Accept Refuse

EUR-Lex Access to European Union law

This document is an excerpt from the EUR-Lex website

Document 52019PC0003

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL establishing the conditions for accessing the other EU information systems and amending Regulation (EU) 2018/1862 and Regulation (EU) yyyy/xxx [ECRIS-TCN]

COM/2019/3 final

Brussels, 7.1.2019

COM(2019) 3 final

2019/0001(COD)

Proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

establishing the conditions for accessing the other EU information systems and amending Regulation (EU) 2018/1862 and Regulation (EU) yyyy/xxx [ECRIS-TCN]


EXPLANATORY MEMORANDUM

1.    CONTEXT OF THE PROPOSAL

Reasons for and objectives of the proposal

In September 2018, the Council and the European Parliament adopted two legislative acts, a Regulation establishing the European Travel Information and Authorisation System (‘ETIAS’) 1 and an amendment of the Europol Regulation for the purpose of establishing ETIAS 2 .

Establishing ETIAS is among efforts undertaken in recent years at EU level to enhance the security of citizens and prevent irregular migration in an open Europe, securing and continuing to strengthen the management of external borders 3 , 4 . The context and the establishment of the system were announced in the 2016 State of the Union speech. President Juncker said: ‘We will defend our borders […] with strict controls […] on everyone crossing them. Every time someone enters or exits the EU, there will be a record of when, where and why. In November [2016] we will propose a European travel information and authorisation system – an automated system to determine who will be allowed to travel to Europe. That way we will know who is travelling to Europe before they even get here.

ETIAS will fill the information gap on travellers exempt from the requirement of being in possession of a visa when crossing the external borders. ETIAS will determine the eligibility of visa-exempt third-country nationals prior to their travel to the Schengen Area and whether such travel poses a security, irregular migration or high epidemic risk. ETIAS will also give travellers confidence that they would be able to cross the borders smoothly. If needed, ETIAS travel authorisation could be denied by ETIAS National Units.

The assessment of such risks will involve automated processing of personal data provided in the applications for travel authorisation. The ETIAS Regulation establishes that personal data in the applications will be compared with the data present in records, files or alerts registered in EU information systems or databases (the ETIAS Central System, Schengen Information System (‘SIS’), the Visa Information System (‘VIS’), the Entry/Exit System ‘(EES’) or Eurodac), in Europol data or in the Interpol databases (the Interpol Stolen and Lost Travel Document database (‘SLTD’) or the Interpol Travel Documents Associated with Notices database (‘TDAWN’)) 5 .

While the Regulation defines in its Article 20 which group of data from the ETIAS application files can be used to consult the other systems, not all those data are collected or recorded in the same way in the other EU information systems and Europol data. For instance in one of the systems, ‘country of issue of the travel document’ is collected while in another the same data is recorded in another way, e.g. as ‘three letter code of the issuing country of the travel document’. In other instances, a category of data is collected in one system but not in the other. For instance, ‘first names of parents of applicants’ are collected by ETIAS, but not in most of the other systems to be queried by ETIAS.

Also at the time the ETIAS proposal 6 was adopted, the situation as regards the different EU information systems to be queried by ETIAS was different from today. At the time the ETIAS proposal was adopted, two other new EU information technology systems had been proposed to be set up: discussions were ongoing on the EES Regulation 7 while the Commission’s proposal on the European Criminal Records Information System – Third Country Nationals (‘ECRIS-TCN’) 8 was just about to be proposed. As regards existing information systems, the legal texts of the SIS were evolving due to the proposed revisions to the SIS legal framework in December 2016, finally adopted by co-legislators in November 2018 9 . The recast of the Eurodac Regulation 10 had also been proposed by the Commission as part of the reform of the Common European Asylum System, but had not yet been adopted by co-legislators 11 . The recast Eurodac Regulation still remains to be adopted by co-legislators today.

Based on these considerations, the ETIAS Regulation stipulates, in its Article 11(2) that: “The amendments to the legal acts establishing the EU information systems that are necessary for establishing their interoperability with ETIAS as well as the addition of corresponding provisions in this Regulation shall be the subject of a separate legal instrument”.

The present proposal therefore aims to set out the technical amendments necessary to fully set up the ETIAS system by amending the legal acts of the EU information technology systems ETIAS queries. The present proposal also sets out coresponding provisions and amends the ETIAS Regulation accordingly.

First, the present initiative sets out amendments to the Regulation on ECRIS-TCN, on which recently, an ‘agreement in principle’ was found by the co-legislators. Thus, in line with the intention expressed by co-legislators in the ETIAS Regulation 12  it is now possible to include in ETIAS the necessary provisions on the relationship between ETIAS and ECRIS-TCN and to amend ECRIS-TCN accordingly.

Secondly, the present initiative also aims to establish the relations between ETIAS and the SIS. The revised SIS legal framework has been adopted in November 2018. The present proposal includes consequential amendments resulting from the adoption of the new SIS Regulations. In line with the new SIS legal framework it is proposed to include the new alert category on inquiry checks 13 for the assessment of applications. It is not proposed to include the alert category on return decisions as such alerts are erased at the moment a return decision is implemented. This means that persons that apply for an ETIAS authorisation after having left the EU will – by definition – not have a return record in the SIS. Thirdly, the present initiative seeks to amend the EES Regulation to establish technically its relationship with ETIAS.

Fourthly, the initiative also aims at amending the VIS Regulation in order to allow VIS to receive, process and answer ETIAS queries. Although in May 2018, the Commission presented a proposal to amend the VIS Regulation in order to upgrade that database, the present initiative puts forward amendments to the VIS Regulation currently in force, as the negotiations on the proposal for the upgraded VIS are not sufficiently advanced. However, if the proposal to amend the VIS Regulation were to be adopted first, it could become necessary to introduce some technical changes in the present proposal to align it with the amended version of the VIS Regulation. If the present proposal is adopted first, some technical changes could be required in the proposal amending the VIS Regulation before its adoption.

In addition, following the adoption of both the EES Regulation and ETIAS Regulation, it is now required to align the way EES and ETIAS are working together on the way EES and VIS are integrated for the purpose of border control process and registration of border crossings in EES. This will rationalise and simplify the work of border guards through the implementation of a more uniform border control process for all third-country national entering for a short stay.

The present initiative however does not include the amendments related to Eurodac, the EU asylum and irregular migration database, given that discussions have not yet been concluded on the May 2016 legislative proposal to strengthen Eurodac 14 . Furthermore, the data available in the current Eurodac are not sufficient for ETIAS purposes, given that the existing Eurodac only stores biometric data and a reference number, but no other personal data (e.g. name(s), age, date of birth) that would allow for contributing to the objectives of ETIAS. The May 2016 legislative proposal for a recast Eurodac Regulation seeks to extend the purpose of the database to the identification of illegally staying third-country nationals and those who have entered the EU irregularly. In particular, it provides for the storage of personal data such as the name(s), age, date of birth, nationality, and identity documents. These identity data are essential to ensure that Eurodac will be able to contribute to the objectives of ETIAS.

Once the co-legislators reach political agreement on the recast Eurodac Regulation, the recast Eurodac Regulation will need to be supplemented with the necessary amendments to connect Eurodac to ETIAS. Additionally, once the co-legislators adopt the Commission’s legislative proposals 15 for the interoperability of information systems for security, border and migration management, and following political agreement on the proposal for a recast Eurodac Regulation, the Commission will apply the same approach with regards to the necessary amendments to make Eurodac part of the interoperability of information systems.

Finally, in line with the April 2016 Communication on "Smarter Information Systems for borders and security", ETIAS is to be built based on a re-use of hardware and software components developed for the EES 16 . This is also the approach followed by the legislative proposals on the interoperability of information systems 17 . The technical development of the common identity repository and the European search portal as foreseen by the legislative proposals on the interoperability of information systems would be developed on the basis of the EES/ETIAS components.

This proposal therefore presents amendments to the ETIAS Regulation to specify that the ETIAS Central System would build upon the EES Central System’s hardware and software components in order to establish a shared identity repository for the storage of the identity alphanumeric data of both ETIAS applicants and third-country nationals registered in EES. This shared identity repository would be the basis for the implementation of the common identity repository once the co-legislators adopt the legislative proposals on the interoperability of information systems. Moreover, during a transitional period, before the European search portal is available, the automated processing of ETIAS applications would rely on a tool, which would be used as the basis for the development and implementation of the European search portal.

Due to the variable geometry in Member States' participation in EU policies in the area of freedom, security and justice, it is necessary to adopt two separate legal instruments which will nonetheless work seamlessly together to enable the comprehensive operation and use of the system.

Existing provisions in the area of the proposal

ETIAS was established by Regulation (EU) 2018/1240 18 . The Regulation specifies the objectives of ETIAS, defines its technical and organisational architecture, lays down rules concerning the operation and the use of the data to be entered into the system by the applicant and rules on the issue or refusal of the travel authorisations, lays down the purposes for which the data are to be processed, identifies the authorities authorised to access the data and specifies rules to ensure the protection of personal data.

In line with the ETIAS Regulation, this proposal introduces amendments to the legal acts establishing the EU information systems that are necessary for establishing their relation with ETIAS. It also adds corresponding provisions in the ETIAS Regulation itself.

This proposal is without prejudice to Directive 2004/38/EC 19 . The proposal does not in any respect amend Directive 2004/38/EC.

Consistency with other Union policies

This proposal is consistent with the European Agenda on Migration and subsequent communications, including the Communication of 14 September 2016 ‘Enhancing security in a world of mobility: improved information exchange in the fight against terrorism and stronger external borders’, as well as the European Agenda on Security 20 and the Commission’s work and progress reports towards an effective and genuine Security Union 21 .

2.LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY

Legal basis

The legal basis for this proposal is composed of Article 82(1)(d) and Article 87(2)(a) of the Treaty on the Functioning of the European Union (TFEU).

Article 82(1)(d) TFEU allows the European Parliament and the Council to adopt measures to facilitate cooperation between judicial or equivalent authorities of the Member States in relation to proceedings in criminal matters and the enforcement of decisions.

Article 87(2)(a) TFEU allows the European Parliament and the Council to adopt measures concerning the collection, storage, processing, analysis and exchange of information that is relevant to police cooperation in relation to the prevention, detection and investigation of criminal offences.

Those two treaty provisions served as legal basis for the adoption of the Regulation (EU) 2018/1862 establishing the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters. They also serve as legal basis for this proposal to amend that regulation.

Article 82(1)(d) TFEU on judicial cooperation in criminal matters and the enforcement of decisions is also foreseen as legal basis for the proposal on ECRIS-TCN on which a political agreement has been reached between the co-legislators. It is therefore also the legal basis for this proposal to amend the ECRIS-TCN regulation assuming that the latter will be adopted.

Subsidiarity

The Proposal contains amendments of Regulations setting up EU-wide information systems to manage the external borders and the security of an area without controls at internal borders. Such information technology systems can, by their nature, only be set up at EU level, and not by the Member States acting alone.

Proportionality

This proposal elaborates further on principles already established by the legislator in the ETIAS Regulation.

This becomes apparent from the following elements.

The specifications as regards exchanges of data between ETIAS and each of the other EU information systems are in line with the exchanges of data provided by Articles 20 and 23 of the ETIAS Regulation.

The granting of access rights to identity data in the EU information systems (EES, VIS, SIS, ECRIS-TCN) by the ETIAS Central Unit falls within the scope of responsibilities assigned to the ETIAS Central Unit pursuant to Articles 7, 22 and 75 of the ETIAS Regulation.

The granting of access rights to the other EU information systems for the manual processing of application by the ETIAS National Units falls within the scope of responsibilities assigned to the ETIAS National Units pursuant to Article 8 and Chapter IV of the ETIAS Regulation.

Including in this proposal the inclusion of alerts concerning an inquiry check are coherent with the provisions on the support of objectives of SIS in Article 23 ETIAS Regulation.

This proposal is proportionate in that it does not go further than what is required in terms of action at EU level to reach the objectives.

Choice of the instrument

A regulation of the European Parliament and the Council is proposed. The proposed legislation addresses the operation of central EU information systems for borders and security, all of which have been - or are proposed to be - established under regulations. As a consequence, only a regulation can be chosen as a legal instrument.

3.RESULTS OF EX-POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS

Stakeholder consultations

The ETIAS proposal was developed on the basis of a feasibility study. As part of this study, the Commission collected the views of Member State experts on border control and security. In addition, the main elements of the ETIAS proposal were discussed in the framework of the High-Level Expert Group on Interoperability that was set up as a follow-up of the Communication on Stronger and Smarter Borders of 6 April 2016. Consultation took also place with representatives of the air, sea and rail carriers, as well as with representatives of EU Member States with external land borders. As part of the feasibility study, a consultation of the Fundamental Rights Agency was also undertaken.

This proposal only introduces limited technical changes, mirroring provisions that are already established in the ETIAS Regulation. These limited technical adjustments do not justify having separate stakeholder consultations.

Impact assessment

This proposal is not supported by an impact assessment. The proposal is coherent with the ETIAS Regulation, the proposal of which was based on the results of the feasibility study conducted from June until October 2016.

As this proposal does not contains new political elements but merely introduces limited technical changes, mirroring provisions that are already established in the ETIAS Regulation, a impact assessment is not necessary.

Fundamental rights

As compared to the ETIAS Regulation, this proposal only specifies in more details which data is to be compared to which data in the other EU information systems and provides with the necessary amendments as regards granting access rights to those other systems to ETIAS Central and National Units. Therefore, this proposal complies with the Charter of Fundamental Rights of the European Union, in particular as regards the right to the protection of personal data, and is also in line with Article 16 TFEU which guarantees everyone the right to protection of personal data concerning them.

4.BUDGETARY IMPLICATIONS

The proposal does not have budgetary implications.

5.OTHER ELEMENTS

Participation

To the extent that it aims to amend the Regulation establishing the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, this proposal builds upon the provisions of the Schengen acquis related to police cooperation and judicial cooperation in criminal matters, with consequences with regard to the application of protocols (No 19) and (No 22) to the TEU and the TFEU as well as of the agreements with associated countries.

To the extent that it aims to amend the proposed Regulation establishing a centralised system for the identification of Member States holding conviction information on third country nationals and stateless persons (ECRIS-TCN), there are consequences with regard to the application of protocols (No 21) and (No 22); there are no agreements with associated countries on this subject matter.

The consequences are as follows, presented per country.

Denmark: As far as the SIS (police cooperation) is concerned, according to Article 4 of Protocol 22 on the position of Denmark annexed to the Treaties, Denmark shall decide, within a period of six months after the Council has decided on this Regulation, whether it will implement this proposal, which builds upon the Schengen acquis, in its national law. As far as ECRIS-TCN is concerned, this proposal does not apply to Denmark, in view of Article 1 of Protocol 22.

The United Kingdom: As far as the SIS (police cooperation) is concerned, in accordance with Article 5 of Protocol (No 19) and Article 8(2) of Council Decision 2000/365/EC of 29 May 2000, concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis, the United Kingdom is bound by this Regulation. As far as ECRIS-TCN is concerned, Article 3 and 4a of Protocol (No 21) give the United Kingdom the faculty to opt into the measure proposed.

Ireland: As far as the SIS (police cooperation) is concerned, in accordance with Article 5 of Protocol (No 19) and Article 6(2) of Council Decision 2002/192/EC of 28 February 2002 concerning Ireland's request to take part in some of Ireland is bound by this measure. As far as ECRIS-TCN is concerned, Article 3 and 4a of Protocol (No 21) give Ireland the faculty to opt into the proposed measure; this would require that Ireland opt into the ECRIS-TCN regulation which is proposed to amend as well as into the entire ECRIS acquis.

Bulgaria and Romania: As far as the SIS (police cooperation) is concerned, this proposed Regulation constitutes an act building upon, or otherwise relating to, the Schengen acquis, within the meaning of Article 4(2) of the 2005 Act of Accession. This proposed regulation has to be read in conjunction with Council Decision 2010/365/EU of 29 June 2010 which rendered applicable, subject to some restrictions, the provisions of the Schengen acquis related to the Schengen Information System in Bulgaria and Romania. As far as ECRIS-TCN is concerned, Bulgaria and Romania are not different from other Member States.

Cyprus and Croatia: As far as the SIS (police cooperation) is concerned, this proposed regulation constitutes an act building upon, or otherwise relating to, the Schengen acquis within, respectively, the meaning of Article 3(2) of the 2003 Act of Accession and Article 4(2) of the 2011 Act of Accession. With regard to Croatia, it should be read in conjunction with Council Decision (EU) 2017/733 of 25 April 2017 on the application of the provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Croatia 22 . As far as ECRIS-TCN is concerned, Cyprus and Croatia are not different from other Member States.

Associated Countries: On the basis of the respective agreements associating those countries with the implementation, application and development of the Schengen acquis, Iceland, Norway, Switzerland and Liechtenstein are to be bound by the Regulation proposed to the extent that it concerns the SIS (police cooperation) Regulation.

2019/0001 (COD)

Proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

establishing the conditions for accessing the other EU information systems and amending Regulation (EU) 2018/1862 and Regulation (EU) yyyy/xxx [ECRIS-TCN]

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 82(1)(d) and Article 87(2)(a) thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Economic and Social Committee 23 ,

Having regard to the opinion of the Committee of the Regions 24 ,

Acting in accordance with the ordinary legislative procedure,

Whereas:

(1)Regulation (EU) 2018/1240 of the European Parliament and of the Council 25 established the European Travel Information and Authorisation System (‘ETIAS’) for third-country nationals exempt from the requirement to be in possession of a visa when crossing the external borders. It laid down the conditions and procedures to issue or refuse a travel authorisation.

(2)ETIAS enables consideration of whether the presence of those third-country nationals in the territory of the Member States would pose a security, illegal immigration or high epidemic risk.

(3)In order to enable the verification referred to in Article 20 of Regulation (EU) 2018/1240, it is necessary to establish the interoperability referred to in Article 11 of that Regulation. Without this interoperability, ETIAS is unable to start its operations.

(4)This Regulation lays down how this interoperability and the conditions for the consultation of data stored in other EU information systems and Europol data by the ETIAS automated process for the purposes of identifying hits are to be implemented. As a result, it is necessary to amend Regulations of the European Parliament and of the Council (EU) 2018/1862 (SIS Police) 26 and (EU) yyyy/xxxx (ECRIS-TCN) 27 in order to connect the ETIAS Central System to the other EU information systems and to Europol data and to specify the data that will be sent to and from those EU information systems and Europol data.

(5)In accordance with Article 96 of Regulation (EU) 2018/1240, when the recast of Regulation (EU) No 603/2013 28 of the European Parliament and of the Council will be adopted, the necessary consequential amendments will be adopted.

(6)For efficiency reasons and in order to decrease costs, ETIAS should, as provided for in Article 6(3) of Regulation (EU) 2018/1240, re-use hardware and software components developed for the Entry/Exit System (‘EES’) for the development of the shared identity repository. This repository used for the storage of the identity alphanumeric data of both ETIAS applicants and third-country nationals registered in the EES, should be developed in a way enabling its extension to become the future Common Identity Repository. In the same spirit, the tool to be established to enable ETIAS to compare its data with the ones of every other system consulted through a single query should be developed in a way enabling its evolution to become the future European Search Portal.

(7)Technical modalities should be defined to enable ETIAS to regularly and automatically verify in other systems whether the conditions for the retention of application files, as laid down in Regulation (EU) 2018/1240, are still fulfilled.

(8)It is necessary, for the purposes of ensuring the full attainment of ETIAS objectives, as well as to further the Schengen Information System (‘SIS’) objectives, to include in the scope of the automated verifications a new alert category introduced by the recent revision of SIS, namely the alert on persons subject to inquiry checks.

(9)ETIAS travel authorisation may be revoked following the registration in SIS of new alerts on refusal of entry and stay, or concerning a travel document reported as lost, stolen, misappropriated or invalidated. In order for ETIAS Central System to be automatically informed by SIS of such new alerts, an automated process should be established between SIS and ETIAS.

(10)In accordance with Regulation (EU) 2018/xxxx of the European Parliament and of the Council 29 [ECRIS-TCN]] and in line with the intention expressed in Regulation (EU) 2018/1240, ETIAS should be able to verify if correspondences exist between data in the ETIAS application files and the European Criminal Records Information System – Third Country Nationals (‘ECRIS-TCN’) data in the Common Identity Repository (‘CIR’) as regards which Member States hold conviction information on third-country nationals and stateless persons for a terrorist offence or other serious criminal offence.

(11)The conditions under which the ETIAS Central Unit and ETIAS National Units may consult data stored in other EU information systems for the purposes of ETIAS should be safeguarded by clear and precise rules regarding the access by the ETIAS Central Unit and ETIAS National Units to the data stored in other EU information systems, the type of queries and categories of data, all of which should be limited to what is strictly necessary for the performance of their duties. In the same vein, the data stored in the ETIAS application file should only be visible to those Member States that are operating the underlying information systems in accordance with the modalities of their participation.

(12)According to Article 73 of Regulation (EU) 2018/1240, the European agency for the operational management of large-scale information systems in the area of freedom, security and justice ('eu-LISA'), established by Regulation (EU) 2018/1726 of the European Parliament and of the Council 30 , should be responsible for the design and development phase of the ETIAS Information System.

(13)This Regulation is without prejudice to Directive 2004/38/EC 31 .

(14)Insofar as its provisions relate to SIS as governed by Regulation (EU) 2018/1862, Denmark shall, in accordance with Article 4 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, decide, within a period of six months after the Council has decided on this Regulation, whether it will implement this proposal, which builds upon the Schengen acquis, in its national law. Insofar as its provisions relate to ECRIS-TCN, Denmark is, in accordance with Articles 1 and 2 of Protocol No 22, not taking part in the adoption of this Regulation and is not bound by it or subject to its application.

(15)Insofar as its provisions relate to SIS as governed by Regulation (EU) 2018/1862, the United Kingdom is bound by this Regulation in accordance with Article 5 of the Protocol on the Schengen acquis integrated into the framework of the European Union annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union and Article 8(2) of Council Decision 2000/365/EC of 29 May 2000, concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis 32 . Insofar as its provisions relate to ECRIS-TCN, the United Kingdom may notify the President of the Council its wish to take part in the adoption and application of this Regulation, in accordance with Article 3 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the TEU and to the TFEU.

(16)Insofar as its provisions relate to SIS as governed by Regulation (EU) 2018/1862, Ireland is bound by this Regulation in accordance with Article 5 of the Protocol on the Schengen acquis integrated into the framework of the European Union annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union and Article 6(2) of Council Decision 2002/192/EC of 28 February 2002 concerning Ireland's request to take part in some of the provisions of the Schengen acquis 33 . Insofar as its provisions relate to ECRIS-TCN, Ireland may notify the President of the Council its wish to take part in the adoption and application of this Regulation, in accordance with Article 3 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the TEU and to the TFEU.

(17)Insofar as its provisions relate to SIS as governed by Regulation (EU) 2018/1862, this Regulation constitutes an act building upon, or otherwise relating to, the Schengen acquis, within the meaning of Article 4(2) of the 2005 Act of Accession. In that respect, the Regulation has to be read in conjunction with Council Decisions 2010/365/EU 34 and 2018/934 35 , which rendered applicable, subject to some restrictions, the provisions of the Schengen acquis related to the Schengen Information System in Bulgaria and Romania.

(18)With regard to Cyprus and Croatia, insofar as its provisions relate to SIS as governed by Regulation (EU) 2018/1862, this Regulation constitutes an act building upon, or otherwise relating to, the Schengen acquis within, respectively, the meaning of Article 3(2) of the 2003 Act of Accession and Article 4(2) of the 2011 Act of Accession. With respect to Croatia, the Regulation has to be read in conjunction with Council Decision (EU) 2017/733 36 , which rendered applicable, subject to some restrictions, the provisions of the Schengen acquis related to the Schengen Information System in Croatia.

(19)As regards Iceland and Norway, this Regulation constitutes, insofar as its provisions relate to SIS as governed by Regulation (EU) 2018/1862, a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latters' association with the implementation, application and development of the Schengen acquis 37 which fall within the area referred to in Article 1, point (G) of Council Decision 1999/437/EC 38 .

(20)As regards Switzerland, this Regulation constitutes, insofar as its provisions relate to SIS as governed by Regulation (EU) 2018/1862, a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis 39 , which fall within the area referred to in Article 1, point (G), of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/146/EC 40 .

(21)As regards Liechtenstein, this Regulation constitutes, insofar as its provisions relate to SIS as governed by Regulation (EU) 2018/1862, a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis 41 which fall within the area referred to in Article 1, point (G), of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU 42 .

(22)Regulations of the European Parliament and of the Council (EU) 2018/1862 (SIS Police) and (EU) yyyy/xxx [ECRIS-TCN] should therefore be amended.

(23)The European Data Protection Supervisor was consulted, in accordance with Article 41(2) of Regulation (EU) 2018/1725 of the European Parliament and the Council 43 ,

HAVE ADOPTED THIS REGULATION:

Article 1

Amendments to Regulation (EU) 2018/1862 [SIS Police]

(1)in Chapter III, the following article is added:

“Article 18a
Keeping of logs for the purpose of the interoperability with ETIAS

Logs of each data processing operation carried out within SIS and ETIAS pursuant to Article 50a and 50b shall be kept in accordance with Article 18 of this Regulation and Article 69 of Regulation (EU) No 2018/1240 of the European Parliament and of the Council*.

_____________

* Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).”;

(2)In Article 44(1), the following point is added:

“(f) manual processing of ETIAS applications by the ETIAS National Unit, pursuant to Article 8 of Regulation (EU) 2018/1240.”;

(3)the following articles are inserted:

“Article 50a
Access to SIS data by the ETIAS Central Unit

1.The ETIAS Central Unit, established within the European Border and Coast Guard Agency in accordance with Article 7 of Regulation (EU) 2018/1240, shall have, for the purpose of performing its tasks conferred on it by Regulation (EU) 2018/1240, the right to access and search relevant data entered in SIS. Article 50(4) to (8) of this Regulation shall apply to this access and search.

2.Where a verification by the ETIAS Central Unit confirms the correspondence of the data recorded in the ETIAS application files to an alert in SIS, Articles 23, 24 and 26 of Regulation (EU) 2018/1240 shall apply.

Article 50b
Interoperability with ETIAS in the meaning of Article 11 of Regulation (EU) 2018/1240

1.From the start of operations of ETIAS, as provided for in Article 88(1) of Regulation (EU) 2018/1240, the Central System of SIS shall be connected to the tool referred to in Article 11 of Regulation (EU) 2018/1240 to enable the automated processing referred to in that Article.

2.The automated processing referred to in Article 11 of Regulation (EU) 2018/1240 shall enable the verifications provided for in Articles 20, 23, Article 24(6)(c)(ii), Article 41 and Article 54(1)(b) and the subsequent verifications provided for in Articles 22, 23 and 26 of that Regulation.

3.For the purpose of verifications referred to in Article 20(2)(a), (d) and (m)(i) and Article 23 of Regulation (EU) 2018/1240, the ETIAS Central System shall use the tool referred to in Article 11 of that Regulation to compare the data referred to in Article 11(5) Regulation 2018/1240 to data in SIS, in accordance with Article 11(8) of that Regulation.

4.Where a search by ETIAS reports one or several hits pursuant to Article 23(1) of Regulation (EU) 2018/1240, the ETIAS Central System shall send an automated notification to the SIRENE Bureau of the Member State that entered the alert in accordance with Article 23(2) and (3) of that Regulation.

Where a new alert referred to in Article 41(3) of Regulation (EU) 2018/1240 is entered in SIS on travel documents, reported stolen, misappropriated, lost or invalidated, SIS shall transmit the information on this alert, using the automated processing and the tool referred to in Article 11 of that Regulation to the ETIAS Central System in order to verify whether this new alert corresponds to an existing travel authorisation.”.

Article 2

Amendments to Regulation (EU) yyyy/xxxx [ECRIS-TCN]

Regulation yyyy/xxxx (ECRIS-TCN Regulation) is amended as follows 44 45 :

(1)in Article 1, the following point is added:

“(d)    the conditions under which data included in the ECRIS-TCN system may be used for the purpose of border management in accordance with Regulation (EU) 2018/1240 of the European Parliament and of the Council*.

_____________

* Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1)”;

(2)Article 2 is replaced by the following:

“Article 2
Scope

This Regulation applies to the processing of identity information of third country nationals who have been subject to convictions in the Member States for the purpose of identifying the Member State(s) where such convictions were handed down, as well as for the purposes of border management [and contributing to facilitating and assisting in the correct identification of persons].

With the exception of point (ii) of Article 5(1)(b), the provisions of this Regulation that apply to third country nationals also apply to citizens of the Union who also hold a nationality of a third country and who have been subject to convictions in the Member States.”;

(3)Article 3 is amended as follows:

(a)point (f) is replaced by the following:

“(f)'competent authorities' means the central authorities and the Union bodies (Eurojust, Europol, the European Public Prosecutor's Office, the ETIAS Central Unit established within the European Border and Coast Guard Agency) competent to access or query the ECRIS-TCN system in accordance with this Regulation;”;

(b)the following points are added:

“(t) ‘terrorist offence' means an offence which corresponds or is equivalent to one of the offences referred to in Directive (EU) 2017/541 of the European Parliament and of the Council*;

(u)'serious criminal offence' means an offence which corresponds or is equivalent to one of the offences referred to in Article 2(2) of Council Framework Decision 2002/584/JHA**, if it is punishable under national law by a custodial sentence or a detention order for a maximum period of at least three years.

_____________

* Directive (EU) 2017/541 of the European Parliament and of the Council of 15 March 2017 on combating terrorism and replacing Council Framework Decision 2002/475/JHA and amending Council Decision 2005/671/JHA (OJ L 88, 31.3.2017, p. 6)

** Council Framework Decision 2002/584/JHA of 13 June 2002 on the European arrest warrant and the surrender procedures between Member States (OJ L 190, 18.7.2002, p.1)”;

(4)Article 5 is amended as follows:

(a)in paragraph 1, the following point is added:

“(c)where applicable, a flag indicating that the person concerned has been convicted for a terrorist offence or other serious criminal offence, and in those cases the code of the convicting Member State(s).”;

(b)Paragraph 1a is replaced by the following:

"1a.[The CIR shall contain the data referred to in points (b) and (c) of paragraph 1 and in paragraph 2, as well as the following data referred to in point (a) of paragraph 1: surname (family name); first name(s) (given name(s)); date of birth; place of birth (town and country); nationality or nationalities; gender; the type and number of the person's travel document(s), as well as the name of the issuing authority thereof; and where applicable previous names, pseudonyms(s) and/or alias name(s), as well as, in the cases referred to in point (c) of paragraph 1, the code of the convicting Member State. The remaining ECRIS-TCN data shall be stored in the ECRIS-TCN Central System.]”;

(5)in Article 7, paragraph 5 is replaced by the following:

“5.In the event of a hit, the Central System [or the CIR] shall automatically provide the competent authority with information on the Member State(s) holding criminal record information on the third country national, along with the associated reference number(s) referred to in Article 5(1) and any corresponding identity information. Such identity information shall only be used for the purpose of verification of the identity of the third country national concerned. The result of a search in the Central System may only be used for the purpose of making a request according to Article 6 of Framework Decision 2009/315/JHA, a request referred to in Article 16(4) of this Regulation, or for the purposes of border management [and facilitating and assisting in the correct identification of persons registered in the ECRIS-TCN system].”;

(6)in Chapter II, the following article is added:

“Article 7a
Use of the ECRIS-TCN system for ETIAS verifications

1.The ETIAS Central Unit, established within the European Border and Coast Guard Agency in accordance with Article 7 of Regulation (EU) 2018/1240, shall have, for the purpose of performing its tasks conferred on it by Regulation (EU) 2018/1240, the right to access and search ECRIS-TCN data in the [CIR]. However, it shall only have access to data records to which a flag has been added in accordance with Article 5(1)(c) of this Regulation.

2.The [CIR] shall be connected to the tool referred to in Article 11 of Regulation (EU) 2018/1240 to enable the automated processing referred to in that Article.

3.Without prejudice to Article 24 of Regulation (EU) 2018/1240, the automated processing referred to in Article 11 of Regulation (EU) 2018/1240 shall enable the verifications provided for in Article 20 and the subsequent verifications of Articles 22 and 26 of that Regulation.

For the purpose of proceeding to the verifications of Article 20(2)(n) of Regulation (EU) 2018/1240, the ETIAS Central System shall use the tool referred to in Article 11 of Regulation (EU) 2018/1240 to compare the data in ETIAS with the data flagged in ECRIS-TCN [in the CIR], pursuant to Article 5(1)(c) of this Regulation and in accordance with Article 11(8) of Regulation 2018/1240, and using the correspondences listed in the table in Annex II.”;

(7)in Article 8, paragraph 2 is replaced by the following:

“2. Upon expiry of the retention period referred to in paragraph 1, the central authority of the convicting Member State shall erase the data record, including any fingerprints, facial images or flags as referred to in Article 5(1)(c), from the Central System [and the CIR]. In those cases where the data related to a conviction for a terrorist offence or other form of serious crime as referred to in Article 5(1)(c) are deleted from the national criminal record, but information on other convictions of the same person is retained, only the flag referred to in Article 5(1)(c) shall be removed from the data record. This erasure shall take place automatically, where possible, and in any event no later than one month after the expiry of the retention period.”;

(8)in Article 22, paragraph 1 is replaced by the following:

“ 1. The data included in the Central System [and the CIR] shall only be processed for the purpose of the identification of the Member State(s) holding the criminal records information of third country nationals, as well as for the purposes of border management [as well as for facilitating and assisting in the correct identification of persons registered in the ECRIS-TCN system].”;

(9)in Article 30(4), the second subparagraph is replaced by the following:

"Every month eu-LISA shall submit to the Commission statistics without allowing for individual identification relating to the recording, storage and exchange of information extracted from criminal records through the ECRIS-TCN system and the ECRIS Reference implementation, including on the data records which include a flag in accordance with Article 5(1)(c)."

(10)the following article is inserted:

“Article 29a
Keeping of logs for the purpose of ETIAS

For the consultations listed in Article 7a of this Regulation, a log of each ECRIS-TCN data processing operation carried out within [the CIR] and ETIAS shall be kept in accordance with Article 69 of Regulation (EU) No 2018/1240.”;

(11)the following annex is added:

“Annex II

Table of correspondences referred to in Article 7a

Data of Article 17(2) of Regulation 2018/1240 sent by ETIAS Central System

The ECRIS-TCN corresponding data of Article 5(1) of this Regulation in [the CIR] against which the ETIAS data should be checked

surname (family name)

surname (family name)

surname at birth

previous name(s)

first name(s) (given name(s))

first name(s) (given name(s))

other names (alias(es), artistic name(s), usual name(s))

pseudonym and/or alias name(s)

date of birth

date of birth

place of birth

place of birth (town and country)

country of birth

place of birth (town and country)

sex

gender

current nationality

nationality or nationalities

other nationalities (if any)

nationality or nationalities

type of the travel document

type of the person’s identification documents

number of the travel document

number of the person’s identification documents

country of issue of the travel document

name of the issuing authority

”]

Article 3

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

It shall apply from the date determined in accordance with the second paragraph of Article 96 of Regulation (EU) 2018/1240.

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.

Done at Brussels,

For the European Parliament    For the Council

The President    The President

(1)    Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).
(2)    Regulation (EU) 2018/1241 of the European Parliament and of the Council of 12 September 2018 amending Regulation (EU) 2016/794 for the purpose of establishing a European Travel Information and Authorisation System (ETIAS (OJ L 236, 19.9.2018, p. 72).
(3)    COM(2016) 602 final.
(4)    COM(2016) 205 final.
(5)    Article 20(2) and Article 23(1) of Regulation (EU) 2018/1240 referred to in footnote (1).
(6)    COM(2016) 731 final.
(7)    Regulation (EU) 2017/2226 establishing an Entry/Exit System (EES) of 9 December 2017, OJ L 327, p. 20.
(8)    COM(2017) 344 final.
(9)    COM(2016) 883 final, COM(2016) 882 final, COM(2016) 881 final.
(10)    Regulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (OJ L 180, 29.6.2013, p. 1).
(11)    The ETIAS Regulation has maintained references to Eurodac which were part of the Commission ETIAS proposal, while specifying, in Article 97 of the ETIAS Regulation (EU) 2018/1240, that provisions relating to the consultation of Eurodac will only apply once the recast of Eurodac will apply.
(12)    Recital (58) of Regulation (EU) 2018/1240 referred to in footnote (1).
(13)    Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU.
(14)    COM(2016) 272 final.
(15)    COM(2018) 478 final and COM(2018) 480 final.
(16)    Regulation (EU) 2226/2017 establishing an Entry/Exit System (EES) of 9 December 2017, OJ L 327, p. 20.
(17)    COM(2018) 478 final and COM(2018) 480 final.
(18)    See footnote (1).
(19)    Directive 2004/38/EC of the European Parliament and of the Council of 29 April 2004 on the right of citizens of the Union and their family members to move and reside freely within the territory of the Member States amending Regulation (EEC) No 1612/68 and repealing Directives 64/221/EEC, 68/360/EEC, 72/194/EEC, 73/148/EEC, 75/34/EEC, 75/35/EEC, 90/364/EEC, 90/365/EEC and 93/96/EEC (OJ L 158, 30.4.2004, p. 77).
(20)    COM(2015) 185 final.
(21)    COM(2018) 470 final.
(22)    OJ L 108, 26.4.2017, p. 31.
(23)    OJ C , , p. .
(24)    OJ C , , p. .
(25)    Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).
(26)    Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU (OJ L 312, 7.12.2018, p. 56).
(27)    Regulation (EU) YYYY/xxx of the European Parliament and of the Council… (OJ L , , p. ).
(28)    Regulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (OJ L 180, 29.6.2013, p. 1).
(29)    [Regulation (EU) yyyy/xx of the European Parliament and of the Council ….(OJ L , , p. )]
(30)    Regulation (EU) 2018/1726 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), and amending Regulation (EC) No 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) No 1077/2011 (OJ L 295, 21.11.2018, p. 99).
(31)    OJ L 158, 30.4.2004, p. 77.
(32)    OJ L 131, 1. 6. 2000, p. 43.
(33)    OJ L 64, 7. 3. 2002, p. 20.
(34)    Council Decision 2010/365/EU of 29 June 2010 on the application of the provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Bulgaria and Romania (OJ L 166, 1.7.2010, p. 17).
(35)    Council Decision (EU) 2018/934 of 25 June 2018 on the putting into effect of the remaining provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Bulgaria and Romania (OJ L 165, 2.7.2018, p. 37).
(36)    Council Decision (EU) 2017/733 of 25 April 2017 on the application of the provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Croatia (OJ L 108, 26.4.2017, p. 31).
(37)     OJ L 176, 10.7.1999, p. 36 .
(38)    Council Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis (OJ L 176, 10.7.1999, p. 31).
(39)    OJ L 53, 27.2.2008, p. 52.
(40)    Council Decision 2008/146/EC of 28 January 2008 on the conclusion, on behalf of the European Community, of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis ( OJ L 53, 27.2.2008, p. 1 ).
(41)     OJ L 160, 18.6.2011, p. 21 .
(42)    Council Decision 2011/350/EU of 7 March 2011 on the conclusion, on behalf of the European Union, of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis, relating to the abolition of checks at internal borders and movement of persons (OJ L 160, 18.6.2011, p. 19).
(43)    Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).
(44)    These amendments take into account the Commission Proposal, COM(2017) 344 final.
(45)    The numeration takes into account the amendment on this Regulation made by the Proposal for a Regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (police and judicial cooperation, asylum and migration), COM(2018) 480 final.
Top