system following the privacy-by-design principle, the processing of personal data in IMI offers a considerably higher level of protection and security than other methods of information exchange such as mail, telephone, fax or e-mail. In addition, data protection considerations are addressed in the day-to-day use of the system and are included in the training material for IMI users.

According to the Commission Communication ‘Towards a Single Market Act’, extending IMI to other sectors ‘with a view to creating a genuine face-to-face electronic network for European administrations’ is one of the keys to promoting better governance of the single market[4]. The Commission Communication[5] ‘Better governance of the Single Market through greater administrative cooperation: A strategy for expanding and developing the Internal Market Information System (“IMI”)’ (‘the IMI Strategy Communication’) adopted on 21 February 2011 set out plans for future expansion of IMI to other areas of EU law. The Commission Communication ‘A Single Market Act’ stressed the importance of IMI for strengthening cooperation among the actors involved, including at local level, thus contributing to better governance of the single market[6].

The objectives of the present proposal are to:

(1) Establish a sound legal framework for IMI and a set of common rules to ensure that it functions efficiently;

(2) Provide a comprehensive data protection framework by setting out the rules for the processing of personal data in IMI;

(3) Facilitate possible future expansion of IMI to new areas of EU law; and

(4) Clarify the roles of the different actors involved in IMI.

· General context

In its Decisions C/2006/3606 of 14 August 2006, C/2007/3514 of 25 July 2007 and C/2008/1881 of 14 May 2008, the Commission decided to finance and set up the Internal Market Information System as a project of common interest under the programme on the interoperable delivery of pan-European eGovernment services to public administrations, businesses and citizens (IDABC). Further financing was provided by Commission Decision C/2007/3514 of 25 July 2007 on the fourth revision of the IDABC Work Programme.

Commission Decision 2008/49/EC laid down the functions, rights and obligations of IMI actors and users, taking the opinion of the Article 29 Working Party[7] into account. Following the adoption of the Decision, the European Data Protection Supervisor (EDPS) issued an opinion[8] in which it called for the adoption of a legal instrument by the European Parliament and the Council in view of the envisaged expansion of IMI to additional areas of internal market legislation.

Pending the adoption of such a legal instrument, it was agreed to follow a step-by-step approach, starting with the adoption of guidelines for the implementation of data protection rules in IMI drawn up in close consultation with the EDPS[9]. The Commission considered that this step-by-step approach proved effective in ensuring a high level of technical and procedural data protection in IMI[10].

· Existing provisions in the area of the proposal

The processing of personal data in IMI is addressed by the Commission Decisions and Recommendation listed in footnote 3.

2.           RESULTS OF CONSULTATIONS WITH THE INTERESTED PARTIES AND IMPACT ASSESSMENTS

· Consultation of interested parties

Over the past year the Commission informed IMI stakeholders, including national IMI coordinators and authorities using the system, through various fora, about its plans for future IMI expansions. The reactions received showed general support for the Commission’s intention to propose a horizontal legal instrument that would remove any doubts as to the binding nature of the rules for the processing of personal data in the system.

The EDPS was consulted informally at the early stages of the preparation of the proposal, as well as formally during the inter-service consultation, and provided a vital contribution.

· Impact assessment

As already mentioned, the present proposal consolidates the current rules governing IMI within a single horizontal legally binding instrument. Consequently, no alternative policy options need to be considered at this stage. Moreover, the present proposal does not anticipate or preclude any future decisions on possible extension of IMI to new areas of Union law, but will merely facilitate such possible expansion by providing a robust legal framework for the functioning of IMI and a flexible procedure for future expansion decisions, which will be based on the criteria set out in the IMI Strategy Communication mentioned above. For these reasons, the proposal has not been subject to an impact assessment analysis. Any subsequent decisions concerning the expansion of the use of IMI beyond the areas of Union law for which it is currently used will require proportionate impact assessments.

3.           LEGAL ELEMENTS OF THE PROPOSAL

· Summary of the proposed action

The present proposal aims at improving the conditions for the functioning of the internal market by providing an effective and user-friendly tool facilitating the practical implementation of provisions of Union law mandating administrative cooperation and information exchange.

The proposed Regulation also lays down the main principles of data protection through IMI, including the rights of data subjects, in a single legal instrument, thus increasing transparency and enhancing legal certainty. The list of areas of Union acts currently supported by IMI is set out in Annex I. Areas of possible future expansion are listed in Annex II. The procedural and budgetary aspects aimed at facilitating future expansion of IMI are in line with the IMI Strategy Communication mentioned above.

· Legal basis:

Article 114 TFEU

· Subsidiarity and proportionality principles

Given the nature of IMI as a centralised communication tool developed and hosted by the Commission, it is necessary to establish a common set of rules applicable to the system and to implement them in a centralised manner. The objectives of IMI, namely the removal of obstacles to cross-border cooperation, such as language barriers, different administrative and working cultures and the lack of established procedures for information exchange, cannot be achieved by the Member States and require action at European Union level. This proposal does not go beyond what is necessary to achieve those objectives.

· Choice of instruments

Proposed instrument: regulation

In view of the above objectives, it is essential to establish a set of common rules for the functioning of IMI. This could not be achieved in a directive which, by its very nature, is only binding as to the result to be achieved, but leaves to the national authorities the choice of form and methods. Yet, in the case of the present proposal, it is necessary to precisely define the form and methods of administrative cooperation through IMI. In terms of useful precedents, it may be pointed out that regulations have also been used for other large IT systems at EU level to address data protection and other issues[11]. In turn, to propose an act to be adopted by the Commission and not by the European Parliament and the Council, such as a Commission decision, would simply emulate the status quo and would not address the concerns about legal certainty towards the citizen expressed in the past by the EDPS.

4.           BUDGETARY IMPLICATION

As the use of IMI is mandatory for Member States under the Services Directive and the recently adopted Directive on the application of patients’ rights in cross-border healthcare[12], it is necessary to ensure that IMI can continue to operate on a permanent basis. For this reason, as well as to allow more efficient management and better control of the budget, it is proposed that the expenditure related to IMI be re-grouped by bringing all costs under the same budget line managed by DG MARKT (12.02.01 Implementation and development of the Internal Market), as explained in the accompanying legislative financial statement.

The present proposal does not have a budgetary impact over and above what is already foreseen in the years to come in the official programming of the Commission and it is without prejudice to the decisions on the post-2013 multi-annual financial framework.

5.           OPTIONAL ELEMENTS

· European Economic Area

The proposed act concerns an EEA matter and should therefore be extended to the European Economic Area.

· Detailed explanation of the proposal

Choice of the legal basis

The main objective of the proposal is to improve the conditions for the functioning of the internal market by providing an effective and user-friendly tool which facilitates the practical implementation of those provisions of Union acts which require Member States to cooperate with one another and with the Commission and to exchange information (including, in many instances, personal data). In order to ensure the efficient functioning of IMI, it is necessary to lay down certain common rules related to its governance and use. This includes the obligation to appoint one national IMI coordinator per Member State (Article 7), the obligation on competent authorities to provide an adequate response in a timely manner (Article 8(1)) and the provision that information exchanged via IMI may be used for providing evidence in the same way as similar information obtained within the same Member State (Article 8(2)).

At the same time, a high level of data protection should be ensured in the implementation of IMI.

Chapter I (General provisions)

A number of provisions of Union acts require Member States to cooperate with one another and with the Commission by exchanging information. As an example, the Professional Qualifications Directive mandates administrative cooperation and the exchange of certain information, including personal data, among Member States’ administrations. Since 2008, Member States have agreed to use IMI for such cooperation and exchanges for a range of professions that has been expanded gradually with a view to covering all regulated professions. The Services Directive assigns mutual assistance obligations to Member States, including the obligation to supply information by electronic means (Article 28(6)). Commission Decision 2009/739/EC of 2 October 2009 sets out the practical arrangements for the exchange of information between Member States under the Services Directive.

Since 16 May 2011, authorities across the EU that deal with posted workers are able to exchange information through IMI on a pilot basis[13]. Moreover, the recently adopted Directive on the application of patients’ rights in cross-border healthcare makes the use of IMI obligatory for exchanging information on the right to practise of health professionals[14]. The accompanying document to the ‘IMI Strategy Communication’ lists further areas that could benefit from IMI. Furthermore, synergies between IMI and other IT tools used by the Commission, including in the area of problem solving, should be explored.

The provisions of Articles 1, 2 and 3 aim to establish the purpose and scope of IMI.

The proposed mechanism for expanding IMI to new Union acts (Article 4) aims at providing the necessary flexibility for the future while ensuring a high level of legal certainty and transparency, in particular for data subjects. To that end, Union acts currently supported by IMI are set out in Annex I. In addition, Annex II lists areas of possible future expansion of IMI. Following an assessment of technical feasibility, cost-efficiency, user-friendliness and overall impact on the system, as well as the results of a possible test phase, as appropriate, the Commission will be empowered to update the list of areas in Annex I accordingly, adopting a delegated act.

Chapter II (Functions and responsibilities in relation to IMI)

The provisions of this chapter are crucial for the efficient functioning of the system (e.g. the respective roles of the national IMI coordinator, Article 7, and competent authorities, Article 8). In particular, competent authorities should not be allowed to question the evidentiary value of a document received from another Member State solely because it was received by means of IMI and should treat it in the same way as similar documents originating in their Member State. The provisions also reflect the flexibility offered by IMI to the Member States in allocating the different roles within the system in line with their national administrative structure.

Article 9 clarifies the role of the Commission. For the types of administrative cooperation currently covered by IMI, this remains limited to ensuring the security, availability, maintenance and development of the software and IT infrastructure for IMI. However, the Commission could also take an active part in IMI workflows, for instance for notification procedures, on the basis of legal provisions or other arrangements underlying the use of IMI in a given area of the internal market.

Article 10 on access rights is central to ensuring effective protection for the personal data processed in the system. It specifies in particular that access to personal data processed in IMI must be limited to the IMI users taking part in the procedure in question.

Chapter III (Data processing and security)

Processing of personal data by means of IMI will continue to be based on pre-defined workflows, question sets and other procedures (Article 12). This constitutes an additional guarantee of transparency for data subjects.

Personal data processed by means of IMI should not remain accessible for longer than necessary. It is therefore important to establish maximum retention periods, following which the data should be blocked, i.e. rendered inaccessible to IMI users via the normal interface and then automatically deleted from the system five years after the closure of an administrative cooperation procedure (Article 13). The option of blocking data after 18 months (rather than immediate deletion) is preferable to ensure that data subjects are able to effectively exercise their rights, for example by obtaining evidence that an exchange of information through IMI took place in order to appeal against a decision based on such an exchange. This approach is also in line with the Court of Justice ruling in Case C-553/07 Rijkeboer.

The processing of personal data of IMI users (e.g. employees of national administrations using IMI) should be possible for purposes related to the functioning of IMI, such as ensuring the proper functioning of the system by IMI coordinators and the Commission or gathering information related to administrative cooperation in the internal market via surveys (Article 14).

Article 15 reflects the fact that already today, under the Professional Qualifications and Services Directives, IMI is used to exchange data of a sensitive nature, including e.g. information about disciplinary or criminal sanctions.

It is important to clarify that — since IMI is developed, maintained and hosted centrally by the Commission — the applicable data security rules are those set out in Regulation (EC) No 45/2001 (Article 16).

Chapter IV (Rights of data subjects and supervision)

Given the diversity of competent authorities using IMI (more than 6 000 as of March 2011), as well as the variety of situations and contexts in which IMI may be used in the future, it is not possible to lay down a one-size-fits-all solution for the exercise of data subjects’ rights in the proposed Regulation. The obligations of competent authorities are, in principle, covered by national data protection legislation, while Articles 15 and 16 cover issues specific to IMI (e.g. blocked data), as well as the obligations of the Commission. It is also important to ensure transparency for data subjects whenever the exercise of their rights in the context of IMI is limited by national legislation (Article 19).

Provisions for coordinated supervision follow the model established in the VIS and SIS II Regulations[15] (Article 20).

Chapter V (Geographic scope of IMI)

The legal instrument for IMI should provide sufficient flexibility to accommodate future developments with respect to the use of the system, including possibly involving third countries in the information exchanges in certain areas (Article 22), or the use of the system in a purely domestic context (Article 21), for which some Member States have already expressed an interest. In all such cases, the guarantees for personal data protection should continue to apply.

Chapter VI (Final provisions)

To allow for the extension of IMI to further Union acts, the Commission will be empowered to update the list of provisions already covered by IMI, as listed in Annex I, with additional provisions included in Annex II.

The Commission undertakes to produce regular reports on the functioning of IMI, inter alia based on statistical information retrieved from the system and provided by Member States on request, as appropriate (Article 26).

2011/0226 (COD)

Proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

on administrative cooperation through the Internal Market Information System (‘the IMI Regulation’)

(Text with EEA relevance)

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national Parliaments,

Having regard to the opinion of the European Economic and Social Committee[16],

Having regard to the opinion of the European Data Protection Supervisor,

Acting in accordance with the ordinary legislative procedure,

Whereas:

(1) The application of certain Union acts governing the free movement of goods, persons, services and capital in the internal market requires Member States to cooperate and exchange information with one another and with the Commission. As practical means to implement such information exchange are often not specified in those acts, appropriate practical arrangements need to be made.

(2) The Internal Market Information System (hereinafter ‘IMI’) is a software application accessible via the Internet, developed by the European Commission in cooperation with the Member States, in order to assist Member States with the practical implementation of information exchange requirements laid down in Union acts by providing a centralised communication mechanism to facilitate cross-border exchange of information and mutual assistance. In particular, IMI helps competent authorities to identify their counterpart in another Member State, manage the exchange of information, including personal data, on the basis of simple and unified procedures and overcome language barriers on the basis of pre-defined and pre-translated workflows.

(3) The purpose of IMI should be to improve the functioning of the internal market by providing an effective, user-friendly tool for the implementation of administrative cooperation between the Member States and the Commission, thus facilitating the application of Union acts set out in the Annexes to this Regulation.

(4) The Commission Communication[17] ‘Better governance of the Single Market through greater administrative cooperation: A strategy for expansion and further development of the Internal Market Information System (“IMI”)’ set out plans for the possible expansion of IMI to other Union acts. The Commission Communication ‘A Single Market Act’ stressed the importance of IMI for strengthening cooperation among the actors involved, including at local level, thus contributing to better governance of the single market[18]. It is therefore necessary to establish a sound legal framework for IMI and a set of common rules to ensure that the system functions efficiently.

(5) Where the application of a provision of a Union act requires Member States to exchange personal data and provides for the purpose of this processing, such a provision should be considered an adequate legal basis for the processing of personal data, subject to conditions set out in Articles 8 and 52 of the Charter of Fundamental Rights of the European Union. IMI should be seen primarily as a tool used for the exchange of information (including personal data) which would otherwise take place via other means, including regular mail, fax or electronic mail on the basis of a legal obligation imposed on Member States' authorities and bodies in Union acts.

(6) Following the privacy-by-design principle, IMI has been developed with the requirements of data protection legislation in mind and has been data protection-friendly from its inception, in particular because of the restrictions imposed on access to personal data exchanged in the system. Therefore, IMI offers a considerably higher level of protection and security than other methods of information exchange such as mail, telephone, fax or e-mail.

(7) Administrative cooperation by electronic means between Member States and between Member States and the Commission should comply with the rules on the protection of personal data laid down in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data[19] and in Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data[20].

(8) In order to ensure transparency, in particular for data subjects, the Union acts for which IMI is to be used should be listed in Annex I to this Regulation. Areas of possible further expansion should be set out in Annex II. It is appropriate to identify in Annex II, a set of Union acts where it is necessary to evaluate the technical feasibility; cost efficiency, user friendliness and the overall impact on the system, before it is decided to use IMI for such acts.

(9) Nothing in this Regulation should preclude Member States and the Commission deciding to use IMI for the exchange of information which does not involve the processing of personal data.

(10) This Regulation should set out the rules for using IMI for the purposes of administrative cooperation, which may cover inter alia the one-to-one exchange of information, notification procedures, alert mechanisms, mutual assistance arrangements and problem solving.

(11) Member States should be able to adapt functions and responsibilities in relation to IMI to their internal administrative structures or to take into account particular needs of a specific IMI workflow. The tasks of IMI coordinators may be carried out by one or more delegated IMI coordinators, alone or jointly with others, for a particular area of the internal market, a division of the administration, a geographic region, or according to another criterion.

(12) While IMI is in essence a communication tool for public authorities, not open to the general public, technical means may need to be developed to allow external actors such as citizens, enterprises and organisations to interact with the competent authorities in order to supply information and retrieve data, or to exercise their rights as data subjects. Such technical means should include appropriate safeguards for data protection.

(13) The exchange of information through IMI follows from the legal obligation on Member States’ authorities to give mutual assistance. To ensure that the internal market functions properly, information received by a competent authority through IMI from another Member State should not be deprived of its value as evidence in administrative proceedings solely on the ground that it originated in another Member State or was received by electronic means, and it should be treated by the authority in the same way as similar documents originating in its Member State.

(14) To guarantee a high level of data protection, maximum retention periods for personal data in IMI need to be established. However, these periods also need to be long enough to allow data subjects to fully exercise their rights, for instance by obtaining evidence that an information exchange took place in order to appeal against a decision.

(15) It should be possible to process the name and contact details of IMI users for purposes compatible with the objectives of this Regulation, including monitoring of the use of the system by IMI coordinators and the Commission, communication, training and awareness-raising initiatives, and gathering information on administrative cooperation or mutual assistance in the internal market.

(16) The European Data Protection Supervisor should monitor and ensure the application of the provisions of this Regulation, including the relevant provisions on data security.

(17) Data subjects should be informed about the processing of their personal data in IMI and that they have the right of access to the data relating to them, and the right to have inaccurate data corrected and illegally processed data erased, in accordance with national legislation implementing Directive 95/46/EC.

(18) The administrative cooperation procedures provided for in IMI should be facilitated by predefined workflows, question sets and forms drawn up for this purpose by the Commission, supplemented as appropriate by attached files and free text input. In order to ensure sufficient transparency for data subjects, the predefined workflows and forms and other arrangements relating to administrative cooperation procedures in IMI should be made public.

(19) Where Member States apply, in accordance with Article 13 of Directive 95/46/EC, any limitations on or exceptions to the rights of data subjects, information about such limitations or exceptions should be made public in order to ensure full transparency for data subjects. Such exceptions or limitations should be necessary and proportionate to the intended purpose and subject to adequate safeguards.

(20) Commission Decision 2008/49/EC of 12 December 2007 concerning the implementation of the Internal Market Information System (IMI) as regards the protection of personal data should be repealed[21]. Commission Decision 2009/739/EC of 2 October 2009 setting out the practical arrangements for the exchange of information by electronic means between the Member States under Chapter VI of Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market[22] should continue to apply to issues relating to the exchange of information under Directive 2006/123/EC on services in the internal market[23].

(21) The Commission should be empowered to adopt delegated acts in accordance with Article 290 of the Treaty in respect of Union acts, among those listed in Annex II, in which provisions on administrative cooperation and information exchange can be implemented by means of IMI.

HAVE ADOPTED THIS REGULATION:

Chapter I

GENERAL PROVISIONS

Article 1

Subject matter

This Regulation lays down rules for the use of an Internal Market Information System, hereinafter ‘IMI’, for administrative cooperation, including processing of personal data, among competent authorities in the Member States and the Commission.

Article 2

Establishment of the Internal Market Information System

An Internal Market Information System is hereby established.

Article 3

Scope

IMI shall be used for exchange of information between competent authorities in the Member States and the Commission necessary for the implementation of internal market acts which provide for administrative cooperation, including the exchange of personal data, between Member States or between Member States and the Commission. The internal market acts are set out in Annex I.

Article 4

Development of IMI

1. For the acts listed in Annex II to this Regulation, the Commission may decide that IMI shall be used, taking into account technical feasibility, cost-efficiency, user-friendliness and overall impact on the system. In such cases, the Commission shall be empowered to include those acts in Annex I following the procedure referred to in Article 23.

2. The adoption of the delegated act may be preceded by a test phase (pilot project) of a limited duration involving several or all Member States.

Article 5

Definitions

For the purposes of this Regulation, the definitions in Directive 95/46/EC and Regulation (EC) No 45/2001 shall apply.

In addition, the following definitions shall also apply:

(a) ‘Internal Market Information System’ (‘IMI’) means the electronic tool provided by the European Commission to facilitate administrative cooperation between national administrations and the Commission;

(b) ‘administrative cooperation’ means competent authorities of Member States and the Commission working in close collaboration, by exchanging information, including through notifications, or by providing mutual assistance, including for the resolution of problems, for the purpose of better application of Union law;

(c) ‘internal market area’ means a legislative or functional field of the internal market within the meaning of Article 26(2) of the Treaty in which IMI is used in accordance with Article 3 above;

(d) ‘administrative cooperation procedure’ means a pre-defined workflow provided for in IMI allowing IMI actors to communicate and interact with each other in a structured manner;

(e) ‘competent authority’ means any body established at either national, regional or local level with specific responsibilities relating to the application of national or Union law in one or more internal market areas whose registration in IMI has been validated by an IMI coordinator;

(f) ‘IMI coordinator’ means a body appointed by the Member States to perform support tasks necessary for the efficient functioning of IMI in accordance with this Regulation;

(g) ‘IMI user’ means a natural person working under the control of a competent authority, of an IMI coordinator or of the Commission and registered in IMI on their behalf;

(h) ‘IMI actors’ means the competent authorities, IMI coordinators and the Commission;

(i) ‘external actors’ means natural or legal persons other than IMI users that may use IMI through technical means and in accordance with a specific pre-defined workflow provided for this purpose;

(j) ‘blocking’ means applying technical means by which personal data become inaccessible to IMI users via the normal interface of the application.

Chapter II

FUNCTIONS AND RESPONSIBILITIES IN RELATION TO IMI

Article 6

General purpose

IMI actors shall exchange and process personal data only for the purposes defined in the relevant legal basis as referred to in Annex I.

Article 7

IMI coordinators

1. Each Member State shall appoint one national IMI coordinator whose tasks shall include:

(a) registering or validating registration of IMI coordinators and competent authorities;

(b) acting as the main contact point for issues related to IMI and as the interlocutor of the Commission, including for aspects related to the protection of personal data;

(c) providing knowledge, training and support, including technical support, to competent authorities and IMI users;

(d) ensuring the efficient functioning of the system, including timely and adequate responses by competent authorities to requests for administrative cooperation.

2. Each Member State may additionally appoint one or more IMI coordinators in order to carry out one or more of the above tasks, according to its internal administrative structure.

3. Member States shall inform the Commission of the IMI coordinators appointed in accordance with paragraphs 1 and 2 and of the tasks for which they shall be responsible. The Commission shall share this information with other Member States.

4. Member States shall ensure that IMI coordinators have adequate resources to perform their duties in accordance with this Regulation.

5. All IMI coordinators may act as competent authorities. In such cases an IMI coordinator shall have the same access rights as a competent authority. Each IMI coordinator shall be a controller with respect to its own data processing activities as an IMI actor.

Article 8

Competent authorities

1. When cooperating by means of IMI, the competent authorities shall ensure that an adequate response is provided within the shortest possible period of time or within the deadline set by the applicable Union act, acting through IMI users in accordance with administrative cooperation procedures.

2. Competent authorities may invoke as evidence any information, documents, findings, statements, certified true copies or intelligence communicated by means of IMI, on the same basis as similar documents obtained in their own country, for purposes compatible with the purposes for which the data was originally collected.

3. Each competent authority shall be a controller with respect to its own data processing activities performed by an IMI user under its authority and shall ensure that data subjects can exercise their rights in accordance with Chapters III and IV, where appropriate.

4. Member States shall ensure that competent authorities have adequate resources to perform their duties in accordance with this Regulation.

Article 9

Commission

1. The Commission shall ensure the security, availability, maintenance and development of the software and IT infrastructure for IMI. It shall provide a multilingual system, training in cooperation with the Member States, and a helpdesk to assist Member States in the use of IMI.

2. The Commission may participate in administrative cooperation procedures involving the processing of personal data where required by a Union act listed in Annex I.

3. The Commission shall register the national IMI coordinators and shall grant them access to IMI.

4. The Commission shall perform processing operations on personal data in IMI where provided for in this Regulation.

5. For the purposes of performing its tasks under this Article and for producing reports and statistics, the Commission shall have access to the necessary information relating to the processing operations performed in IMI.

Article 10

Access rights of IMI actors and users

1. Only IMI users duly authorised by and acting on behalf of an IMI actor shall have access to IMI.

2. Member States, in cooperation with the Commission, shall designate the IMI coordinators and competent authorities and the internal market areas in which they have competence.

3. Each IMI actor shall grant and revoke, as necessary, appropriate access rights to its IMI users in the internal market area for which it is competent.

4. Appropriate technical means shall be put in place to ensure that IMI users are able to access personal data processed in IMI only on a need-to-know basis and within the internal market area or areas for which they were granted access rights in accordance with paragraph 3.

5. The use of personal data processed by means of IMI for a specific purpose in a way incompatible with that original purpose shall be prohibited, unless explicitly provided for by law.

6. Where an administrative cooperation procedure involves the processing of personal data, only the IMI users participating in that procedure shall have access to such personal data.

7. External actors may use IMI with the technical means provided for this purpose, where necessary to facilitate administrative cooperation between competent authorities in Member States, or in order to exercise their rights as data subjects, or where otherwise provided for by a Union act.

Article 11

Confidentiality

1. Each Member State shall apply its rules of professional secrecy or other equivalent duties of confidentiality to its IMI actors and IMI users, in accordance with national legislation.

2. IMI actors shall ensure that requests of other IMI actors for confidential treatment of information exchanged by means of IMI are complied with by IMI users working under their authority.

Article 12

Administrative cooperation procedures

IMI shall be based on administrative cooperation procedures developed and updated for that purpose by the Commission, in close cooperation with the Member States.

Chapter III

DATA PROCESSING AND SECURITY

Article 13

Retention of personal data

1. Personal data processed in IMI shall be blocked at the latest eighteen months after the formal closure of an administrative cooperation procedure, unless blocking before that period is expressly requested by a competent authority, on a case-by-case basis.

2. Where an administrative cooperation procedure in IMI establishes a repository of information for future reference by IMI actors, the personal data included in such a repository may be processed for as long as it is needed for this purpose either with the consent of the data subject or where this is necessary to comply with a Union act.

3. Personal data blocked pursuant to this Article shall, with the exception of their storage, only be processed for purposes of proof of an information exchange by means of IMI, or with the data subject’s consent.

4. The blocked data shall be automatically deleted after five years have elapsed from the closure of the administrative cooperation procedure.

5. The Commission shall ensure by technical means the blocking and deletion of personal data and their retrieval in accordance with paragraph 3.

Article 14

Retention of personal data of IMI users

1. By derogation from Article 13, paragraphs 2 and 3 shall apply to the retention of personal data of IMI users.

2. Personal data relating to IMI users shall be stored in IMI as long as they continue to be users of IMI and may be processed for purposes compatible with the objectives of this Regulation.

These personal data shall include the full name and all electronic and other means of contact necessary for the purposes of this Regulation.

3. When a natural person ceases to be an IMI user, the personal data relating to him or her shall be blocked by technical means for a period of five years. They shall, with the exception of their storage, only be processed for purposes of proof of an information exchange by means of IMI and shall be deleted at the end of the five-year period.

Article 15

Processing of special categories of data

1. The processing of special categories of data referred to in Article 8(1) of Directive 95/46/EC and Article 10(1) of Regulation (EC) 45/2001 by means of IMI shall be allowed only on the basis of a specific ground mentioned in Article 8(2) of the Directive and Article 10(2) of the Regulation and with appropriate safeguards to ensure the rights of individuals whose personal data are processed.

2. IMI may be used for the processing of data relating to offences, criminal convictions or security measures referred to in Article 8(5) of Directive 95/46/EC and Article 10(5) of Regulation (EC) 45/2001, including information on disciplinary, administrative or criminal sanctions or other information necessary to establish the good repute of an individual or a legal person, where the processing of such data is provided for in a Union act constituting the basis for the processing or with the explicit consent of the data subject, subject to appropriate specific safeguards.

Article 16

Security

1. The processing of personal data under this Regulation shall comply with the rules on data security adopted by the Commission further to Article 22 of Regulation (EC) No 45/2001.

2. The Commission shall put in place the necessary measures to ensure security of personal data processed in IMI, including appropriate data access control and a security plan which shall be kept up-to-date.

3. The Commission shall ensure that, in case of a security incident, it is possible to verify what personal data has been processed in IMI, when, by whom and for what purpose.

Chapter IV

RIGHTS OF DATA SUBJECTS AND SUPERVISION

Article 17

Information to data subjects and transparency

1. IMI actors shall ensure that data subjects are informed about processing of their personal data in IMI and that they have access to a privacy notice explaining their rights and how to exercise them, in accordance with Articles 10 or 11 of Directive 1995/46/EC and national legislation which is in accordance with that Directive.

2. The Commission shall make publicly available:

(a) a comprehensive privacy notice concerning IMI in accordance with Articles 10 and 11 of Regulation (EC) No 45/2001, in a clear and understandable form;

(b) information on the data protection aspects of administrative cooperation procedures in IMI as referred to in Article 12;

(c) information on exceptions to or limitations of data subjects’ rights as referred to in Article 19.

Article 18

Right of access, correction and erasure

1. IMI actors shall ensure that the data subject may effectively exercise the right of access to data relating to him or her, and the right to have inaccurate or incomplete data corrected and unlawfully processed data deleted, in accordance with national legislation. The correction and deletion shall be carried out within 60 days by the IMI actor responsible.

2. Personal data blocked pursuant to Article 13(1) shall not be rectified or deleted unless it can be clearly demonstrated that such rectification or deletion is necessary to protect the rights of the data subject and does not undermine their value as proof of an information exchange by means of IMI.

3. Where the accuracy or lawfulness of data blocked pursuant to Article 13(1) is contested by the data subject, this fact shall be recorded as well as the accurate, corrected information.

Article 19

Exceptions and limitations

Where Member States provide for exceptions to or limitations of data subjects’ rights set out in this Chapter in national legislation in accordance with Article 13 of Directive 95/46/EC, they shall inform the Commission thereof.

Article 20

Supervision

1. The national supervisory authority or authorities designated in each Member State and endowed with the powers referred to in Article 28 of Directive 95/46/EC (the ‘National Supervisory Authority’) shall monitor the lawfulness of the processing of personal data by the competent authorities within their territory and in particular shall ensure that the rights of data subjects set out in this Chapter are respected.

2. The European Data Protection Supervisor shall ensure that the personal data processing activities of the Commission in its role as an IMI actor are carried out in accordance with this Regulation. The duties and powers referred to in Articles 46 and 47 of Regulation (EC) No 45/2001 shall apply accordingly.

3. The National Supervisory Authorities and the European Data Protection Supervisor, each acting within the scope of their respective competences, shall ensure coordinated supervision of the IMI system and its use by competent authorities in Member States. The European Data Protection Supervisor may invite the National Supervisory Authorities to meet for that purpose when necessary. The costs of these meetings shall be for the account of the European Data Protection Supervisor. Further working methods for this purpose, including rules of procedure, may be developed jointly as necessary. A joint report of activities shall be sent to the European Parliament, the Council and the Commission at least every three years.

Chapter V

GEOGRAPHIC SCOPE OF IMI

Article 21

National use of IMI

1. A Member State may use IMI for the purpose of administrative cooperation between competent authorities within its territory in accordance with national law, on condition that:

(a) no substantial changes to the existing administrative cooperation procedures are required; and

(b) a notification of the envisaged use of IMI has been submitted to the National Supervisory Authority; and

(c) it has no significant impact on the efficient functioning of IMI.

2. Where the national use of IMI is likely to have a significant impact on the efficient functioning of IMI, the Member State shall notify such use to the Commission and seek its prior approval. Where necessary, an agreement setting out inter alia the technical, financial and organisational arrangements, including the responsibilities of the IMI actors, shall be concluded between the Member State and the Commission.

Article 22

Information exchange with third countries

1. Personal data may be exchanged in IMI pursuant to this Regulation between IMI actors within the Union and in a third country only where the following conditions are satisfied:

(a) the data are processed pursuant to a provision listed in the Annex I and an equivalent provision of law of the third country;

(b) the data are exchanged or made available in accordance with an international agreement providing for the application of a provision listed in Annex I by the third country; and

(c) the Commission has adopted a decision finding that the third country in question ensures adequate protection of personal data in accordance with Article 25(6) of Directive 95/46/EC, or the provision of Article 26 of Directive 95/46/EC apply, including adequate safeguards that the data processed in IMI shall only be used for the purpose for which they were initially exchanged.

2. Where the Commission is an IMI actor, Articles 9(1) and 9(7) of Regulation 45/2001 shall apply to any exchange of personal data processed in IMI with IMI actors in a third country.

3. The Commission shall publish in the Official Journal of the European Union an updated list of third countries concerned by information exchanges in accordance with this Article.

Chapter VI

FINAL PROVISIONS

Article 23

Exercise of the delegation

1. The powers to adopt the delegated acts referred to in Article 4 shall be conferred on the Commission for an indeterminate period of time.

2. As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.

3. The powers to adopt delegated acts are conferred on the Commission subject to the conditions laid down in Articles 24 and 25.

Article 24

Revocation of the delegation

1. The delegation of power referred to in Article 3 may be revoked by the European Parliament or by the Council.

2. The institution which has commenced an internal procedure for deciding whether to revoke the delegation of power shall inform the other legislator and the Commission at the latest one month before the final decision is taken, stating the delegated powers which could be subject to revocation and the reasons for a revocation.

3. The decision of a revocation shall put an end to the delegation of the powers specified in that decision. It shall take effect immediately or at a later data specified therein. It shall not affect the validity of the delegated acts already in force. It shall be published in the Official Journal of the European Union.

Article 25

Objections to delegated acts

1. The European Parliament and the Council may object to the delegated act within a period of two months from the date of notification. At the initiative of the European Parliament or the Council this period shall be extended by one month.

2. If, on expiry of that period, neither the European Parliament nor the Council has objected to the delegated act, or if, before that date, the European Parliament and the Council have both informed the Commission that they have decided not to raise objections, the delegated act shall enter into force at the date stated in its provisions.

3. If the European Parliament or the Council objects to the adopted delegated act, it shall not enter into force. The institution which objects shall state the reasons for objecting to the delegated act.

Article 26

Monitoring and reporting

1. The Commission shall report to the European Parliament and the Council on the functioning of IMI on a yearly basis.

2. Every three years, the Commission shall report to the European Data Protection Supervisor on aspects relating to the protection of personal data in IMI, including data security.

3. For the purpose of producing the reports referred to in paragraphs 1 and 2, Member States shall provide the Commission, on request, with any information relevant to the application of this Regulation, including on the application in practice of the data protection requirements laid down in this Regulation.

Article 27

Costs

1. The costs incurred for the development, operation and maintenance of IMI shall be borne by the general budget of the European Union, without prejudice to arrangements under Article 21(2).

2. Unless otherwise stipulated in a Union act, the costs for the IMI operations at Member State level, including the human resources needed for training, promotion and technical assistance (helpdesk) activities, as well as for the administration of the system at national level, shall be borne by each Member State.

Article 28

Entry into force

This Regulation shall enter into force on the […] day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at […],

For the European Parliament                       For the Council

The President                                                 The President

Annex I referred to in Article 3 listing the provisions on administrative cooperation in Union acts that are implemented by means of IMI

1.         Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market: Chapter VI

2.         Directive 2005/36/EC of the European Parliament and of the Council of 7 September 2005 on the recognition of professional qualifications: Articles 8, 50, 51 and 56

3.         Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients' rights in cross-border healthcare: Article 10[24]

Annex II referred to in Article 4 on potential areas in which provisions on administrative cooperation may be implemented by means of IMI

I.          Internal market and free movement of goods

(1) Commission Recommendation of 7 December 2001 on principles for using 'SOLVIT' – the Internal Market Problem Solving Network: Chapters I and II[25]

II.        Freedom of establishment and to provide services

(1) Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market: Articles 15(7) and 39(5)

(2) Directive 96/71/EC of the European Parliament and of the Council of 16 December 1996 concerning the posting of workers in the framework of the provision of services: Article 4[26] .

(3) Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market ('Directive on electronic commerce'): Article 3[27]

[4.       Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directives 89/666/EEC, 2005/56/EC and 2009/101/EC as regards the interconnection of central, commercial and companies registers (COD/2011/0038)]

III.       Free movement of persons

(1) Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients' rights in cross-border healthcare: Article 6

IV.       Freedom of capital and payments

[1.       Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the professional cross border transport of euro cash by road between euro-area Member States (COD/2010/0204)]

LEGISLATIVE FINANCIAL STATEMENT FOR PROPOSALS

[to be used for any proposal or initiative submitted to the legislative authority

(Articles 28 of the Financial Regulation and 22 of the implementing rules)]

1.           FRAMEWORK OF THE PROPOSAL/INITIATIVE

              1.1.    Title of the proposal/initiative

              1.2.    Policy area(s) concerned in the ABM/ABB structure

              1.3.    Nature of the proposal/initiative

              1.4.    Objective(s)

              1.5.    Grounds for the proposal/initiative

              1.6.    Duration and financial impact

              1.7.    Management method(s) envisaged

2.           MANAGEMENT MEASURES

              2.1.    Monitoring and reporting rules

              2.2.    Management and control system

              2.3.    Measures to prevent fraud and irregularities

3.           ESTIMATED FINANCIAL IMPACT OF THE PROPOSAL/INITIATIVE

              3.1.    Heading(s) of the multiannual financial framework and expenditure budget line(s) affected

              3.2.    Estimated impact on expenditure

              3.2.1. Summary of estimated impact on expenditure

              3.2.2. Estimated impact on operational appropriations

              3.2.3. Estimated impact on appropriations of an administrative nature

              3.2.4. Compatibility with the current multiannual financial framework

              3.2.5. Third-party participation in financing

              3.3.    Estimated impact on revenue

LEGISLATIVE FINANCIAL STATEMENT FOR PROPOSALS

1. FRAMEWORK OF THE PROPOSAL/INITIATIVE 1.1. Title of the proposal/initiative

Regulation (EC) No xxx of the European Parliament and of the Council on administrative cooperation through the Internal Market Information System (‘the IMI Regulation’)

1.2. Policy area(s) concerned in the ABM/ABB structure[28]

Internal Market — Services

1.3. Nature of the proposal/initiative

þThe proposal/initiative relates to the extension of an existing action

1.4. Objectives 1.4.1. The Commission’s multiannual strategic objective(s) targeted by the proposal/initiative

In its Communication ‘Europe 2020: A strategy for smart, sustainable and inclusive growth’ (COM(2010) 2020), the Commission proposed that bottlenecks in the single market be tackled by, inter alia, ‘reinforcing structures to implement single market measures on time and correctly, including […] the Services Directive […], enforce them effectively and when problems arise, resolve them speedily’.

The Internal Market Information System (‘IMI’) is an on-line communication tool developed by the European Commission and offered as a free service to Member States since 2008. It is currently used for the exchange of information pursuant to Directive 2005/36/EC of the European Parliament and of the Council of 7 September 2005 on the recognition of professional qualifications[29] (‘the Professional Qualifications Directive’) and Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market[30] (‘the Services Directive’).

IMI allows national, regional and local authorities to communicate quickly and easily with their counterparts across borders, following uniform working methods agreed by all Member States. IMI helps its users to (i) find the right authority to contact, (ii) communicate with them using pre-translated sets of questions and answers and (iii) follow the progress of the information request through a tracking mechanism. For example, an authority in Ireland that needs information from a Hungarian body can select a question in English. The Hungarian authority sees the question and corresponding reply options in Hungarian; its reply will be received in English.

According to the Commission Communication ‘Towards a Single Market Act’, extending IMI to other sectors ‘with a view to creating a genuine face-to-face electronic network for European administrations’ is one of the keys to promoting better governance of the single market[31]. The Commission Communication 'A Single Market Act' stressed the importance of IMI for strengthening cooperation among the actors involved, including at local level, thus contributing to better governance of the single market[32].

1.4.2. Specific objective(s) and ABM/ABB activity(ies) concerned

Specific objective No 12: Develop the full potential of the Internal Market Information System (IMI) to support improved implementation of single market legislation.

The use of IMI is mandatory under the Services Directive.

The Commission set out plans for the future expansion of IMI to other areas of Union law in its Communication ‘Better governance of the Single Market through greater administrative cooperation: A strategy for expanding and developing the Internal Market Information System (COM(2011) 75 final) (‘the IMI Strategy Communication’).

The objectives of this proposal are to:

-        establish a sound legal framework for IMI and a set of common rules to ensure that it functions efficiently;

-        provide a comprehensive data protection framework by setting out the rules for personal data protection which apply to IMI in a single horizontal legal instrument;

-        facilitate possible future expansion of IMI to new areas of Union law;

-        clarify the roles of the different actors involved in the IMI system.

In order to achieve these objectives, we will continue the following activities:

1.       Maintenance, i.e. prevention and correction of failure, minor improvements to existing functionalities, ensuring operational continuity of the system;

2.       Hosting of system infrastructure;

3.       Development, i.e. implementation of new system requirements; and

4.       Communication and awareness-raising activities, including conferences, training sessions and the preparation of promotional and training material.

ABM/ABB activity(ies) concerned

12/03 4: Internal Market for Services

As the system expands to other areas of Union law, other ABM/ABB activities may be concerned.

1.4.3. Expected result(s) and impact

Specify the effects which the proposal/initiative should have on the beneficiaries/groups targeted.

1.       A high level of legal certainty with respect to the processing of personal data of EU citizens by means of IMI and thereby removal of legal barriers to the expansion of IMI to new areas of Union law;

2.       A flexible framework for possible future expansion of IMI to new areas of Union law;

3.       Clarification of the respective roles and obligations of the Commission, Member States, national authorities and the European Data Protection Supervisor with respect to information exchanges by means of IMI;

4.       Cost savings by re-using an existing IT tool in new areas instead of developing new single-purpose tools;

5.       Ensuring future sustainability of the financing of IMI, given its mandatory status under the Services Directive and possible future expansion, in line with the IMI Strategy Communication.

1.4.4. Indicators of results and impact

Specify the indicators for monitoring implementation of the proposal/initiative.

The proposal will contribute to more effective application of Union law in areas for which IMI is used and will save IT development and maintenance costs.

Its direct impact could be measured using the following indicators:

-        the number of legislative areas covered by IMI (increase compared to the two areas existing in 2011);

-        the number of information exchanges taking place by means of IMI on a yearly basis;

-        the number of competent authorities actively using the system (i.e. not simply registered as users);

-        estimated cost savings per new policy area added.

1.5. Grounds for the proposal/initiative 1.5.1. Requirement(s) to be met in the short or long term

The proposal will provide a high level of legal certainty with respect to the processing of personal data in IMI, in line with the suggestions of the European Data Protection Supervisor. In the long term, it will facilitate the possible future expansion of IMI to new areas of Union law by providing a flexible framework for such expansion.

1.5.2. Added value of EU involvement

Given the nature of IMI as a centralised communication tool developed and hosted by the Commission, it is necessary to establish a common set of rules applicable to the system and to implement them in a centralised manner. The Commission offers IMI as a free service to Member States, providing maintenance and development services, a helpdesk and hosting the computing infrastructure. These tasks could not be performed in a decentralised manner.

IMI overcomes obstacles to cross-border cooperation, such as language barriers, different administrative and working cultures and the lack of established procedures for information exchange. Because of the involvement of Member States in designing the system, IMI offers uniform working methods agreed by all Member States.

1.5.3. Lessons learned from similar experiences in the past

IMI was launched in 2008. More than 5 700 competent authorities and 11 000 users are currently registered in the system. Some 2 000 information exchanges took place in 2010.

From a legal point of view, IMI operates on the basis of a Commission decision, a ‘comitology’ decision, and a Commission recommendation[33]. The lack of a single legal instrument adopted by the European Parliament and the Council came to be seen as an obstacle to further expansion.

The initial development cost of IMI was funded by the IDABC (Interoperable Delivery of Pan-European e-Government Services to Public Administrations, Business and Citizens) programme, until it came to an end in 2009. Until July 2010, DG MARKT bore the costs associated with maintenance, second-line support, system administration, hosting, training, communication and awareness raising. In July 2010, the ISA (Interoperability Solutions for European Public Administrations) programme (2010-2015)[34] agreed to finance IMI, funding the operation and improvement of the application in 2010. It is anticipated that the ISA programme will continue to provide funding for IMI at least until 2012. DG MARKT continues to bear the cost of hosting, training, communication and awareness raising.

Since use of the system is mandatory for the Services Directive and given the plans for the future expansion of IMI to new areas of Union law, financing aspects will need to be clarified and a stable and sustainable financing beyond 2012 will need to be ensured.

1.5.4. Coherence and possible synergy with other relevant instruments

The Commission Communication ‘Better governance of the Single Market through greater administrative cooperation: A strategy for expansion and further development of the Internal Market Information System (‘IMI’)’ (COM(2011) 75 final) set out plans for the future expansion of IMI to other areas of EU law.

The Commission Communication 'A Single Market Act' stressed the importance of IMI for strengthening cooperation among the actors involved, including at local level, thus contributing to better governance of the single market[35].

1.6. Duration and financial impact

þ Proposal/initiative of unlimited duration

The proposal is expected to enter into force in 2013.

1.7. Management mode(s) envisaged[36]

þ Centralised direct management by the Commission

2. MANAGEMENT MEASURES 2.1. Monitoring and reporting rules

Specify frequency and conditions.

The Commission will produce an annual report on the development and performance of IMI. In addition, a report on IMI data protection issues, including security, will be submitted to the European Data Protection Supervisor periodically.

2.2. Management and control system 2.2.1. Risk(s) identified

The Commission is the ‘system owner’ of IMI, and responsible for its daily operation, maintenance and development. The system is developed and hosted by an internal supplier, namely a Commission DG (DIGIT), which ensures a high level of business continuity.

With the expansion of IMI to new legislative areas governance may become more complex as the group of stakeholders will grow and different demands may need to be reconciled. This process needs to be carefully managed.

2.2.2. Control method(s) envisaged

The IT maintenance and development of IMI is governed by a memorandum of understanding between MARKT and DIGIT which sets out the rules and procedures and the respective responsibilities and obligations of the system owner (MARKT) and the system supplier (DIGIT). Regular meetings and reporting instruments facilitate close monitoring of the IT maintenance and development work.

The IMI Steering committee, including representatives of all stakeholders in the IMI project (system owner, system supplier, Internal Market Advisory Committee and IMI users) is responsible for, inter alia, high-level monitoring and control. The IMAC IMI Working Group (a sub-group of the Internal Market Advisory Committee) advises the Commission on horizontal issues relating to IMI development.

In addition, pursuant to Article 19 of the proposal, the European Data Protection Supervisor will ensure that personal data processing by the Commission in IMI is carried out in accordance with the applicable rules. The national data protection authorities will monitor the processing of personal data by the competent authorities at Member State level.

2.3. Measures to prevent fraud and irregularities

Specify existing or envisaged prevention and protection measures.

For the purposes of combating fraud, corruption and any other illegal activity, the provisions normally applicable to the activities of the Commission, including Regulation (EC) No 1073/1999 of the European Parliament and of the Council of 25 May 1999 concerning investigations conducted by the European Anti-Fraud Office (OLAF), will apply in the context of IMI without any restriction.

3. ESTIMATED FINANCIAL IMPACT OF THE PROPOSAL/INITIATIVE 3.1. Heading(s) of the multiannual financial framework and expenditure budget line(s) affected

· Existing expenditure budget lines

Heading of multiannual financial framework || Budget line || Type of expenditure || Contribution

Number [Description………………………...……….] || DA/NDA ([37]) || from EFTA[38] countries || from candidate countries[39] || from third countries || within the meaning of Article 18(1)(aa) of the Financial Regulation

1A || 12.02.01 Implementation and development of the Internal Market || DA || YES || NO || NO || NO

1A || 12.01.04 Implementation and development of the Internal Market – Expenditure on administrative management || NDA || YES || NO || NO || NO

1A || 26.03.01.01 Interoperability Solutions for European Public Administrations (ISA) || DA || YES || YES || NO || NO

3.2. Estimated impact on expenditure 3.2.1. Summary of estimated impact on expenditure

EUR million (to 3 decimal places)

Heading of multiannual financial framework: || 1B || Implementation and development of the Internal Market

DG: MARKT || || || Year 2013 || || || || || || || TOTAL

Ÿ Operational appropriations || || || || || || || ||

12.02.01 || Commitments || (1) || 1.440 || || || || || || || 1.440

Payments || (2) || 1.440 || || || || || || || 1.440

|| || || || || || || ||

TOTAL appropriations for DG MARKT || Commitments || =1+1a +3 || 1.440 || || || || || || || 1.440

Payments || =2+2a +3 || 1.440 || || || || || || || 1.440

The present proposal is expected to come into force in 2013 and it does not have a budgetary impact over and above what is already foreseen for the years to come in the official programming of the Commission. Moreover, the proposal is without prejudice to the decisions on the post-2013 multi-annual financial framework.

In 2010, the financing of IMI was covered by the following sources: ISA programme (€ 500 000 – budget line 26.03.01.01) and internal market budget lines (€ 925 000). For 2011-2012 the planned financing from ISA will amount to ca. € 1 150 000 per year. However, the financing from the ISA programme is subject to annual review of the overall programme priorities and available budget. It is anticipated that the ISA programme will continue to provide funding for IMI until at least 2012.

In order to ensure that IMI can continue to be offered to Member States on a permanent basis, as well as to allow more efficient management and better control of the budget, the Commission will examine the possibility of bringing all costs under a single budget line managed by DG MARKT (12.02.01 Implementation and development of the Internal Market). This would entail a net increase in this budget line in 2013 by redeployment from other budget lines.

In any event, it is expected that the total cost of IMI will start decreasing from 2012 onwards, due to the projected lower needs for developing new functionalities, which should generally be in place by that time.

Ÿ TOTAL operational appropriations || Commitments || (4) || 1.440 || || || || || || || 1.440

Payments || (5) || 1.440 || || || || || || || 1.440

Ÿ TOTAL appropriations of an administrative nature financed from the budget of specific programmes || (6) || || || || || || || ||

TOTAL appropriations under HEADING 1A of the multiannual financial framework || Commitments || =4+ 6 || 1.440 || || || || || || || 1.440

Payments || =5+ 6 || 1.440 || || || || || || || 1.440

Payments || =5+ 6 || || || || || || || ||

Heading of multiannual financial framework: || 5 || ‘Administrative expenditure’

EUR million (to 3 decimal places)

|| || || Year 2013 || || || || || || || TOTAL

DG: MARKT ||

Ÿ Human resources || || || || || || || ||

Ÿ Other administrative expenditure || || || || || || || ||

TOTAL DG MARKT || Appropriations || || || || || || || ||

TOTAL appropriations under HEADING 5 of the multiannual financial framework || (Total commitments = Total payments) || || || || || || || ||

EUR million (to 3 decimal places)

|| || || Year 2013[40] || || || || || || || TOTAL

TOTAL appropriations under HEADINGS 1 to 5 of the multiannual financial framework || Commitments || || || || || || || || 1.440

Payments || || || || || || || ||

3.2.2. Estimated impact on operational appropriations

– þ  The proposal/initiative requires the use of operational appropriations, as explained below:

Commitment appropriations in EUR million (to 3 decimal places)

Indicate objectives and outputs ò || || || Year 2013 || || || || || || || TOTAL

OUTPUTS

Type of output[41] || Average cost of the ouput || Number of ouputs || Cost || || || || || || || || || || || || || Total number of ouputs || Total cost

SPECIFIC OBJECTIVE No 1[42]… || || || || || || || || || || || || || || || ||

- Maintenance A || 0.4 || || 0.4 || || || || || || || || || || || || || || 0.4

- Hosting B || 0.24 || || 0.24 || || || || || || || || || || || || || || 0.24

- Development C || 0.3 || || 0.6 || || || || || || || || || || || || || || 0.6

- Communication & awareness D || 0.2 || || 0.2 || || || || || || || || || || || || || || 0.2

Sub-total for specific objective No 1 || || 1.440 || || || || || || || || || || || || || || 1.440

SPECIFIC OBJECTIVE No 2 || || || || || || || || || || || || || || || ||

- Output || || || || || || || || || || || || || || || || || ||

Sub-total for specific objective No 2 || || || || || || || || || || || || || || || ||

TOTAL COST || || 1.440 || || || || || || || || || || || || || || 1.440

3.2.3. Estimated impact on appropriations of an administrative nature 3.2.3.1. Summary

– þ  The proposal/initiative does not require the use of administrative appropriations

– ¨  The proposal/initiative requires the use of administrative appropriations, as explained below:

3.2.3.2. Estimated requirements of human resources

– þ  The proposal/initiative does not require the use of additional human resources

– ¨  The proposal/initiative requires the use of human resources, as explained below:Compatibility with the current multiannual financial framework

– þ  Proposal/initiative is compatible with the current multiannual financial framework.

3.2.4. Third-party contributions

– þ The proposal/initiative does not provide for co-financing by third parties

3.3. Estimated impact on revenue

– þ  Proposal/initiative has no financial impact on revenue.

[1]               OJ L 255, 30.9.2005, p. 22.

[2]               OJ L 376, 27.12.2006, p. 36.

[3]               Commission Decision 2008/49/EC of 12 December 2007 concerning the implementation of the Internal Market Information System (IMI) as regards the protection of personal data (OJ L 13, 16.1.2008, p. 18), Commission Decision 2009/739/EC of 2 October 2009 setting out the practical arrangements for the exchange of information by electronic means between Member States under Chapter VI of Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market (OJ L 263, 7.10.2009, p. 32), Commission Recommendation of 26 March 2009 on data protection guidelines for the Internal Market Information System (IMI) (OJ L 100, 18.4.2009, p. 12).

[4]               Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions ‘Towards a Single Market Act. For a highly competitive social market economy. 50 proposals for improving our work, business and exchanges with one another’, COM(2010) 608 final, proposal No 45 on p. 31.

[5]               COM(2011) 75.

[6]               COM(2011) 206.

[7]               Opinion 01911/07/EN, WP 140.

[8]               Opinion of 22 February 2008 of the European Data Protection Supervisor (‘EDPS’) on the Commission Decision of 12 December 2007 concerning the implementation of the Internal Market Information System (IMI) as regards the protection of personal data, OJ C 270, 25.10.2008, p. 1.

[9]               Commission Recommendation of 26 March 2009 on data protection guidelines for the Internal Market Information System (IMI), OJ L 100, 18.4.2009, p. 12.

[10]             Commission Report of 22 April 2010 on the state of data protection in the Internal Market Information System, COM(2010) 170 final.

[11]             See e.g. Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second generation Schengen Information System (SIS II) (OJ L 381, 28.12.2006, p. 4) and Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) (OJ L 218, 13.8.2008, p. 60).

[12]             Directive 2011/24/EC of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare (OJ L 88/45, 4.04.2011, p. 45).

[13]             Directive 96/71/EC of the European Parliament and of the Council of 16 December 1996 concerning the posting of workers in the framework of the provision of services (OJ L 018, 21.01.1997, p. 1). See also Council conclusions of 7 March 2011 available at: http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/lsa/119621.pdf

[14]             See footnote 12 above, Article 10(4).

[15]             Council conclusions of 10 December 2010.

[16]             OJ C , , p. .

[17]             COM (2011) 75.

[18]             COM(2011) 206

[19]             OJ L 281, 23.11.1995, p.31

[20]             OJ L 8, 12.01.2001, p.1

[21]             OJ L 13, 16.01.2008, p.18

[22]             OJ L 263, 07.10.209, p.32

[23]             OJ L 376, 27.12.2006, p.36

[24]             OJ L 88, 04.04.2011, p.45

[25]             OJ L 331, 15.12.2001, p.79

[26]             OJ L 018, 21.1.1997, p.1

[27]             OJ L 178, 17.7.2000, p.1

[28]             ABM: Activity-Based Management — ABB: Activity-Based Budgeting.

[29]             OJ L 255, 30.9.2005, p. 22.

[30]             OJ L 376, 27.12.2006, p. 36.

[31]             Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions ‘Towards a Single Market Act. For a highly competitive social market economy. 50 proposals for improving our work, business and exchanges with one another’, COM(2010) 608 final, proposal No 45 on p. 31.

[32]             See footnote 6 above.

[33]             Commission Decision 2008/49/EC of 12 December 2007 concerning the implementation of the Internal Market Information System (IMI) as regards the protection of personal data (OJ L 13, 16.1.2008, p. 18), Commission Decision 2009/739/EC of 2 October 2009 setting out the practical arrangements for the exchange of information by electronic means between Member States under Chapter VI of Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market (OJ L 263, 7.10.2009, p. 32), Commission Recommendation of 26 March 2009 on data protection guidelines for the Internal Market Information System (IMI) (OJ L 100, 18.4.2009, p. 12).

[34]             Decision No 922/2009/EC, OJ L 260; 3.10.2009, p. 20.

[35]             See footnote 6 above.

[36]             Details of management modes and references to the Financial Regulation may be found on the BudgWeb site: http://www.cc.cec/budg/man/budgmanag/budgmanag_en.html.

[37]             DA= Differentiated appropriations / DNA= Non-Differentiated Appropriations.

[38]             EFTA: European Free Trade Association.

[39]             Candidate countries and, where applicable, potential candidate countries from the Western Balkans.

[40]             Year N is the year in which implementation of the proposal/initiative starts.

[41]             Outputs are products and services to be supplied (e.g. number of student exchanges financed, number of km of roads built, etc.).

[42]             As described in Section 1.4.2. ‘Specific objective(s)…’.