This document is an excerpt from the EUR-Lex website
Document 02024R1358-20240522
Regulation (EU) 2024/1358 of the European Parliament and of the Council of 14 May 2024 on the establishment of Eurodac for the comparison of biometric data in order to effectively apply Regulations (EU) 2024/1351 and (EU) 2024/1350 of the European Parliament and of the Council and Council Directive 2001/55/EC and to identify illegally staying third-country nationals and stateless persons and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, amending Regulations (EU) 2018/1240 and (EU) 2019/818 of the European Parliament and of the Council and repealing Regulation (EU) No 603/2013 of the European Parliament and of the Council
Consolidated text: Regulation (EU) 2024/1358 of the European Parliament and of the Council of 14 May 2024 on the establishment of Eurodac for the comparison of biometric data in order to effectively apply Regulations (EU) 2024/1351 and (EU) 2024/1350 of the European Parliament and of the Council and Council Directive 2001/55/EC and to identify illegally staying third-country nationals and stateless persons and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, amending Regulations (EU) 2018/1240 and (EU) 2019/818 of the European Parliament and of the Council and repealing Regulation (EU) No 603/2013 of the European Parliament and of the Council
Regulation (EU) 2024/1358 of the European Parliament and of the Council of 14 May 2024 on the establishment of Eurodac for the comparison of biometric data in order to effectively apply Regulations (EU) 2024/1351 and (EU) 2024/1350 of the European Parliament and of the Council and Council Directive 2001/55/EC and to identify illegally staying third-country nationals and stateless persons and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, amending Regulations (EU) 2018/1240 and (EU) 2019/818 of the European Parliament and of the Council and repealing Regulation (EU) No 603/2013 of the European Parliament and of the Council
02024R1358 — EN — 22.05.2024 — 000.001
This text is meant purely as a documentation tool and has no legal effect. The Union's institutions do not assume any liability for its contents. The authentic versions of the relevant acts, including their preambles, are those published in the Official Journal of the European Union and available in EUR-Lex. Those official texts are directly accessible through the links embedded in this document
|
REGULATION (EU) 2024/1358 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 May 2024 (OJ L 1358 22.5.2024, p. 1) |
Corrected by:
REGULATION (EU) 2024/1358 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 14 May 2024
on the establishment of ‘Eurodac’ for the comparison of biometric data in order to effectively apply Regulations (EU) 2024/1351 and (EU) 2024/1350 of the European Parliament and of the Council and Council Directive 2001/55/EC and to identify illegally staying third-country nationals and stateless persons and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, amending Regulations (EU) 2018/1240 and (EU) 2019/818 of the European Parliament and of the Council and repealing Regulation (EU) No 603/2013 of the European Parliament and of the Council
CHAPTER I
General provisions
Article 1
Purpose of ‘Eurodac’
A system known as ‘Eurodac’ is hereby established. Its purpose is to:
support the asylum system, including by assisting in determining which Member State is to be responsible pursuant to Regulation (EU) 2024/1351 for examining an application for international protection registered in a Member State by a third-country national or a stateless person and by facilitating the application of that Regulation under the conditions set out in this Regulation;
assist with the application of Regulation (EU) 2024/1350 under the conditions set out in this Regulation;
assist with the control of irregular immigration to the Union, with the detection of secondary movements within the Union and with the identification of illegally staying third-country nationals and stateless persons for the purpose of determining the appropriate measures to be taken by Member States;
assist with the protection of children, including in the context of law enforcement;
lay down the conditions under which Member States’ designated authorities and the Europol designated authority may request the comparison of biometric or alphanumeric data with those stored in Eurodac for law enforcement purposes for the prevention, detection or investigation of terrorist offences or of other serious criminal offences;
assist in the correct identification of persons registered in Eurodac in accordance with Article 20 of Regulation (EU) 2019/818 by storing identity data, travel document data and biometric data in the common identity repository (CIR);
support the objectives of the European Travel Information and Authorisation System (ETIAS) established by Regulation (EU) 2018/1240;
support the objectives of the Visa Information System (VIS) referred to in Regulation (EC) No 767/2008;
support evidence-based policy making through the production of statistics;
assist with the implementation of Directive 2001/55/EC.
This Regulation fully respects human dignity and fundamental rights and observes the principles recognised by the Charter of Fundamental Rights of the European Union (the ‘Charter’), including the right to respect for private life, the right to the protection of personal data, the right to asylum and the prohibition of torture and inhuman or degrading treatment. In that respect, the processing of personal data in accordance with this Regulation shall not result in any discrimination against persons covered by this Regulation based on any ground such as sex, race, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age or sexual orientation.
A person’s right to privacy and to data protection shall be safeguarded in accordance with this Regulation, both with regard to access by the Member States’ authorities and by the Union’s authorised agencies to Eurodac.
Article 2
Definitions
For the purposes of this Regulation:
‘applicant for international protection’ means a third-country national or a stateless person who has made an application for international protection as defined in Article 3, point (7), of Regulation (EU) 2024/1347 in respect of which a final decision has not yet been taken;
‘person registered for the purpose of conducting an admission procedure’ means a person who has been registered for the purpose of conducting a resettlement or humanitarian admission procedure in accordance with Article 9(3) of Regulation (EU) 2024/1350;
‘person admitted in accordance with a national resettlement scheme’ means a person resettled by a Member State outside the framework of Regulation (EU) 2024/1350, where that person is granted international protection as defined in Article 3, point (3), of Regulation (EU) 2024/1347 or humanitarian status under national law within the meaning of Article 2(3), point (c), of Regulation (EU) 2024/1350 in accordance with the rules governing the national resettlement scheme;
‘humanitarian status under national law’ means a humanitarian status under national law that provides for rights and obligations equivalent to the rights and obligations set out in Articles 20 to 26 and 28 to 35 of Regulation (EU) 2024/1347;
‘Member State of origin’ means:
in relation to a person covered by Article 15(1), the Member State which transmits the personal data to Eurodac and receives the results of the comparison;
in relation to a person covered by Article 18(1), the Member State which transmits the personal data to Eurodac and receives the results of the comparison;
in relation to a person covered by Article 18(2), the Member State which transmits the personal data to Eurodac;
in relation to a person covered by Article 20(1), the Member State which transmits the personal data to Eurodac;
in relation to a person covered by Article 22(1), the Member State which transmits the personal data to Eurodac and receives the results of the comparison;
in relation to a person covered by Article 23(1), the Member State which transmits the personal data to Eurodac and receives the results of the comparison;
in relation to a person covered by Article 24(1), the Member State which transmits the personal data to Eurodac and receives the results of the comparison;
in relation to a person covered by Article 26(1), the Member State which transmits the personal data to Eurodac and receives the results of the comparison;
‘third-country national’ means any person who is not a citizen of the Union within the meaning of Article 20(1) TFEU and who is not a national of a state which participates in the application of this Regulation by virtue of an agreement with the Union;
‘illegal stay’ means the presence on the territory of a Member State of a third-country national or a stateless person who does not fulfil or no longer fulfils the conditions of entry set out in Article 6 of Regulation (EU) 2016/399 of the European Parliament and of the Council ( 1 ) or other conditions for entry, stay or residence in that Member State;
‘beneficiary of international protection’ means a person who has been granted refugee status as defined in Article 3, point (1), of Regulation (EU) 2024/1347 or subsidiary protection status as defined in Article 3, point (2), of that Regulation;
‘beneficiary of temporary protection’ means a person who enjoys temporary protection as defined in Article 2, point (a), of Directive 2001/55/EC and in a Council Implementing Decision introducing temporary protection or any other equivalent national protection introduced in response to the same event as that Council Implementing Decision;
‘hit’ means the existence of a match or matches established by Eurodac by means of a comparison between biometric data recorded in the computerised central database and those transmitted by a Member State with regard to a person, without prejudice to the requirement that Member States immediately check the results of the comparison pursuant to Article 38(4);
‘National Access Point’ means the designated national system which communicates with Eurodac;
‘Europol Access Point’ means the designated Europol system which communicates with Eurodac;
‘Eurodac data’ means all data stored in Eurodac in accordance with Article 17(1) and (2), Article 19(1), Article 21(1), Article 22(2) and (3), Article 23(2) and (3), Article 24(2) and (3) and Article 26(2);
‘law enforcement’ means the prevention, detection or investigation of terrorist offences or of other serious criminal offences;
‘terrorist offence’ means an offence under national law which corresponds or is equivalent to one of the offences referred to in Directive (EU) 2017/541;
‘serious criminal offence’ means an offence which corresponds or is equivalent to those referred to in Article 2(2) of Framework Decision 2002/584/JHA, if it is punishable under national law by a custodial sentence or a detention order for a maximum period of at least three years;
‘fingerprint data’ means the data relating to plain and rolled impressions of the fingerprints of all ten fingers, where present, or a latent fingerprint;
‘facial image data’ means digital images of the face with sufficient image resolution and quality to be used in automatic biometric matching;
‘biometric data’ means fingerprint data or facial image data;
‘alphanumeric data’ means data represented by letters, digits, special characters, space or punctuation marks;
‘residence document’ means any authorisation issued by the authorities of a Member State authorising a third-country national or a stateless person to stay on its territory, including the documents substantiating the authorisation to remain on the territory under temporary protection arrangements or until the circumstances preventing a removal order from being carried out no longer apply, with the exception of visas and residence authorisations issued during the period required to determine the Member State responsible as established in Regulation (EU) 2024/1351 or during the examination of an application for international protection or an application for a residence permit;
‘interface control document’ means a technical document that specifies the necessary requirements with which the National Access Points or the Europol Access Point are to comply in order to be able to communicate electronically with Eurodac, in particular by detailing the format and possible content of the information to be exchanged between Eurodac and the National Access Points or the Europol Access Point;
‘CIR’ means the common identity repository as established by Article 17(1) and (2) of Regulation (EU) 2019/818;
‘identity data’ means the data referred to in Article 17(1), points (c) to (f) and (h), Article 19(1), points (c) to (f) and (h), Article 21(1), points (c) to (f) and (h), Article 22(2), points (c) to (f) and (h), Article 23(2), points (c) to (f) and (h), Article 24(2), points (c) to (f) and (h), and Article 26(2), points (c) to (f) and (h);
‘dataset’ means the set of information recorded in Eurodac on the basis of Article 17, 19, 21, 22, 23, 24 or 26, corresponding to one set of fingerprints of a data subject and composed of biometric data, alphanumeric data and, where available, a scanned colour copy of an identity or travel document;
‘child’ or ‘minor’ means a third-country national or a stateless person below the age of 18 years.
Article 3
System architecture and basic principles
Eurodac shall consist of:
a Central System composed of:
a Central Unit,
a business continuity plan and system;
a communication infrastructure between the Central System and Member States that provides a secure and encrypted communication channel for Eurodac data (the ‘Communication Infrastructure’);
the CIR;
a secure communication infrastructure between the Central System and the central infrastructures of the European search portal and between the Central System and the CIR.
Article 4
Operational management
The operational management of Eurodac shall consist of all the tasks necessary to keep Eurodac functioning 24 hours a day, 7 days a week in accordance with this Regulation, in particular the maintenance work and technical developments necessary to ensure that the system functions at a satisfactory level of operational quality, in particular as regards the time required to query Eurodac. eu-LISA shall develop a business continuity plan and system, taking into account maintenance needs and unforeseen downtime of Eurodac, including the impact of business continuity measures on data protection and security.
eu-LISA shall ensure, in cooperation with the Member States, that the best available and most secure technology and techniques, subject to a cost-benefit analysis, are used for Eurodac.
eu-LISA may use real personal data from the Eurodac production system for testing purposes, in accordance with Regulation (EU) 2016/679, in the following cases:
for diagnostics and repair when faults are discovered in Eurodac; or
for testing new technologies and techniques relevant to enhancing the performance of Eurodac or the transmission of data to it.
In the cases referred to in points (a) and (b) of the first subparagraph, the security measures, access control and logging activities at the testing environment shall be equal to the ones for the Eurodac production system. Processing of real personal data adapted for testing shall be subject to stringent conditions and rendered anonymous in such a way that the data subject is no longer identifiable. Once the purpose for which the testing was carried out has been achieved or the tests have been completed, the real personal data shall be immediately and permanently erased from the testing environment.
eu-LISA shall be responsible for the following tasks relating to the Communication Infrastructure:
supervision;
security;
the coordination of relations between the Member States and the provider.
The Commission shall be responsible for all tasks relating to the Communication Infrastructure, other than those referred to in paragraph 3, in particular:
implementation of the budget;
acquisition and renewal;
contractual matters.
Article 5
Member States’ designated authorities for law enforcement purposes
Article 6
Member States’ verifying authorities for law enforcement purposes
The designated authority and the verifying authority may be part of the same organisation, if permitted under national law, but the verifying authority shall act independently when performing its tasks under this Regulation. The verifying authority shall be separate from the operating units referred to in Article 5(3) and shall not receive instructions from them as regards the outcome of the verification.
In accordance with their constitutional or legal requirements, Member States may designate more than one verifying authority to reflect their organisational and administrative structures.
Only duly empowered staff of the verifying authority shall be authorised to receive and forward requests for access to Eurodac in accordance with Article 32.
Only the verifying authority shall be authorised to forward requests for comparison of biometric or alphanumeric data to the National Access Point.
Article 7
Europol designated authority and Europol verifying authority for law enforcement purposes
Article 8
Interoperability with ETIAS
For the purpose of carrying out the verifications referred to in Article 20(2), point (k), of Regulation (EU) 2018/1240, the ETIAS Central System shall use the European search portal to compare the data in ETIAS with the data in Eurodac collected on the basis of Articles 17, 19, 21, 22, 23, 24 and 26 of this Regulation in a read-only format using the data categories listed in the table of correspondences set out in Annex I of this Regulation corresponding to persons having left or having been removed from the territory of the Member States in compliance with a return decision or removal order. Those verifications shall be without prejudice to the specific rules provided for in Article 24(3) of Regulation (EU) 2018/1240.
Article 9
Conditions for access to Eurodac for the manual processing by ETIAS National Units
Article 10
Access to Eurodac by the competent visa authorities
For the purpose of manually verifying hits triggered by the automated queries carried out by VIS in accordance with Articles 9a and 9c of Regulation (EC) No 767/2008 and of examining and deciding on visa applications in accordance with Article 21 of Regulation (EC) No 810/2009 of the European Parliament and of the Council ( 3 ), the competent visa authorities shall, in accordance with those Regulations, have access to Eurodac to consult data in a read-only format.
Article 11
Interoperability with VIS
As provided for in Article 3(1), point (d), of this Regulation, Eurodac shall be connected to the European search portal referred to in Article 6 of Regulation (EU) 2019/817 in order to enable the automated processing referred to in Article 9a of Regulation (EC) No 767/2008 and, therefore, to query Eurodac and compare the relevant data in the VIS with the relevant data in Eurodac. The verifications shall be without prejudice to the specific rules provided for in Article 9b of Regulation (EC) No 767/2008.
Article 12
Statistics
eu-LISA shall draw up statistics on the work of Eurodac every month indicating, in particular:
the number of applicants and the number of first-time applicants resulting from the linking process referred to in Article 3(6);
the number of rejected applicants resulting from the linking process referred to in Article 3(6) and pursuant to Article 17(2), point (j);
the number of persons who have been disembarked following search and rescue operations;
the number of persons who have been registered as beneficiaries of temporary protection;
the number of applicants who have been granted international protection in a Member State;
the number of persons who have been registered as minors;
the number of persons referred to in Article 18(2), point (a), of this Regulation who have been admitted under Regulation (EU) 2024/1350;
the number of persons referred to in Article 20(1) who have been admitted under a national resettlement scheme;
the number of datasets transmitted on persons as referred to in Article 15(1), Article 18(2), points (b) and (c), Article 22(1), Article 23(1), Article 24(1) and Article 26(1);
the number of transmissions of data relating to persons as referred to in Articles 18(1);
the number of hits for persons as referred to in Article 15(1) of this Regulation:
for whom an application for international protection has been registered in a Member State;
who have been apprehended in connection with the irregular crossing of an external border;
who have been illegally staying in a Member State;
who have been disembarked following a search and rescue operation;
who have been granted international protection in a Member State;
who have been registered as a beneficiary of temporary protection in a Member State;
who have been registered for the purpose of conducting an admission procedure in accordance with Regulation (EU) 2024/1350 and:
who have been admitted in accordance with a national resettlement scheme;
the number of hits for persons as referred to in Article 18(1) of this Regulation:
who have previously been granted international protection in a Member State;
who have been registered for the purpose of conducting an admission procedure in accordance with Regulation (EU) 2024/1350 and:
who have been admitted in accordance with a national resettlement scheme;
the number of hits for persons as referred to in Article 22(1) of this Regulation:
for whom an application for international protection has been registered in a Member State;
who have been apprehended in connection with the irregular crossing of an external border;
who have been illegally staying in a Member State;
who have been disembarked following a search and rescue operation;
who have been granted international protection in a Member State;
who have been registered for the purpose of conducting an admission procedure in accordance with Regulation (EU) 2024/1350 and:
who have been admitted in accordance with a national resettlement scheme;
who have been registered as a beneficiary of temporary protection in a Member State;
the number of hits for persons as referred to in Article 23(1) of this Regulation:
for whom an application for international protection has been registered in a Member State;
who have been apprehended in connection with the irregular crossing of an external border;
who have been illegally staying in a Member State;
who have been disembarked following a search and rescue operation;
who have been granted international protection in a Member State;
who have been registered for the purpose of conducting an admission procedure in accordance with Regulation (EU) 2024/1350 and:
who have been admitted in accordance with a national resettlement scheme;
who have been registered as a beneficiary of temporary protection in a Member State;
the number of hits for persons as referred to in Article 24(1) of this Regulation:
for whom an application for international protection has been registered in a Member State;
who have been apprehended in connection with the irregular crossing of an external border;
who have been illegally staying in a Member State;
who have been disembarked following a search and rescue operation;
who have been granted international protection in a Member State;
who have been registered for the purpose of conducting an admission procedure in accordance with Regulation (EU) 2024/1350 and:
who have been admitted in accordance with a national resettlement scheme;
who have been registered as a beneficiary of temporary protection in a Member State;
the number of hits for persons as referred to in Article 26(1) of this Regulation:
for whom an application for international protection has been registered in a Member State;
who have been apprehended in connection with the irregular crossing of an external border;
who have been illegally staying in a Member State;
who have been disembarked following a search and rescue operation;
who have been granted international protection in a Member State;
who have been registered for the purpose of conducting an admission procedure in accordance with Regulation (EU) 2024/1350 and:
who have been admitted in accordance with a national resettlement scheme;
who have been registered as beneficiary of temporary protection in a Member State;
the number of biometric data which Eurodac had to request more than once from the Member States of origin because the biometric data originally transmitted did not lend themselves to comparison using the computerised fingerprint and facial image recognition systems;
the number of datasets marked and unmarked in accordance with Article 31(1), (3) and (4);
the number of hits for persons as referred to in Article 31(1) and (4) for whom hits have been recorded under paragraph 1, points (k) to (p), of this Article;
the number of requests and hits as referred to in Article 33(1);
the number of requests and hits as referred to in Article 34(1);
the number of requests made in accordance with Article 43;
the number of hits received from Eurodac as referred to in Article 38(6).
Nothing in this paragraph shall affect the anonymised nature of the statistical data.
The statistics referred to in the first subparagraph shall be made available to the Member States, to the European Parliament, to the Commission, to the European Union Agency for Asylum, to the European Border and Coast Guard Agency and to Europol.
The Commission shall, by means of implementing acts, specify the content of the monthly cross-system statistics referred to in the first subparagraph. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 56(2).
Cross-system statistics alone shall not be used to deny access to the territory of the Union.
Article 13
Obligation to take biometric data
Article 14
Special provisions relating to minors
The best interests of the child shall be a primary consideration in the application of this Regulation. In the event that there is uncertainty as to whether or not a child is under the age of six and there is no supporting proof of that child’s age, the competent authorities of the Member States shall consider that child to be under the age of six for the purposes of this Regulation.
The minor shall be accompanied by, where present, an adult family member throughout the time when his or her biometric data are taken. The unaccompanied minor shall be accompanied by a representative or, where a representative has not been designated, a person trained to safeguard the best interests of the child and his or her general wellbeing, throughout the time when his or her biometric data are taken. Such a trained person shall not be the official responsible for taking the biometric data, shall act independently and shall not receive orders either from the official or the service responsible for taking the biometric data. Such a trained person shall be the person designated to provisionally act as a representative under Directive (EU) 2024/1346, where that person has been designated.
No form of force shall be used against minors to ensure their compliance with the obligation to provide biometric data. However, where permitted by relevant Union or national law, and as a last resort, a proportionate degree of coercion may be used against minors to ensure their compliance with that obligation. When applying such a proportionate degree of coercion, Member States shall respect the dignity and physical integrity of the minor.
Where a minor, in particular an unaccompanied or separated minor, refuses to give their biometric data and there are reasonable grounds for believing that there are risks relating to safeguarding or protecting the minor, as assessed by an official trained specifically to take a minor’s biometric data, the minor shall be referred to the competent national child protection authorities, the national referral mechanisms or both.
CHAPTER II
Applicants for international protection
Article 15
Collection and transmission of biometric data
Each Member State shall take, in accordance with Article 13(2), the biometric data of every applicant for international protection of at least six years of age:
upon the registration of the application for international protection referred to in Article 27 of Regulation (EU) 2024/1348 and transmit them, as soon as possible and no later than 72 hours from that registration, together with the other data referred to in Article 17(1) of this Regulation, to Eurodac in accordance with Article 3(2) of this Regulation; or
upon the making of the application for international protection, where the application is made at external border crossing points or in transit zones by a person who does not fulfil the entry conditions set out in Article 6 of Regulation (EU) 2016/399, and transmit them, as soon as possible and no later than 72 hours after the biometric data have been taken, together with the data referred to in Article 17(1) of this Regulation, to Eurodac in accordance with Article 3(2) of this Regulation.
Non-compliance with the 72-hour time limit referred to in the first subparagraph, points (a) and (b), of this paragraph shall not relieve Member States of the obligation to take the biometric data and transmit them to Eurodac. Where the condition of the fingertips does not allow the taking of fingerprints of a quality ensuring appropriate comparison under Article 38, the Member State of origin shall retake the fingerprints of the applicant and retransmit them as soon as possible and no later than 48 hours after they have been successfully retaken.
In the event of serious technical problems, Member States may extend the 72-hour time limits referred to in paragraph 1, the first subparagraph, points (a) and (b), by a maximum of a further 48 hours in order to carry out their national continuity plans.
Article 16
Information on the status of the data subject
Where a Member State becomes responsible because there are reasonable grounds to consider that the applicant poses a threat to internal security in accordance with Article 16(4) of Regulation (EU) 2024/1351, it shall update its dataset recorded in accordance with Article 17 of this Regulation regarding the person concerned by adding the Member State responsible.
The following information shall be sent to Eurodac in order to be stored in accordance with Article 29(1) for the purposes of transmission under Articles 27 and 28:
when an applicant for international protection arrives in the Member State responsible following a transfer pursuant to a decision acceding to a take charge request as referred to in Article 40 of Regulation (EU) 2024/1351, the Member State responsible shall send a dataset recorded in accordance with Article 17 of this Regulation relating to the person concerned and shall include his or her date of arrival;
when an applicant for international protection or another person as referred to in Article 36(1), point (b) or (c), of Regulation (EU) 2024/1351 arrives in the Member State responsible following a transfer pursuant to a take back notification as referred to in Article 41 of that Regulation, the Member State responsible shall update its dataset recorded in accordance with Article 17 of this Regulation relating to the person concerned by adding his or her date of arrival;
as soon as the Member State of origin establishes that the person concerned whose data were recorded in Eurodac in accordance with Article 17 of this Regulation has left the territory of the Member States, it shall update its dataset recorded in accordance with Article 17 of this Regulation relating to the person concerned by adding the date when that person left the territory, in order to facilitate the application of Article 37(4) of Regulation (EU) 2024/1351;
as soon as the Member State of origin ensures that the person concerned whose data were recorded in Eurodac in accordance with Article 17 of this Regulation has left the territory of the Member States in compliance with a return decision or removal order issued following the withdrawal or rejection of the application for international protection as provided for in Article 37(5) of Regulation (EU) 2024/1351, it shall update its dataset recorded in accordance with Article 17 of this Regulation relating to the person concerned by adding the date of his or her removal or when he or she left the territory.
Article 17
Recording of data
Only the following data shall be recorded in Eurodac in accordance with Article 3(2):
fingerprint data;
a facial image;
surname(s) and forename(s), name(s) at birth and previously used names and any aliases, which may be entered separately;
nationality(ies);
date of birth;
place of birth;
Member State of origin, place and date of the application for international protection; in the cases referred to in Article 16(2), point (a), the date of application shall be the date entered by the Member State who transferred the applicant;
sex;
where available, the type and number of identity or travel document, the three letter code of the issuing country and the expiry date of that document;
where available, a scanned colour copy of an identity or travel document along with an indication of its authenticity or, where unavailable, another document which facilitates the identification of the third-country national or stateless person along with an indication of its authenticity;
the reference number used by the Member State of origin;
the date on which the biometric data were taken;
the date on which the data were transmitted to Eurodac;
operator user ID.
Additionally, where applicable and available, the following data shall be promptly recorded in Eurodac in accordance with Article 3(2):
the Member State responsible in the cases referred to in Article 16(1), (2) or (3);
the Member State of relocation in accordance with Article 25(1);
in the cases referred to in Article 16(2), point (a), the date of the arrival of the person concerned after a successful transfer;
in the cases referred to in Article 16(2), point (b), the date of the arrival of the person concerned after a successful transfer;
in the cases referred to in Article 16(2), point (c), the date when the person concerned left the territory of the Member States;
in the cases referred to in Article 16(2), point (d), the date when the person concerned was removed from or left the territory of the Member States;
in the cases referred to in Article 25(2), the date of arrival of the person concerned after a successful transfer;
the fact that a visa was issued to the applicant, the Member State which issued or extended the visa or on behalf of which the visa was issued and the visa application number;
the fact that the person could pose a threat to internal security following the security check referred to in Regulation (EU) 2024/1356 of the European Parliament and of the Council ( 4 ) or following an examination pursuant to Article 16(4) of Regulation (EU) 2024/1351 or to Article 9(5) of Regulation (EU) 2024/1348, if any of the following circumstances apply:
the person concerned is armed;
the person concerned is violent;
there are indications that the person concerned is involved in any of the offences referred to in Directive (EU) 2017/541;
there are indications that the person concerned is involved in any of the offences referred to in Article 2(2) of the Framework Decision 2002/584/JHA;
the fact that the application for international protection has been rejected where the applicant has no right to remain and has not been allowed to remain in a Member State pursuant to Regulation (EU) 2024/1348;
the fact that, following an examination of an application in the border procedure pursuant to Regulation (EU) 2024/1348, a decision rejecting an application for international protection as inadmissible, unfounded or manifestly unfounded or a decision declaring an application as implicitly or explicitly withdrawn has become final;
the fact that assistance for voluntary return and reintegration (AVRR) has been granted.
CHAPTER III
Persons registered for the purpose of conducting an admission procedure and persons admitted in accordance with a national resettlement scheme
SECTION 1
Persons registered for the purpose of conducting an admission Procedure under the union resettlement and humanitarian admission framework
Article 18
Collection and transmission of biometric data
Each Member State shall take the biometric data of every person of at least six years of age registered for the purpose of conducting an admission procedure under the Union Resettlement and Humanitarian Admission Framework and:
to whom that Member State grants international protection or humanitarian status under national law in accordance with Regulation (EU) 2024/1350;
who that Member State refuses to admit on one of the grounds referred to in Article 6(1), point (f) of that Regulation; or
for whom that Member State discontinues the admission procedure due to the fact that that person does not give or withdraws his or her consent in accordance with Article 7 of that Regulation.
Member States shall transmit the biometric data of those persons referred to in the first subparagraph together with the data referred to in Article 19(1), points (c) to (q), of this Regulation to Eurodac as soon as possible and no later than 72 hours after the decision to grant international protection or humanitarian status under national law, to refuse admission or to discontinue the admission procedure.
Where it is not possible to take biometric data on account of measures taken to ensure the person’s health or the protection of public health, Member States shall take and transmit such biometric data as soon as possible after those health grounds no longer prevail.
Article 19
Recording of data
Only the following data shall be recorded in Eurodac in accordance with Article 3(2) of this Regulation:
fingerprint data;
a facial image;
surname(s) and forename(s), name(s) at birth and previously used names and any aliases, which may be entered separately;
nationality(ies);
date of birth;
place of birth;
Member State of origin, place and date of the registration in accordance with Article 9(3) of Regulation (EU) 2024/1350;
sex;
where available, the type and number of identity or travel document, the three letter code of the issuing country and the expiry date of that document;
where available, a scanned colour copy of an identity or travel document along with an indication of its authenticity, and where unavailable, another document which facilitates the identification of the third-country national or stateless person along with an indication of its authenticity;
the reference number used by the Member State of origin;
the date on which the biometric data were taken;
the date on which the data were transmitted to Eurodac;
operator user ID;
where applicable, the date of the decision to grant international protection or humanitarian status under national law in accordance with Article 9(14) of Regulation (EU) 2024/1350;
where applicable, the date of the refusal of admission in accordance with Regulation (EU) 2024/1350 and the grounds on which admission was refused;
where applicable, the date of the discontinuation of the admission procedure as referred to in Regulation (EU) 2024/1350.
SECTION 2
Persons admitted in accordance with a national resettlement scheme
Article 20
Collection and transmission of biometric data
Article 21
Recording of data
Only the following data shall be recorded in Eurodac in accordance with Article 3(2):
fingerprint data;
a facial image;
surname(s) and forename(s), name(s) at birth and previously used names and any aliases, which may be entered separately;
nationality(ies);
date of birth;
place of birth;
Member State of origin, place and date of the registration;
sex;
where available, the type and number of identity or travel document, the three letter code of the issuing country and the expiry date of that document;
where available, a scanned colour copy of an identity or travel document along with an indication of its authenticity, and where unavailable, another document which facilitates the identification of the third-country national or stateless person along with an indication of its authenticity;
the reference number used by the Member State of origin;
the date on which the biometric data were taken;
the date on which the data were transmitted to Eurodac;
operator user ID;
the date on which international protection or humanitarian status under national law was granted.
CHAPTER IV
Third-country nationals or stateless persons apprehended in connection with the irregular crossing of an external border
Article 22
Collection and transmission of biometric data
The Member State concerned shall, as soon as possible and no later than 72 hours after the date of apprehension, transmit to Eurodac in accordance with Article 3(2) the following data in relation to any third-country national or stateless person referred to in paragraph 1 who is not turned back:
fingerprint data;
a facial image;
surname(s) and forename(s), name(s) at birth and previously used names and any aliases, which may be entered separately;
nationality(ies);
date of birth;
place of birth;
Member State of origin, place and date of the apprehension;
sex;
where available, the type and number of identity or travel document, the three letter code of the issuing country and the expiry date of that document;
where available, a scanned colour copy of an identity or travel document along with an indication of its authenticity or, where unavailable, another document which facilitates the identification of the third-country national or stateless person along with an indication of its authenticity;
the reference number used by the Member State of origin;
the date on which the biometric data were taken;
the date on which the data were transmitted to Eurodac;
operator user ID.
Additionally, where applicable and available, the following data shall be promptly transmitted to Eurodac in accordance with Article 3(2):
in accordance with paragraph 7 of this Article, the date when the person concerned left or was removed from the territory of the Member States;
the Member State of relocation in accordance with Article 25(1);
the fact that AVRR has been granted,
the fact that the person could pose a threat to internal security, following the screening referred to in Regulation (EU) 2024/1356, if any of the following circumstances apply:
the person concerned is armed;
the person concerned is violent;
there are indications that the person concerned is involved in any of the offences referred to in Directive (EU) 2017/541;
there are indications that the person concerned is involved in any of the offences referred to in Article 2(2) of Framework Decision 2002/584/JHA.
In the event of serious technical problems, Member States may extend the 72-hour time limit referred to in paragraph 2 by a maximum of a further 48 hours in order to carry out their national continuity plans.
CHAPTER V
Third-country nationals or stateless persons illegally staying in a Member State
Article 23
Collection and transmission of biometric data
The Member State concerned shall, as soon as possible and no later than 72 hours after the third-country national or the stateless person has been found to be illegally staying, transmit to Eurodac in accordance with Article 3(2) the following data in relation to any third-country national or stateless person referred to in paragraph 1:
fingerprint data;
a facial image;
surname(s) and forename(s), name(s) at birth and previously used names and any aliases, which may be entered separately;
nationality(ies);
date of birth;
place of birth;
Member State of origin, place and date of the apprehension;
sex;
where available, the type and number of identity or travel document, the three letter code of the issuing country and the expiry date of that document;
where available, a scanned colour copy of an identity or travel document along with an indication of its authenticity or, where unavailable, another document which facilitates the identification of the third-country national or stateless person along with an indication of its authenticity;
the reference number used by the Member State of origin;
the date on which the biometric data were taken;
the date on which the data were transmitted to Eurodac;
operator user ID.
Additionally, where applicable and available, the following data shall be promptly transmitted to Eurodac in accordance with Article 3(2):
in accordance with paragraph 6 of this Article, the date when the person concerned left or was removed from the territory of the Member States;
the Member State of relocation in accordance with Article 25(1);
where applicable, in the cases referred to in Article 25(2), the date of arrival of the person concerned after a successful transfer;
the fact that AVRR has been granted;
the fact that the person could pose a threat to internal security, following the screening referred to in Regulation (EU) 2024/1356 or following a security check carried out at the moment of taking the biometric data as provided for in paragraph 1 of this Article, if any of the following circumstances apply:
the person concerned is armed;
the person concerned is violent;
there are indications that the person concerned is involved in any of the offences referred to in Directive (EU) 2017/541;
there are indications that the person concerned is involved in any of the offences referred to in Article 2(2) of Framework Decision 2002/584/JHA.
In the event of serious technical problems, Member States may extend the 72-hour time limit referred to in paragraph 2 by a maximum of a further 48 hours in order to carry out their national continuity plans.
CHAPTER VI
Third-country nationals or stateless persons disembarked following a search and rescue operation
Article 24
Collection and transmission of biometric data
The Member State concerned shall, as soon as possible and no later than 72 hours after the date of disembarkation, transmit to Eurodac in accordance with Article 3(2) the following data in relation to any third-country national or stateless person referred to in paragraph 1:
fingerprint data;
a facial image;
surname(s) and forename(s), name(s) at birth and previously used names and any aliases, which may be entered separately;
nationality(ies);
date of birth;
place of birth;
Member State of origin, place and date of disembarkation;
sex;
the reference number used by the Member State of origin;
the date on which the biometric data were taken;
the date on which the data were transmitted to Eurodac;
operator user ID.
Additionally, where applicable and available, the following data shall be transmitted to Eurodac in accordance with Article 3(2) as soon as available:
the type and number of identity or travel document, the three letter code of the issuing country and the expiry date of that document;
a scanned colour copy of an identity or travel document along with an indication of its authenticity or, where unavailable, another document which facilitates the identification of the third-country national or stateless person along with an indication of its authenticity;
in accordance with paragraph 7 of this Article, the date when the person concerned left or was removed from the territory of the Member States;
the Member State of relocation in accordance with Article 25(1);
the fact that AVRR has been granted;
the fact that the person could pose a threat to internal security following the screening referred to in Regulation (EU) 2024/1356, if any of the following circumstances apply:
the person concerned is armed;
the person concerned is violent;
there are indications that the person concerned is involved in any of the offences referred to in Directive (EU) 2017/541;
there are indications that the person concerned is involved in any of the offences referred to in Article 2(2) of Framework Decision 2002/584/JHA.
In the event of serious technical problems, Member States may extend the 72-hour time limit referred to in paragraph 2 by a maximum of a further 48 hours in order to carry out their national continuity plans.
CHAPTER VII
Information on Relocation
Article 25
Information on the status of relocation of the data subject
CHAPTER VIII
Beneficiaries of temporary protection
Article 26
Collection and transmission of biometric data
The Member State concerned shall, as soon as possible and no later than 10 days after the registration as a beneficiary of temporary protection, transmit to Eurodac in accordance with Article 3(2) the following data in relation to any third-country national or stateless person referred to in paragraph 1:
fingerprint data;
a facial image;
surname(s) and forename(s), name(s) at birth and previously used names and any aliases, which may be entered separately;
nationality(ies);
date of birth;
place of birth;
Member State of origin, place and date of registration as beneficiary of temporary protection;
sex;
where available, the type and number of identity or travel document, the three letter code of the issuing country and the expiry date of that document;
where available, a scanned colour copy of an identity or travel document along with an indication of its authenticity or, where unavailable, another document;
the reference number used by the Member State of origin;
the date on which the biometric data were taken;
the date on which the data were transmitted to Eurodac;
operator user ID;
where relevant, the fact that the person previously registered as a beneficiary of temporary protection falls under one of the exclusion grounds set out in Article 28 of Directive 2001/55/EC;
the reference of the relevant Council Implementing Decision.
In the event of serious technical problems, Member States may extend the 10-day time limit referred to in paragraph 2 by a maximum of a further 48 hours in order to carry out their national continuity plans.
CHAPTER IX
Procedure for comparison of data for applicants for international protection, third-country nationals and stateless persons apprehended crossing the border irregularly or illegally staying in the territory of a Member State, third-country nationals and stateless persons registered for the purpose of conducting an admission procedure and admitted in accordance with a national resettlement scheme, third-country nationals and stateless persons disembarked following a search and rescue operation and beneficiaries of temporary protection
Article 27
Comparison of biometric data
Article 28
Comparison of facial image data
Eurodac shall ensure that the comparison referred to in paragraph 1 covers the facial image data previously transmitted by a Member State as referred to in that paragraph, in addition to the facial image data from other Member States.
CHAPTER X
Data storage, advanced data erasure and marking of data
Article 29
Data storage
Article 30
Advanced data erasure
Data relating to a person who has acquired the citizenship of another Member State before the expiry of the period referred to in Article 29(1), (3), (5), (6), (7), (8) or (9) shall be erased from Eurodac by the Member State of origin, in accordance with Article 40(3), as soon as it becomes aware of the fact that the person concerned has acquired such citizenship.
Article 31
Marking of data
CHAPTER XI
Procedure for comparison and data transmission for law enforcement purposes
Article 32
Procedure for comparison of biometric or alphanumeric data with Eurodac data
Article 33
Conditions for access to Eurodac by designated authorities
For law enforcement purposes, designated authorities may submit a reasoned electronic request for the comparison of biometric or alphanumeric data with the data stored in Eurodac within the scope of their powers only where all of the following conditions have been met:
a prior check has been conducted in:
national databases; and
the automated fingerprinting identification systems of all other Member States under Decision 2008/615/JHA where comparisons are technically available, unless there are reasonable grounds to believe that a comparison with such systems would not lead to the establishment of the identity of the data subject; such reasonable grounds shall be included in the reasoned electronic request for comparison with Eurodac data sent by the designated authority to the verifying authority;
the comparison is necessary for the purpose of the prevention, detection or investigation of terrorist offences or of other serious criminal offences, which means that there is an overriding public security concern which makes the searching of the database proportionate to the objective pursued;
the comparison is necessary in a specific case including specific persons; and
there are reasonable grounds to consider that the comparison will substantially contribute to the prevention, detection or investigation of any of the terrorist offences or other serious criminal offences in question; such reasonable grounds exist in particular where there is a substantiated suspicion that the suspect, perpetrator or victim of a terrorist offence or other serious criminal offence falls within a category covered by this Regulation.
In addition to the prior check of the databases referred to in the first subparagraph, designated authorities may also conduct a check in the VIS, provided that the conditions for a comparison with the data stored therein, as laid down in Decision 2008/633/JHA, are met. Designated authorities may submit the reasoned electronic request referred to in the first subparagraph simultaneously with a request for comparison with the data stored in the VIS.
Article 34
Conditions for access to Eurodac by Europol
For law enforcement purposes, the Europol designated authority may submit a reasoned electronic request for the comparison of biometric or alphanumeric data with the data stored in Eurodac within the limits of Europol’s mandate and where necessary for the performance of Europol’s tasks only where all of the following conditions have been met:
comparisons with biometric or alphanumeric data stored in any information processing systems that are technically and legally accessible by Europol did not lead to the establishment of the identity of the data subject;
the comparison is necessary to support and strengthen action by Member States in preventing, detecting or investigating terrorist offences or other serious criminal offences falling under Europol’s mandate, which means that there is an overriding public security concern which makes the searching of the database proportionate to the objective pursued;
the comparison is necessary in a specific case including specific persons; and
there are reasonable grounds to consider that the comparison will substantially contribute to the prevention, detection or investigation of any of the terrorist offences or other serious criminal offences in question; such reasonable grounds exist in particular where there is a substantiated suspicion that the suspect, perpetrator or victim of a terrorist offence or other serious criminal offence falls within a category covered by this Regulation.
Article 35
Communication between the designated authorities, the verifying authorities, the National Access Points and the Europol Access Point
CHAPTER XII
Data processing, data protection and liability
Article 36
Responsibility for data processing
The Member State of origin shall be responsible for ensuring that:
biometric data and the other data referred to in Article 17(1) and (2), Article 19(1), Article 21(1), Article 22(2) and (3), Article 23(2) and (3), Article 24(2) and (3) and Article 26(2) are taken lawfully and are lawfully transmitted to Eurodac;
data are accurate and up to date when they are transmitted to Eurodac;
without prejudice to the responsibilities of eu-LISA, data in Eurodac are lawfully recorded, stored, rectified and erased;
the results of biometric data comparisons transmitted by Eurodac are lawfully processed.
eu-LISA shall ensure that Eurodac is operated, including for testing purposes, in accordance with this Regulation and relevant Union data protection rules. In particular, eu-LISA shall:
adopt measures ensuring that all persons, including contractors, working with Eurodac process the data recorded therein only in accordance with the purposes of Eurodac laid down in Article 1;
take the necessary measures to ensure the security of Eurodac in accordance with Article 48;
ensure that only persons authorised to work with Eurodac have access thereto, without prejudice to the competences of the European Data Protection Supervisor.
eu-LISA shall inform the European Parliament, the Council and the European Data Protection Supervisor of the measures it takes pursuant to the first subparagraph of this paragraph.
Article 37
Transmission
Article 38
Carrying out comparisons and transmitting results
Where, following a comparison of both fingerprint and facial image data with data recorded in the computerised central database, Eurodac returns a fingerprint hit and a facial image hit, Member States may check the result of the comparison of the facial image data.
For the purposes laid down in Article 1(1), points (a), (b), (c) and (j), of this Regulation, final identification shall be made by the Member State of origin in cooperation with the other Member States concerned.
For the purposes laid down in Article 1(1), points (a), (b), (c) and (j), of this Regulation, final identification shall be made by the Member State of origin in cooperation with the other Member States concerned.
Information received from Eurodac relating to other data found to be unreliable shall be erased as soon as the unreliability of the data is established.
Article 39
Communication between Member States and Eurodac
Data transmitted from the Member States to Eurodac and vice versa shall use the Communication Infrastructure. As far as is necessary for the efficient operation of Eurodac, eu-LISA shall establish the technical procedures necessary for the use of the Communication Infrastructure.
Article 40
Access to, and rectification or erasure of, data recorded in Eurodac
Member States shall not conduct searches of the data transmitted by another Member State or receive such data with the exception of data resulting from the comparison referred to in Articles 27 and 28.
If a Member State has evidence to suggest that data were recorded in Eurodac in breach of this Regulation, it shall inform eu-LISA, the Commission and the Member State of origin thereof as soon as possible. The Member State of origin shall check the data concerned and, if necessary, amend or erase them without delay.
Article 41
Keeping of records
Article 42
Rights of information
The Member State of origin shall inform a person covered by Article 15(1), Article 18(1) and (2), Article 20(1), Article 22(1), Article 23(1), Article 24(1) or Article 26(1) of this Regulation, in writing, and where necessary, orally, in a language that he or she understands or is reasonably supposed to understand, in a concise, transparent, intelligible and easily accessible form, using clear and plain language, of the following:
the identity and contact details of the controller within the meaning of Article 4, point (7), of Regulation (EU) 2016/679 and of his or her representative, if any, and the contact details of the data protection officer;
the data to be processed in Eurodac and the legal basis for processing, including a description of the aims of Regulation (EU) 2024/1351, in accordance with Article 19 of that Regulation and, where applicable, of the aims of Regulation (EU) 2024/1350, and an explanation in an intelligible form of the fact that Eurodac may be accessed by the Member States and Europol for law enforcement purposes;
in relation to a person covered by Article 15(1), Article 22(1), Article 23(1) or Article 24(1), the fact that, if a security check as referred to in Articles 17(2), point (i), 22(3), point (d), Article 23(3), point (e), and Article 24(3), point (f), shows that he or she could pose a threat to internal security, the Member State of origin is obliged to register that fact in Eurodac;
the recipients or categories of recipients of the data, if any;
in relation to a person covered by Article 15(1), Article 18(1) and (2), Article 20(1), Article 22(1), Article 23(1), Article 24(1) or Article 26(1), the obligation to have his or her biometric data taken and the relevant procedure, including the possible implications of non-compliance with such an obligation;
the period for which the data will be stored pursuant to Article 29;
the existence of the right to request from the controller access to data relating to him or her, and the right to request the rectification of inaccurate personal data, the completion of incomplete personal data or the erasure or restriction of the processing of unlawfully processed personal data concerning the data subject, as well as the right to receive information on the procedures for exercising those rights including the contact details of the controller and the supervisory authorities referred to in Article 44(1);
the right to lodge a complaint with the supervisory authority.
Where a person covered by Article 15(1), Article 18(1) and (2), Article 20(1), Article 22(1), Article 23(1), Article 24(1) and Article 26(1), is a minor, the information shall be provided by Member States in an age-appropriate manner.
The procedure to capture biometric data shall be explained to minors by using leaflets, infographics or demonstrations, or a combination of any of the three, as appropriate, specifically designed in such a way as to ensure that minors understand it.
The leaflet shall be clear and simple, drafted in a concise, transparent, intelligible and easily accessible form and in a language that the person concerned understands or is reasonably supposed to understand.
The leaflet shall be drawn up in such a manner as to enable Member States to complete it with additional Member State-specific information. That Member State-specific information shall include at least the administrative measures for ensuring compliance with the obligation to provide biometric data, the rights of the data subject, the possibility of information and assistance by the national supervisory authorities, the contact details of the office of the controller and of the data protection officer, and the contact details of the national supervisory authorities.
Article 43
Right of access to, rectification, completion, erasure and restriction of the processing of personal data
When the rights of rectification and erasure of personal data are exercised in a Member State other than that, or those, which transmitted the data, the authorities of that Member State shall contact the authorities of the Member State or Member States which transmitted the data so that they can check the accuracy of the data and the lawfulness of their transmission to and recording in Eurodac.
That Member State shall also provide the data subject with information explaining the steps which can be taken if he or she does not accept the explanation provided. That shall include information on how to bring an action or, if appropriate, a complaint before the competent authorities or courts of that Member State and on any financial or other assistance that is available in accordance with the laws, regulations and procedures of that Member State.
Article 44
Supervision by the national supervisory authorities
Article 45
Supervision by the European Data Protection Supervisor
Article 46
Cooperation between national supervisory authorities and the European Data Protection Supervisor
The audit shall be attached to the annual report by the Member States referred to in Article 57(8).
Article 47
Protection of personal data for law enforcement purposes
Article 48
Data security
Each Member State shall, in relation to all data processed by its competent authorities pursuant to this Regulation, adopt the necessary measures, including a data security plan, in order to:
physically protect the data, including by making contingency plans for the protection of critical infrastructure;
deny unauthorised persons access to data-processing equipment and national installations in which the Member State carries out operations in accordance with the purposes of Eurodac (equipment, access control and checks at entrance to the installation);
prevent the unauthorised reading, copying, modification or removal of data media (data media control);
prevent the unauthorised input of data and the unauthorised inspection, modification or erasure of stored personal data (storage control);
prevent the use of automated data-processing systems by unauthorised persons using data communication equipment (user control);
prevent the unauthorised processing of data in Eurodac and any unauthorised modification or erasure of data processed in Eurodac (control of data entry);
ensure that persons authorised to access Eurodac have access only to the data covered by their access authorisation, by means of individual and unique user IDs and confidential access modes only (data access control);
ensure that all authorities with a right of access to Eurodac create profiles describing the functions and responsibilities of persons who are authorised to access, enter, update, erase and search the data, and make those profiles and any other relevant information which those authorities might require for supervisory purposes available to the supervisory authorities referred to in Article 51 of Regulation (EU) 2016/679 and in Article 41 of Directive (EU) 2016/680, without delay, at their request (personnel profiles);
ensure that it is possible to verify and establish to which bodies personal data may be transmitted using data communication equipment (communication control);
ensure that it is possible to verify and establish what data have been processed in Eurodac, when, by whom and for what purpose (control of data recording);
prevent the unauthorised reading, copying, modification or deletion of personal data during the transmission of personal data to or from Eurodac or during the transport of data media, in particular by means of appropriate encryption techniques (transport control);
ensure that installed systems may, in the event of interruption, be restored (recovery);
ensure that Eurodac performs its functions, that the appearance of faults in the functions is reported (reliability) and that stored personal data cannot be corrupted by means of the system malfunctioning (integrity); and
monitor the effectiveness of the security measures referred to in this paragraph and take the necessary organisational measures related to internal monitoring in order to ensure compliance with this Regulation (self-auditing) and to automatically detect within 24 hours any relevant events arising from the application of measures listed in points (b) to (k) that might indicate the occurrence of a security incident.
Prior to the start of the operational use of Eurodac, the security framework for Eurodac’s business and technical environment shall be updated, in accordance with Article 33 of Regulation (EU) 2018/1725.
Article 49
Prohibition of transfers of data to third countries, international organisations or private entities
Article 50
Transfer of data to third countries for the purpose of return
Transfers of data to a third country pursuant to paragraph 1 shall take place only where the following conditions have been met:
the data are transferred or made available solely for the purpose of identifying, and issuing an identification or travel document to, an illegally staying third-country national for the purposes of return; and
the third-country national concerned has been informed that his or her personal data may be shared with the authorities of a third country.
Article 51
Logging and documentation
The log or documentation shall show in all cases:
the exact purpose of the request for comparison, including the type of terrorist offence or other serious criminal offence concerned and, for Europol, the exact purpose of the request for comparison;
the reasonable grounds given in accordance with Article 33(1), point (a), of this Regulation for not conducting comparisons with other Member States under Decision 2008/615/JHA;
the national file number;
the date and exact time of the request for comparison by the National Access Point to Eurodac;
the name of the authority that requested access for comparison and the person responsible who made the request and processed the data;
where applicable, the use of the urgent procedure referred to in Article 32(4) and the decision taken with regard to the ex post verification;
the data used for comparison;
in accordance with national rules or with Regulation (EU) 2016/794, the identifying mark of the official who carried out the search and of the official who ordered the search or supply;
where applicable, a reference to the use of the European search portal to query Eurodac as referred to in Article 7(2) of Regulation (EU) 2019/818.
The national supervisory authorities responsible for checking the admissibility of the request and monitoring the lawfulness of the data processing and data integrity and security shall have access to those logs at their request for the purpose of fulfilling their tasks.
Article 52
Liability
CHAPTER XIII
Amendments to Regulations (EU) 2018/1240 and (EU) 2019/818
Article 53
Amendments to Regulation (EU) 2018/1240
in Article 11, the following paragraph is inserted:
For the purpose of proceeding with the verifications referred to in Article 20(2), second subparagraph, point (k), the automated verifications pursuant to paragraph 1 of this Article shall enable the ETIAS Central System to query Eurodac established by Regulation (EU) 2024/1358 of the European Parliament and of the Council ( *1 ), with the following data provided by applicants under Article 17(2), points (a) to (d) of this Regulation:
surname (family name), first name(s) (given name(s)), surname at birth, date of birth, place of birth, sex, current nationality;
other names (alias(es), artistic name(s), usual name(s)), if any;
other nationalities, if any;
type, number, the country of issue of the travel document.
in Article 25a(1), the following point is inserted:
the data referred to in Articles 17, 19, 21, 22, 23, 24 and 26 of Regulation (EU) 2024/1358.’;
in Article 88, paragraph 6 is replaced by the following:
Article 54
Amendments to Regulation (EU) 2019/818
Regulation (EU) 2019/818 is amended as follows:
in Article 4, point (20) is replaced by the following:
“designated authorities” means the Member States’ designated authorities within the meaning of Article 5 of Regulation (EU) 2024/1358 of the European Parliament and of the Council ( *2 ), Article 3(1), point (26), of Regulation (EU) 2017/2226 of the European Parliament and the Council ( *3 ), Article 4, point (3a), of Regulation (EC) No 767/2008, and Article 3(1), point (21), of Regulation (EU) 2018/1240 of the European Parliament and of the Council ( *4 );
in Article 10(1), the introductory wording is replaced by the following:
‘Without prejudice to Article 51 of Regulation (EU) 2024/1358, Articles 12 and 18 of Regulation (EU) 2018/1862, Article 31 of Regulation (EU) 2019/816 and Article 40 of Regulation (EU) 2016/794, eu-LISA shall keep logs of all data processing operations within the ESP. Those logs shall include, in particular, the following:’;
in Article 13(1), the first subparagraph is amended as follows:
point (b) is replaced by the following:
the data referred to in Article 5(1), point (b), and Article 5(3) of Regulation (EU) 2019/816;’;
the following point is added:
the data referred to in Article 17(1), points (a) and (b), Article 19(1), points (a) and (b), Article 21 (1) points (a) and (b), Article 22(2), points (a) and (b), Article 23(2), points (a) and (b), Article 24(2), points (a) and (b) and Article 26(2), points (a) and (b) of Regulation (EU) 2024/1358.’;
Article 14 is replaced by the following:
‘Article 14
Searching biometric data with the shared biometric matching service
In order to search the biometric data stored within the CIR and SIS, the CIR and SIS shall use the biometric templates stored in the shared BMS. Queries with biometric data shall take place in accordance with the purposes provided for in this Regulation and in Regulations (EC) No 767/2008, (EU) 2017/2226, (EU) 2018/1860, (EU) 2018/1861, (EU) 2018/1862, (EU) 2019/816 and (EU) 2024/1358.’
;in Article 16(1), the first sentence is replaced by the following:
‘Without prejudice to Article 51 of Regulation (EU) 2024/1358, Articles 12 and 18 of Regulation (EU) 2018/1862 and Article 31 of Regulation (EU) 2019/816, eu-LISA shall keep logs of all data processing operations within the shared BMS.’;
in Article 18, paragraph 1 is replaced by the following:
The CIR shall store the following data, logically separated according to the information system from which the data have originated:
the data referred to in Article 17(1), points (a) to (f), (h) and (i), Article 19(1) points (a) to (f), (h) and (i), Article 21(1) points (a) to (f), (h) and (i), Article 22(2), points (a) to (f), (h) and (i), Article 23(2), points (a) to (f), (h) and (i), Article 24(2), points (a) to (f) and (h), Article 24(3), point (a), and Article 26(2), points (a) to (f), (h) and (i), of Regulation (EU) 2024/1358;
the data referred to in Article 5(1), point (b), and Article 5(3) of Regulation (EU) 2019/816 and the following data listed in Article 5(1), point (a) of that Regulation: surname (family name), first names (given names), date of birth, place of birth (town and country), nationality or nationalities, gender, previous names, if applicable, where available pseudonyms or aliases, as well as, where available, information on travel documents.’
;
in Article 23, paragraph 1 is replaced by the following:
;
in Article 24, paragraph 1 is replaced by the following:
;
in Article 26(1), the following points are added:
the authorities competent to collect the data provided for in Chapter II of Regulation (EU) 2024/1358 when transmitting data to Eurodac;
the authorities competent to collect the data provided for in Chapter III of Regulation (EU) 2024/1358 when transmitting data to Eurodac;
the authorities competent to collect the data provided for in Chapter IV of Regulation (EU) 2024/1358 when transmitting data to Eurodac;
the authorities competent to collect the data provided for in Chapter V of Regulation (EU) 2024/1358 when transmitting data to Eurodac;
the authorities competent to collect the data provided for in Chapter VI of Regulation (EU) 2024/1358 when transmitting data to Eurodac;
the authorities competent to collect the data provided for in Chapter VIII of Regulation (EU) 2024/1358 when transmitting data to Eurodac;’;
Article 27 is amended as follows:
in paragraph 1, the following point is added:
a dataset is transmitted to Eurodac in accordance with Articles 17, 19, 21, 22, 23, 24 or 26 of Regulation (EU) 2024/1358;’;
in paragraph 3, the following point is added:
surname(s); forename(s); name(s) at birth, previously used names and aliases; date of birth, place of birth, nationality(ies) and sex as referred to in Articles 17, 19, 21, 22, 23, 24 and 26 of Regulation (EU) 2024/1358;’;
in Article 29(1), the following points are added:
the authorities competent to collect the data provided for in Chapter II of Regulation (EU) 2024/1358 when transmitting data to Eurodac for matches that occurred when transmitting such data;
the authorities competent to collect the data provided for in Chapter III of Regulation (EU) 2024/1358 when transmitting data to Eurodac for matches that occurred when transmitting such data;
the authorities competent to collect the data provided for in Chapter IV of Regulation (EU) 2024/1358 for matches that occurred when transmitting such data;
the authorities competent to collect the data provided for in Chapter V of Regulation (EU) 2024/1358 for matches that occurred when transmitting such data;
the authorities competent to collect the data provided for in Chapter VI of Regulation (EU) 2024/1358 when transmitting data to Eurodac for matches that occurred when transmitting such data;
the authorities competent to collect the data provided for in Chapter VIII of Regulation (EU) 2024/1358 when transmitting data to Eurodac for matches that occurred when transmitting such data.’;
in Article 39, paragraph 2 is replaced by the following:
;
in Article 47(3), the following subparagraph is added:
‘Persons whose data are recorded in Eurodac shall be informed about the processing of personal data for the purposes of this Regulation in accordance with paragraph 1 when a new dataset is transmitted to Eurodac in accordance with Articles 15, 18, 20, 22, 23, 24 and 26 of Regulation (EU) 2024/1358.’;
Article 50 is replaced by the following:
‘Article 50
Communication of personal data to third countries, international organisations and private parties
Without prejudice to Article 31 of Regulation (EC) No 767/2008, Articles 25 and 26 of Regulation (EU) 2016/794, Article 41 of Regulation (EU) 2017/2226, Article 65 of Regulation (EU) 2018/1240, Articles 49 and 50 of Regulation (EU) 2024/1358 and the querying of Interpol databases through the ESP in accordance with Article 9(5) of this Regulation which comply with the provisions of Chapter V of Regulation (EU) 2018/1725 and Chapter V of Regulation (EU) 2016/679, personal data stored in, processed or accessed by the interoperability components shall not be transferred or made available to any third country, to any international organisation or to any private party.’.
CHAPTER XIV
Final provisions
Article 55
Costs
Article 56
Committee procedure
Article 57
Reports, monitoring and evaluation
While respecting the provisions of national law on the publication of sensitive information, each Member State and Europol shall prepare reports every two years on the effectiveness of the comparison of biometric data with Eurodac data for law enforcement purposes, containing information and statistics on:
the exact purpose of the comparison, including the type of terrorist offence or other serious criminal offence;
grounds given for substantiated suspicion;
the reasonable grounds given in accordance with Article 33(1), point (a), of this Regulation for not conducting comparisons with other Member States under Decision 2008/615/JHA;
the number of requests for comparison;
the number and type of cases which have ended in successful identifications; and
the need and use made of the exceptional case of urgency, including those cases where that urgency was not accepted by the ex post verification carried out by the verifying authority.
The reports by Member States and Europol referred to in the first subparagraph shall be transmitted to the Commission by 30 June of the subsequent year.
Article 58
Assessment
The Commission shall also assess the expected impact of applying Article 26 of this Regulation in the event that Directive 2001/55/EC is activated, taking into consideration:
the nature of data subject to processing;
the expected impact of providing access to the data listed in Article 26(2) to the designated authorities referred to in Articles 5(1) and 9(1); and
the safeguards provided for in this Regulation.
Article 59
Penalties
Member States shall take the necessary measures to ensure that any processing of data recorded in Eurodac contrary to the purposes of Eurodac as laid down in Article 1 is punishable by penalties, including administrative or criminal penalties, or both, in accordance with national law, that are effective, proportionate and dissuasive.
Article 60
Territorial scope
The provisions of this Regulation shall not be applicable to any territory to which Regulation (EU) 2024/1351 does not apply, with the exception of the provisions related to data collected to assist with the application of Regulation (EU) 2024/1350 under the conditions set out in this Regulation.
Article 61
Notification of designated authorities and verifying authorities
Article 62
Repeal
Regulation (EU) No 603/2013 of the European Parliament and of the Council ( 5 ) is repealed with effect from 12 June 2026.
References to the repealed Regulation shall be construed as references to this Regulation and shall be read in accordance with the correlation table in Annex II.
Article 63
Entry into force and applicability
However, Article 26 shall apply from 12 June 2029.
This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.
ANNEX
Table of correspondences referred to in Article 8
|
Data provided pursuant to Article 17(2) of Regulation (EU) 2018/1240 of the European Parliament and of the Council recorded and stored by ETIAS Central System |
The corresponding data in Eurodac pursuant to Articles 17, 19, 21, 22, 23, 24 and 26 of this Regulation against which the ETIAS data should be checked |
|
surname (family name) |
surname(s) |
|
surname at birth |
name(s) at birth |
|
first name(s) (given name(s)) |
forename(s) |
|
other names (alias(es), artistic name(s), usual name(s)) |
previously used names and any aliases |
|
date of birth |
date of birth |
|
place of birth |
place of birth |
|
sex |
sex |
|
current nationality |
nationality(ies) |
|
other nationalities (if any) |
nationality(ies) |
|
type of the travel document |
type of travel document |
|
number of the travel document |
number of travel document |
|
country of issue of the travel document |
three letter code of the issuing country |
ANNEX II
Correlation table
|
Regulation (EU) No 603/2013 |
This Regulation |
|
Article 1(1) |
Article 1(1), points (a) and (c) |
|
— |
Article 1(1), points (b) and (d) |
|
Article 1(2) |
Article 1(1), point (e) |
|
— |
Article 1(1), points (f) to (j) |
|
Article 1(3) |
Article 1(2) |
|
Article 2(1), introductory wording |
Article 2(1), introductory wording |
|
Article 2(1), points (a) and (b) |
Article 2(1), points (a) and (e) |
|
— |
Article 2(1), points (b), (c) and (d) |
|
— |
Article 2(1), points (f) and (g) |
|
Article 2(1), point (c) |
Article 2(1), point (h) |
|
— |
Article 2(1), point (i) |
|
Article 2(1), point (d) |
Article 2(1), point (j) |
|
Article 2(1), point (e) |
Article 2(1), point (k) |
|
— |
Article 2(1), point (l) |
|
Article 2(1), point (f) |
— |
|
Article 2(1), point (g) |
— |
|
Article 2(1), point (h) |
Article 2(1), point (m) |
|
Article 2(1), point (i) |
Article 2(1), point (n) |
|
Article 2(1), point (j) |
Article 2(1), point (o) |
|
Article 2(1), point (k) |
Article 2(1), point (p) |
|
Article 2(1), point (l) |
Article 2(1), point (q) |
|
— |
Article 2(1), points (r) to (z) |
|
Article 2(2), (3) and (4) |
Article 2(2), (3) and (4) |
|
Article 3(1), introductory wording and points (a) and (b) |
Article 3(1), introductory wording and points (a) and (b) |
|
— |
Article 3(1), point (c) and (d) |
|
— |
Article 3(2) |
|
— |
Article 3(3) |
|
Article 3(2) |
Article 3(4) |
|
Article 3(3) |
Article 3(5) |
|
— |
Article 3(6) |
|
Article 3(4) |
Article 3(7) |
|
Article 3(5) |
Article 13(6) |
|
Article 4(1) |
Article 4(1) |
|
Article 4(2) |
Article 4(3) |
|
Article 4(3) |
Article 4(4) |
|
— |
Article 4(2) |
|
Article 4(4) |
Article 4(5) |
|
Article 5 |
Article 5 |
|
Article 6 |
Article 6 |
|
Article 7 |
Article 7 |
|
— |
Article 8 |
|
— |
Article 9 |
|
— |
Article 10 |
|
— |
Article 11 |
|
Article 8(1) introductory wording |
Article 12(1) introductory wording |
|
— |
Article 12(1), points (a) to (h) |
|
Article 8(1), point (a) |
Article 12(1), point (i) |
|
— |
Article 12(1), point (j) |
|
Article 8(1), point (b) |
Article 12(1), point (k), subpoint (i) |
|
— |
Article 12(1), point (l) |
|
Article 8(1), point (c) |
Article 12(1), point (m), subpoint (i) |
|
Article 8(1), point (d) |
Article 12(1), point (n), subpoint (i) |
|
— |
Article 12(1), points (o) and (p) |
|
Article 8(1), point (e) |
Article 12(1), point (q) |
|
Article 8(1), point (f) |
Article 12(1), point (r) |
|
Article 8(1), point (g) |
Article 12(1), point (s) |
|
Article 8(1), point (h) |
Article 12(1), point (t) |
|
Article 8(1), point (i) |
— |
|
— |
Article 12(1), point (u) |
|
— |
Article 12(1), points (v) and (w) |
|
Article 8(2) |
Article 12(2) |
|
— |
Article 12(3) to (6) |
|
— |
Article 13 |
|
— |
Article 14 |
|
Article 9(1) |
Article 15(1) |
|
Article 9(2) |
Article 15(2) |
|
Article 9(3) |
— |
|
Article 9(4) |
— |
|
Article 9(5) |
— |
|
— |
Article 15(3) |
|
— |
Article 16(1) |
|
Article 10, introductory wording and points (a) to (d) |
Article 16(2), introductory wording and points (a) to (d) |
|
Article 10, point (e) |
Article 16(3) |
|
— |
Article 16(2) and (4) |
|
Article 11, introductory wording |
Article 17(1), introductory wording, and Article 17(2), introductory wording |
|
Article 11, point (a) |
Article 17(1), point (a) |
|
Article 11, point (b) |
Article 17(1), point (g) |
|
Article 11, point (c) |
Article 17(1), point (h) |
|
Article 11, point (d) |
Article 17(1), point (k) |
|
Article 11, point (e) |
Article 17(1), point (l) |
|
Article 11, point (f) |
Article 17(1), point (m) |
|
Article 11, point (g) |
Article 17(1), point (n) |
|
— |
Article 17(1), points (b) to (f), (i) and (j) |
|
Article 11, point (h) |
Article 17(2), points (c) and (d) |
|
Article 11, point (i) |
Article 17(2), point (e) |
|
Article 11, point (j) |
Article 17(2), point (f) |
|
Article 11, point (k) |
Article 17(2), point (a) |
|
— |
Article 17(2), points (b) and (g) to (l) |
|
— |
Article 17(3) and (4) |
|
Article 12 |
— |
|
Article 13 |
— |
|
— |
Article 18 |
|
— |
Article 19 |
|
— |
Article 20 |
|
— |
Article 21 |
|
Article 14(1) |
Article 22(1) |
|
Article 14(2), introductory wording |
Article 22(2), introductory wording |
|
Article 14(2), point (a) |
Article 22(2), point (a) |
|
Article 14(2), point (b) |
Article 22(2), point (g) |
|
Article 14(2), point (c) |
Article 22(2), point (h) |
|
Article 14(2), point (d) |
Article 22(2), point (k) |
|
Article 14(2), point (e) |
Article 22(2), point (l) |
|
Article 14(2), point (f) |
Article 22(2), point (m) |
|
Article 14(2), point (g) |
Article 22(2), point (n) |
|
— |
Article 22(2), points (b) to (f), (i) and (j) |
|
— |
Article 22(3) |
|
Article 14(3) |
Article 22 (4) |
|
Article 14(4) |
Article 22(5) |
|
Article 14(5) |
Article 22(6) |
|
— |
Article 22(7) to (10) |
|
Article 15 |
— |
|
Article 16 |
— |
|
Article 17 |
— |
|
— |
Article 23 |
|
— |
Article 24 |
|
— |
Article 25 |
|
— |
Article 26 |
|
— |
Article 27 |
|
— |
Article 28 |
|
— |
Article 29 |
|
— |
Article 30 |
|
Article 18(1) |
Article 31(1) |
|
Article 18(2) |
Article 31(2) |
|
Article 18(3) |
Article 31(3) |
|
— |
Article 31(4), (5) and (6) |
|
Article 19(1) |
Article 32(1) |
|
Article 19(2) |
Article 32(2) |
|
— |
Article 32(3) |
|
Article 19(3) |
Article 32(4) |
|
Article 19(4) |
Article 32(5) |
|
Article 20(1), introductory wording |
Article 33(1), first subparagraph, introductory wording and point (a), and second subparagraph |
|
Article 20(1), points (a), (b) and (c) |
Article 33(1), first subparagraph, points (a), (b) and (c) |
|
— |
Article 33(2) |
|
Article 20(2) |
Article 33(3) |
|
Article 21(1), introductory wording |
Article 34(1), introductory wording and point (a) |
|
Article 21(1), points (a), (b) and (c) |
Article 34(1), points (b), (c) and (d) |
|
— |
Article 34(2) |
|
Article 21(2) |
Article 34(3) |
|
Article 21(3) |
Article 34(4) |
|
Article 22(1) |
Article 35(1) |
|
Article 22(2) |
Article 35(2) |
|
Article 23(1), introductory wording |
Article 36(1), introductory wording |
|
Article 23(1), points (a) and (b) |
Article 36(1), point (a) |
|
Article 23(1), points (c), (d) and (e) |
Article 36(1), points (b), (c) and (d) |
|
Article 23(2) |
Article 36(2) |
|
Article 23(3) |
Article 36(3) |
|
Article 23(4), points (a), (b) and (c) |
Article 36(4), points (a), (b) and (c) |
|
Article 24 |
Article 37 |
|
Article 25(1) to (5) |
Article 38(1) to (4) and (6) |
|
— |
Article 38(5) |
|
Article 26 |
Article 39 |
|
Article 27(1) to (5) |
Article 40(1), (2), (3), (5) and (6) |
|
— |
Article 40(4) |
|
Article 28(1), (2) and (3) |
Article 41(1), (4) and (5) |
|
— |
Article 41(2) and (3) |
|
Article 29(1), introductory wording and points (a) to (e) |
Article 42(1), points (a), (b), (d), (e) and (g) |
|
— |
Article 42(1), points (c), (f) and (h) |
|
Article 29(2) |
Article 42(2) |
|
Article 29(3) |
Article 42(3) |
|
Article 29(4) to (15) |
— |
|
— |
Article 43(1) |
|
— |
Article 43(2) |
|
— |
Article 43(3) |
|
— |
Article 43(4) |
|
— |
Article 43(5) |
|
— |
Article 43(6) |
|
— |
Article 43(7) |
|
— |
Article 43(8) |
|
Article 30 |
Article 44 |
|
Article 31 |
Article 45 |
|
Article 32 |
Article 46 |
|
Article 33(1) |
— |
|
Article 33(2) |
Article 47(1) |
|
Article 33(3) |
Article 47(2) |
|
Article 33(4) |
Article 47(3) |
|
Article 33(5) |
Article 47(4) |
|
Article 34(1) |
Article 48(1) |
|
Article 34(2), introductory wording and points (a) to (k) |
Article 48(2), introductory wording and points (a) to (d), (f) to (k) and (n) |
|
— |
Article 48(2), points (e), (l) and (m) |
|
Article 34(3) |
Article 48(3) |
|
Article 34(4) |
Article 48(4) |
|
— |
Article 48(5) |
|
Article 35(1) |
Article 49(1) |
|
Article 35(2) |
Article 49(2) |
|
— |
Article 49(3) |
|
— |
Article 49(4) |
|
Article 35(3) |
Article 49(5) |
|
— |
Article 50 |
|
Article 36(1) |
Article 51(1) |
|
Article 36(2), introductory wording and points (a) to (h) |
Article 51(2), introductory wording and points (a) to (h) |
|
— |
Article 51(2), point (i) |
|
Article 36 (3) |
Article 51(3) |
|
Article 37 |
Article 52 |
|
Article 38 |
— |
|
— |
Article 53 |
|
— |
Article 54 |
|
Article 39 |
Article 55 |
|
— |
Article 56 |
|
Article 40(1) |
Article 57(1) |
|
Article 40(2) |
Article 57(2) |
|
Article 40(3) |
Article 57(3) |
|
— |
Article 57(4) |
|
Article 40(4) |
Article 57(5) |
|
Article 40(5) |
Article 57(6) |
|
Article 40(6) |
Article 57(7) |
|
Article 40(7) |
Article 57(8) |
|
Article 40(8) |
Article 57(9) |
|
— |
Article 58 |
|
Article 41 |
Article 59 |
|
Article 42 |
Article 60 |
|
Article 43 |
Article 61 |
|
Article 44 |
— |
|
Article 45 |
Article 62 |
|
Article 46 |
Article 63 |
|
Annex I |
— |
|
Annex II |
— |
|
Annex III |
— |
|
— |
Annex I |
|
— |
Annex II |
( ) Regulation (EU) 2016/399 of the European Parliament and the Council of 9 March 2016 on a Union Code on the rules governing the movement of persons across borders (Schengen Borders Code) (OJ L 077, 23.3.2016, p. 1).
( ) Regulation (EEC, Euratom, ECSC) No 259/68 of the Council of 29 February 1968 laying down the Staff Regulations of Officials and the Conditions of Employment of Other Servants of the European Communities and instituting special measures temporarily applicable to officials of the Commission (OJ L 56, 4.3.1968, p. 1).
( ) Regulation (EC) No 810/2009 of the European Parliament and of the Council of 13 July 2009 establishing a Community Code on Visas (Visa Code) (OJ L 243, 15.9.2009, p. 1).
( ) Regulation (EU) 2024/1356 of the European Parliament and of the Council of 14 May 2024 introducing the screening of third-country nationals at the external borders and amending Regulations (EC) No 767/2008, (EU) 2017/2226, (EU) 2018/1240 and (EU) 2019/817 (OJ L, 2024/1356, 22.5.2024, ELI: http://data.europa.eu/eli/reg/2024/1356/oj).
( *1 ) Regulation (EU) 2024/1358 of the European Parliament and of the Council of 14 May 2024 on the establishment of “Eurodac” for the comparison of biometric data in order to effectively apply Regulations (EU) 2024/1351 and (EU) 2024/1350 of the European Parliament and of the Council and Council Directive 2001/55/EC and to identify illegally staying third-country nationals and stateless persons and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, amending Regulations (EU) 2018/1240 and (EU) 2019/818 of the European Parliament and of the Council and repealing Regulation (EU) No 603/2013 of the European Parliament and of the Council (OJ L, 2024/1358, 22.5.2024, ELI: http://data.europa.eu/eli/reg/2024/1358/oj).’;
( *2 ) Regulation (EU) 2024/1358 of the European Parliament and of the Council of 14 May 2024 on the establishment of “Eurodac” for the comparison of biometric data in order to effectively apply Regulations (EU) 2024/1351 and (EU) 2024/1350 of the European Parliament and of the Council and Council Directive 2001/55/EC and to identify illegally staying third-country nationals and stateless persons and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, amending Regulations (EU) 2018/1240 and (EU) 2019/818 of the European Parliament and of the Council and repealing Regulation (EU) No 603/2013 of the European Parliament and of the Council (OJ L, 2024/1358, 22.5.2024, ELI: http://data.europa.eu/eli/reg/2024/1358/oj);
( *3 ) Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011 (EES Regulation) (OJ L 327, 9.12.2017, p. 20).
( *4 ) Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).’;
( ) Regulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (OJ L 180, 29.6.2013, p. 1).