Statement of the Council’s reasons: Position (EU) No 24/2021 of the Council at first reading with a view to the adoption of a Regulation of the European Parliament and of the Council amending Regulations (EC) No 767/2008, (EC) No 810/2009, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1860, (EU) 2018/1861, (EU) 2019/817 and (EU) 2019/1896 of the European Parliament and of the Council and repealing Council Decisions 2004/512/EC and 2008/633/JHA, for the purpose of reforming the Visa Information System

(2021/C 235/02)

I.   INTRODUCTION

1.

After a thorough evaluation of the VIS, on 16 May 2018 the Commission submitted a legislative proposal to amend the VIS Regulation (1) (‘hereinafter ‘the Regulation amending the VIS’).

2.

At its meeting on 19 December 2018, the Committee of Permanent Representatives adopted a mandate to enter into negotiations with the European Parliament (2).

3.

The European Economic and Social Committee adopted its opinion on 19 September 2018 (3).

4.

The European Data Protection Supervisor delivered its opinion on 12 December 2018 (4).

5.

At the request of the European Parliament, the EU Agency for Fundamental Rights delivered an opinion on 30 August 2018 (5).

6.

On 13 March 2019 the European Parliament adopted its Position at first reading (6).

7.

The Council and the European Parliament entered into negotiations in October 2019 with a view to reaching agreement at the stage of the Council's position at first reading (‘early second reading agreement’).

8.

During the course of the negotiations it became clear that certain provisions were missing from the Commission proposal – the so-called ‘VIS consequential amendments’. These are the amendments to be made to the legal acts on the EU information systems and databases as a consequence of the automated queries by VIS to these other systems. Similar consequential amendments had been proposed by the Commission for ETIAS (7).

9.

Due to the variable geometry in Member States’ participation in EU policies in the area of freedom, security and justice, it was legally possible to include only one set of consequential amendments concerning the modification of legal instruments in the area of the Schengen acquis related to external borders in the Regulation amending the VIS (which is the subject-matter of this Statement of the Council’s reasons), while other provisions not belonging to that acquis had to be included in a separate legal instrument.

10.

On 17 June 2020, the Committee of Permanent Representatives amended the Council's mandate, in order to include the ‘VIS consequential amendments’ (8). Having already adopted its Position at first reading, the European Parliament negotiating team indicated that it would define its position on this new set of provisions during the course of the interinstitutional negotiations.

11.

After six political trilogues and numerous technical meetings, the negotiations were successfully concluded on 8 December 2020, with the European Parliament and Council reaching a compromise on the text of two Regulations: — Regulation amending Regulations (EC) No 767/2008, (EC) No 810/2009, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1860, (EU) 2018/1861, (EU) 2019/817 and (EU) 2019/1896 of the European Parliament and of the Council and repealing Council Decisions 2004/512/EC and 2008/633/JHA, for the purpose of reforming the Visa Information System (the Regulation amending the VIS, subject-matter of the present Statement of the Council’s reasons), and — Regulation amending Regulations (EU) No 603/2013, (EU) 2016/794, (EU) 2018/1862, (EU) 2019/816 and (EU) 2019/818 as regards the establishment of the conditions for accessing other EU information systems for VIS purposes.

12.

On 22 January 2021, the Committee of Permanent Representatives carried out an analysis of the final compromise text with a view to agreement.

13.

On 27 January 2021, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE Committee) confirmed the political agreement and on 1 February the LIBE Chair sent a letter to the Chair of the Committee of Permanent Representatives confirming that, should the Council approve the two Regulations in first reading, after legal-linguistic revision, the Parliament would approve the Council’s position in its second reading.

14.

On 3 February 2021, the Committee of Permanent Representatives confirmed the political agreement on the compromise text of the Regulations.

15.

Denmark is not taking part in the adoption of the Regulation amending the VIS and is not bound by it or subject to its application. Given that this Regulation builds upon the Schengen acquis, Denmark will decide within a period of six months after the Council has decided on this Regulation whether it will implement it in its national law.

16.

Ireland is not taking part in the adoption of the Regulation amending the VIS and is not bound by it or subject to its application, as it constitutes a development of the provisions of the Schengen acquis, in which Ireland does not take part.

17.

As regards Iceland, Norway, Switzerland and Liechtenstein, the Regulation amending the VIS constitutes a development of the provisions of the Schengen acquis.

18.

As regards Cyprus, Bulgaria, Romania and Croatia, the provisions of the Regulation amending the VIS constitute provisions building upon, or otherwise relating to, the Schengen acquis within the meaning of the respective Acts of Accession.

II.   OBJECTIVE

19.

The VIS – established by Council Decision 2004/512/EC (9) (the VIS Decision) and by Regulation (EC) No 767/2008 of the European Parliament and of the Council (10) – is the EU information system for facilitating the short-stay (‘Schengen’) visa procedure and helping visa, border, asylum and migration authorities to check third-country nationals who need a visa to travel to the Schengen area. The VIS connects Member States’ consulates around the world and all their external border crossing points.

20.

The Regulation amending the VIS aims at further developing the VIS to better respond to new challenges in visa, border and security policies. In particular it aims at facilitating the visa application procedure; strengthening the background checks carried out before taking a decision on a short or long-stay visa and residence permit, as well as identity checks at external border crossing points and within the territory of the Member States; and enhancing the internal security of the Schengen area by facilitating the exchange of information among Member States on third-country nationals who are holders of long-stay visas and residence permits.

III.   ANALYSIS OF THE COUNCIL’S POSITION AT FIRST READING

A.   General

21.

The European Parliament and the Council conducted negotiations with the aim of concluding an agreement on the basis of a position of the Council at first-reading that the Parliament could approve as such at its second reading. The text of the Council Position at first reading on the Regulation amending the VIS fully reflects the compromise reached between the two co-legislators, assisted by the European Commission.

B.   Key issues

Consolidation of VIS-related rules

22.

Under the Council Position at first reading Decision 2004/512/EC establishing the Visa Information System (VIS) and Council Decision 2008/633/JHA (11) concerning access to the VIS for law enforcement purposes is repealed.

23.

In this way, all the rules on the establishment and use of the VIS are consolidated.

Scope of the VIS

24.

The Council Position at first reading supports the Commission proposal of including in the revised VIS, in addition to short-stay visas, long-stay visas and residence permits, which, while governed mainly by national rules, allow free movement within the Schengen area.

25.

This enlargement of the scope of the VIS will enable Member State authorities other than the issuing authority to check that document and its holder at the borders or within the territory of the Member States. As such, it will close an important information gap for borders and security and enable the system to respond better to security developments and migration challenges, optimising the management of the EU’s external borders.

Background checks

26.

The Council Position at first reading builds on the Commission proposal’s idea of enabling the visa authorities to carry out automated checks against other databases using the interoperability framework. But it expands it further, differentiating rules and procedures for the querying of sensitive and non-sensitive databases.

27.

Under the current rules, consulates are only obliged to check travellers under a visa obligation in the Schengen Information System (SIS) to determine whether a short-stay visa applicant is subject to an entry ban. Under the Council Position at first reading, all applications recorded in the VIS – be they for short-stay visas or for long-stay visas or residence permits – will automatically be checked against all other EU information systems for security and migration. This obligatory cross-check will detect applicants using multiple identities and identify anyone posing risks in terms of security or non-compliance with migration rules, as applicable.

28.

In addition to border-related databases and SIS, the databases queried by the VIS include ECRIS-TCN and Interpol’s database TDAWN (provided that no information is revealed to the owner of the Interpol alert) as well as queries in SIS of SIS return alerts, originally not included in the European Parliament position at first reading, but eventually accepted by the Parliament. For ECRIS-TCN, the Council Position at first reading limits the queries to convictions for serious crimes and terrorism. It also includes a limitation in time of the convictions that will be taken into account: convictions in the previous 25 years in the case of terrorist offences, and 15 years in the case of convictions for serious crimes. The idea behind the time limits (requested by the European Parliament as a compromise for accepting the querying of ECRIS-TCN) is to have an equal ‘time corridor’ for VIS hits in relation to convictions in the national criminal records whose length is not harmonised at EU level.

29.

As for the authorities tasked with the verification of sensitive hits, instead of the ‘single point of contact’ initially advocated by the European Parliament, the Council Position at first reading introduces the concept of ‘VIS designated authorities’. In ‘designating’ (as opposed to ‘setting up’) this authority, Member States keep some discretion: they can designate more than one authority, including the SIRENE Bureaux, provided that they get sufficient additional resources to carry out these new tasks.

30.

The Council Position at first reading includes special rules for hits in the ETIAS Watchlist, which, given their sensitivity, will be verified by the ETIAS National Units.

Consequential amendments

31.

As explained in points 8-10 above, during the course of the negotiations it became clear that certain provisions were missing from the Commission proposal. In order to fully set up VIS automated queries, amendments would have to be made to the legal acts on the EU information systems and databases that the VIS queries, involving automated processing of personal data. It was also necessary to take into account the new legislative landscape for interoperability, which had evolved since the VIS proposal was tabled in May 2018. Similar consequential amendments had been proposed by the Commission for ETIAS (12).

32.

The Council Position at first reading closes this gap and includes technical amendments to the following two sets of legal acts: (a) ‘Schengen borders’ Regulations: VIS (13), EES (14), ETIAS (15), SIS Return (16), SIS Borders (17) and Interoperability Borders (18); and (b) ‘non-Schengen and Schengen-police texts’: Eurodac (19), Europol Regulation (20), SIS Police (21), ECRIS-TCN (22) and Interoperability Police (23). Due to the variable geometry in Member States’ participation in EU policies in the area of freedom, security and justice, the second set of consequential amendments is included in a separate legal instrument, which would nonetheless work seamlessly together with the VIS Regulation to enable the comprehensive operation and use of the system.

Biometrics

33.

On the issue of biometrics, the Council Position at first reading is the result of intensive negotiations with the European Parliament. The compromise achieved keeps the essential elements of the Commission proposal, while adding certain safeguards suggested by the European Parliament: — the minimum fingerprinting age in the visa procedure for short-stay visas is lowered from 12 to six years; similarly, no fingerprints of children under six years to be stored in VIS for long-stay visas and residence permits; the collection of fingerprints from children is subject to stricter safeguards and a limitation on the purposes for which such data may be used to situations where it is in the best interests of the child, in particular by limiting the storage period of the data, — 75 years is set as the upper age limit for fingerprinting for short-stay visas, given the deterioration of the quality of fingerprints in the elderly, — facial image taken live will become the basic rule in the visa procedure (including for children under 6, to contribute to the fight against child trafficking). Member States may in addition request a paper photo for each application. The scan of the paper photo will be included in the VIS only in exceptional cases where a facial image taken live is not required (Heads of State or government, royal families etc.), but will not be used for biometric matching. A flag in the system will indicate if the facial image was taken live on submission of the application; in exceptional cases the facial image will be extracted from the chip of the electronic Machine Readable Travel Document (eMRTD), — biometrics are copied for visa applications lodged within 59 months of the previous visa application, as is the current practice, — children’s biometrics can be checked within the territory of Member States, — law enforcement access to children’s biometric data will be allowed from 14 years of age, instead of 18 as was initially advocated by the European Parliament. Access to data of children below this age will always be possible to protect them when they are victims, — biometrics of children under 12 will be deleted upon exit from the Schengen area and expiry of the visa (an automatic notification by EES to the VIS was added to allow for the deletion of the data), — asylum authorities will have access to the fingerprints of children without identity documents.

34.

The Council Position at first reading also deals with access rights of border authorities and authorities competent to carry out checks within territory, access by asylum authorities to VIS data for both short- and long-stay visas and residence permits, as well as with the articles on identification. As regards searching with facial image, the general principle is that this kind of search is regulated in the same way for short-stay visas and long-stay visas and residence permits. The Council position also accepted the principle of searching with facial image for purposes of identification (as a subsidiary search and not as a sole search criterion), as well as the use of the facial image in the asylum context (under the same conditions).

35.

The Council Position at first reading limits access rights to the VIS to what is strictly needed. For example, law enforcement access to data on children and access to data on holders of residence permits recorded in the VIS for a period of ten years or more without interruptions is limited.

Specific risk indicators

36.

In addition to automated queries of other databases, visa processing will benefit from specific risk indicators. The Council Position at first reading concurs with the European Parliament’s view that these indicators – pointing to security, illegal immigration or high epidemic risks – should be applied as an algorithm enabling profiling.

37.

The indicators will contain data analytics rules, as well as specific values provided by Member States and statistics generated from other relevant border management and security databases. This would improve risk assessments and allow the data analytics method to be applied. The risk indicators would not contain any personal data and would be based on statistics and information provided by Member States on threats, abnormal rates of refusal or overstay by certain categories of third-country nationals, and public health risks.

38.

The Council Position at first reading moves the provisions on the specific risk indicators from the Visa Code to the VIS Regulation and suggests a governance structure fully aligned to that for the ETIAS screening rules.

Law enforcement access to VIS data

39.

The Council Position at first reading repeals Decision 2008/633/JHA on law enforcement access to VIS data and regulates this issue in the VIS Regulation.

40.

An ancillary objective of the Regulation is to allow national law enforcement authorities and Europol to access VIS data, under strict conditions, for law enforcement purposes. According to the Council Position at first reading, designated authorities and Europol will have a more structured access to the VIS, including to long-stay visas and residence permits, for the prevention, detection or investigation of terrorist offences or other serious crimes, under specific conditions and in accordance with the EU’s data protection rules and other safeguards in the VIS.

41.

Consistently with the new generation of EU information systems, the Council Position at first reading does not include prior searching in the automated fingerprint identification system under Council Decision 2008/615/JHA (24) (Prüm Decision) as a condition for access to the VIS, which was part of the European Parliament’s position at first reading.

Contribution to EU’s return policy

42.

According to the Council Position at first reading, the VIS will contribute to increasing the efficiency of the EU’s return policy: copies of the applicant’s travel document will be included in the VIS, a measure that will facilitate the identification and readmission of people subject to a return procedure who do not carry travel documents. Moreover, Frontex, and more particularly Frontex return teams, will have access to the VIS.

Carriers

43.

Under the Council Position at first reading, carriers will have (limited) access to VIS data (‘ok/not ok’ answer) through the carrier gateway, as is already the case for ETIAS and the EES.

Communication of VIS data to third countries or international organisations

44.

Under the Council Position at first reading, VIS data cannot be transferred or made available to third countries or international organisations, but derogations are possible, under very strict conditions, for the purpose of return, resettlement or law enforcement.

Fundamental rights

45.

The Council Position at first reading expands the Article on the general principles to strengthen the protection of fundamental rights when personal data is processed within the VIS, notably with regard to the prohibition of discrimination against applicants. It also introduces the best interests of the child as a core principle with respect to all procedures provided for in the Regulation.

46.

The Council Position at first reading brings data protection provisions of the VIS in line with the standards set out in the GDPR (25). It incorporates the ‘data protection by design’ approach. The upgrades provide the necessary safeguards and mechanisms to effectively protect the privacy and fundamental rights of travellers, particularly when it comes their private life and personal data.

Upgrading other technical components of the VIS

47.

The Council Position at first reading integrates VISMail into the VIS and enhances its functionality. It also tasks eu-LISA with storing VIS data in the central repository for reporting and statistics set up under the Interoperability Regulation, centralises the consultation procedure and integrates the list of recognised travel documents in the VIS.

48.

The Council Position at first reading strengthens data quality rules and empowers eu-LISA to develop and maintain data quality control mechanisms and procedures.

49.

The functioning of the VIS is enhanced to contribute to ensuring uninterrupted availability.

VIS architecture

50.

While the Commission proposed to amend Decision 2004/512/EC establishing the VIS, the Council Position at first reading reflects the approach promoted by the European Parliament, namely to repeal that Decision and integrate its content and certain elements of the Commission’s implementing decisions in the VIS Regulation.

51.

Under the Council Position at first reading, the VIS architecture is based on a centralised system. The centralised service is duplicated to two different locations, the principal one and one hosting the backup VIS Central System.

52.

The Council Position at first reading upgrades the VIS architecture to take into account the new interoperability landscape. It is composed of: the central VIS system, the uniform national interfaces, the web service, the carrier gateway and the VIS communication infrastructure. These components share and re-use, as much as technically possible, the hardware and software components of the EES Central System, the EES national uniform interfaces, the ETIAS carrier gateway, the EES web service and the EES communication infrastructure. The communication infrastructure supports and contributes to ensuring the uninterrupted availability of the VIS. eu-LISA is responsible for the technical and operational management of the VIS and its components.

Monitoring, evaluation and reporting arrangements

53.

The Council Position at first reading introduces a complete system of monitoring and reporting: (a) every two years eu-LISA will submit a report on the technical functioning of the VIS, including its security and the evaluation of the use of the facial image to identify persons; (b) Member States and Europol will prepare annual reports on the effectiveness of access to VIS data for law enforcement purposes; (c) three years after the start of the operation of the revised VIS, and every four years thereafter, the Commission will produce an overall evaluation of the VIS, which will include, inter alia: — an examination of results achieved against objectives and costs sustained, — an assessment of the continuing validity of the underlying rationale, and its impact on fundamental rights, the security of the VIS, the use made of the provisions on the communication of VIS data to third countries and international organisations, — a detailed analysis of the data provided in the annual reports on the effectiveness of access to VIS data for law enforcement purposes, and — an assessment of whether the querying of ECRIS-TCN by the VIS has contributed to supporting the objective of assessing whether the applicant for a visa, a long-stay visa or a residence permit would pose a threat to public policy or public security.

54.

The Council Position at first reading also envisages a reporting exercise for the state of play on the preparations for the implementation of the reform of the VIS: one year after the date of entry into force of the amending Regulation and every year thereafter until the start of operations, the Commission will submit a report to the European Parliament and to the Council on the state of play of preparations with detailed information about the costs incurred and information as to any risks which may impact the overall costs of the VIS to be borne by the general budget of the Union. In the event of delays in the full implementation of the Regulation, the Commission will inform the European Parliament and the Council as soon as possible about the reasons for the delays and their impact in terms of time and costs.

Amendments to other legal acts

55.

The Council Position at first reading amends several legal acts to adapt them to the reform of the VIS: the Visa Code (26), the Schengen Borders Code (27), the Entry-Exit System (28), ETIAS (29), SIS return (30), SIS borders (31), Interoperability borders and visas (32) and the EBCG Regulation (33).

Implementation deadline

56.

The Council Position at first reading reflects one of the core elements of the European Parliament Position at first reading, i.e. a deadline for implementing the revised VIS. While the European Parliament’s amendment indicated the start of the operation of the VIS two years after entry into force, the Council Position at first reading states that no later than 31 December 2023, the Commission will adopt a decision setting the date on which VIS operations start. This deadline is consistent with the final political timeline (end of 2023) for the implementation of the border management systems and interoperability architecture, of which the VIS is a component.

IV.   CONCLUSION

57.

The Council’s Position at first reading fully reflects the compromise reached in the negotiations between the European Parliament and the Council, facilitated by the Commission. The Council believes that its position at first reading represents a balanced package and that, once adopted, the Regulation amending Regulations (EC) No 767/2008, (EC) No 810/2009, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1860, (EU) 2018/1861, (EU) 2019/817 and (EU) 2019/1896 of the European Parliament and of the Council and repealing Council Decisions 2004/512/EC and 2008/633/JHA, for the purpose of reforming the Visa Information System, will improve border management and will enhance the internal security of the Schengen Area.

58.

This compromise is confirmed by the letter that the Chair of the LIBE Committee addressed to the Chair of the Committee of Permanent Representatives on 1 February 2021. In this letter, the Chair of the LIBE Committee indicates that he will recommend to the members of his Committee, and subsequently to the plenary, that they accept the Council’s position at first reading without amendments in the Parliament’s second reading, subject to verification by the lawyer-linguists of both institutions.

---

(1)  8853/18.

(2)  15726/18.

(3)  EESC 2018/03954 (OJ C 440, 6.12.2018, p. 154).

(4)  Summary of the Opinion of the European Data Protection Supervisor on the Proposal for a new Regulation on the Visa Information System (OJ C 50, 8.2.2019, p. 4).

(5)  FRA Opinion – 2/2018, https://fra.europa.eu/en/publication/2018/revised-visa-information-system-and-its-fundamental-rights-implications

(6)  T8-0174/2019, 7401/19 (OJ C 23, 21.1.2021, p. 286).

(7)  See COM (2019) 3 final and COM (2019) 4 final.

(8)  8787/20.

(9)  Council Decision 2004/512/EC of 8 June 2004 establishing the Visa Information System (VIS) (OJ L 213, 15.6.2004, p. 5).

(10)  Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) (OJ L 218, 13.8.2008, p. 60).

(11)  Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences (OJ L 218, 13.8.2008, p. 129).

(12)  See COM (2019) 3 final and COM (2019) 4 final.

(13)  Regulation (EC) No 767/2008.

(14)  Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011 (OJ L 327, 9.12.2017, p. 20).

(15)  Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).

(16)  Regulation (EU) 2018/1860 of the European Parliament and of the Council of 28 November 2018 on the use of the Schengen Information System for the return of illegally staying third-country nationals (OJ L 312, 7.12.2018, p. 1).

(17)  Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and amending the Convention implementing the Schengen Agreement, and amending and repealing Regulation (EC) No 1987/2006 (OJ L 312, 7.12.2018, p. 14).

(18)  Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (OJ L 135, 22.5.2019, p. 27).

(19)  Regulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (OJ L 180, 29.6.2013, p. 1).

(20)  Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA (OJ L 135, 24.5.2016, p. 53).

(21)  Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU (OJ L 312, 7.12.2018, p. 56).

(22)  Regulation (EU) 2019/816 of the European Parliament and of the Council of 17 April 2019 establishing a centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN) to supplement the European Criminal Records Information System and amending Regulation (EU) 2018/1726 (OJ L 135, 22.5.2019, p. 1).

(23)  Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (OJ L 135, 22.5.2019, p. 85).

(24)  Council Decision 2008/615/JHA of 23 June 2008 on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime (OJ L 210, 6.8.2008, p. 1).

(25)  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).

(26)  Regulation (EC) No 810/2009 of the European Parliament and of the Council of 13 July 2009 establishing a Community Code on Visas (Visa Code) (OJ L 243, 15.9.2009, p. 1).

(27)  Regulation (EU) 2016/399 of the European Parliament and of the Council of 9 March 2016 on a Union Code on the rules governing the movement of persons across borders (Schengen Borders Code) (OJ L 77, 23.3.2016, p. 1).

(28)  Regulation (EU) 2017/2226.

(29)  Regulation (EU) 2018/1240.

(30)  Regulation (EU) 2018/1860.

(31)  Regulation (EU) 2018/1861.

(32)  Regulation (EU) 2019/817.

(33)  Regulation (EU) 2019/1896 of the European Parliament and of the Council of 13 November 2019 on the European Border and Coast Guard and repealing Regulations (EU) No 1052/2013 and (EU) 2016/1624 (OJ L 295, 14.11.2019, p. 1).