EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

Document 32019R1026

Commission Implementing Regulation (EU) 2019/1026 of 21 June 2019 on technical arrangements for developing, maintaining and employing electronic systems for the exchange of information and for the storage of such information under the Union Customs Code

C/2019/4467

OJ L 167, 24.6.2019, p. 3–17 (BG, ES, CS, DA, DE, ET, EL, EN, FR, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

Legal status of the document No longer in force, Date of end of validity: 28/03/2021; Repealed by 32021R0414

ELI: http://data.europa.eu/eli/reg_impl/2019/1026/oj

24.6.2019   

EN

Official Journal of the European Union

L 167/3


COMMISSION IMPLEMENTING REGULATION (EU) 2019/1026

of 21 June 2019

on technical arrangements for developing, maintaining and employing electronic systems for the exchange of information and for the storage of such information under the Union Customs Code

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) No 952/2013 of the European Parliament and the Council of 9 October 2013 laying down the Union Customs Code (1), and in particular Articles 8(1)(b) and 17 thereof,

Whereas:

(1)

Article 6(1) of Regulation (EU) No 952/2013 (‘the Code’) requires that all exchanges of information, such as declarations, applications or decisions, between customs authorities and between economic operators and customs authorities, and the storage of that information, as required under the customs legislation, are made by using electronic data-processing techniques.

(2)

Commission Implementing Decision (EU) 2016/578 (2) establishes the Work Programme for the implementation of the electronic systems required for the application of the Code, which are to be developed through projects listed in section II of the Annex to that Decision.

(3)

Important technical arrangements for the functioning of the electronic systems should be specified, such as arrangements for development, testing and deployment as well as for maintenance and for changes to be introduced in the electronic systems. Further arrangements should be specified concerning data protection, updating of data, limitation of data processing and systems ownership and security.

(4)

In order to safeguard the rights and interests of the Union, Member States and economic operators, it is important to lay down the procedural rules and provide for alternative solutions to be implemented in the event of a temporary failure of the electronic systems.

(5)

The Customs Decisions system, developed through the UCC Customs Decisions project referred to in Implementing Decision (EU) 2016/578, pursues the objective of harmonising the processes for the application for a customs decision, for the decision taking and the decision management in the whole of the Union using only electronic data-processing techniques. It is therefore necessary to lay down the rules governing that electronic system. The scope of the system should be determined by reference to the customs decisions which are to be applied for, taken and managed using that system. Detailed rules should be set out for the system's common components (EU trader portal, central customs decisions management system and customer reference services) and national components (national trader portal and national customs decisions management system), by specifying their functions and their interconnections.

(6)

Furthermore, rules have to be put in place concerning the data relating to authorisations that are already stored in existing electronic systems, such as the Regular Shipping Service system (RSS), and national systems and that have to be migrated to the Customs Decisions System.

(7)

The Uniform User Management and Digital Signature system, developed through the Direct Trader Access to the European Information Systems (Uniform User Management & Digital Signature) project referred to in Implementing Decision (EU) 2016/578, is to manage the authentication and access verification process for economic operators and other users. Detailed rules need to be set out regarding the scope and characteristics of the system by defining the different components (common and national components) of the system, their functions and interconnections. However, the ‘Digital Signature’ functionality is not yet available as part of the Uniform User Management and Digital Signature system. No detailed rules could therefore be laid down regarding that functionality in this Regulation.

(8)

The European Binding Tariff Information (EBTI) system, as upgraded through the UCC Binding Tariff Information (BTI) project referred to in Implementing Decision (EU) 2016/578, is aimed at aligning the processes for applying for, taking and managing BTI decisions with the requirements of the Code using only electronic data-processing techniques. It is therefore necessary to lay down rules governing that system. Detailed rules should be laid down for the system's common components (EU trader portal, central EBTI system and BTI usage monitoring) and national components (national trader portal and national BTI system), by specifying their functions and interconnections. Moreover, the project aims to facilitate the monitoring of compulsory BTI usage and the monitoring and management of BTI extended usage.

(9)

The Economic Operator Registration and Identification (EORI) system, as upgraded through the UCC Economic Operator Registration and Identification system (EORI 2) project referred to in Implementing Decision (EU) 2016/578, is aimed at upgrading the existing trans-European EORI system, which enables the registration and identification of economic operators of the Union and of third country economic operators and other persons for the purposes of applying the customs legislation of the Union. It is therefore necessary to lay down rules governing the system by specifying the components (central EORI system and national EORI systems) and the use of the EORI system.

(10)

The Authorised Economic Operator (AEO) system, as upgraded through the UCC Authorised Economic Operator (AEO) project referred to in Implementing Decision (EU) 2016/578, is aimed at improving the business processes relating to AEO applications and authorisations and their management. The system is also aimed at implementing the electronic form to be used for AEO applications and decisions, and providing economic operators with an EU Harmonised Trader Interface (e-AEO Direct Trader Access) through which to submit AEO applications and receive AEO decisions electronically. Detailed rules should be laid down for the system's common components.

(11)

Commission Implementing Regulation (EU) 2017/2089 (3) sets out technical arrangements for developing, maintaining and employing electronic systems for the exchange of information and for the storage of such information under the Code. That Implementing Regulation currently covers the Customs Decisions and the Uniform User Management and Digital Signature systems, which became operational in October 2017. Three other systems (EBTI, EORI and AEO) will soon become operational and, therefore, technical arrangements should also be specified for them. Given the number of changes to Implementing Regulation (EU) 2017/2089 that would be necessary, and for reasons of clarity, that Regulation should be repealed and replaced.

(12)

This Regulation respects the fundamental rights and observes the principles recognised by the Charter of Fundamental Rights of the European Union, and notably the right to protection of personal data. Where for the purposes of the application of the customs legislation of the Union it is necessary to process personal data in the electronic systems, those data must be processed in accordance with Regulations (EU) 2016/679 (4) and (EU) 2018/1725 (5) of the European Parliament and of the Council. The personal data of economic operators and other persons processed by the electronic systems are restricted to the dataset as defined in Annex A, Title I, Chapter 1, Group 3 — Parties and Annex A, Title I, Chapter 2, Group 3 — Parties and Annex 12-01 to Commission Delegated Regulation (EU) 2015/2446 (6).

(13)

The measures provided for in this Implementing Regulation are in accordance with the opinion of the Customs Code Committee,

HAS ADOPTED THIS REGULATION:

CHAPTER I

GENERAL PROVISIONS

Article 1

Scope

This Regulation shall apply to the following electronic systems as developed or upgraded through the following projects referred to in the Annex to Implementing Decision (EU) 2016/578:

(a)

the Customs Decisions system (CDS), as developed through the UCC Customs Decisions project;

(b)

the Uniform User Management and Digital Signature (UUM&DS) system, as developed through the Direct Trader Access to the European Information Systems (Uniform User Management & Digital Signature) project;

(c)

the European Binding Tariff Information (EBTI) system, as upgraded through the UCC Binding Tariff Information (BTI) project;

(d)

the Economic Operator Registration and Identification (EORI) system, as upgraded in line with the requirements of the Code through the EORI2 project;

(e)

the Authorised Economic Operator (AEO) system, as upgraded in line with the requirements of the Code through the Authorised Economic Operator (AEO)project.

Article 2

Definitions

For the purposes of this Regulation, the following definitions shall apply:

(1)

‘common component’ means a component of the electronic systems developed at Union level, which is available to all Member States;

(2)

‘national component’ means a component of the electronic systems developed at national level, which is available in the Member State that created it.

Article 3

Contact points for the electronic systems

The Commission and the Member States shall designate contact points for each of the electronic systems for the purposes of exchanging information to ensure a coordinated development, operation and maintenance of those electronic systems.

They shall communicate the details of those contact points to each other and inform each other immediately of any changes to those details.

CHAPTER II

CUSTOMS DECISIONS SYSTEM

Article 4

Object and structure of the CDS

1.   The CDS shall enable communication between the Commission, Member States, economic operators and other persons for the purposes of submitting and processing applications and decisions referred to in Article 5(1), as well as the management of decisions related to the authorisations, namely, amendments, revocations, annulments and suspensions.

2.   The CDS shall consist of the following common components:

(a)

an EU trader portal;

(b)

a central customs decisions management system (‘central CDMS’);

(c)

customer reference services.

3.   Member States may create the following national components:

(a)

a national trader portal;

(b)

a national customs decisions management system (‘national CDMS’).

Article 5

Use of the CDS

1.   The CDS shall be used for the purposes of submitting and processing applications for the following authorisations, as well as the management of decisions related to the applications or authorisations:

(a)

authorisation for the simplification of the determination of amounts being part of the customs value of the goods, as referred to in Article 73 of the Code;

(b)

authorisation for the provision of a comprehensive guarantee, including possible reduction or waiver, as referred to in Article 95 of the Code;

(c)

authorisation of deferment of the payment of the duty payable, as far as the permission is not granted in relation to a single operation, as referred to in Article 110 of the Code;

(d)

authorisation for the operation of temporary storage facilities, as referred to in Article 148 of the Code;

(e)

authorisation to establish regular shipping services, as referred to in Article 120 of Delegated Regulation (EU) 2015/2446;

(f)

authorisation for the status of authorised issuer, as referred to in Article 128 of Delegated Regulation (EU) 2015/2446;

(g)

authorisation for the regular use of a simplified declaration, as referred to in Article 166(2) of the Code;

(h)

authorisation for centralised clearance, as referred to in Article 179 of the Code;

(i)

authorisation to lodge a customs declaration through an entry of data in the declarant's records, including for the export procedure, as referred to in Article 182 of the Code;

(j)

authorisation for self-assessment, as referred to in Article 185 of the Code;

(k)

authorisation for the status of an authorised weigher of bananas, as referred to in Article 155 of Delegated Regulation (EU) 2015/2446;

(l)

authorisation for the use of the inward processing procedure, as referred to in Article 211(1)(a) of the Code;

(m)

authorisation for the use of the outward processing procedure, as referred to in Article 211(1)(a) of the Code;

(n)

authorisation for the use of the end-use procedure, as referred to in Article 211(1)(a) of the Code;

(o)

authorisation for the use of the temporary admission procedure, as referred to in Article 211(1)(a) of the Code;

(p)

authorisation for the operation of storage facilities for customs warehousing of goods, as referred to in Article 211(1)(b) of the Code;

(q)

authorisation for the status of an authorised consignee for TIR operation, as referred to in Article 230 of the Code;

(r)

authorisation for the status of an authorised consignor for Union transit, as referred to in Article 233(4)(a) of the Code;

(s)

authorisation for the status of an authorised consignee for Union transit, as referred to in Article 233(4)(b) of the Code;

(t)

authorisation to use of seals of a special type, as referred to in Article 233(4)(c) of the Code;

(u)

authorisation to use a transit declaration with a reduced dataset, as referred to in Article 233(4)(d) of the Code;

(v)

authorisation for the use of an electronic transport document as a customs declaration, as referred to in Article 233(4)(e) of the Code.

2.   The common components of the CDS shall be used with respect to applications and authorisations referred to in paragraph 1, as well as the management of decisions related to those applications and authorisations where those authorisations or decisions may have an impact in more than one Member State.

3.   A Member State may decide that the common components of the CDS may be used with respect to applications and authorisations referred to in paragraph 1, as well as the management of decisions related to those applications and authorisations where those authorisations or decisions have an impact only in that Member State.

4.   The CDS shall not be used with respect to applications, authorisations or decisions other than those listed to in paragraph 1.

Article 6

Authentication and access to the CDS

1.   The authentication and access verification of economic operators and other persons for the purposes of access to the common components of the CDS shall be effected using the Uniform User Management and Digital Signatures (UUM&DS) system referred to in Article 14.

For customs representatives to be authenticated and be able to access the common components of the CDS, their empowerment to act in that capacity must be registered in the UUM&DS system or in an identity and access management system set up by a Member State pursuant to Article 18.

2.   The authentication and access verification of Member States' officials for the purposes of access to the common components of the CDS shall be effected using the network services provided by the Commission.

3.   The authentication and access verification of Commission's staff for the purposes of access to the common components of the CDS shall be effected using the UUM&DS system or the network services provided by the Commission.

Article 7

EU trader portal

1.   The EU trader portal shall be an entry point to the CDS for economic operators and other persons.

2.   The EU trader portal shall interoperate with the central CDMS as well as with national CDMS where created by Member States.

3.   The EU trader portal shall be used for applications and authorisations referred to in Article 5(1), as well as the management of decisions related to those applications and authorisations where those authorisations or decisions may have an impact in more than one Member State.

4.   A Member State may decide that the EU trader portal may be used for applications and authorisations referred to in Article 5(1), as well as the management of decisions related to those applications and authorisations where those authorisations or decisions have an impact only in that Member State.

Where a Member State takes a decision to use the EU trader portal for authorisations or decisions that have an impact only in that Member State, it shall inform the Commission thereof.

Article 8

Central CDMS

1.   The central CDMS shall be used by the customs authorities for processing of the applications and authorisations referred to in Article 5(1), as well as the management of decisions related to those applications and authorisations for the purposes of verifying whether the conditions for the acceptance of an application and for taking a decision are fulfilled.

2.   The central CDMS shall interoperate with the EU trader portal, the customer reference services and with the national CDMS, where created by the Member States.

Article 9

Consultation between the customs authorities using the CDS

A customs authority of a Member State shall use the central CDMS when it needs to consult a customs authority of another Member State before taking a decision regarding the applications or authorisations referred to in Article 5(1).

Article 10

Customer reference services

The customer reference services shall be used for the central storage of data relating to the authorisations referred to in Article 5(1), as well as decisions related to those authorisations, and shall enable the consultation, replication and validation of those authorisations by other electronic systems established for the purposes of Article 16 of the Code.

Article 11

National trader portal

1.   The national trader portal, where created, shall be an additional entry point to the CDS for economic operators and other persons.

2.   With respect to applications and authorisations referred to in Article 5(1), as well as the management of decisions related to those applications and authorisations where those authorisations or decisions may have an impact in more than one Member State, economic operators and other persons may choose to use the national trader portal, where created, or the EU trader portal.

3.   The national trader portal shall interoperate with the national CDMS, where created.

4.   Where a Member State creates a national trader portal, it shall inform the Commission thereof.

Article 12

National CDMS

1.   A national CDMS, where created, shall be used by the customs authority of the Member State which created it for processing the applications and authorisations referred to in Article 5(1), as well as the management of decisions related to those applications and authorisations for the purposes of verifying whether the conditions for the acceptance of an application and for taking a decision are fulfilled.

2.   The national CDMS shall interoperate with the central CDMS for the purposes of consultation between the customs authorities as referred to in Article 9.

Article 13

Migration of data relating to authorisations to the CDS

1.   The data relating to authorisations referred to in Article 5(1) where those authorisations were issued as of 1 May 2016 or granted according to Article 346 of Commission Implementing Regulation (EU) 2015/2447 (7) and may have an impact in more than one Member State, shall be migrated and stored in the CDS if such authorisations are valid on the date of migration. The migration shall take place by 1 May 2019 at the latest.

A Member State may decide to apply the first subparagraph also to authorisations referred to in Article 5(1) that have an impact only in that Member State.

2.   The customs authorities shall ensure that the data to be migrated in accordance with paragraph 1 comply with the data requirements laid down in Annex A to Delegated Regulation (EU) 2015/2446 and Annex A to Implementing Regulation (EU) 2015/2447. For that purpose, they may request the necessary information from the holder of the authorisation.

CHAPTER III

UNIFORM USER MANAGEMENT AND DIGITAL SIGNATURE SYSTEM

Article 14

Object and structure of the UUM&DS system

1.   The UUM&DS system shall enable the communication between the Commission and the Member States' identity and access management systems referred to in Article 18 for the purposes of providing secure authorised access to the electronic systems to the Commission's staff, economic operators and other persons.

2.   The UUM&DS system shall consist of the following common components:

(a)

an access management system;

(b)

an administration management system;

3.   A Member State shall create an identity and access management system as a national component of the UUM&DS system.

Article 15

Use of the UUM&DS system

The UUM&DS system shall be used to ensure the authentication and access verification of:

(a)

economic operators and other persons for the purposes of having access to the common components of the CDS, the EBTI system and the AEO system;

(b)

the Commission's staff for the purposes of having access to the common components of the CDS, the EBTI system, the EORI system and AEO system and for the purposes of maintenance and management of the UUM&DS system.

Article 16

Access management system

The Commission shall set up the access management system to validate the access requests submitted by economic operators and other persons within the UUM&DS system by interoperating with the Member States' identity and access management systems referred to in Article 18.

Article 17

Administration management system

The Commission shall set up the administration management system to manage the authentication and authorisation rules for validating the identification data of economic operators and other persons for the purposes of allowing access to the electronic systems.

Article 18

Member States' identity and access management systems

The Member States shall set up an identity and access management system to ensure:

(a)

a secure registration and storage of identification data of economic operators and other persons;

(b)

a secure exchange of signed and encrypted identification data of economic operators and other persons.

CHAPTER IV

EUROPEAN BINDING TARIFF INFORMATION SYSTEM

Article 19

Object and structure of the EBTI system

1.   The EBTI system shall in accordance with Articles 33 and 34 of the Code enable the following:

(a)

communication between the Commission, Member States, economic operators and other persons for the purposes of submitting and processing BTI applications and BTI decisions;

(b)

the management of any subsequent event which may affect the original application or decision;

(c)

the monitoring of the compulsory use of BTI decisions;

(d)

the monitoring and management of the extended use of BTI decisions.

2.   The EBTI system shall consist of the following common components:

(a)

an EU trader portal;

(b)

a central EBTI system;

(c)

capability to monitor the usage of BTI decisions.

3.   Member States may create, as a national component, a national binding tariff information system (‘national BTI system’) together with a national trader portal.

Article 20

Use of the EBTI system

1.   The EBTI system shall be used for the submission, process, exchange and storage of information pertaining to applications and decisions related to BTI or to any subsequent event which may affect the original application or decision as referred to in Article 21(1) of Implementing Regulation (EU) 2015/2447.

2.   The EBTI system shall be used to support the monitoring by the customs authorities of the compliance with the obligations resulting from the BTI in accordance with Article 21(3) of Implementing Regulation (EU) 2015/2447.

3.   The EBTI system shall be used by the Commission to inform the Member States, pursuant to the third subparagraph of Article 22(2) of Implementing Regulation (EU) 2015/2447, as soon as the quantities of goods that may be cleared during a period of extended use have been reached.

Article 21

Authentication and access to the EBTI system

1.   The authentication and access verification of economic operators and other persons for the purposes of access to the common components of the EBTI system shall be effected using the UUM&DS system referred to in Article 14.

For customs representatives to be authenticated and be able to access the common components of the EBTI system, their empowerment to act in that capacity must be registered in the UUM&DS system or in an identity and access management system set up by a Member State pursuant to Article 18.

2.   The authentication and access verification of Member States' officials for the purposes of access to the common components of the EBTI system shall be effected using the network services provided by the Commission.

3.   The authentication and access verification of Commission's staff for the purposes of access to the common components of the EBTI system shall be effected using the UUM&DS system or the network services provided by the Commission.

Article 22

EU trader portal

1.   The EU trader portal shall be an entry point to the EBTI system for economic operators and other persons.

2.   The EU trader portal shall interoperate with the central EBTI system and offer redirection to national trader portals where national BTI systems have been created by Member States.

3.   The EU trader portal shall be used for submitting and exchanging information pertaining to applications and decisions related to BTI or to any subsequent event which may affect the original application or decision.

Article 23

Central EBTI system

1.   The central EBTI system shall be used by the customs authorities to process, exchange and store information pertaining to applications and decisions related to BTI or to any subsequent event which may affect the original application or decision for the purposes of verifying whether the conditions for the acceptance of an application, and for taking a decision, are fulfilled.

2.   The central EBTI system shall be used by the customs authorities for the purposes of Article 16(4), Article 17 and Article 21(2)(b) and (5) of Implementing Regulation (EU) 2015/2447.

3.   The central EBTI system shall interoperate with the EU trader portal, and with the national BTI systems, where created.

Article 24

Consultation between the customs authorities using the central EBTI system

A customs authority of a Member State shall use the central EBTI system for the purposes of consulting a customs authority of another Member State in order to ensure compliance with Article 16(1) of Implementing Regulation (EU) 2015/2447.

Article 25

Monitoring of the usage of BTI decisions

The capability to monitor the usage of BTI decisions shall be used for the purposes of Article 21(3) and of the third subparagraph of Article 22(2) of Implementing Regulation (EU) 2015/2447.

Article 26

National trader portal

1.   Where a Member State has created a national BTI system in accordance with Article 19(3), the national trader portal shall be the main entry point to the national BTI system for economic operators and other persons.

2.   Economic operators and other persons shall use the national trader portal, where created, with respect to applications and decisions related to BTI or to any subsequent event which may affect the original application or decision.

3.   The national trader portal shall interoperate with the national BTI system, where created.

4.   The national trader portal shall facilitate processes equivalent to those facilitated by the EU trader portal.

5.   Where a Member State creates a national trader portal, it shall inform the Commission thereof. The Commission shall ensure that the national trader portal can be accessed directly from the EU trader portal.

Article 27

National BTI system

1.   A national BTI system, where created, shall be used by the customs authority of the Member State which created it to process, exchange and store information pertaining to applications and decisions related to BTI or to any subsequent event which may affect the original application or decision, for the purposes of verifying whether the conditions for the acceptance of an application or for taking a decision are fulfilled.

2.   The customs authority of a Member State shall use its national BTI system for the purposes of Article 16(4), Article 17 and Article 21(2)(b) and (5) of Implementing Regulation (EU) 2015/2447, unless it uses the central EBTI system for those purposes.

3.   The national BTI system shall interoperate with the national trader portal and with the central EBTI system.

CHAPTER V

ECONOMIC OPERATOR REGISTRATION AND IDENTIFICATION SYSTEM

Article 28

Object and structure of the EORI system

The EORI system shall enable a unique registration and identification, at Union level, of economic operators and other persons.

The EORI system shall consist of the following components:

(a)

a central EORI system;

(b)

national EORI systems, where created by the Member States.

Article 29

Use of the EORI system

1.   The EORI system shall be used for the following purposes:

(a)

to receive the data for the registration of economic operators and other persons as referred to in Annex 12-01 to Delegated Regulation (EU) 2015/2446 (‘EORI data’) provided by the Member States;

(b)

to centrally store EORI data pertaining to the registration and identification of economic operators and other persons;

(c)

to make available EORI data to the Member States.

2.   The EORI system shall enable, to the customs authorities, online access to the EORI data stored at central system level.

3.   The EORI system shall interoperate with all the other electronic systems where the EORI number is used.

Article 30

Authentication and access to the central EORI system

1.   The authentication and access verification of Member States' officials for the purposes of access to the common components of the EORI system shall be effected using the network services provided by the Commission.

2.   The authentication and access verification of Commission's staff for the purposes of access to the common components of the EORI system shall be effected using the UUM&DS system or the network services provided by the Commission.

Article 31

Central EORI system

1.   The central EORI system shall be used by the customs authorities for the purposes of Article 7 of Implementing Regulation (EU) 2015/2447.

2.   The central EORI system shall interoperate with the national EORI systems, where created.

Article 32

National EORI system

1.   A national EORI system, where created, shall be used by the customs authority of the Member State which created it to exchange and store EORI data.

2.   A national EORI system shall interoperate with the central EORI system.

CHAPTER VI

AUTHORISED ECONOMIC OPERATOR SYSTEM

Article 33

Object and structure of the AEO system

1.   The AEO system shall enable communication between the Commission, Member States, economic operators and other persons for the purposes of submitting and processing AEO applications and granting of AEO authorisations as well as the management of any subsequent event which may affect the original decision as referred to in Article 30(1) of Implementing Regulation (EU) 2015/2447.

2.   The AEO system shall consist of the following common components:

(a)

an EU trader portal;

(b)

a central AEO system.

3.   Member States may create the following national components:

(a)

a national trader portal;

(b)

a national Authorised Economic Operator system (‘national AEO system’).

Article 34

Use of the AEO system

1.   The AEO system shall be used for the submission, exchange, processing and storage of information pertaining to AEO applications and decisions or to any subsequent event which may affect the original decision as referred to in Article 30(1) and Article 31(1) and (4)of Implementing Regulation (EU) 2015/2447.

2.   Customs authorities shall use the AEO system to fulfil their obligations under Article 31(1) and (4) of Implementing Regulation (EU) 2015/2447 and to keep record of the relevant consultations.

Article 35

Authentication and access to the central AEO system

1.   The authentication and access verification of economic operators and other persons for the purposes of access to the common components of the AEO system shall be effected using the UUM&DS system referred to in Article 14.

For customs representatives to be authenticated and be able to access the common components of the AEO system, their empowerment to act in that capacity must be registered in the UUM&DS system or in an identity and access management system set up by a Member State pursuant to Article 18.

2.   The authentication and access verification of Member States' officials for the purposes of access to the common components of the AEO system shall be effected using the network services provided by the Commission.

3.   The authentication and access verification of Commission's staff for the purposes of access to the common components of the AEO system shall be effected using the UUM&DS system or the network services provided by the Commission.

Article 36

EU trader portal

1.   The EU trader portal shall be an entry point to the AEO system for economic operators and other persons.

2.   The EU trader portal shall interoperate with the central AEO system and offer redirection to the national trader portal, where created.

3.   The EU trader portal shall be used for submitting and exchanging information pertaining to AEO applications and decisions or to any subsequent event which may affect the original decision.

Article 37

Central AEO system

1.   The central AEO system shall be used by the customs authorities to exchange and store information pertaining to AEO applications and decisions or to any subsequent event which may affect the original decision.

2.   The customs authorities shall use the central AEO system for the purposes of Articles 30 and 31 of Implementing Regulation (EU) 2015/2447.

3.   The central AEO system shall interoperate with the EU trader portal and with the national AEO systems, where created.

Article 38

National trader portal

1.   The national trader portal, where created, shall allow the exchange of information pertaining to AEO applications and decisions.

2.   Economic operators shall use the national trader portal, where created, to exchange information with the customs authorities with respect to AEO applications and decisions.

3.   The national trader portal shall interoperate with the national AEO system.

Article 39

National AEO system

1.   A national AEO system, where created, shall be used by the customs authority of the Member State which created it to exchange and store information pertaining to AEO applications and decisions or to any subsequent event which may affect the original decision.

2.   The national AEO system shall interoperate with the national trader portal, where created, and with the central AEO system.

CHAPTER VII

FUNCTIONING OF THE ELECTRONIC SYSTEMS AND TRAINING IN THE USE THEREOF

Article 40

Development, testing, deployment and management of the electronic systems

1.   The common components shall be developed, tested, deployed and managed by the Commission. The national components shall be developed, tested, deployed and managed by the Member States.

2.   The Member States shall ensure that the national components are interoperable with the common components.

Article 41

Maintenance of and changes to the electronic systems

1.   The Commission shall perform the maintenance of the common components and the Member States shall perform the maintenance of their national components.

2.   The Commission and the Member States shall ensure uninterrupted operation of the electronic systems.

3.   The Commission may change the common components of the electronic systems to correct malfunctions, to add new functionalities or alter existing ones.

4.   The Commission shall inform the Member States of changes and updates to the common components.

5.   Member States shall inform the Commission of changes and updates to the national components that may have repercussions on the functioning of the common components.

6.   The Commission and Member States shall make the information on the changes and updates to the electronic systems pursuant to paragraphs 4 and 5 publicly available.

Article 42

Temporary failure of the electronic systems

1.   In case of a temporary failure of the electronic systems as referred to in Article 6(3)(b) of the Code, economic operators and other persons shall submit the information to fulfil the formalities concerned by the means determined by the Member States, including means other than electronic data processing techniques.

2.   The customs authorities shall make sure the information submitted in accordance with paragraph 1 is made available in the respective electronic systems within 7 days of the respective electronic systems becoming available again.

3.   The Commission and the Member States shall inform each other of the unavailability of the electronic systems resulting from a temporary failure.

Article 43

Training support on the use and functioning of the common components

The Commission shall support the Member States on the use and functioning of the common components of the electronic systems by providing the appropriate training material.

CHAPTER VIII

DATA PROTECTION, DATA MANAGEMENT AND THE OWNERSHIP AND SECURITY OF THE ELECTRONIC SYSTEMS

Article 44

Personal data protection

1.   The personal data registered in the electronic systems shall be processed for the purposes of implementing the customs legislation having regard to the specific objectives of each of the electronic systems as set out in Article 4(1), Article 14(1), Article 19(1), Article 28 and Article 33(1) respectively.

2.   In accordance with Article 62 of Regulation (EU) 2018/1725, the national supervisory authorities in the field of personal data protection and the European Data Protection Supervisor shall cooperate to ensure coordinated supervision of the processing of personal data registered in the electronic systems.

Article 45

Updating of data in the electronic systems

Member States shall ensure that the data registered at national level corresponds to the data registered in the common components and is kept up to date.

Article 46

Limitation of data access and data processing

1.   The data registered in the common components of the electronic systems by a Member State may be accessed or processed by that Member State. It may also be accessed and processed by another Member State where the latter is involved in the processing of an application or the management of a decision to which the data relates.

2.   The data registered in the common components of the electronic systems by an economic operator or other person may be accessed or processed by that economic operator or that person. It may also be accessed and processed by a Member State involved in the processing of an application or the management of a decision to which the data relates.

3.   The data registered in the central EBTI system by a Member State may be processed by that Member State. It may also be processed by another Member State where it is involved in the processing of an application to which the data relates, including by way of a consultation in accordance with Article 24. It may be accessed by all Member States in accordance with Article 23(2).

4.   The data registered in the central EBTI system by an economic operator or other person may be accessed or processed by that economic operator or that person. It may be accessed by all Member States in accordance with Article 23(2).

Article 47

System ownership

1.   The Commission shall be the system owner of the common components.

2.   The Member States shall be the system owners of the national components.

Article 48

System security

1.   The Commission shall ensure the security of the common components. The Member States shall ensure the security of the national components.

For those purposes, the Commission and Member States shall take, at least, the necessary measures to:

(a)

prevent any unauthorised person from having access to installations used for the processing of data;

(b)

prevent the entry of data and any consultation, modification or deletion of data by unauthorised persons;

(c)

detect any of the activities referred to in points (a) and (b);

2.   The Commission and the Member States shall inform each other of any activities that might result in a breach or a suspected breach of the security of the electronic systems.

CHAPTER IX

FINAL PROVISIONS

Article 49

Assessment of the electronic systems

The Commission and the Member States shall conduct assessments of the components they are responsible for and shall in particular analyse the security and integrity of the components and the confidentiality of data processed within those components.

The Commission and the Member States shall inform each other of the assessment results.

Article 50

Repeal

Implementing Regulation (EU) 2017/2089 is repealed.

Article 51

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels, 21 June 2019.

For the Commission

The President

Jean-Claude JUNCKER


(1)  OJ L 269, 10.10.2013, p. 1.

(2)  Commission Implementing Decision (EU) 2016/578 of 11 April 2016 establishing the Work Programme relating to the development and deployment of the electronic systems provided for in the Union Customs Code (OJ L 99, 15.4.2016, p. 6).

(3)  Commission Implementing Regulation (EU) 2017/2089 of 14 November 2017 on technical arrangements for developing, maintaining and employing electronic systems for the exchange of information and for the storage of such information under the Union Customs Code (OJ L 297, 15.11.2017, p. 13).

(4)  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ L 119, 4.5.2016, p. 1).

(5)  Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).

(6)  Commission Delegated Regulation (EU) 2015/2446 of 28 July 2015 supplementing Regulation (EU) No 952/2013 of the European Parliament and of the Council as regards detailed rules concerning certain provisions of the Union Customs Code (OJ L 343, 29.12.2015, p. 1).

(7)  Commission Implementing Regulation (EU) 2015/2447 of 24 November 2015 laying down detailed rules for implementing certain provisions of Regulation (EU) No 952/2013 of the European Parliament and of the Council laying down the Union Customs Code (OJ L 343, 29.12.2015, p. 558).


Top