European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA)

SUMMARY OF:

Regulation (EU) 2018/1726 on the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice

WHAT IS THE AIM OF THE REGULATION?

Regulation (EU) 2018/1726 aims to establish a new European Union (EU) Agency for the Operational Management¹ of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA) with an expanded mandate.
It repeals the previous regulation, Regulation (EU) No 1077/2011.
The regulation has been amended several times. Its most recent updates include:

Regulation (EU) 2023/969, which sets up a collaboration platform to support the functioning of joint investigation teams² by enabling prosecutors and judges to exchange information and bring criminals to justice (see summary);
Regulation (EU) 2024/982, which establishes a new framework for the automated search and exchange of biometric data and police records between EU Member States and the European Union Agency for Law Enforcement Cooperation (Europol) to strengthen cross-border police cooperation (see summary);
Regulation (EU) 2025/12, which creates a new EU system for the collection and transmission of advance passenger information (API) to improve the effectiveness of external border checks.

KEY POINTS

Objectives

eu-LISA must ensure:

the development of large-scale IT systems using an adequate project management structure;
the effective, secure and continuous operation of large-scale IT systems;
the efficient and financially accountable management of large-scale IT systems;
an adequate high-quality service for users of large-scale IT systems;
continuity and uninterrupted service;
a high level of data protection, in accordance with EU data protection law, including specific conditions for each large-scale IT system;
an appropriate level of data and physical security, including specific rules for each large-scale IT system.

Tasks

The agency is responsible for the following tasks:

the operational management of the Schengen information system (SIS), the visa information system (VIS) and Eurodac, which effectively contribute to the security of the Schengen area (see summary);
the preparation, development or operational management of the entry/exit system(EES), DubliNet, the European travel information and authorisation system(ETIAS), the European criminal records information system – conviction information on third-country nationals (ECRIS-TCN), the European criminal records information system reference implementation and the computerised system for the cross-border exchange of data in the area of judicial cooperation in civil and criminal matters (e-CODEX system);
the development and operational management, including technical evolutions, of the joint investigation teams collaboration platform, as set out in Regulation (EU) 2023/969;
the preparation, development and/or operational management of other large-scale IT systems in the area of freedom, security and justice, including existing systems, if so provided by relevant EU rules governing those systems based on Articles 67 to 89 of the Treaty on the Functioning of the European Union;
the development and management of the Prüm II router, a central EU infrastructure enabling automated searches of biometric data (DNA profiles, fingerprints and facial images) between Member States, as provided for in Regulation (EU) 2024/982;
the design, development, hosting and technical management of a central router for secure transfers of advance passenger information and passenger name record data from air carriers to the competent border authorities and the passenger information units of the Member States, without storing the data, as established by Regulations (EU) 2025/12 and 2025/13;
ensuring data quality in accordance with the relevant EU rules governing the systems;
developing the necessary measures to enable interoperability between EU information systems in the fields of borders, visas, police and judicial cooperation, asylum and migration in accordance with Regulations (EU) 2019/817 and 2019/818 (see summary);
carrying out research activities;
carrying out pilot projects, proofs of concept and testing activities;
providing support to Member States and the European Commission.

FROM WHEN DOES THE REGULATION APPLY?

It has applied since 11 December 2018.

BACKGROUND

For further information, see:

Schengen (European Commission).

KEY TERMS

Operational management. The tasks necessary to keep large-scale IT systems functioning in accordance with the specific provisions applicable to each of them, including responsibility for the communication infrastructure used by them. The large-scale IT systems must not exchange data or enable sharing of information or knowledge unless authorised by a specific EU law.
Joint investigation teams. Teams set up by two or more Member States for specific criminal investigations with a cross-border impact and for a limited period of time. This allows the competent judicial and law enforcement authorities involved to organise and coordinate their work jointly and investigate efficiently even in very complex cases such as organised crime activities not bound by any borders.

MAIN DOCUMENT

Regulation (EU) 2018/1726 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), and amending Regulation (EC) No 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) No 1077/2011 (OJ L 295, 21.11.2018, pp. 99–137).

Successive amendments to Regulation (EU) 2018/1726 have been incorporated into the original text. This consolidated version is of documentary value only.

last update 20.6.2025

Top

Choose the experimental features you want to try