This document is an excerpt from the EUR-Lex website
Document 32022D2470
Commission Implementing Decision (EU) 2022/2470 of 14 December 2022 laying down measures necessary for the technical development and implementation of the centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN)
Commission Implementing Decision (EU) 2022/2470 of 14 December 2022 laying down measures necessary for the technical development and implementation of the centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN)
Commission Implementing Decision (EU) 2022/2470 of 14 December 2022 laying down measures necessary for the technical development and implementation of the centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN)
C/2022/9169
OJ L 322, 16.12.2022, p. 107–121
(BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
In force
16.12.2022 |
EN |
Official Journal of the European Union |
L 322/107 |
COMMISSION IMPLEMENTING DECISION (EU) 2022/2470
of 14 December 2022
laying down measures necessary for the technical development and implementation of the centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) 2019/816 of the European Parliament and of the Council of 17 April 2019 establishing a centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN) to supplement the European Criminal Records Information System and amending Regulation (EU) 2018/1726 (1), and in particular Article 10, the first paragraph, points (a), (b), (c) (e) to (i), (k) and (l) thereof,
Whereas:
(1) |
Regulation (EU) 2019/816 established the centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN) as a system by which the central authority of a Member State or other competent authority can find out promptly and efficiently which Member States hold criminal records information on a third-country national. The existing ECRIS framework can then be used by the central authorities to request the criminal records information from those Member States in accordance with Framework Decision 2009/315/JHA (2). Other competent authorities can use their respective channels of communication for this purpose. |
(2) |
The European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA) established by Regulation (EU) 2018/1726 of the European Parliament and of the Council (3) is responsible for the development of ECRIS-TCN, including elaboration and implementation of the technical specifications and testing, as well as for the operational management of the system. |
(3) |
To enable eu-LISA to design the physical architecture of ECRIS-TCN, determine the technical specifications of the system and develop the ECRIS-TCN, the necessary technical specifications should be laid down for the processing of the alphanumeric and fingerprint data, data quality, entering the data, accessing and querying ECRIS-TCN, keeping and accessing logs, providing statistics as well as performance and availability requirements of ECRIS-TCN. Detailed technical specifications should be elaborated by eu-LISA after the conclusion of the tests referred to in Article 11(1) of Regulation (EU) 2019/816. |
(4) |
The ECRIS-TCN architecture should conform to the European Interoperability framework as set out in Regulations (EU) 2019/817 (4) and (EU) 2019/818 (5) of the European Parliament and of the Council. With a view to the delivery of public services at European level in an interoperable manner, the ECRIS-TCN software and hardware should conform to defined standards that promote interoperability for data, applications and technology. |
(5) |
As regards the implementation of interoperability between the ECRIS-TCN system, on the one hand, and the Visa Information System (VIS) and the European Travel Information and Authorisation System (ETIAS), on the other hand, the necessary consequential amendments were adopted in Regulations (EU) 2021/1133 (6) and (EU) 2021/1151 (7) of the European Parliament and of the Council respectively. |
(6) |
In order to support the VIS and ETIAS objective of contributing to a high level of security by providing for a thorough security risk assessment of applicants crossing the external borders of the Union, both the VIS and ETIAS systems should be able to verify whether any correspondence exists between data in VIS and ETIAS application files and the data stored in ECRIS-TCN, as regards which Member States hold information on third-country nationals who have been convicted in the previous 25 years of a terrorist offence or in the previous 15 years of any other criminal offence listed in the Annex to Regulation (EU) 2018/1240 of the European Parliament and of the Council (8) if it is punishable by a custodial sentence or a detention order for a maximum period of at least three years under national law. |
(7) |
For this purpose, when creating a data record in ECRIS-TCN, the central authority of the convicting Member State should add a flag indicating, for the purpose of Regulations (EC) No 767/2008 of the European Parliament and of the Council (9) and (EU) 2018/1240, that the third-country national concerned has been convicted in the previous 25 years of a terrorist offence or in the previous 15 years of any other criminal offence listed in the Annex to Regulation (EU) 2018/1240 if it is punishable by a custodial sentence or a detention order for a maximum period of at least three years under national law, together with the code of the convicting Member State. |
(8) |
The European Search Portal, established by Regulations (EU) 2019/817 and (EU) 2019/818, should enable querying the data stored in ECRIS-TCN. Where relevant in the context of interoperability, the European Search Portal should also enable querying the ECRIS-TCN data in parallel with the data stored in the other EU information systems concerned. |
(9) |
The shared biometric matching service, established by Regulations (EU) 2019/817 and (EU) 2019/818, is to store fingerprint templates and should enable querying the fingerprint data stored in ECRIS-TCN. |
(10) |
As fingerprint identification may not always be feasible, ECRIS-TCN should be able to identify a person by alphanumeric data only. For third-country nationals, the main technical challenge is that the alphanumeric data is not always accurate. Examples of such inaccuracies include ambiguity on which is the first name and surname, spelling and transliteration variations of names, or birth date inaccuracy. It is therefore important that ECRIS-TCN is able to match alphanumeric data also when not all elements of identification are identical, referred to as inexact searches. The identification of a third-country national should be addressed by a combination of data quality checks and inexact searches or any other means provided by the underlying search engine appropriate for the purpose of the system. Controls on the number of records returned as a result of a query should therefore be established in line with the applicable data protection rules. A failure to do so would compromise the rights of individuals and the performance and availability of the system. |
(11) |
The engine performing the inexact search should be able to limit the results by specifying a matching score threshold and by setting a maximum size for the list of returned records. The level at which a search result is to be considered a match, as well as the list of data fields that can be used for the inexact search should be established following tests carried out during the implementation phase. |
(12) |
Each data processing operations log of ECRIS-TCN should ensure a clear audit trail, i.e. provide documentary evidence and allow tracing all operations carried-out in ECRIS-TCN. |
(13) |
ECRIS-TCN statistics should enable monitoring the recording, storage and exchange of information extracted from criminal records through ECRIS-TCN and the ECRIS reference implementation. Those statistics should originate from the following sources: the Central Repository for Reporting and Statistics established and implemented by eu-LISA in accordance with Article 39(2) of Regulation (EU) 2019/818, the ECRIS reference implementation or national ECRIS implementation software, and the Member States’ criminal records registers as regards the number of convicted third-country nationals and the number of their convictions. |
(14) |
In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark did not take part in the adoption of Regulation (EU) 2019/816 and is not bound by it or subject to its application. Denmark is therefore not bound to implement this Decision. |
(15) |
In accordance with Article 1 and 2 and Article 4a(1) of Protocol No 21 on the position of the United Kingdom and Ireland in respect to area of freedom, security and justice, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, and without prejudice to Article 4 of that Protocol, Ireland did not take part in the adoption of Regulation (EU) 2019/816 and is not bound by it or subject to its application. Ireland is therefore not bound to implement this Decision. |
(16) |
The measures provided for in this Decision are in accordance with the opinion of the European Criminal Records Information System Committee, |
HAS ADOPTED THIS DECISION:
Article 1
Entering data into ECRIS-TCN
When entering data into ECRIS-TCN in accordance with Article 5 of Regulation (EU) 2019/816, the central authority of the convicting Member State shall use the data model set out in Section I of the Annex to this Decision.
The technical specifications for the data elements included in the data model shall be consistent with the data model for the ECRIS reference implementation referred to in Article 4(3) of that Regulation.
Article 2
Processing of data
1. Where both alphanumeric data and fingerprint data of a person are included in a data record created in ECRIS-TCN in accordance with Article 5 of Regulation (EU) 2019/816, the alphanumeric data shall be linked to their corresponding fingerprint data.
2. The fingerprint images compression algorithm to be used shall follow the recommendations of National Institute of Standards and Technology (‘NIST’).
Fingerprint data with a resolution of 500 ppi shall be compressed using the WSQ algorithm (ISO/IEC 19794-5:2005).
Fingerprint data with a resolution of 1 000 ppi shall be compressed using the JPEG 2000 image compression standard (ISO/IEC 15444-1) and coding system.
The target compression ratio shall be 15:1.
3. Replacement or update in ECRIS-TCN of the fingerprint data referred to in Article 4(7) shall be preceded by successful verification of the identity by the central authority of the convicting Member State. The technical specifications for that replacement or update shall be set in accordance with the principles contained in the design of the physical architecture of ECRIS-TCN referred to Article 11(3) of Regulation (EU) 2019/816.
Article 3
Alphanumeric data quality
1. When entering or modifying alphanumeric data in ECRIS-TCN the central authority of the convicting Member State shall use the data quality verification mechanism integrated into the ECRIS reference implementation.
2. The Member States that use their national ECRIS implementation software, as provided for in Article 4(4) to (7) of Regulation (EU) 2019/816, shall ensure that their national ECRIS implementation software allows for the same alphanumeric data quality verification as the mechanism referred to in paragraph 1.
3. The data quality verification process shall apply to entering or modifying all alphanumeric data, and ensure that as a minimum the following conditions are met:
(a) |
all mandatory fields are filled in or hold the value ‘unknown’; |
(b) |
when a first name contains the value ‘unknown’, the surname shall not hold the value ‘unknown’, and vice versa, unless a pseudonym, first name or surname of alias, or fingerprints for the same person are available; |
(c) |
the data element ‘nationality or nationalities’ in the incoming message of the convicting Member State shall be verified against a predefined list of countries, but may contain one of the values ‘unknown’ or ‘stateless’. |
4. A new data record shall not be created where a record containing identical alphanumeric data has already been created in ECRIS-TCN by the same Member State, in particular where the same Member State Reference Code from the same Member State already exists.
When comparing the identicalness of the data records, only the alphanumeric data elements marked as relevant for such comparison in the data model set out in Section I of the Annex, shall be taken into account.
Empty alphanumeric data elements in any of the data records compared shall not be taken into account for the purpose of this comparison.
5. Where a record contains any alphanumeric data which does not comply with the standards set out in paragraphs 3 and 4, that record shall be rejected by ECRIS-TCN in its entirety and shall not be stored nor processed.
Article 4
Fingerprint data quality
1. When entering or modifying fingerprint data in ECRIS-TCN the central authority of the convicting Member State shall use a data quality verification mechanism integrated into the ECRIS reference implementation or offered by eu-LISA as a software application. In accordance with the responsibilities of eu-LISA pursuant to Article 11(2) of Regulation (EU) 2019/816, eu-LISA shall also be responsible for the development, maintenance and updating of this data quality verification mechanism.
2. The same data quality verification mechanism as the mechanism referred to in paragraph 1 shall be established, maintained and updated in the ECRIS-TCN central system.
3. The Member States that use their national ECRIS implementation software, as provided for in Article 4(4) to (7) of Regulation (EU) 2019/816, shall ensure, in case they do not make use of the data quality mechanism referred to in paragraph 1 of this Article, that their national ECRIS implementation software guarantees the same fingerprint data quality verification standards and metrics as the mechanism referred to in paragraph 1.
4. For the purpose of the quality verification referred to in this Article, as a minimum version 2.0 of the Fingerprint Image Quality (NFIQ) metric, defined by NIST shall be used.
5. The data quality verification process shall apply to all fingerprint data entered into or modified in ECRIS-TCN, and shall ensure that at least the following conditions are met:
(a) |
the fingerprint data consists of up to ten individual fingerprints: rolled, flat or both; |
(b) |
all fingerprints are labelled; |
(c) |
the fingerprint data is captured by live scans or inked on paper, provided that the fingerprints inked on paper have been scanned in the required resolution and with the same quality; |
(d) |
the fingerprint data shall be provided in one file containing fingerprint digital images (the NIST file) and shall be submitted in accordance with the ANSI/NIST-ITL 1-2011 Update 2015 standard (or newer version); |
(e) |
the NIST file shall allow for the inclusion of complementary information such as the conditions of fingerprint registration, the method used for acquiring individual fingerprint images and the quality value computed by the Member States during the data quality verification process; |
(f) |
the fingerprint data has a nominal resolution of either 500 or 1000 ppi (with an acceptable deviation of +/– 10 ppi) with 256 grey levels; |
(g) |
the fingerprint data meets the quality thresholds that shall be determined after carrying out the relevant tests referred to in Article 11(1) of Regulation (EU) 2019/816 during the implementation phase. |
6. When querying ECRIS-TCN with fingerprint data to identify the Member States holding criminal records information on a third-country national in accordance with Article 7 of Regulation (EU) 2019/816, the competent authorities shall use fingerprint data meeting the conditions referred to in paragraph 5, points (d) and (f) of this Article whenever possible.
7. Fingerprint data, except fingerprint data referred to in paragraph 8, entered into or modified in ECRIS-TCN, which does not comply with the conditions set out in paragraph 5, shall be rejected by ECRIS-TCN in its entirety and shall not be stored nor processed.
8. For the data records referred to in Article 5(5) of Regulation (EU) 2019/816, any fingerprint data which does not comply with the conditions set out in paragraph 5 of this Article shall be stored in ECRIS-TCN, but may be used only by the competent authorities to confirm the identity of a third-country national who has been identified as a result of an alphanumeric search. When entering such data records in ECRIS-TCN, the central authority of the convicting Member State shall ensure that these data records are clearly distinguishable from the other data records.
Article 5
Accessing and querying ECRIS-TCN
1. When querying ECRIS-TCN to identify the Member States holding criminal records information on a third-country national in accordance with Article 7 of Regulation (EU) 2019/816, the competent authorities shall use the data model set out in Section II of the Annex to this Decision.
2. When performing a query referred to in paragraph 1, the competent authorities shall fill in as many data elements identifying the third-country national concerned as available. Unless the query contains the fingerprint digital images (the NIST file), a minimum three such data elements shall be chosen among the ones marked for this purpose in the data model set out in Section II of the Annex.
3. Following the tests referred to in Article 11(1) of Regulation (EU) 2019/816 carried out during the implementation phase, the following technical specifications shall be established:
(a) |
the list of data fields in respect of data that can be used for an inexact search; |
(b) |
conditions when a search result is to be considered a match, taking into account the performance requirements of the ECRIS-TCN central system set out in Section III of the Annex and the acceptable level of false positives and false negatives. |
4. The number of records returned as a result of a query shall not exceed ten per Member State. Additional restrictions on the number of records returned may be imposed, where appropriate.
5. Except where otherwise provided for in Regulation (EU) 2019/816, the central authorities shall at all times have access to all the data entered by them into ECRIS-TCN, including access to multiple data records at the same time.
6. The lists of profiles of staff authorised to access ECRIS-TCN, established by the competent authorities in accordance with Articles 12(1)(d) and 15 of Regulation (EU) 2019/816, as well as their updates shall be provided to eu-LISA.
Article 6
Keeping and accessing logs
1. eu-LISA and the competent authorities shall be responsible for providing the necessary infrastructure and tools for logging data processing operations in ECRIS-TCN in accordance with Article 31 of Regulation (EU) 2019/816, and in particular the tools for aggregating and searching logs.
eu-LISA, in consultation with the ECRIS-TCN Advisory Group referred to in Article 39 of Regulation (EU) 2019/816 (‘ECRIS-TCN Advisory Group’), and the competent authorities, shall also be responsible for specifying their respective logging standards, practices and procedures, including the specific format of the logging records and the procedure for sharing log records.
2. eu-LISA and the competent authorities shall be responsible for implementing their respective standards and procedures referred to in paragraph 1. That implementation shall include:
(a) |
inspecting the logs in reaction to incidents and where possible in a proactive manner, |
(b) |
the logs management tasks such as archiving, safe storage, high availability and protection against unauthorised access in accordance with Article 19 of Regulation (EU) 2019/816. |
3. eu-LISA shall be responsible for making the logs available to the competent authorities, on request, in accordance with the procedure specified in accordance with paragraph 1, second subparagraph.
4. The competent authorities shall be responsible for keeping their respective logs referred to in Article 31 of Regulation (EU) 2019/816, managing them and providing them to eu-LISA, on request, in accordance with the procedure specified in accordance with paragraph 1, second subparagraph.
5. Each data processing operations log of ECRIS-TCN shall, as a minimum, contain a chronological record that provides documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event.
6. eu-LISA and the competent authorities shall each define the list of staff authorised to access the data processing operations logs of ECRIS-TCN and their profiles in accordance with Article 31 of Regulation (EU) 2019/816.
Article 7
Statistics
1. The Central Repository for Reporting and Statistics, established and implemented by eu-LISA in accordance with Article 39(2) of Regulation (EU) 2019/818, and the ECRIS reference implementation shall produce statistics relating to the recording, storage and exchange of information extracted from criminal records through ECRIS-TCN and the ECRIS reference implementation, referred to in Article 32 of Regulation (EU) 2019/816.
2. The statistics referred to in paragraph 1 shall include in particular the following business statistics:
(a) |
as concerns system usage indicators:
|
(b) |
as concerns data indicators:
|
(c) |
as concerns matching efficiency indicators:
|
(d) |
other indicators:
|
3. Where relevant, the statistics referred to in paragraph 2 shall be produced separately for each competent authority.
4. The statistics referred to in paragraph 1 shall include in particular the following technical statistics, as concerns quality of service indicators:
(a) |
success/failure ratio of requests; |
(b) |
system availability; |
(c) |
response time statistics for every use case supported by the system. |
5. The statistics referred to in paragraphs 1to 4 shall be produced daily.
6. The Member States that use their national ECRIS implementation software, as provided for in Article 4(4) to (7) of Regulation (EU) 2019/816, shall ensure that their national ECRIS implementation software allows for producing the same statistics as the ECRIS reference implementation.
Article 8
Performance requirements of ECRIS-TCN
1. Performance requirements of the ECRIS-TCN central system for creating, modifying, erasing and viewing data records as well as for searching a convicting Member State are set out in Section III of the Annex.
2. eu-LISA shall monitor fingerprint data accuracy performance in ECRIS-TCN centrally on the data entered by the Member States in ECRIS-TCN, based on a representative sample of cases.
3. The monitoring referred to in paragraph 2 shall be carried out on a regular basis, and at least once per month. eu-LISA shall disseminate reports of that monitoring to the Member States.
4. The process to measure fingerprint data accuracy performance shall be automated to the highest possible extent and shall not allow for individual identification. That process shall be determined after carrying out the relevant tests referred to in Article 11(1) of Regulation (EU) 2019/816 during the implementation phase.
5. The accuracy indicator ‘Failure To Enrol Rate’, concerning the proportion of registrations with insufficient quality, shall be applied in the process of fingerprints data accuracy monitoring.
The accuracy target for that indicator shall be determined after carrying out the relevant tests referred to in Article 11(1) of Regulation (EU) 2019/816 during the implementation phase.
Article 9
Availability and recoverability requirements of ECRIS-TCN
1. The ECRIS-TCN central system shall have an availability ratio of at least 97,6 %, calculated over a year. The planned maintenance shall take place outside the office hours of eu-LISA and the central authorities.
2. ECRIS-TCN operations shall be maintained in case of any potential disturbing event or adverse situation in accordance with the Recovery Time Objective values approved by eu-LISA and the Member States following a Business Impact Analysis process run on an annual basis.
3. eu-LISA shall ensure that data included in ECRIS-TCN can be restored in case of any potential disturbing event or adverse situation, in accordance with the Recovery Point Objective values approved by eu-LISA and the Member States as specified in a Business Impact Analysis process run on an annual basis).
Article 10
Communication infrastructure for ECRIS-TCN
1. The communication infrastructure referred to in Article 4(1)(d) shall be the Trans European Services for Telematics between Administrations (TESTA) EuroDomain Network, composed of the TESTA EuroDomain Access Point (TAP) and the TESTA European backbone. Any further developments thereof or any alternative secure network shall ensure that the communication infrastructure in place continues to fulfil the necessary security requirements set in accordance with the principles contained in the design of the physical architecture of ECRIS-TCN referred to in Article 11(3) of Regulation (EU) 2019/816, as well as in the ECRIS-TCN Regulation itself.
2. In accordance with paragraph 1 of this Article and Articles 3(15) and 4(1)(d) of the ECRIS-TCN Regulation, as long as the communication infrastructure for ECRIS-TCN is the TESTA EuroDomain Network, the national central access point for ECRIS-TCN shall be understood as the TESTA EuroDomain Access Point (TAP).
Article 11
Interface software
The technical specifications of the interface software shall be set in accordance with the principles contained in the design of the physical architecture of ECRIS-TCN referred to in Article 11(3) of Regulation (EU) 2019/816.
Article 12
Development of the technical specifications
eu-LISA, in consultation with the ECRIS-TCN Advisory Group, shall be responsible for the development of detailed technical specifications of ECRIS-TCN referred to in Articles 1, 2(3), 4(5)(g), 5(3), 5(4), 8(4), 8(5) and 11 in accordance with the requirements set out in this Decision.
Article 13
Entry into force
This Decision shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
Done at Brussels, 14 December 2022.
For the Commission
The President
Ursula VON DER LEYEN
(1) OJ L 135, 22.5.2019, p. 85.
(2) Council Framework Decision 2009/315/JHA of 26 February 2009 on the organisation and content of the exchange of information extracted from the criminal record between Member States (OJ L 93, 7.4.2009, p. 23), as amended by Directive (EU) 2019/884 of the European Parliament and of the Council of 17 April 2019 amending Council Framework Decision 2009/315/JHA, as regards the exchange of information on third-country nationals and as regards the European Criminal Records Information System (ECRIS), and replacing Council Decision 2009/316/JHA (OJ L 151, 7.6.2019, p. 143).
(3) Regulation (EU) 2018/1726 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), and amending Regulation (EC) No 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) No 1077/2011 (OJ L 295, 21.11.2018, p. 99).
(4) Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (OJ L 135, 22.5.2019, p. 27).
(5) Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (OJ L 135, 22.5.2019, p. 85).
(6) Regulation (EU) 2021/1133 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EU) No 603/2013, (EU) 2016/794, (EU) 2018/1862, (EU) 2019/816 and (EU) 2019/818 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the Visa Information System (OJ L 248, 13.7.2021, p. 1).
(7) Regulation (EU) 2021/1151 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EU) 2019/816 and (EU) 2019/818 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the European Travel Information and Authorisation System (OJ L 249, 14.7.2021, p. 7).
(8) Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).
(9) Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) (OJ L 218, 13.8.2008, p. 60).
ANNEX
I. Entering data into ECRIS-TCN data model for the ‘Send data’ message
The central authority of the convicting Member State shall use the data model set out in the table below when entering or modifying the data in ECRIS-TCN in accordance with Regulation (EU) 2019/816. Additional technical elements may be included as well as required.
Data element |
Type of data |
‘Unknown’ value possible |
[Convicting Member State]: Member State |
Mandatory |
N/A (1) |
[Convicting Member State]: Member States Central Authorities |
Mandatory |
N/A |
[Contact person]: First name(s) |
Optional |
N/A |
[Contact person]: Surname |
Optional |
N/A |
[Contact person]: Second surname |
Optional |
N/A |
[Contact person]: Phone |
Optional |
N/A |
[Contact person]: Fax |
Optional |
N/A |
[Contact person]: Email |
Mandatory |
N/A |
Username of official |
Mandatory |
N/A |
Member State Reference Code (*1) |
Mandatory |
No |
Unique Identifier (2) |
Mandatory |
No |
Timestamp of sending the data record from ECRIS RI or national implementation software to the ECRIS-TCN central system |
Mandatory |
N/A |
Surname(s) (*1) |
Mandatory |
Yes |
First name(s) (*1) |
Mandatory |
Yes |
Full name (*1) |
Optional |
No |
Birth date (*1) |
Mandatory |
Yes |
Birth place: [Place]: Country (*1) |
Mandatory |
Yes |
Birth place: [Place]: Town name (*1) |
Mandatory |
Yes |
Birth place: [Place]: Country subdivision (*1) |
Optional |
No |
Birth place: [Place]: Town code (*1) |
Optional |
No |
Nationality or nationalities (*1) |
Mandatory |
Yes |
Gender (*1) |
Mandatory |
Yes |
Previous surname(s) (*1) |
Mandatory if applicable (3) |
Yes |
Previous first name(s) (*1) |
Mandatory if applicable (4) |
Yes |
Mother’s surname(s) (*1) |
Optional |
No |
Mother’s first name(s) (*1) |
Optional |
No |
Father’s surname(s) (*1) |
Optional |
No |
Father’s first name(s) (*1) |
Optional |
No |
Identity number (*1) |
Optional |
No |
[Identification document]: Identification category (*1) |
Optional |
No |
[Identification document]: Identification document number (*1) |
Optional |
No |
[Identification document]: Identification document type (*1) |
Optional |
No |
[Identification document]: Name of the issuing authority of the identification document |
Optional |
No |
[Identification document]: Where relevant, 3-letter code of the issuing country (*1) |
Optional |
No |
Optional |
No |
|
[Travel document]: Travel document type (*1) |
Optional |
No |
[Travel document]: Name of the issuing authority of the travel document (*1) |
Optional |
No |
[Travel document]: Where relevant, 3-letter code of the issuing country (*1) |
Optional |
No |
Pseudonym |
Optional |
No |
[Alias]: Alias first name(s) |
Optional |
No |
[Alias]: Alias surname(s) |
Optional |
No |
[Alias]: Alias full name |
Optional |
No |
[Alias]: Alias gender |
Optional |
No |
[Alias]: Alias Birth place: [Place]: Country |
Optional |
No |
[Alias]: Alias Birth place: [Place]: Town name |
Optional |
No |
[Alias]: Alias Birth place: [Place]: Country subdivision |
Optional |
No |
[Alias]: Alias Birth place: [Place]: Town code |
Optional |
No |
[Alias]: Birth date |
Optional |
No |
[Alias]: Alias nationality or nationalities |
Optional |
No |
[Alias]: Alias Mother first name(s) |
Optional |
No |
[Alias]: Alias Mother surname(s) |
Optional |
No |
[Alias]: Alias Father first name(s) |
Optional |
No |
[Alias]: Alias Father surname(s) |
Optional |
No |
[Alias]: Alias [Identification document]: Number of the identification document |
Optional |
No |
[Alias]: Alias [Identification document]: Type of identification document |
Optional |
No |
[Alias]: Alias [Identification document]: Name of the issuing authority of the identification document |
Optional |
No |
[Alias]: Alias [Identification document]: Where relevant, 3-letter code of the issuing country |
Optional |
No |
[Alias]: Alias [Travel document]: Travel document number |
Optional |
No |
[Alias]: Alias [Travel document]: Travel document type |
Optional |
No |
[Alias]: Alias [Travel document]: Name of the issuing authority of the travel document |
Optional |
No |
[Alias]: Alias [Travel document]: Where relevant, 3-letter code of the issuing country |
Optional |
No |
Fingerprint digital images (the NIST file) |
Optional |
No |
Reference number of fingerprint digital image |
Mandatory if the fingerprint digital images are provided |
No |
Parameter indicating a data record created in accordance with Article 5(5) of Regulation (EU) 2019/816 (legacy data parameter) |
Mandatory if the fingerprint digital images are provided |
No |
Flag established in accordance with Article 5(1), point (c), of Regulation (EU) 2019/816 |
Optional |
No |
II. Accessing and querying ECRIS-TCN – data model for the ‘Search a convicting Member State’ message
The competent authorities shall use the data model set out in the table below when using ECRIS-TCN to identify the Member States holding criminal records information on a third-country national in accordance with Article 7 of Regulation (EU) 2019/816.
Data element |
Type of data |
Requesting competent authority |
Mandatory |
Username of official |
Mandatory |
Purpose of the search message |
Mandatory |
Member State Reference Code |
Optional |
Timestamp of sending the search data from ECRIS RI or national implementation software to the ECRIS-TCN central system |
Mandatory |
Exact search/Inexact search |
Mandatory |
Surname(s) (*2) |
Optional |
First name(s) (*2) |
Optional |
Full name |
Optional |
Birth date (*2) |
Optional |
Birth place: [Place]: country (*2) |
Optional |
Birth place: [Place]: town name |
Optional |
Birth place: [Place]: Country subdivision |
Optional |
Birth place: [Place]: Town code |
Optional |
Nationality or nationalities (*2) |
Optional |
Gender |
Optional |
Previous surname(s) (*2) |
Optional |
Previous first name(s) (*2) |
Optional |
Mother’s surname(s) |
Optional |
Mother’s first name(s) |
Optional |
Father’s surname(s) |
Optional |
Father’s first name(s) |
Optional |
Identity number (*2) |
Optional |
[Identification document]: Identification category |
Optional |
[Identification document]: Identification document number |
Optional |
[Identification document]: Identification document type |
Optional |
[Identification document]: Name of the issuing authority of the identification document |
Optional |
[Identification document]: Where relevant, 3-letter code of the issuing country |
Optional |
[Travel document]: Travel document number |
Optional |
[Travel document]: Travel document type |
Optional |
[Travel document]: Name of the issuing authority of the travel document |
Optional |
[Travel document]: Where relevant, 3-letter code of the issuing country |
Optional |
Pseudonym |
Optional |
[Alias]: Alias first name(s) (*2) |
Optional |
[Alias]: Alias surname(s) (*2) |
Optional |
[Alias]: Alias full name |
Optional |
[Alias]: Alias gender |
Optional |
[Alias]: Alias Birth place: [Place]: country |
Optional |
[Alias]: Alias Birth place: [Place]: town name |
Optional |
[Alias]: Alias [Birth place: [Place]: country subdivision |
Optional |
[Alias]: Alias Birth place: [Place]: Town code |
Optional |
[Alias]: Birth date |
Optional |
[Alias]: Alias nationality or nationalities |
Optional |
[Alias]: Alias Mother first name(s) |
Optional |
[Alias]: Alias Mother surname(s) |
Optional |
[Alias]: Alias Father first name(s) |
Optional |
[Alias]: Alias Father surname(s) |
Optional |
[Alias]: Alias [Identification document]: Number of the identification document |
Optional |
[Alias]: Alias [Identification document]: Type of identification document |
Optional |
[Alias]: Alias [Identification document]: Name of the issuing authority of the identification document |
Optional |
[Alias]: Alias [Identification document]: Where relevant, 3-letter code of the issuing country |
Optional |
[Alias]: Alias [Travel document]: Travel document number |
Optional |
[Alias]: Alias [Travel document]: Travel document type |
Optional |
[Alias]: Alias [Travel document]: Name of the issuing authority of the travel document |
Optional |
[Alias]: Alias [Travel document]: Where relevant, 3-letter code of the issuing country |
Optional |
Fingerprint digital images (the NIST file) |
Optional |
III. Performance requirements for ECRIS-TCN
The performance requirements for ECRIS-TCN should be better than or equal to the values listed in the table below.
Use Case |
Response time based on atomic operations for 95 % of the requests |
Maximum response time based on atomic operations |
Create/Modify TCN data record (without fingerprints) |
30 sec |
60 sec |
Create/Modify TCN data record (with fingerprints) |
Acknowledgement: 30 sec Completion: 5 min |
Acknowledgement: 60 sec Completion: 10 min |
Erase TCN data record (with or without fingerprints) |
30 sec |
60 sec |
View data record created by the same Member State (with or without fingerprints) |
15 sec |
30 sec |
Search convicting Member State (exact search; without fingerprints) |
15 sec |
30 sec |
Search convicting Member State (with fingerprints) |
30 sec |
60 sec |
Search convicting Member State (inexact search; with or without fingerprints) |
30 sec |
60 sec |
Verify the fingerprint data quality |
10 sec |
20 sec |
(1) N/A means ‘not applicable’.
(2) The combination of the Member State Reference Code and ISO code of the convicting Member State
(3) Concerns only cases when a person has previous name(s) or surname(s), e.g. maiden name.
(4) Idem
(5) Travel document means a passport or other equivalent document entitling the holder to cross the external borders and to which a visa may be affixed, as listed in Decision 1105/2011/EU of the European Parliament and of the Council of 25 October 2011 on the list of travel documents which entitle the holder to cross the external borders and which may be endorsed with a visa and on setting up a mechanism for establishing this list (OJ L 287, 4.11.2011, p. 9).
(*1) alphanumeric data element of an existing data record, which shall be compared with a respective data element of the data record to be created in accordance with Article 3(4).
(*2) data element that might be chosen in accordance with Article 5(2) as one of the three minimum data elements for querying ECRIS-TCN system.