52013SC0052

COMMISSION STAFF WORKING DOCUMENT

DETAILED EXPLANATION OF THE PROPOSAL BY CHAPTERS AND ARTICLES

Accompanying the document

Proposal for a Regulation of the European Parliament and of the Council

establishing a Registered Traveller Programme

· Detailed explanation of the proposal by Chapters and main Articles

Chapter One lays down the subject matter of the Regulation, the set-up of the RTP and the token-repository and definitions.

Chapter Two details the procedures and conditions for lodging an application including biometric data (fingerprints), the authorities responsible for examining and deciding on an application and the fee.

Chapter Three is dedicated to the examination of and decision on an application, whereas Chapter Four lays down the rules for granting, extending, refusing and revoking access to the RTP by the competent authorities. Chapter Five contains provisions on the administration and organisation of the RTP.

Chapter Six defines the technical architecture, the categories of data and general rules and principles on access to the token-Central Repository. It also specifies the data to be entered upon registration of the application and those to be added when a decision has been taken to grant, refuse, revoke or extend access to the RTP.

Chapter Seven specifies the conditions and procedures for the use of data by the competent authorities. It also includes provisions on the use of data for reporting and statistics. Chapter Eight lays down the rules for the retention and amendment of the data recorded in the Central Repository. It also covers the rules on lost and stolen tokens.

Chapter Nine contains provisions on the adoption of implementing measures by the Commission and to delegate the power to the Commission to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union and lays down the responsibilities for the token-repository, including the development and operational management thereof, for the use of data and data security, and rules on the keeping of records and penalties.

Chapter Ten concerns data protection rights and supervision. Whereas Directive 95/46/EC and Regulation (EC) No 45/2001 fully apply for this Regulation, the provisions of this chapter clarify certain points related to the safeguard of the rights of data subjects and the roles of the national supervisory authorities and the European Data Protection Supervisor.

The final chapter covers the start of transmission and operation, the setting up of a Committee to assist the Commission when adopting implementing measures, the exercise of the delegation, notification, advisory group, training, monitoring and evaluation, the entry into force and the applicability of this Regulation.

Chapter I: General provisions

Article 1 defines the objective of the Regulation.

Article 2 establishes the token-Central Repository as a system for the storage of RTP data, which shall enable competent national authorities to enter and update RT data and to consult these data electronically. It also gives the Agency the mandate for developing and operationally managing the Central Repository and to define technical specifications for a token.

The definitions in Article 3 refer to the EU legislation on visa policy or the Schengen acquis, except for the terms ‛Registered Traveller Programme’, ‛registered traveller’, ‛Central Repository’, ‛token’, ‛application form’, ‘Competent authorities’, ‘Member State responsible’, ‘National System’ which are defined specifically for the purposes of this Regulation. The definitions listed in the Regulation correspond to the definitions used in the Schengen Borders Code, the VIS Regulation, the Community Code on visas and Regulation establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice.

Chapter II: Procedures and conditions for lodging an application for an RTP

Article 4 defines the competent Member States and authorities. To make the examination of an application workable and as easy as possible for Member States and also feasible for the applicant in any Member State both visa and border authorities are competent for examining and deciding on an application for access to the RTP.

Article 5 paragraph 1 follows the same principle as Article 4. To facilitate the lodging of an application and to avoid causing extra journeys for third-country travellers, it should be possible to lodge an application at any Member States' consulate, at any common visa application centre or at any external border crossing point. This guarantees that visa holders are able to lodge their RTP application at the same time as the visa application and visa-exempt travellers do not need to travel to a consulate to lodge an RTP application.

Paragraph 2 establishes the possibility to require applicants to obtain an appointment for the lodging of application. Paragraphs 3, 4 and 5 are linked to Article 8 and refer to the general requirement of all first time applicants to submit their application in person for the purpose of providing their biometric data and for the interview subject to the exemptions of paragraph 5. If a Member State accepts and the applicant uses an online application form, the biometric data need to be captured, the travel document checked and an interview carried out, if applicable, when the decision is made for the application and a token issued as stated in paragraph 4.

Paragraph 6 sets out the general principles for the material submission of the application including supporting documents and is linked to Articles 6-10 and Annex II.

As regards the application form Article 6 paragraphs 1 and 2 follow the same rules as the Visa Code. Paragraphs 3 and 4 set out the rules for the languages used in the application form and required language(s) need to be used when filling in the application form. The application form is needed for the official languages of neighbouring third countries especially at the land border crossing points.

Article 7 lays down that the travel document shall be either a Machine Readable Travel Document (MRTD) or an electronic Machine Readable Travel Document (eMRTD). This would allow the usage of Automated Border Control systems at the external borders. The travel document shall be valid at least for the period of access requested for the RTP. Border check technology and security features of the travel documents are under constant development. For that reason, the travel document should not be older than five years which is also the longest period of access to the RTP without submission of a new application.

Article 8 sets out the requirements for collecting biometric data (fingerprints). Contrary to other legislation, such as the Visa Code, the article does not allow any exemption from collecting biometric data from third-country nationals. Biometric data need to be available from all registered travellers to allow them to use Automated Border Control systems.

The contents of Article 9, as well as Annex II, establishing a non-exhaustive list of possible supporting documents to be submitted by applicants, are the same as in the Visa Code. Paragraph 2 establishes the specific rule for the family members of citizens of the Union enjoying the right to free movement. To avoid several sets of supporting documents to be submitted by the applicant the one and same supporting documents, if any submitted together with an application for a multiple-entry visa may be used also for examining an RTP application.

Article 10 sets out the rules for the fee to be paid by applicants. The fee is to cover the administrative costs of processing an RTP application. The fee shall be revised regularly as stated in paragraph 2. The Commission is empowered to adopt delegated acts in accordance with article 58 concerning the fee (amendment of Annex). Paragraph 3 states that a fee is to be charged in EUR or the currency of the host country where an application is lodged and that the handling fee is not refundable. Paragraph 4 refers to the management of fees charged in local currency and paragraph 5 ensures that applicants receive a receipt for the fee paid. The fee is not refundable although the application would be withdrawn by the applicant.

Chapter III: Examination of and decision on an application

Article 11 ensures that competent authorities verify certain conditions before examining the application thus guaranteeing that the application is admissible. Paragraph 2 is linked to Article 24 and gives authorities guidance how to continue with the application when it is admissible whereas paragraph 3 lays down the rules in case of inadmissible applications.

Paragraph 1 of Article 12 gives a mandate for the competent authorities to examine an application and carry out interviews where appropriate. Paragraph 2 is crucial because it establishes the basic criteria for examining RTP applications: the two main issues to be born in mind by consular and border authorities, namely the migratory and security risks. Furthermore, the applicant shall prove the need to travel frequently and/or regularly.

Paragraph 3 which is linked to paragraph 2(f) makes reference to the means of subsistence indicating that the assessment shall take into account the reference amounts as referred to in the Schengen Borders Code as well as the statement on accommodation/bearing of costs (Annex II).

Paragraph 4 establishes the possibility to consult other Member States if there are any doubts on the applicant, his/her statements made or supporting documents provided. Additional supporting documents may be asked from the applicant in justified cases (paragraph 5). Paragraph 6 is meant as a formal guarantee that each application is assessed on its own merit and that due consideration is given to the applicant’s situation at the moment of application. A derogation for the general rule of examination of applications is established in paragraph 7.

In order to enhance the equal treatment of RTP applicants, a maximum decision time has been introduced in Article 13. Paragraph 2 deals with the different types of decisions which can be made by the competent authorities.

CHAPTER IV: Granting, extending, refusing and revoking access to the RTP

Article 14 paragraph 1 covers the period of access granted for the RTP which is linked to Article 12 and the validity of the travel document, visa and residence permit, if applicable. To avoid unnecessary work and cost for the authorities and for the travellers, the access may be extended twice without a new application. After five years, the traveller is obliged to submit a new application.

Paragraph 2 deals with the holders of multiple-entry visas, residence permits and residence cards[1]. The criteria for granting access to the RTP and for issuing a multiple-entry visa are basically the same thus there is no need to make a similar assessment twice. On the other hand, holders of residence permits and residence cards enjoy the right of free movement under Union law and are only partly subject to thorough border checks. These categories of travellers' access can be granted to the RTP almost "automatically" if they submit an application.

Paragraphs 3, 4 and 5 oblige the competent authorities to enter necessary data in the token-Central Repository when granting or extending access to the RTP.

Paragraph 1 of Article 15 lists a number of precise criteria for refusing access to the RTP, which is in line with the Schengen Borders Code. Paragraph 2 specifies that refusals must be notified in writing by means of the form set out in Annex IV. Paragraph 3 makes clear that appeals against RTP refusals remain within the Member States' competence. However, the applicant shall have the right to review the refusal for challenging or correcting potential errors in accordance with the right to effective remedy (Article 47(1) of the Charter of Fundamental Rights of the EU). Paragraph 4 obliges the competent authorities to enter necessary data in the Central Repository when refusing access to the RTP. This paragraph is linked to Article 28.

Article 16 lists three different types of cases when access to the RTP shall be revoked by the competent visa or border authorities. Any Member State's visa or border authority shall be competent to revoke access to the RTP if the condition(s) of Article 16(1) is/are met. Authorities other than the competent authorities have no access to the Central Repository thus paragraph 3 deals with the situation where some other authorities have evidence to suggest that access to the RTP should be revoked. Paragraph 4 specifies that revocations must be notified in writing by means of the form set out in Annex IV. Paragraph 5 makes clear that appeals against RTP refusals remain within the Member States' competence. Paragraph 6 obliges the competent authorities to enter necessary data in the Central Repository when revoking access to the RTP. This paragraph is linked to Article 29. Registered travellers shall have the right to ask immediate deletion of his/her data as laid down in paragraph 7.

CHAPTER V: Administrative management and organisation

Article 17 deals with the archives of applications. Member State's competent authorities are responsible for archiving applications. Archives may be kept in an electronic form.

Article 18 corresponds to articles on the same issue in the Schengen Borders Code and in the Visa Code. In addition to that, this article obliges Member States to compile annual statistics on the RTP. Based on the statistics Member States will know at all times the number of registered travellers to support the assessment of whether to install Automated Border Control facilities at their border crossing points or not.

Article 19 has been introduced in order to ensure that the competent authorities respect the European Charter of Fundamental Rights when dealing with RTP applicants and applications.

It is essential that applicants are well informed of the criteria and procedures for applying for access to an RTP. For that purposes, Article 20 is introduced. Efforts must be made to ensure that applicants are well informed about the criteria for lodging an application and where and how to submit their applications.

CHAPTER VI: Technical architecture of the token-Central Repository, categories of data and entry of data by the competent authorities

Article 21 establishes the technical architecture of the token-Central Repository which shall consist of the Central Repository, a Uniform Interface in each Member State, the Network Entry Points and the communication infrastructure between the Central Repository, and the Network Entry Points and a token (unique identifier).

Article 22 sets out the categories of data to be recorded in the token-Central Repository: unique identifier number, alphanumeric data and fingerprint data, which are detailed in Articles 8 and 25 to 30. The categories of data are almost the same as with the VIS. This is done to guarantee synergies between the systems, maintain congruence at the EU level and to make the use of the systems as similar and easy as possible for the competent authorities.

Article 23 paragraph 1 provides the basic rules for the access to the data: Access for entering, amending, deleting, searching or consulting the data shall be reserved only to duly authorised staff of the competent authorities, limited to the extent as needed for the performance of the tasks. The competent authorities shall be designated and communicated by each Member State to the Agency, which shall publish these lists in the Official Journal of the European Union as stated in paragraph 3.

Article 24 determines the procedures for entering data, when an RTP application is found admissible: The competent visa authority shall create an application file by entering the data referred to in Article 25 into the Central Repository. Paragraph 2 lays down specific rules for the data which is not required.

Article 25 details the data to be entered when creating the application file: The unique application number (same as a unique identifier number recorded in a token), the status information and the authority to which the application has been lodged are needed to identify the set of data on the application and the competent authority. The source for the alphanumeric data listed under paragraph 4 is the harmonised application form (Annex I). These data are required for the assessment of the application. The inclusion of data on persons and companies issuing invitations will help to identify those persons and companies which make fraudulent invitations. This constitutes important information in the fight against RTP fraud, irregular migration and human trafficking.

Paragraph 5 is linked to Article 8 and determines biometrics which shall be entered in the Central Repository. The fingerprint data are essential to ensure exact verification of the registered traveller at the external border crossing points. It is not possible to identify persons with alphanumeric data alone. Even for low-risk travellers the spelling of the same name can be different from one country to another, many instances of the same name exist and in some countries dates of births are not completely known.

Article 26 creates the obligation for the competent authorities to add to the application file the data when the decision has been taken to grant access to the RTP. Paragraph 2 covers the case that the application is withdrawn by the applicant before a decision has been taken.

Article 27 covers the data to be entered in the token when the decision has been taken to grant access to the RTP. The token shall be given for the applicant as mentioned in paragraph 2.

Article 28 concerns the data to be added when access to the RTP is refused. The grounds for refusing access to the RTP are based upon the conditions laid down in Article 15. The ground(s) for refusing access to the RTP shall be mentioned in the application file as mentioned in paragraph 2.

Article 29 covers the data to be added when the decision is taken to revoke access to the RTP. The grounds for revoking access to the RTP are based upon the conditions laid down in Article 16. The ground(s) for revoking access to the RTP shall be mentioned in the application file as indicated in paragraph 2. The applicant can also ask for the revocation.

Article 30 concerns the data to be added when access to the RTP is extended. The grounds for extending access to the RTP are based upon the conditions laid down in Article 14(1).

CHAPTER VII: Use of the data for examining applications

Article 31 covers the obligations of the competent authorities to use the Central Repository for examining registered traveller applications, for the examination whether to revoke or extend access granted to the RTP, in case of lost or stolen token and if any problems occur with facilitating registered traveller's border crossing. Since for these purposes all information stored in the Central Repository may be relevant, the competent visa and border authority shall have access either to the complete application file including biometric data of the applicant or only to the separate section of Central Repository containing alphanumeric data. For extending access to the RTP and if any problems occur with facilitating registered traveller's border crossing the separate section of Central Repository containing biometric data shall not be accessible for the competent authorities without presenting fingerprints and a token at the same time as stated in paragraph 4. Central Repository may be searched with the biometric data alone only for the examination of applications, revoking access to the RTP and in case the token is lost or stolen as mentioned in paragraph 5. The access shall be given in two steps: If the search with data listed in paragraphs 2, 4 or 5 indicates that data on the applicant are recorded in the Central Repository, in a second step access shall be given to the data of the relevant part of the application file(s) (i.e. alpahanumeric data, biometric data or both). Access to the biometric data shall be given only if the search is carried out in conformity with paragraphs 4 and 5.

Article 32 covers the use of data for border checks at external borders: Paragraph 1 defines this purpose as well as the data to be searched with. Paragraph 2 specifies to which data access shall be given, if the search mentioned above indicates that data on the applicant are recorded in the Central Repository. In case a manual border check is carried out without automation there is no need to verify the registered traveller's identity by using the fingerprints as laid down in paragraph 3.

Article 33 specifies the use of data for reporting and statistics by the competent authorities. The nature of the data referred to in this provision do not allow identifying individual applicants.

CHAPTER VIII: Retention period, amendment of data and lost or stolen token

Article 34 sets out a retention period of five years for each application file. For the determination of this retention period it has been taken into account that for reasons of data protection, personal data should be kept no longer than it is necessary for the purposes of the RTP[2]. The retention period determined is the same as for the VIS and is in line with the maximum length of a multiple-entry visa. This retention period is necessary to meet the objectives of the RTP, e.g. the assessment of the applicant’s good faith or detect continued practices of fraud applications for the RTP over years. If personal data would be retained only for the period of access granted for the RTP, the contribution to these purposes would be very limited. This retention period would also allow speeding up of subsequent applications especially as it would be possible to copy fingerprints from the first entry into the Central Repository within a period of 59 months. This Article specifies when the retention period shall start. Paragraph 2 creates the obligation to carry out automatically the deletion of the application.

Article 35 provides that only the Member State responsible i.e. the Member State which has entered the data in the Central Repository shall have the right, and is also responsible, to amend the data by deleting or correcting it. Paragraph 3 creates the obligation for each Member State to inform this Member State if there is evidence that data are inaccurate or were processed contrary to this Regulation. Paragraph 4 ensures the deletion of data of applicants who have acquired the nationality of a Member State before expiry of the retention period. However, if a third country national becomes a family member of a citizen of the Union without acquiring the nationality of a Member State, this will not affect the storage of his/her data in the Central Repository. In such case, a third country national can still have access to the RTP. Paragraph 5 provides that the data listed in Article 28 are deleted and the application re-examined if the refusal of access to the RTP has been cancelled by a court or an appeal board.

CHAPTER IX: Development, operation and responsibilities

Article 37 provides for the implementation measures to be adopted by the Commission prior to development. The measures necessary for the development and technical implementation shall be adopted by the Commission in accordance with the relevant provisions of Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission's exercise of implementing powers assisted by the Committee referred to in Article 57.

Article 38 clarifies that the Agency shall be responsible for the development and operational management (24/7) of the Central Repository, the Back-up Central Repository and the Uniform Interfaces and for defining the technical specifications for a token as soon as possible after entry into force of this Regulation and adoption of the implementation measures. Paragraph 3 highlights the importance of a short interrogation time.

Article 39 creates in paragraphs 1 to 3 the obligation for each Member State to connect the Central Repository to each National System , to designate a national authority to provide the access for the competent authorities and to observe automated procedures for processing the data. Furthermore, the competences of each Member State for its National System is clarified. Paragraph 4 emphasizes the need for training the staff before being authorised to process data stored in the Central Repository. Paragraph 5 clarifies the burden for the related costs.

Article 40 sets out in paragraph 1 the responsibilities of the Member States for the use of the data, acting as a controller at the moment of collection, transmission and reception of personal data. Paragraph 2 creates obligations for the Agency as processor with regard to confidentiality and security, pursuant to Articles 16 and 17 of Directive 95/46/EC and Articles 21 and 22 of Regulation (EC) No 45/2001. Paragraph 3 guarantees that the Parliament is informed.

Article 41 ensures that a Member State may keep the alphanumeric data in its national files which that Member State entered in the Central Repository at their own cost, risk and with their own technical means. This would be congruent with Article 30(2) of the VIS Regulation[3] and Article 32(2) of the SISII Regulation[4] and also in line with Article 17 of this Regulation.

CHAPTER X: Rights and supervision on data protection

For the protection of personal data, the relevant Community’s legislation, Directive 95/46/EC and Regulation (EC) 45/2001, fully apply for this instrument. The provisions in this chapter clarify certain points in respect of safeguarding the rights of the persons concerned and of the supervision on data protection.

Article 48 covers the right of information of the applicants, but also of persons issuing invitations or liable to pay the costs of living during the stay, whose data shall be stored in the Central Repository pursuant to Article 25(4)(f). Paragraph 1 contains in conformity with Article 10 of Directive 95/46/EC a list of items the person concerned has to be informed about. Paragraph 2 specifies that the information shall be provided in writing. Paragraph 3 refers to the form mentioned in Article 9(5).

Article 49 provides in paragraphs 1 and 2 any person the right to access, correction and deletion of data relating to him which are inaccurate or recorded unlawfully, and clarifies in paragraph 3 that the related request may be lodged in any Member State. Paragraphs 4 to 6 specify the requirements according to Article 12 of Directive 95/46/EC.

Article 50 lays down an obligation for the competent authorities to ensure the proper operation of the mechanism laid down in Article 48 and the assistance and advice by the National Supervisory Authority, specifying the obligations laid down in Article 28(4) and (6) of Directive 95/46/EC.

Article 51 clarifies pursuant to Article 22 of Directive 95/46/EC the right of any person to remedies before the courts of each Member State if the rights of access to or correction or deletion of data relating to him/her is refused.

Article 52 clarifies the competence of the National Supervisory Authorities to review the lawfulness of all the processing operations carried out by the Member States. It lays down rules on audit and obliges Member States to designate a controller. Furthermore, it specifies the information which shall be supplied to National Supervisory Authorities.

Article 53 provides that the European Data Protection Supervisor as established by Article 41(1) of Regulation (EC) No 45/2001 shall monitor the activities of the Agency related to the processing of personal data covered by this Regulation. Paragraph 2 specifies the European Data Protection Supervisor's role on the Agency's audit which shall be carried out at least every four years. Paragraph 3 creates obligations to support this audit and monitoring.

Article 54 creates obligations for the National Supervisory Authorities and the European Data Protection Supervisor to co-operate. They shall meet at least twice a year and send a joint report of activities to the European Parliament, the Council, the Commission and the Agency every two years.

CHAPTER XI: Final provisions

Article 55 connects the start of transmission of data to the notification of each Member State to the Commission that it has made the necessary technical and legal arrangements for the transmission of data to the Central Repository and that the Agency has made necessary technical arrangements.

Article 63 creates the obligation for the Agency to monitor and evaluate the operation of the Central Repository and produce monitoring and evaluation reports, to be submitted to the European Parliament, the Council and the Commission. Furthermore, Article 63 creates the obligation for the Commission to produce an overall evaluation of the RTP. Paragraphs 4 and 5 oblige Member States and the Agency to provide necessary information to produce the evaluation.

Article 64 concerns the entry into force and applicability. Due to the technical requirements involved in establishing the RTP, it is not possible to provide for simultaneous entry into force and applicability of the Regulation.

[1]               Directive 2004/38/EC of the European Parliament and of the Council, of 29 April 2004, on the right of citizens of the Union and their family members to move and reside freely within the territory of the Member States.

[2]               Directive 95/46/EC, Article 6(1)(e).

[3]               OJ L 218, 13.8.2008.

[4]               OJ L 381, 28.12.2006.