1.   A European Union Agency for Law Enforcement Cooperation (Europol) is hereby established with a view to supporting cooperation among law enforcement authorities in the Union.

2.   Europol as established by this Regulation shall replace and succeed Europol as established by Decision 2009/371/JHA.

1.   Europol shall support and strengthen action by the competent authorities of the Member States and their mutual cooperation in preventing and combating serious crime affecting two or more Member States, terrorism and forms of crime which affect a common interest covered by a Union policy, as listed in Annex I.

2.   In addition to paragraph 1, Europol's objectives shall also cover related criminal offences. The following shall be considered to be related criminal offences:

1.   Europol shall perform the following tasks in order to achieve the objectives set out in Article 3:

2.   Europol shall provide strategic analyses and threat assessments to assist the Council and the Commission in laying down strategic and operational priorities of the Union for fighting crime. Europol shall also assist in the operational implementation of those priorities.

3.   Europol shall provide strategic analyses and threat assessments to assist the efficient and effective use of the resources available at national and Union level for operational activities and the support of those activities.

4.   Europol shall act as the Central Office for combating euro counterfeiting in accordance with Council Decision 2005/511/JHA (20). Europol shall also encourage the coordination of measures carried out to fight euro counterfeiting by the competent authorities of the Member States or in the context of joint investigation teams, where appropriate in liaison with Union bodies and the authorities of third countries.

5.   Europol shall not apply coercive measures in carrying out its tasks.

1.   Europol staff may participate in the activities of joint investigation teams dealing with crime falling within Europol's objectives. The agreement setting up a joint investigation team shall determine the conditions relating to the participation of the Europol staff in the team, and shall include information on the rules on liability.

2.   Europol staff may, within the limits of the laws of the Member States in which a joint investigation team is operating, assist in all activities and exchanges of information with all members of the joint investigation team.

3.   Europol staff participating in a joint investigation team may, in accordance with this Regulation, provide all members of the team with necessary information processed by Europol for the purposes set out in Article 18(2). Europol shall at the same time inform the national units of the Member States represented in the team, as well as those of the Member States which provided the information.

4.   Information obtained by Europol staff while part of the joint investigation team may, with the consent and under the responsibility of the Member State which provided the information, be processed by Europol for the purposes set out in Article 18(2), under the conditions laid down in this Regulation.

5.   Where Europol has reason to believe that setting up a joint investigation team would add value to an investigation, it may propose this to the Member States concerned and take measures to assist them in setting up the joint investigation team.

1.   In specific cases where Europol considers that a criminal investigation should be initiated into a crime falling within the scope of its objectives, it shall request the competent authorities of the Member States concerned via the national units to initiate, conduct or coordinate such a criminal investigation.

2.   The national units shall inform Europol without delay of the decision of the competent authorities of the Member States concerning any request made pursuant to paragraph 1.

3.   If the competent authorities of a Member State decide not to accede to a request made by Europol pursuant to paragraph 1, they shall inform Europol of the reasons for their decision without undue delay, preferably within one month of receipt of the request. However, the reasons may be withheld if providing them would:

4.   Europol shall immediately inform Eurojust of any request made pursuant to paragraph 1 and of any decision of a competent authority of a Member State pursuant to paragraph 2.

1.   The Member States and Europol shall cooperate with each other in the fulfilment of their respective tasks set out in this Regulation.

2.   Each Member State shall establish or designate a national unit, which shall be the liaison body between Europol and the competent authorities of that Member State. Each Member State shall appoint an official as the head of its national unit.

3.   Each Member State shall ensure that its national unit is competent under national law to fulfil the tasks assigned to national units in this Regulation, and in particular that it has access to national law enforcement data and other relevant data necessary for cooperation with Europol.

4.   Each Member State shall determine the organisation and the staff of its national unit in accordance with its national law.

5.   In accordance with paragraph 2, the national unit shall be the liaison body between Europol and the competent authorities of the Member States. However, subject to conditions determined by the Member States, including prior involvement of the national unit, the Member States may allow direct contacts between their competent authorities and Europol. The national unit shall at the same time receive from Europol any information exchanged in the course of direct contacts between Europol and the competent authorities, unless the national unit indicates that it does not need to receive such information.

6.   Each Member State shall, via its national unit or, subject to paragraph 5, a competent authority, in particular:

7.   Without prejudice to the discharge by Member States of their responsibilities with regard to the maintenance of law and order and the safeguarding of internal security, Member States shall not in any particular case be obliged to supply information in accordance with point (a) of paragraph 6 that would:

However, Member States shall supply information as soon as it ceases to fall within the scope of points (a), (b) or (c) of the first subparagraph.

8.   Member States shall ensure that their financial intelligence units established pursuant to Directive 2005/60/EC of the European Parliament and of the Council (21) are allowed to cooperate with Europol via their national unit regarding analyses, within the limits of their mandate and competence.

9.   The heads of the national units shall meet on a regular basis, in particular to discuss and resolve problems that occur in the context of their operational cooperation with Europol.

10.   The costs incurred by national units in communications with Europol shall be borne by the Member States and, with the exception of the costs of connection, shall not be charged to Europol.

11.   Europol shall draw up an annual report on the information provided by each Member State pursuant to point (a) of paragraph 6 on the basis of the quantitative and qualitative evaluation criteria defined by the Management Board. The annual report shall be sent to the European Parliament, the Council, the Commission and national parliaments.

1.   Each national unit shall designate at least one liaison officer to be attached to Europol. Except as otherwise laid down in this Regulation, the liaison officers shall be subject to the national law of the designating Member State.

2.   Liaison officers shall constitute the national liaison bureaux at Europol and shall be instructed by their national units to represent the interests of the latter within Europol in accordance with the national law of the designating Member State and the provisions applicable to the administration of Europol.

3.   Liaison officers shall assist in the exchange of information between Europol and their Member States.

4.   Liaison officers shall, in accordance with their national law, assist in the exchange of information between their Member States and the liaison officers of other Member States, third countries and international organisations. Europol's infrastructure may be used, in accordance with national law, for such bilateral exchanges also to cover crimes falling outside the scope of the objectives of Europol. All such exchanges of information shall be in accordance with applicable Union and national law.

5.   The Management Board shall determine the rights and obligations of liaison officers in relation to Europol. Liaison officers shall enjoy the privileges and immunities necessary for the performance of their tasks in accordance with Article 63(2).

6.   Europol shall ensure that liaison officers are fully informed of and associated with all of its activities, in so far as necessary for the performance of their tasks.

7.   Europol shall cover the costs of providing Member States with the necessary premises within the Europol building and adequate support for liaison officers to perform their duties. All other costs that arise in connection with the designation of liaison officers shall be borne by the designating Member State, including the costs of equipment for liaison officers, unless the European Parliament and the Council decide otherwise on the recommendation of the Management Board.

1.   Europol shall only process information that has been provided to it:

2.   Europol may directly retrieve and process information, including personal data, from publicly available sources, including the internet and public data.

3.   In so far as Europol is entitled under Union, international or national legal instruments to gain computerised access to data from Union, international or national information systems, it may retrieve and process information, including personal data, by such means if that is necessary for the performance of its tasks. The applicable provisions of such Union, international or national legal instruments shall govern access to, and the use of, that information by Europol, in so far as they provide for stricter rules on access and use than those laid down by this Regulation. Access to such information systems shall be granted only to duly authorised staff of Europol and only in so far as this is necessary and proportionate for the performance of their tasks.

1.   In so far as is necessary for the achievement of its objectives as laid down in Article 3, Europol may process information, including personal data.

2.   Personal data may be processed only for the purposes of:

3.   Processing for the purpose of operational analyses as referred to in point (c) of paragraph 2 shall be performed by means of operational analysis projects, in respect of which the following specific safeguards shall apply:

4.   The processing referred to in paragraphs 2 and 3 shall be carried out in compliance with the data protection safeguards provided for in this Regulation. Europol shall duly document those processing operations. The documentation shall be made available, upon request, to the Data Protection Officer and to the EDPS for the purpose of verifying the lawfulness of the processing operations.

5.   Categories of personal data and categories of data subjects whose data may be collected and processed for each purpose referred to in paragraph 2 are listed in Annex II.

6.   Europol may temporarily process data for the purpose of determining whether such data are relevant to its tasks and, if so, for which of the purposes referred to in paragraph 2. The Management Board, acting on a proposal from the Executive Director and after consulting the EDPS, shall further specify the conditions relating to the processing of such data, in particular with respect to access to and use of the data, as well as time limits for the storage and deletion of the data, which may not exceed six months, having due regard to the principles referred to in Article 28.

7.   The Management Board, after consulting the EDPS, shall, as appropriate, adopt guidelines further specifying procedures for the processing of information for the purposes listed in paragraph 2 in accordance with point (q) of Article 11(1).

1.   A Member State, a Union body, a third country or an international organisation providing information to Europol shall determine the purpose or purposes for which it is to be processed, as referred to in Article 18. If it has not done so, Europol, in agreement with the provider of the information concerned, shall process the information in order to determine the relevance of such information as well as the purpose or purposes for which it is to be further processed. Europol may process information for a purpose different from that for which information has been provided only if authorised so to do by the provider of the information.

2.   Member States, Union bodies, third countries and international organisations may indicate, at the moment of providing information to Europol, any restriction on access thereto or the use to be made thereof, in general or specific terms, including as regards its transfer, erasure or destruction. Where the need for such restrictions becomes apparent after the information has been provided, they shall inform Europol accordingly. Europol shall comply with such restrictions.

3.   In duly justified cases Europol may assign restrictions to access or use by Member States, Union bodies, third countries and international organisations of information retrieved from publicly available sources.

1.   Member States shall, in accordance with their national law and Article 7(5), have access to, and be able to search, all information which has been provided for the purposes of points (a) and (b) of Article 18(2). This shall be without prejudice to the right of Member States, Union bodies, third countries and international organisations to indicate any restrictions in accordance with Article 19(2).

2.   Member States shall, in accordance with their national law and Article 7(5), have indirect access on the basis of a hit/no hit system to information provided for the purposes of point (c) of Article 18(2). This shall be without prejudice to any restrictions indicated by the Member States, Union bodies and third countries or international organisations providing the information, in accordance with Article 19(2).

In the case of a hit, Europol shall initiate the procedure by which the information that generated the hit may be shared, in accordance with the decision of the provider of the information to Europol.

3.   In accordance with national law, the information referred to in paragraphs 1 and 2 shall be accessed and further processed by Member States only for the purpose of preventing and combating:

4.   Europol staff duly empowered by the Executive Director shall have access to information processed by Europol to the extent required for the performance of their duties and without prejudice to Article 67.

1.   Europol shall take all appropriate measures to enable Eurojust and OLAF, within their respective mandates, to have indirect access on the basis of a hit/no hit system to information provided for the purposes of points (a), (b) and (c) of Article 18(2), without prejudice to any restrictions indicated by the Member State, Union body, third country or international organisation providing the information in question, in accordance with Article 19(2).

In the case of a hit, Europol shall initiate the procedure by which the information that generated the hit may be shared, in accordance with the decision of the provider of the information to Europol, and only to the extent that the data generating the hit are necessary for the performance of Eurojust's or OLAF's tasks.

2.   Europol and Eurojust may conclude a working arrangement ensuring, in a reciprocal manner and within their respective mandates, access to, and the possibility of searching, all information that has been provided for the purpose specified in point (a) of Article 18(2). This shall be without prejudice to the right of Member States, Union bodies, third countries and international organisations to indicate restrictions on access to, and the use of, such data, and shall be in accordance with the data protection guarantees provided for in this Regulation.

3.   Searches of information in accordance with paragraphs 1 and 2 shall be carried out only for the purpose of identifying whether information available at Eurojust or OLAF matches with information processed at Europol.

4.   Europol shall allow searches in accordance with paragraphs 1 and 2 only after obtaining from Eurojust information on which National Members, Deputies and Assistants, as well as Eurojust staff members, and from OLAF information on which OLAF staff members, have been designated as authorised to perform such searches.

5.   If, during Europol's information-processing activities in respect of an individual investigation, Europol or a Member State identifies the need for coordination, cooperation or support in accordance with the mandate of Eurojust or OLAF, Europol shall notify them to that effect and shall initiate the procedure for sharing the information, in accordance with the decision of the Member State providing the information. In such a case, Eurojust or OLAF shall consult with Europol.

6.   Eurojust, including the College, the National Members, Deputies and Assistants, as well as Eurojust staff members, and OLAF, shall respect any restriction on access or use, in general or specific terms, indicated by Member States, Union bodies, third countries and international organisations in accordance with Article 19(2).

7.   Europol, Eurojust and OLAF shall inform each other if, after consulting each other's data in accordance with paragraph 2 or as a result of a hit in accordance with paragraph 1, there are indications that data may be incorrect or may conflict with other data.

1.   Europol shall, in accordance with point (b) of Article 4(1), notify a Member State without delay of any information concerning it. If such information is subject to access restrictions pursuant to Article 19(2) that would prohibit its being shared, Europol shall consult with the provider of the information stipulating the access restriction and seek its authorisation for sharing.

In such a case, the information shall not be shared without an explicit authorisation by the provider.

2.   Irrespective of any access restrictions, Europol shall notify a Member State of any information concerning it if this is absolutely necessary in the interest of preventing an imminent threat to life.

In such a case, Europol shall at the same time notify the provider of the information about the sharing of the information and justify its analysis of the situation.

1.   Personal data shall be:

2.   Europol shall make publicly available a document setting out in an intelligible form the provisions regarding the processing of personal data and the means available for the exercise of the rights of data subjects.

1.   The reliability of the source of information originating from a Member State shall be assessed as far as possible by the providing Member State using the following source evaluation codes:

2.   The accuracy of information originating from a Member State shall be assessed as far as possible by the providing Member State using the following information evaluation codes:

3.   Where Europol, on the basis of information already in its possession, comes to the conclusion that the assessment provided for in paragraphs 1 or 2 needs to be corrected, it shall inform the Member State concerned and seek to agree on an amendment to the assessment. Europol shall not change the assessment without such agreement.

4.   Where Europol receives information from a Member State without an assessment in accordance with paragraphs 1 or 2, it shall attempt to assess the reliability of the source or the accuracy of information on the basis of information already in its possession. The assessment of specific data and information shall take place in agreement with the providing Member State. A Member State may also agree with Europol in general terms on the assessment of specified types of data and specified sources. If no agreement is reached in a specific case, or no agreement in general terms exists, Europol shall assess the information or data and shall attribute to such information or data the evaluation codes (X) and (4) referred to in paragraphs 1 and 2 respectively.

5.   This Article shall apply mutatis mutandis where Europol receives data or information from a Union body, third country, international organisation or private party.

6.   Information from publicly available sources shall be assessed by Europol using the evaluation codes set out in paragraphs 1 and 2.

7.   Where information is the result of an analysis made by Europol in the performance of its tasks, Europol shall assess such information in accordance with this Article, and in agreement with the Member States participating in the analysis.

1.   Processing of personal data in respect of victims of a criminal offence, witnesses or other persons who can provide information concerning criminal offences, or in respect of persons under the age of 18, shall be allowed if it is strictly necessary and proportionate for preventing or combating crime that falls within Europol's objectives.

2.   Processing of personal data, by automated or other means, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership and processing of genetic data or data concerning a person's health or sex life shall be prohibited, unless it is strictly necessary and proportionate for preventing or combating crime that falls within Europol's objectives and if those data supplement other personal data processed by Europol. The selection of a particular group of persons solely on the basis of such personal data shall be prohibited.

3.   Only Europol shall have direct access to personal data as referred to in paragraphs 1 and 2. The Executive Director shall duly authorise a limited number of Europol officials to have such access if it is necessary for the performance of their tasks.

4.   No decision by a competent authority which produces adverse legal effects concerning a data subject shall be based solely on automated processing of data as referred to in paragraph 2, unless the decision is expressly authorised pursuant to national or Union legislation.

5.   Personal data as referred to in paragraphs 1 and 2 shall not be transmitted to Member States, Union bodies, third countries or international organisations unless such transmission is strictly necessary and proportionate in individual cases concerning crime that falls within Europol's objectives and in accordance with Chapter V.

6.   Every year Europol shall provide to the EDPS a statistical overview of all personal data as referred to in paragraph 2 which it has processed.

1.   Personal data processed by Europol shall be stored by Europol only for as long as is necessary and proportionate for the purposes for which the data are processed.

2.   Europol shall in any event review the need for continued storage no later than three years after the start of initial processing of personal data. Europol may decide on the continued storage of personal data until the following review, which shall take place after another period of three years, if continued storage is still necessary for the performance of Europol's tasks. The reasons for the continued storage shall be justified and recorded. If no decision is taken on the continued storage of personal data, that data shall be erased automatically after three years.

3.   If personal data as referred to in Article 30(1) and (2) are stored for a period exceeding five years, the EDPS shall be informed accordingly.

4.   Where a Member State, a Union body, a third country or an international organisation has indicated any restriction as regards the earlier erasure or destruction of the personal data at the moment of transfer in accordance with Article 19(2), Europol shall erase the personal data in accordance with those restrictions. If continued storage of the data is deemed necessary, on the basis of information that is more extensive than that possessed by the data provider, in order for Europol to perform its tasks, Europol shall request the authorisation of the data provider to continue storing the data and shall present a justification for such request.

5.   Where a Member State, a Union body, a third country or an international organisation erases from its own data files personal data provided to Europol, it shall inform Europol accordingly. Europol shall erase the data unless the continued storage of the data is deemed necessary, on the basis of information that is more extensive than that possessed by the data provider, in order for Europol to perform its tasks. Europol shall inform the data provider of the continued storage of such data and present a justification of such continued storage.

6.   Personal data shall not be erased if:

1.   Europol shall implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, accidental loss or unauthorised disclosure, alteration and access or any other unauthorised form of processing.

2.   In respect of automated data processing, Europol and each Member State shall implement measures designed to:

3.   Europol and Member States shall establish mechanisms to ensure that security needs are taken on board across information system boundaries.

1.   In the event of a personal data breach, Europol shall without undue delay notify the EDPS, as well as the competent authorities of the Member States concerned, of that breach, in accordance with the conditions laid down in Article 7(5),as well as the provider of the data concerned.

2.   The notification referred to in paragraph 1 shall, as a minimum:

3.   Europol shall document any personal data breaches, including the facts surrounding the breach, its effects and the remedial action taken, thereby enabling the EDPS to verify compliance with this Article.

1.   Subject to paragraph 4 of this Article, where a personal data breach as referred to in Article 34 is likely to severely and adversely affect the rights and freedoms of the data subject, Europol shall communicate the personal data breach to the data subject without undue delay.

2.   The communication to the data subject referred to in paragraph 1 shall describe, where possible, the nature of the personal data breach, recommend measures to mitigate the possible adverse effects of the personal data breach, and contain the identity and contact details of the Data Protection Officer.

3.   If Europol does not have the contact details of the data subject concerned, it shall request the provider of the data to communicate the personal data breach to the data subject concerned and to inform Europol about the decision taken. Member States providing the data shall communicate the breach to the data subject concerned in accordance with the procedures of their national law.

4.   The communication of a personal data breach to the data subject shall not be required if:

5.   The communication to the data subject may be delayed, restricted or omitted where this constitutes a necessary measure with due regard for the legitimate interests of the person concerned:

1.   Any data subject shall have the right, at reasonable intervals, to obtain information on whether personal data relating to him or her are processed by Europol.

2.   Without prejudice to paragraph 5, Europol shall provide the following information to the data subject:

3.   Any data subject wishing to exercise the right of access to personal data relating to him or her may make a request to that effect, without incurring excessive costs, to the authority appointed for that purpose in the Member State of his or her choice. That authority shall refer the request to Europol without delay, and in any case within one month of receipt.

4.   Europol shall confirm receipt of the request under paragraph 3. Europol shall answer it without undue delay, and in any case within three months of receipt by Europol of the request from the national authority.

5.   Europol shall consult the competent authorities of the Member States, in accordance with the conditions laid down in Article 7(5), and the provider of the data concerned, on a decision to be taken. A decision on access to personal data shall be conditional on close cooperation between Europol and the Member States and the provider of the data directly concerned by the access of the data subject to such data. If a Member State or the provider of the data objects to Europol's proposed response, it shall notify Europol of the reasons for its objection in accordance with paragraph 6 of this Article. Europol shall take the utmost account of any such objection. Europol shall subsequently notify its decision to the competent authorities concerned, in accordance with the conditions laid down in Article 7(5), and to the provider of the data.

6.   The provision of information in response to any request under paragraph 1 may be refused or restricted if such refusal or restriction constitutes a measure that is necessary in order to:

When the applicability of an exemption is assessed, the fundamental rights and interests of the data subject shall be taken into account.

7.   Europol shall inform the data subject in writing of any refusal or restriction of access, of the reasons for such a decision and of his or her right to lodge a complaint with the EDPS. Where the provision of such information would deprive paragraph 6 of its effect, Europol shall only notify the data subject concerned that it has carried out the checks, without giving any information which might reveal to him or her whether or not personal data concerning him or her are processed by Europol.

1.   Any data subject having accessed personal data concerning him or her processed by Europol in accordance with Article 36 shall have the right to request Europol, through the authority appointed for that purpose in the Member State of his or her choice, to rectify personal data concerning him or her held by Europol if they are incorrect or to complete or update them. That authority shall refer the request to Europol without delay and in any case within one month of receipt.

2.   Any data subject having accessed personal data concerning him or her processed by Europol in accordance with Article 36 shall have the right to request Europol, through the authority appointed for that purpose in the Member State of his or her choice, to erase personal data relating to him or her held by Europol if they are no longer required for the purposes for which they are collected or are further processed. That authority shall refer the request to Europol without delay and in any case within one month of receipt.

3.   Europol shall restrict rather than erase personal data as referred to in paragraph 2 if there are reasonable grounds to believe that erasure could affect the legitimate interests of the data subject. Restricted data shall be processed only for the purpose that prevented their erasure.

4.   If personal data as referred to in paragraphs 1, 2 and 3 held by Europol have been provided to it by third countries, international organisations or Union bodies, have been directly provided by private parties or have been retrieved by Europol from publicly available sources or result from Europol's own analyses, Europol shall rectify, erase or restrict such data and, where appropriate, inform the providers of the data.

5.   If personal data as referred to in paragraphs 1, 2 and 3 held by Europol have been provided to Europol by Member States, the Member States concerned shall rectify, erase or restrict such data in collaboration with Europol, within their respective competences.

6.   If incorrect personal data have been transferred by another appropriate means or if the errors in the data provided by Member States are due to faulty transfer or transfer in breach of this Regulation or if they result from data being input, taken over or stored in an incorrect manner or in breach of this Regulation by Europol, Europol shall rectify or erase such data in collaboration with the provider of the data concerned.

7.   In the cases referred to in paragraphs 4, 5 and 6, all addressees of the data concerned shall be notified forthwith. In accordance with the rules applicable to them, the addressees shall then rectify, erase or restrict those data in their systems.

8.   Europol shall inform the data subject in writing without undue delay, and in any case within three months of receipt of a request in accordance with paragraph 1 or 2, that data concerning him or her have been rectified, erased or restricted.

9.   Within three months of receipt of a request in accordance with paragraph 1 or 2, Europol shall inform the data subject in writing of any refusal of rectification, erasure or restricting, of the reasons for such a refusal and of the possibility of lodging a complaint with the EDPS and of seeking a judicial remedy.

1.   Europol shall store personal data in a way that ensures that their source, as referred to in Article 17, can be established.

2.   The responsibility for the quality of personal data as referred to in point (d) of Article 28(1) shall lie with:

3.   If Europol becomes aware that personal data provided pursuant to points (a) and (b) of Article 17(1) are factually incorrect or have been unlawfully stored, it shall inform the provider of those data accordingly.

4.   Europol shall be responsible for compliance with the principles referred to in points (a), (b), (c), (e) and (f) of Article 28(1).

5.   The responsibility for the legality of a data transfer shall lie with:

6.   In the case of a transfer between Europol and a Union body, the responsibility for the legality of the transfer shall lie with Europol.

Without prejudice to the first subparagraph, where the data are transferred by Europol following a request from the recipient, both Europol and the recipient shall be responsible for the legality of such a transfer.

7.   Europol shall be responsible for all data processing operations carried out by it, with the exception of the bilateral exchange of data using Europol's infrastructure between Member States, Union bodies, third countries and international organisations to which Europol has no access. Such bilateral exchanges shall take place under the responsibility of the entities concerned and in accordance with their law. The security of such exchanges shall be ensured in accordance with Article 32.

1.   Any new type of processing operations to be carried out shall be subject to prior consultation where:

2.   The prior consultation shall be carried out by the EDPS following receipt of a notification from the Data Protection Officer that shall contain at least a general description of the envisaged processing operations, an assessment of the risks to the rights and freedoms of data subjects, the measures envisaged to address those risks, safeguards and security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation, taking into account the rights and legitimate interests of the data subjects and other persons concerned.

3.   The EDPS shall deliver his or her opinion to the Management Board within two months following receipt of the notification. That period may be suspended until the EDPS has obtained any further information that he or she may have requested.

If the opinion has not been delivered after four months it shall be deemed to be favourable.

If the opinion of the EDPS is that the notified processing may involve a breach of any provision of this Regulation, he or she shall, where appropriate, make proposals to avoid such a breach. Where Europol does not modify the processing operation accordingly, the EDPS may exercise the powers granted to him or her under Article 43(3).

4.   The EDPS shall keep a register of all processing operations that have been notified to him or her pursuant to paragraph 1. The register shall not be made public.

1.   For the purpose of verifying the lawfulness of data processing, self-monitoring and ensuring proper data integrity and security, Europol shall keep records of the collection, alteration, access, disclosure, combination or erasure of personal data. Such logs or documentation shall be deleted after three years, unless the data which they contain are further required for ongoing control. There shall be no possibility of modifying the logs.

2.   Logs or documentation prepared pursuant to paragraph 1 shall be communicated upon request to the EDPS, to the Data Protection Officer and, if required for a specific investigation, to the national unit concerned. The information thus communicated shall only be used for the control of data protection and for ensuring proper data processing as well as data integrity and security.

1.   The Management Board shall appoint a Data Protection Officer, who shall be a member of the staff. In the performance of his or her duties, he or she shall act independently.

2.   The Data Protection Officer shall be selected on the basis of his or her personal and professional qualities and, in particular, the expert knowledge of data protection.

It shall be ensured in the selection of the Data Protection Officer that no conflict of interest may result from the performance of his or her duty in that capacity and from any other official duties, in particular those relating to the application of this Regulation.

3.   The Data Protection Officer shall be appointed for a term of four years. He or she shall be eligible for reappointment up to a maximum total term of eight years. He or she may be dismissed from his or her function as Data Protection Officer by the Management Board only with the consent of the EDPS, if he or she no longer meets the conditions required for the performance of his or her duties.

4.   After his or her appointment, the Data Protection Officer shall be registered with the EDPS by the Management Board.

5.   With respect to the performance of his or her duties, the Data Protection Officer shall not receive any instructions.

6.   The Data Protection Officer shall, in particular, have the following tasks with regard to personal data, with the exception of administrative personal data:

7.   The Data Protection Officer shall also carry out the functions provided for by Regulation (EC) No 45/2001 with regard to administrative personal data.

8.   In the performance of his or her tasks, the Data Protection Officer shall have access to all the data processed by Europol and to all Europol premises.

9.   If the Data Protection Officer considers that the provisions of this Regulation concerning the processing of personal data have not been complied with, he or she shall inform the Executive Director and shall require him or her to resolve the non-compliance within a specified time.

If the Executive Director does not resolve the non-compliance of the processing within the time specified, the Data Protection Officer shall inform the Management Board. The Data Protection Officer and the Management Board shall agree a specified time for a response by the latter. If the Management Board does not resolve the non-compliance within the time specified, the Data Protection Officer shall refer the matter to the EDPS.

10.   The Management Board shall adopt implementing rules concerning the Data Protection Officer. Those implementing rules shall, in particular, concern the selection procedure for the position of the Data Protection Officer and his or her dismissal, tasks, duties and powers, and safeguards ensuring the independence of the Data Protection Officer.

11.   Europol shall provide the Data Protection Officer with the staff and resources needed in order for him or her to be able to carry out his or her duties. Those staff members shall have access to all the data processed at Europol and to Europol premises only to the extent necessary for the performance of their tasks.

12.   The Data Protection Officer and his or her staff shall be bound by the obligation of confidentiality in accordance with Article 67(1).

1.   Each Member State shall designate a national supervisory authority. The national supervisory authority shall have the task of monitoring independently, in accordance with its national law, the permissibility of the transfer, the retrieval and any communication to Europol of personal data by the Member State concerned, and of examining whether such transfer, retrieval or communication violates the rights of the data subjects concerned. For that purpose, the national supervisory authority shall have access, at the national unit or at the liaison officers' premises, to data submitted by its Member State to Europol in accordance with the relevant national procedures and to logs and documentation as referred to in Article 40.

2.   For the purpose of exercising their supervisory function, national supervisory authorities shall have access to the offices and documents of their respective liaison officers at Europol.

3.   National supervisory authorities shall, in accordance with the relevant national procedures, supervise the activities of national units and the activities of liaison officers, insofar as such activities are relevant to the protection of personal data. They shall also keep the EDPS informed of any actions they take with respect to Europol.

4.   Any person shall have the right to request the national supervisory authority to verify the legality of any transfer or communication to Europol of data concerning him or her in any form and of access to those data by the Member State concerned. That right shall be exercised in accordance with the national law of the Member State in which the request is made.

1.   The EDPS shall be responsible for monitoring and ensuring the application of the provisions of this Regulation relating to the protection of fundamental rights and freedoms of natural persons with regard to the processing of personal data by Europol, and for advising Europol and data subjects on all matters concerning the processing of personal data. To that end, he or she shall fulfil the duties set out in paragraph 2 and exercise the powers laid down in paragraph 3, while closely cooperating with the national supervisory authorities in accordance with Article 44.

2.   The EDPS shall have the following duties:

3.   The EDPS may pursuant to this Regulation:

4.   The EDPS shall have the power to:

5.   The EDPS shall draw up an annual report on the supervisory activities of Europol, after consulting the national supervisory authorities. That report shall be part of the annual report of the EDPS referred to in Article 48 of Regulation (EC) No 45/2001.

The report shall include statistical information regarding complaints, inquiries, and investigations carried out in accordance with paragraph 2, as well as regarding transfers of personal data to third countries and international organisations, cases of prior consultation, and the use of the powers laid down in paragraph 3.

6.   The EDPS, the officials and the other staff members of the EDPS's Secretariat shall be bound by the obligation of confidentiality laid down in Article 67(1).

1.   The EDPS shall act in close cooperation with the national supervisory authorities on issues requiring national involvement, in particular if the EDPS or a national supervisory authority finds major discrepancies between the practices of Member States or potentially unlawful transfers in the use of Europol's channels for exchanges of information, or in the context of questions raised by one or more national supervisory authorities on the implementation and interpretation of this Regulation.

2.   The EDPS shall use the expertise and experience of the national supervisory authorities in carrying out his or her duties as set out in Article 43(2). In carrying out joint inspections together with the EDPS, members and staff of national supervisory authorities shall, taking due account of the principles of subsidiarity and proportionality, have powers equivalent to those laid down in Article 43(4) and be bound by an obligation equivalent to that laid down in Article 43(6). The EDPS and the national supervisory authorities shall, each acting within the scope of their respective competences, exchange relevant information and assist each other in carrying out audits and inspections.

3.   The EDPS shall keep national supervisory authorities fully informed of all issues directly affecting or otherwise relevant to them. Upon the request of one or more national supervisory authorities, the EDPS shall inform them of specific issues.

4.   In cases relating to data originating from one or more Member States, including the cases referred to in Article 47(2), the EDPS shall consult the national supervisory authorities concerned. The EDPS shall not decide on further action to be taken before those national supervisory authorities have informed the EDPS of their position, within a deadline specified by him or her which shall not be shorter than one month and not longer than three months. The EDPS shall take the utmost account of the respective positions of the national supervisory authorities concerned. In cases where the EDPS intends not to follow the position of a national supervisory authority, he or she shall inform that authority, provide a justification and submit the matter for discussion to the Cooperation Board established by Article 45(1).

In cases which the EDPS considers to be extremely urgent, he or she may decide to take immediate action. In such cases, the EDPS shall immediately inform the national supervisory authorities concerned and justify the urgent nature of the situation as well as the action he or she has taken.

1.   A Cooperation Board with an advisory function is hereby established. It shall be composed of a representative of a national supervisory authority of each Member State and of the EDPS.

2.   The Cooperation Board shall act independently when performing its tasks pursuant to paragraph 3 and shall neither seek nor take instructions from any body.

3.   The Cooperation Board shall have the following tasks:

4.   The Cooperation Board may issue opinions, guidelines, recommendations and best practices. The EDPS and the national supervisory authorities shall, without prejudice to their independence and each acting within the scope of their respective competences, take the utmost account of them.

5.   The Cooperation Board shall meet whenever necessary, and at least twice a year. The costs and servicing of its meetings shall be borne by the EDPS.

6.   Rules of procedure of the Cooperation Board shall be adopted at its first meeting by a simple majority of its members. Further working methods shall be developed jointly as necessary.

1.   Any data subject shall have the right to lodge a complaint with the EDPS if he or she considers that the processing by Europol of personal data relating to him or her does not comply with this Regulation.

2.   Where a complaint relates to a decision as referred to in Article 36 or 37, the EDPS shall consult the national supervisory authorities of the Member State that provided the data or the Member State directly concerned. In adopting his or her decision, which may extend to a refusal to communicate any information, the EDPS shall take into account the opinion of the national supervisory authority.

3.   Where a complaint relates to the processing of data provided by a Member State to Europol, the EDPS and the national supervisory authority of the Member State that provided the data shall, each acting within the scope of their respective competences, ensure that the necessary checks on the lawfulness of the processing of the data have been carried out correctly.

4.   Where a complaint relates to the processing of data provided to Europol by Union bodies, third countries or international organisations, or of data retrieved by Europol from publicly available sources or resulting from Europol's own analyses, the EDPS shall ensure that Europol has correctly carried out the necessary checks on the lawfulness of the processing of the data.

1.   Europol's contractual liability shall be governed by the law applicable to the contract in question.

2.   The Court of Justice of the European Union shall have jurisdiction to give judgment pursuant to any arbitration clause in a contract concluded by Europol.

3.   Without prejudice to Article 49, in the case of non-contractual liability, Europol shall, in accordance with the general principles common to the laws of the Member States, make good any damage caused by its departments or by its staff in the performance of their duties.

4.   The Court of Justice of the European Union shall have jurisdiction in disputes relating to compensation for damage as referred to in paragraph 3.

5.   The personal liability of Europol staff vis-à-vis Europol shall be governed by the provisions laid down in the Staff Regulations or in the Conditions of Employment of Other Servants applicable to them.

1.   Any individual who has suffered damage as a result of an unlawful data processing operation shall have the right to receive compensation for damage suffered, either from Europol in accordance with Article 340 TFEU or from the Member State in which the event that gave rise to the damage occurred, in accordance with its national law. The individual shall bring an action against Europol before the Court of Justice of the European Union, or against the Member State before a competent national court of that Member State.

2.   Any dispute between Europol and Member States over the ultimate responsibility for compensation awarded to an individual in accordance with paragraph 1 shall be referred to the Management Board, which shall decide by a majority of two-thirds of its members, without prejudice to the right to challenge that decision in accordance with Article 263 TFEU.

1.   Pursuant to Article 88 TFEU, the scrutiny of Europol's activities shall be carried out by the European Parliament together with national parliaments. This shall constitute a specialised Joint Parliamentary Scrutiny Group (JPSG) established together by the national parliaments and the competent committee of the European Parliament. The organisation and the rules of procedure of the JPSG shall be determined together by the European Parliament and the national parliaments in accordance with Article 9 of Protocol No 1.

2.   The JPSG shall politically monitor Europol's activities in fulfilling its mission, including as regards the impact of those activities on the fundamental rights and freedoms of natural persons.

For the purposes of the first subparagraph:

3.   Europol shall transmit the following documents, for information purposes, to the JPSG, taking into account the obligations of discretion and confidentiality:

4.   The JPSG may request other relevant documents necessary for the fulfilment of its tasks relating to the political monitoring of Europol's activities, subject to Regulation (EC) No 1049/2001 of the European Parliament and of the Council (23) and without prejudice to Articles 52 and 67 of this Regulation.

5.   The JPSG may draw up summary conclusions on the political monitoring of Europol's activities and submit those conclusions to the European Parliament and national parliaments. The European Parliament shall forward them, for information purposes, to the Council, the Commission and Europol.

1.   For the purpose of enabling it to exercise parliamentary scrutiny of Europol's activities in accordance with Article 51, access by the European Parliament to sensitive non-classified information processed by or through Europol, upon the European Parliament's request, shall comply with the rules referred to in Article 67(1).

2.   Access by the European Parliament to EU classified information processed by or through Europol shall be consistent with the Interinstitutional Agreement of 12 March 2014 between the European Parliament and the Council concerning the forwarding to and the handling by the European Parliament of classified information held by the Council on matters other than those in the area of the common foreign and security policy (24), and shall comply with the rules referred to in Article 67(2) of this Regulation.

3.   The necessary details regarding access by the European Parliament to the information referred to in paragraphs 1 and 2 shall be governed by working arrangements concluded between Europol and the European Parliament.

1.   The Staff Regulations, the Conditions of Employment of Other Servants and the rules adopted by agreement between the institutions of the Union for giving effect to the Staff Regulations and to the Conditions of Employment of Other Servants shall apply to the staff of Europol with the exception of staff who, on 1 May 2017, are employed pursuant to a contract concluded by Europol as established by the Europol Convention without prejudice to Article 73(4) of this Regulation. Such contracts shall continue to be governed by the Council Act of 3 December 1998.

2.   Europol staff shall consist of temporary staff and/or contract staff. The Management Board shall be informed on a yearly basis of contracts of an indefinite duration granted by the Executive Director. The Management Board shall decide which temporary posts provided for in the establishment plan can be filled only by staff from the competent authorities of the Member States. Staff recruited to occupy such posts shall be temporary agents and may be awarded only fixed-term contracts, renewable once for a fixed period.

1.   The Executive Director shall be engaged as a temporary agent of Europol under point (a) of Article 2 of the Conditions of Employment of Other Servants.

2.   The Executive Director shall be appointed by the Council from a shortlist of candidates proposed by the Management Board, following an open and transparent selection procedure.

The shortlist shall be drawn up by a selection committee set up by the Management Board and composed of members designated by Member States and a Commission representative

For the purpose of concluding a contract with the Executive Director, Europol shall be represented by the Chairperson of the Management Board.

Before appointment, the candidate selected by the Council may be invited to appear before the competent committee of the European Parliament, which shall subsequently give a non-binding opinion.

3.   The term of office of the Executive Director shall be four years. By the end of that period, the Commission, in association with the Management Board, shall undertake an assessment taking into account:

4.   The Council, acting on a proposal from the Management Board that takes into account the assessment referred to in paragraph 3, may extend the term of office of the Executive Director once and for no more than four years.

5.   The Management Board shall inform the European Parliament if it intends to propose to the Council that the Executive Director's term of office be extended. Within the month before any such extension, the Executive Director may be invited to appear before the competent committee of the European Parliament.

6.   An Executive Director whose term of office has been extended shall not participate in another selection procedure for the same post at the end of the overall period.

7.   The Executive Director may be removed from office only pursuant to a decision of the Council acting on a proposal from the Management Board. The European Parliament shall be informed about that decision.

8.   The Management Board shall reach decisions regarding proposals to be made to the Council on the appointment, extension of the term of office, or removal from office, of the Executive Director by a majority of two-thirds of its members with voting rights.

1.   Three Deputy Executive Directors shall assist the Executive Director. The Executive Director shall define their tasks.

2.   Article 54 shall apply to the Deputy Executive Directors. The Executive Director shall be consulted prior to their appointment, any extension of their term of office or their removal from office.

1.   Europol may make use of seconded national experts.

2.   The Management Board shall adopt a decision laying down rules on the secondment of national experts to Europol.

1.   Estimates of all revenue and expenditure for Europol shall be prepared each financial year, which shall correspond to the calendar year, and shall be shown in Europol's budget.

2.   Europol's budget shall be balanced in terms of revenue and of expenditure.

3.   Without prejudice to other resources, Europol's revenue shall comprise a contribution from the Union entered in the general budget of the Union.

4.   Europol may benefit from Union funding in the form of delegation agreements or ad hoc grants in accordance with its financial rules referred to in Article 61 and with the provisions of the relevant instruments supporting the policies of the Union.

5.   Europol's expenditure shall include staff remuneration, administrative and infrastructure expenses, and operating costs.

6.   Budgetary commitments for actions relating to large-scale projects extending over more than one financial year may be broken down into several annual instalments.

1.   Each year the Executive Director shall draw up a draft statement of estimates of Europol's revenue and expenditure for the following financial year, including an establishment plan, and shall send it to the Management Board.

2.   The Management Board shall, on the basis of the draft statement of estimates, adopt a provisional draft estimate of Europol's revenue and expenditure for the following financial year and shall send it to the Commission by 31 January each year.

3.   The Management Board shall send the final draft estimate of Europol's revenue and expenditure, which shall include a draft establishment plan, to the European Parliament, the Council and the Commission by 31 March each year.

4.   The Commission shall send the statement of estimates to the European Parliament and the Council, together with the draft general budget of the Union.

5.   On the basis of the statement of estimates, the Commission shall enter in the draft general budget of the Union the estimates that it considers necessary for the establishment plan and the amount of the contribution to be charged to the general budget, which it shall place before the European Parliament and the Council in accordance with Articles 313 and 314 TFEU.

6.   The European Parliament and the Council shall authorise the appropriations for the contribution from the Union to Europol.

7.   The European Parliament and the Council shall adopt Europol's establishment plan.

8.   Europol's budget shall be adopted by the Management Board. It shall become final following the final adoption of the general budget of the Union. Where necessary, it shall be adjusted accordingly.

9.   For any building projects likely to have significant implications for Europol's budget, Delegated Regulation (EU) No 1271/2013 shall apply.

1.   The Executive Director shall implement Europol's budget.

2.   Each year the Executive Director shall send to the European Parliament and the Council all information relevant to the findings of any evaluation procedures.

1.   Europol's accounting officer shall send the provisional accounts for the financial year (year N) to the Commission's accounting officer and to the Court of Auditors by 1 March of the following financial year (year N + 1).

2.   Europol shall send a report on the budgetary and financial management for year N to the European Parliament, the Council and the Court of Auditors by 31 March of year N + 1.

3.   The Commission's accounting officer shall send Europol's provisional accounts for year N, consolidated with the Commission's accounts, to the Court of Auditors by 31 March of year N + 1.

4.   On receipt of the Court of Auditors' observations on Europol's provisional accounts for year N pursuant to Article 148 of Regulation (EU, Euratom) No 966/2012 of the European Parliament and of the Council (25), Europol's accounting officer shall draw up Europol's final accounts for that year. The Executive Director shall submit them to the Management Board for an opinion.

5.   The Management Board shall deliver an opinion on Europol's final accounts for year N.

6.   Europol's accounting officer shall, by 1 July of year N + 1, send the final accounts for year N to the European Parliament, the Council, the Commission, the Court of Auditors and national parliaments, together with the Management Board's opinion referred to in paragraph 5.

7.   The final accounts for year N shall be published in the Official Journal of the European Union by 15 November of year N + 1.

8.   The Executive Director shall send to the Court of Auditors, by 30 September of year N + 1, a reply to the observations made in its annual report. He or she shall also send the reply to the Management Board.

9.   The Executive Director shall submit to the European Parliament, at the latter's request, any information required for the smooth application of the discharge procedure for year N, as laid down in Article 109(3) of Delegated Regulation (EU) No 1271/2013.

10.   On a recommendation from the Council acting by a qualified majority, the European Parliament shall, before 15 May of year N + 2, grant a discharge to the Executive Director in respect of the implementation of the budget for year N.

1.   The financial rules applicable to Europol shall be adopted by the Management Board after consultation with the Commission. They shall not depart from Delegated Regulation (EU) No 1271/2013 unless such a departure is specifically required for the operation of Europol and the Commission has given its prior consent.

2.   Europol may award grants related to the fulfilment of tasks as referred to in Article 4.

3.   Europol may award grants without a call for proposals to Member States for performance of their cross-border operations and investigations and for the provision of training relating to the tasks referred to in points (h) and (i) of Article 4(1).

4.   In respect of the financial support to be given to joint investigation teams' activities, Europol and Eurojust shall jointly establish the rules and conditions upon which applications for such support are to be processed.

1.   Europol shall be an agency of the Union. It shall have legal personality.

2.   In each Member State Europol shall enjoy the most extensive legal capacity accorded to legal persons under national law. Europol may, in particular, acquire and dispose of movable and immovable property and be a party to legal proceedings.

3.   In accordance with Protocol No 6 on the location of the seats of the institutions and of certain bodies, agencies and departments of the European Union, annexed to the TEU and to the TFEU (‘Protocol No 6’), Europol shall have its seat in The Hague.

1.   Protocol No 7 on the privileges and immunities of the European Union, annexed to the TEU and to the TFEU, shall apply to Europol and its staff.

2.   Privileges and immunities of liaison officers and members of their families shall be subject to an agreement between the Kingdom of Netherlands and the other Member States. That agreement shall provide for such privileges and immunities as are necessary for the proper performance of the tasks of liaison officers.

1.   The provisions laid down in Regulation No 1 (26) shall apply to Europol.

2.   The Management Board shall decide by a majority of two-thirds of its members on the internal language arrangements of Europol.

3.   The translation services required for the functioning of Europol shall be provided by the Translation Centre for the bodies of the European Union.

1.   Regulation (EC) No 1049/2001 shall apply to documents held by Europol.

2.   By 14 December 2016, the Management Board shall adopt the detailed rules for applying Regulation (EC) No 1049/2001 with regard to Europol documents.

3.   Decisions taken by Europol under Article 8 of Regulation (EC) No 1049/2001 may be the subject of a complaint to the European Ombudsman or of an action before the Court of Justice of the European Union, in accordance with Articles 228 and 263 TFEU respectively.

4.   Europol shall publish on its website a list of the Management Board members and summaries of the outcome of the meetings of the Management Board. The publication of those summaries shall be temporarily or permanently omitted or restricted if such publication would risk jeopardising the performance of Europol's tasks, taking into account its obligations of discretion and confidentiality and the operational character of Europol.

1.   In order to facilitate the fight against fraud, corruption and any other illegal activities under Regulation (EU, Euratom) No 883/2013, Europol shall, by 30 October 2017, accede to the Interinstitutional Agreement of 25 May 1999 between the European Parliament, the Council of the European Union and the Commission of the European Communities concerning internal investigations by the European Anti-Fraud Office (OLAF) (27) and shall adopt appropriate provisions applicable to all employees of Europol, using the template set out in the Annex to that Agreement.

2.   The Court of Auditors shall have a power of audit, on the basis of documents and on-the-spot checks, over all grant beneficiaries, contractors and subcontractors who have received Union funds from Europol.

3.   OLAF may carry out investigations, including on-the-spot checks and inspections, with a view to establishing whether there has been fraud, corruption or any other illegal activity affecting the financial interests of the Union in connection with a grant or a contract awarded by Europol. Such investigations shall be carried out in accordance with the provisions and procedures laid down in Regulation (EU, Euratom) No 883/2013 and in Council Regulation (Euratom, EC) No 2185/96 (28).

4.   Without prejudice to paragraphs 1, 2 and 3, working arrangements with Union bodies, authorities of third countries, international organisations and private parties, contracts, grant agreements and grant decisions of Europol shall contain provisions expressly empowering the Court of Auditors and OLAF to conduct the audits and investigations referred to in paragraphs 2 and 3, in accordance with their respective competences.

1.   Europol shall establish rules on the obligations of discretion and confidentiality and on the protection of sensitive non-classified information.

2.   Europol shall establish rules on the protection of EU classified information which shall be consistent with Decision 2013/488/EU in order to ensure an equivalent level of protection for such information.

1.   By 1 May 2022 and every five years thereafter, the Commission shall ensure that an evaluation assessing, in particular, the impact, effectiveness and efficiency of Europol and of its working practices is carried out. The evaluation may, in particular, address the possible need to modify the structure, operation, field of action and tasks of Europol, and the financial implications of any such modification.

2.   The Commission shall submit the evaluation report to the Management Board. The Management Board shall provide its observations on the evaluation report within three months from the date of receipt. The Commission shall then submit the final evaluation report, together with the Commission's conclusions, and the Management Board's observations in an annex thereto, to the European Parliament, the Council, the national parliaments and the Management Board. Where appropriate, the main findings of the evaluation report shall be made public.

1.   Europol as established by this Regulation shall be the legal successor in respect of all contracts concluded by, liabilities incumbent upon and properties acquired by Europol as established by Decision 2009/371/JHA.

2.   This Regulation shall not affect the legal force of agreements concluded by Europol as established by Decision 2009/371/JHA before 13 June 2016, or of agreements concluded by Europol as established by the Europol Convention before 1 January 2010.

1.   The term of office of the members of the Management Board as established on the basis of Article 37 of Decision 2009/371/JHA shall terminate on 1 May 2017.

2.   During the period from 13 June 2016 to 1 May 2017, the Management Board as established on the basis of Article 37 of Decision 2009/371/JHA shall:

3.   The Commission shall without delay after 13 June 2016 take the measures necessary to ensure that the Management Board established pursuant to Article 10 starts its work on 1 May 2017.

4.   By 14 December 2016, the Member States shall notify the Commission of the names of the persons whom they have appointed as member and alternate member of the Management Board, in accordance with Article 10.

5.   The Management Board established pursuant to Article 10 shall hold its first meeting on 1 May 2017. On that occasion it shall, if necessary, take decisions as referred to in Article 76.

1.   The Director of Europol appointed on the basis of Article 38 of Decision 2009/371/JHA shall, for the remaining period of his or her term of office, be assigned the responsibilities of Executive Director, as provided for in Article 16 of this Regulation. The other conditions of his or her contract shall remain unchanged. If the term of office ends between 13 June 2016 and 1 May 2017, it shall be extended automatically until 1 May 2018.

2.   Should the Director appointed on the basis of Article 38 of Decision 2009/371/JHA be unwilling or unable to act in accordance with paragraph 1 of this Article, the Management Board shall designate an interim Executive Director to exercise the duties assigned to the Executive Director for a period not exceeding 18 months, pending the appointment provided for in Article 54(2) of this Regulation.

3.   Paragraphs 1 and 2 of this Article shall apply to the Deputy Directors appointed on the basis of Article 38 of Decision 2009/371/JHA.

4.   In accordance with the Conditions of Employment of Other Servants, the authority referred to in the first paragraph of Article 6 thereof shall offer employment of indefinite duration as a member of the temporary or contract staff to any person who, on 1 May 2017, is employed under a contract of indefinite duration as a local staff member concluded by Europol as established by the Europol Convention. The offer of employment shall be based on the tasks to be performed by the servant as a member of the temporary or contract staff. The contract concerned shall take effect at the latest on 1 May 2018. A staff member who does not accept the offer referred to in this paragraph may retain his or her contractual relationship with Europol in accordance with Article 53(1).

1.   Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA are hereby replaced for the Member States bound by this Regulation with effect from 1 May 2017.

Therefore, Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA are repealed with effect from 1 May 2017.

2.   With regard to the Member States bound by this Regulation, references to the Decisions referred to in paragraph 1 shall be construed as references to this Regulation.

1.   This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

2.   It shall apply from 1 May 2017.

However, Articles 71, 72 and 73 shall apply from 13 June 2016.