criminal offences committed in order to procure the means of perpetrating acts in respect of which Europol is competent;

criminal offences committed in order to facilitate or perpetrate acts in respect of which Europol is competent;

criminal offences committed in order to ensure the impunity of those committing acts in respect of which Europol is competent.

collect, store, process, analyse and exchange information, including criminal intelligence;

notify the Member States, via the national units established or designated pursuant to Article 7(2), without delay of any information and connections between criminal offences concerning them;

coordinate, organise and implement investigative and operational actions to support and strengthen actions by the competent authorities of the Member States, that are carried out:

participate in joint investigation teams, as well as propose that they be set up in accordance with Article 5;

provide information and analytical support to Member States in connection with major international events;

prepare threat assessments, strategic and operational analyses and general situation reports;

develop, share and promote specialist knowledge of crime prevention methods, investigative procedures and technical and forensic methods, and provide advice to Member States;

support Member States' cross-border information exchange activities, operations and investigations, as well as joint investigation teams, including by providing operational, technical and financial support;

provide administrative and financial support to Member States’ special intervention units as referred to in Council Decision 2008/617/JHA ( 4 );

provide specialised training and assist Member States in organising training, including with the provision of financial support, within the scope of its objectives and in accordance with the staffing and budgetary resources at its disposal in coordination with the European Union Agency for Law Enforcement Training (CEPOL);

cooperate with the Union bodies established on the basis of Title V of the TFEU, with OLAF and the European Union Agency for Cybersecurity (ENISA) established by Regulation (EU) 2019/881 of the European Parliament and of the Council ( 5 ), in particular through the exchange of information and provision of analytical support in areas that fall within their respective competences;

provide information and support to EU crisis management structures and missions established on the basis of the TEU, within the scope of Europol's objectives as set out in Article 3;

develop Union centres of specialised expertise for combating certain types of crime falling within the scope of Europol's objectives, in particular the European Cybercrime Centre;

support Member States’ actions in preventing and combating forms of crime listed in Annex I which are facilitated, promoted or committed using the internet, including by:

support Member States in identifying persons whose criminal activities fall within the forms of crime listed in Annex I and who constitute a high risk for security;

facilitate joint, coordinated and prioritised investigations regarding persons referred to in point (r);

support Member States in processing data provided by third countries or international organisations to Europol on persons involved in terrorism or in serious crime and propose the possible entry by the Member States, at their discretion and subject to their verification and analysis of those data, of information alerts on third-country nationals in the interest of the Union (‘information alerts’) in the Schengen Information System (SIS), in accordance with Regulation (EU) 2018/1862 of the European Parliament and the Council ( 6 );

support the implementation of the evaluation and monitoring mechanism to verify the application of the Schengen acquis under Regulation (EU) No 1053/2013, within the scope of Europol’s objectives, through the provision of expertise and analyses, where relevant;

proactively monitor research and innovation activities that are relevant for the achievement of Europol’s objectives and contribute to such activities by supporting related activities of Member States and by implementing its own research and innovation activities, including projects for the development, training, testing and validation of algorithms for the development of specific tools for the use by law enforcement authorities, and disseminate the results of the activities to the Member States in accordance with Article 67;

contribute to creating synergies between the research and innovation activities of Union bodies that are relevant for the achievement of Europol’s objectives, including through the EU Innovation Hub for Internal Security, and in close cooperation with Member States;

support, upon their request, Member States’ actions in addressing online crisis situations, in particular by providing private parties with the information necessary to identify relevant online content;

support Member States’ actions in addressing the online dissemination of online child sexual abuse material;

cooperate, in accordance with Article 12 of Directive (EU) 2019/1153 of the European Parliament and of the Council ( 7 ), with Financial Intelligence Units (FIUs) established pursuant to Directive (EU) 2015/849 of the European Parliament and of the Council ( 8 ), through the relevant Europol national unit or, if allowed by the relevant Member State, by direct contact with the FIUs, in particular through the exchange of information and the provision of analyses to Member States to support cross-border investigations into the money laundering activities of transnational criminal organisations and terrorist financing.

be contrary to the essential interests of the security of the Member State concerned; or

jeopardise the success of an ongoing investigation or the safety of an individual.

supply Europol with the information necessary for it to fulfil its objectives, including information relating to forms of crime the prevention or combating of which is considered a priority by the Union;

ensure effective communication and cooperation of all relevant competent authorities with Europol;

raise awareness of Europol's activities;

in accordance with point (a) of Article 38(5), ensure compliance with national law when supplying information to Europol.

be contrary to the essential interests of the security of the Member State concerned;

jeopardise the success of an ongoing investigation or the safety of an individual; or

disclose information relating to organisations or specific intelligence activities in the field of national security.

by Member States in accordance with their national law and Article 7;

by Union bodies, third countries and international organisations in accordance with Chapter V;

by private parties and private persons in accordance with Chapter V.

cross-checking aimed at identifying connections or other relevant links between information related to:

analyses of a strategic or thematic nature;

operational analyses;

facilitating the exchange of information between Member States, Europol, other Union bodies, third countries, international organisations and private parties;

research and innovation projects;

supporting Member States, upon their request, in informing the public about suspects or convicted individuals who are wanted on the basis of a national judicial decision relating to a crime that falls within Europol’s objectives, and facilitating the provision by the public of information on those individuals to the Member States and Europol.

for every operational analysis project, the Executive Director shall define the specific purpose, categories of personal data and categories of data subjects, participants, duration of storage and conditions for access, transfer and use of the data concerned, and shall inform the Management Board and the EDPS thereof;

personal data may only be collected and processed for the purpose of the specified operational analysis project. Where it becomes apparent that personal data may be relevant for another operational analysis project, further processing of that personal data shall only be permitted insofar as such further processing is necessary and proportionate and the personal data are compatible with the provisions set out in point (a) that apply to the other analysis project;

only authorised staff may access and process the data of the relevant project.

a Member State, the EPPO or Eurojust provides investigative data to Europol pursuant to Article 17(1), points (a) or (b), and requests Europol to support that investigation:

Europol assesses that it is not possible to carry out the operational analysis pursuant to Article 18(2), point (c), or the cross-checking pursuant to Article 18(2), point (a), in support of that investigation without processing personal data that do not comply with Article 18(5).

forms of crime in respect of which Europol is competent; and

other forms of serious crime, as set out in Council Framework Decision 2002/584/JHA ( 13 ).

this would damage the interests of a data subject who requires protection. In such cases, the data shall be used only with the express and written consent of the data subject;

their accuracy is contested by the data subject, for a period enabling Member States or Europol, where appropriate, to verify the accuracy of the data;

they have to be maintained for purposes of proof or for the establishment, exercise or defence of legal claims; or

the data subject opposes their erasure and requests the restriction of their use instead.

is strictly required and duly justified to achieve the objectives of the project concerned;

as regards special categories of personal data, is strictly necessary and subject to appropriate safeguards, which may include pseudonymisation.

any research and innovation project requires the prior authorisation by the Executive Director, in consultation with the Data Protection Officer and the Fundamental Rights Officer, based on:

the EDPS shall be informed prior to the launch of the project;

the Management Board shall be consulted or informed prior to the launch of the project, in accordance with the guidelines referred to in Article 18(7);

any personal data to be processed in the context of the project shall:

the logs of the processing of personal data in the context of the project shall be kept until two years after the conclusion of the project, solely for the purpose of and only as long as necessary for verifying the accuracy of the outcome of the data processing.

describe the nature of the personal data breach including, where possible and appropriate, the categories and number of data subjects concerned and the categories and number of data records concerned;

describe the likely consequences of the personal data breach;

describe the measures proposed or taken by Europol to address the personal data breach; and

where appropriate, recommend measures to mitigate the possible adverse effects of the personal data breach.

the Member State or the Union body which provided the personal data to Europol;

Europol in respect of personal data provided by third countries or international organisations or directly provided by private parties; of personal data retrieved by Europol from publicly available sources or resulting from Europol's own analyses; and of personal data stored by Europol in accordance with Article 31(5).

the Member State which provided the personal data to Europol;

Europol in the case of personal data provided by it to Member States, third countries or international organisations.

Europol’s contact details and the name and the contact details of the Data Protection Officer;

the purposes of the processing;

a description of the categories of data subjects and of the categories of personal data;

the categories of recipients to whom the personal data have been or will be disclosed including recipients in third countries or international organisations;

where applicable, transfers of personal data to a third country, an international organisation or private party, including the identification of that recipient;

where possible, the envisaged time limits for erasure of the different categories of data;

where possible, a general description of the technical and organisational security measures referred to in Article 91 of Regulation (EU) 2018/1725;

where applicable, the use of profiling.

ensuring in an independent manner the compliance of Europol with the data protection provisions of this Regulation and Regulation (EU) 2018/1725 and with the relevant data protection provisions in Europol’s internal rules, including monitoring compliance with this Regulation, with Regulation (EU) 2018/1725, with other Union or national data protection provisions and with the policies of Europol in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and related audits;

informing and advising Europol and staff who process personal data of their obligations pursuant to this Regulation, to Regulation (EU) 2018/1725 and to other Union or national data protection provisions;

providing advice where requested as regards the data protection impact assessment pursuant to Article 89 of Regulation (EU) 2018/1725 and monitoring the performance of the data protection impact assessment;

keeping a register of personal data breaches and providing advice where requested as regards the necessity of a notification or communication of a personal data breach pursuant to Articles 92 and 93 of Regulation (EU) 2018/1725;

ensuring that a record of the transmission, transfer and receipt of personal data is kept in accordance with this Regulation;

ensuring that, at their request, data subjects are informed of their rights under this Regulation and Regulation (EU) 2018/1725;

cooperating with Europol staff responsible for procedures, training and advice on data processing;

responding to requests from the EDPS, within the sphere of his or her competence, cooperating and consulting with the EDPS, at the latter’s request or on his or her own initiative;

cooperating with the competent authorities of the Member States, in particular with the Data Protection Officers of the competent authorities of the Members States and national supervisory authorities regarding data protection matters in the law enforcement area;

acting as the contact point for the EDPS on issues relating to processing, including the prior consultation under Articles 40 and 90 of Regulation (EU) 2018/1725, and consulting, where appropriate, with regard to any other matter within the sphere of his or her competence;

preparing an annual report and communicating that report to the Management Board and to the EDPS;

ensuring that the rights and freedoms of data subjects are not adversely affected by processing operations.

advise Europol where he or she deems it necessary or where requested on any activity of Europol without impeding or delaying those activities;

monitor Europol’s compliance with fundamental rights;

provide non-binding opinions on working arrangements;

inform the Executive Director about possible violations of fundamental rights in the course of Europol’s activities;

promote Europol’s respect of fundamental rights in the performance of its tasks and activities;

any other tasks where provided for by this Regulation.

hearing and investigating complaints, and informing the data subject of the outcome within a reasonable period;

conducting inquiries either on his or her own initiative or on the basis of a complaint, and informing the data subject of the outcome within a reasonable period;

monitoring and ensuring the application of this Regulation and any other Union act relating to the protection of natural persons with regard to the processing of personal data by Europol;

advising Europol, either on his or her own initiative or in response to a consultation, on all matters concerning the processing of personal data, in particular before it draws up internal rules relating to the protection of fundamental rights and freedoms with regard to the processing of personal data;

keeping a register of new types of processing operations notified to him or her by virtue of Article 39(1) and registered in accordance with Article 39(4);

carrying out a prior consultation on processing notified to him or her.

give advice to data subjects on the exercise of their rights;

refer a matter to Europol in the event of an alleged breach of the provisions governing the processing of personal data, and, where appropriate, make proposals for remedying that breach and for improving the protection of the data subjects;

order that requests to exercise certain rights in relation to data be complied with where such requests have been refused in breach of Articles 36 and 37;

warn or admonish Europol;

order Europol to carry out the rectification, restriction, erasure or destruction of personal data which have been processed in breach of the provisions governing the processing of personal data and to notify such actions to third parties to whom such data have been disclosed;

impose a temporary or definitive ban on processing operations by Europol which are in breach of the provisions governing the processing of personal data;

refer a matter to Europol and, if necessary, to the European Parliament, the Council and the Commission;

refer a matter to the Court of Justice of the European Union under the conditions provided for in the TFEU;

intervene in actions brought before the Court of Justice of the European Union;

order the controller or processor to bring processing operations into compliance with this Regulation, where appropriate, in a specified manner and within a specified period;

order the suspension of data flows to a recipient in a Member State, a third country or to an international organisation;

impose an administrative fine in the case of non-compliance by Europol with one of the measures referred to in points (c), (e), (f), (j) and (k) of this paragraph, depending on the circumstances of each individual case.

obtain from Europol access to all personal data and to all information necessary for his or her enquiries;

obtain access to any premises in which Europol carries on its activities when there are reasonable grounds for presuming that an activity covered by this Regulation is being carried out there.

threat assessments, strategic analyses and general situation reports relating to Europol's objective as well as the results of studies and evaluations commissioned by Europol;

the administrative arrangements concluded pursuant to Article 25(1);

the document containing the multiannual programming and the annual work programme of Europol, referred to in Article 12(1);

the consolidated annual activity report on Europol’s activities, referred to in Article 11(1), point (c), including relevant information on Europol’s activities and results obtained in processing large data sets, without disclosing any operational details and without prejudice to any ongoing investigations;

the evaluation report drawn up by the Commission, referred to in Article 68(1);

annual information pursuant to Article 26(11) on the personal data exchanged with private parties pursuant to Articles 26, 26a and 26b, including an assessment of the effectiveness of cooperation, specific examples of cases demonstrating why those requests were necessary and proportionate for the purpose of enabling Europol to achieve its objectives and carry out its tasks, and, as regards personal data exchanges pursuant to Article 26b, the number of children identified as a result of those exchanges to the extent that this information is available to Europol;

annual information about the number of cases where it was necessary for Europol to process personal data that do not relate to the categories of data subjects listed in Annex II in order to support Member States in an ongoing specific criminal investigation in accordance with Article 18a, alongside information on the duration and outcomes of the processing, including examples of such cases demonstrating why that data processing was necessary and proportionate;

annual information about transfers of personal data to third countries and international organisations pursuant to Article 25(1) or Article 25(4a) broken down per legal basis, and on the number of cases in which the Executive Director authorised, pursuant to Article 25(5), the transfer or categories of transfers of personal data related to an ongoing specific criminal investigation to third countries or international organisations, including information on the countries concerned and the duration of the authorisation;

annual information about the number of cases in which Europol proposed the possible entry of information alerts in accordance with Article 4(1), point (t), including specific examples of cases demonstrating why the entry of those alerts was proposed;

annual information about the number of research and innovation projects undertaken, including information on the purposes of those projects, the categories of personal data processed, the additional safeguards used, including data minimisation, the law enforcement needs those projects seek to address and the outcome of those projects;

annual information about the number of cases in which Europol made use of temporary processing in accordance with Article 18(6a) and, where applicable, the number of cases in which the processing period has been extended;

annual information on the number and types of cases where special categories of personal data were processed, pursuant to Article 30(2).

an evaluation of the Executive Director's performance, and

Europol's future tasks and challenges.

exercise the functions of the Management Board in accordance with Article 11 of this Regulation;

prepare the adoption of the rules relating to the application of Regulation (EC) No 1049/2001 with regard to Europol documents as referred to in Article 65(2) of this Regulation, and of the rules referred to in Article 67 of this Regulation;

prepare any instrument necessary for the application of this Regulation, in particular any measures relating to Chapter IV; and

review the internal rules and measures which it has adopted on the basis of Decision 2009/371/JHA so as to allow the Management Board as established pursuant to Article 10 of this Regulation to take a decision pursuant to Article 76 of this Regulation.

the Member State concerned, the EPPO or Eurojust informs Europol by 29 September 2022, that it is authorised to process those personal data, in accordance with procedural requirements and safeguards applicable under Union or national law, in the ongoing criminal investigation for which it requested Europol’s support when it initially provided the data;

the Member State concerned, the EPPO or Eurojust requests that Europol, by 29 September 2022, support the ongoing criminal investigation referred to in point (a); and

Europol assesses, in accordance with Article 18a(1), point (b), that it is not possible to support the ongoing criminal investigation referred to in point (a) of this paragraph without processing personal data that do not comply with Article 18(5).

the third country provided the personal data in support of a specific criminal investigation in one or more Member States that Europol supports;

the third country obtained the data in the context of a criminal investigation in accordance with procedural requirements and safeguards applicable under its national criminal law;

the third country informs Europol, by 29 September 2022, that it is authorised to process those personal data in the criminal investigation in the context of which it obtained the data;

Europol assesses, in accordance with Article 18a(1), point (b), that it is not possible to support the specific criminal investigation referred to in point (a) of this paragraph without processing personal data that do not comply with Article 18(5) and that assessment is recorded and sent to the EDPS for information when Europol ceases to support the related specific criminal investigation; and

Europol verifies, in accordance with Article 18a(6), that the amount of personal data is not manifestly disproportionate in relation to the specific criminal investigation referred to in point (a) of this paragraph in one or more Member States that Europol supports.