Choose the experimental features you want to try

This document is an excerpt from the EUR-Lex website

Document 01997R0515-20210101

    Consolidated text: Council Regulation (EC) No 515/97 of 13 March 1997 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters

    ELI: http://data.europa.eu/eli/reg/1997/515/2021-01-01

    01997R0515 — EN — 01.01.2021 — 005.001


    This text is meant purely as a documentation tool and has no legal effect. The Union's institutions do not assume any liability for its contents. The authentic versions of the relevant acts, including their preambles, are those published in the Official Journal of the European Union and available in EUR-Lex. Those official texts are directly accessible through the links embedded in this document

    ►B

    COUNCIL REGULATION (EC) No 515/97

    of 13 March 1997

    on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters

    (OJ L 082 22.3.1997, p. 1)

    Amended by:

     

     

    Official Journal

      No

    page

    date

     M1

    COUNCIL REGULATION (EC) No 807/2003 of 14 April 2003

      L 122

    36

    16.5.2003

    ►M2

    REGULATION (EC) No 766/2008 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL  of 9 July 2008

      L 218

    48

    13.8.2008

    ►M3

    REGULATION (EU) 2015/1525 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL  of 9 September 2015

      L 243

    1

    18.9.2015

    ►M4

    REGULATION (EU) 2021/785 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL  of 29 April 2021

      L 172

    110

    17.5.2021


    Corrected by:

    ►C1

    Corrigendum, OJ L 288, 27.10.1998, p.  55  (515/1997)




    ▼B

    COUNCIL REGULATION (EC) No 515/97

    of 13 March 1997

    on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters



    Article 1

    1.  
    This Regulation lays down the ways in which the administrative authorities responsible for implementation of the legislation on customs and agricultural matters in the Member States shall cooperate with each other and with the Commission in order to ensure compliance with that legislation within the framework of a Community system.
    2.  
    The provisions of this Regulation shall not apply where they overlap with the specific provisions of other legislation on mutual assistance between Member States' administrative authorities and cooperation between the latter and the Commission for the application of customs or agricultural legislation.

    Article 2

    1.  

    For the purposes of this Regulation:

    ▼M3

    — 
    ‘customs legislation’ means customs legislation as defined in point 2 of Article 5 of Regulation (EU) No 952/2013 of the European Parliament and of the Council ( 1 ),

    ▼B

    — 
    ‘agricultural legislation’ means the body of provisions adopted under the common agricultural policy and the special rules adopted with regard to goods resulting from the processing of agricultural products,
    — 
    ‘applicant authority’ means the competent authority of a Member State which makes a request for assistance,
    — 
    ‘requested authority’ means the competent authority of a Member State to which a request for assistance is made,
    — 
    ‘administrative enquiry’ means all controls, checks and other action taken by the staff of the administrative authorities specified in Article 1 (1) in the performance of their duties with a view to ensuring proper application of customs and agricultural legislation and, where necessary, checking the irregular nature of operations which appear to breach that legislation, except action taken at the request of or under a direct mandate from a judicial authority; the expression ‘administrative enquiry’ also covers the Community missions referred to in Article 20,
    — 
    ‘personal data’ means all information relating to an identified or identifiable individual; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, psychological, mental, economic, cultural or social identity,

    ▼M2

    — 
    ‘operational analysis’ means analysis of operations which constitute, or appear to constitute, breaches of customs or agricultural legislation, involving the following stages in turn:
    (a) 

    the collection of information, including personal data;

    (b) 

    evaluation of the reliability of the information source and the information itself;

    (c) 

    research, methodical presentation and interpretation of links between these items of information or between them and other significant data;

    (d) 

    the formulation of observations, hypotheses or recommendations directly usable as risk information by the competent authorities and by the Commission to prevent and detect other operations in breach of customs and agricultural legislation and/or to identify with precision the person or businesses implicated in such operations,

    — 
    ‘strategic analysis’ means research and presentation of the general trends in breaches of customs and agricultural legislation through an evaluation of the threat, scale and impact of certain types of operation in breach of customs and agricultural legislation, with a view to subsequently setting priorities, gaining a better picture of the phenomenon or threat, reorienting action to prevent and detect fraud and reviewing departmental organisation. Only data from which identifying factors have been removed may be used for strategic analysis,
    — 
    ‘regular automatic exchange’ means the systematic communication of predefined information, without prior request, at pre-established regular intervals,
    — 
    ‘occasional automatic exchange’ means the systematic communication of predefined information, without prior request, as and when that information becomes available,

    ▼M3

    — 
    ‘customs territory of the Union’ means the customs territory of the Union as defined in Article 4 of Regulation (EU) No 952/2013,
    — 
    ‘carriers’ means the persons within the meaning of point 40 of Article 5 of Regulation (EU) No 952/2013.

    ▼B

    2.  
    Each Member State shall communicate to the other Member States and the Commission a list of the competent authorities it has appointed for the purposes of applying this Regulation.

    For the purposes of this Regulation ‘competent authorities’ means the authorities appointed in accordance with the preceding subparagraph.

    ▼M2

    Article 2a

    Without prejudice to other provisions of this Regulation, and in pursuit of the objectives thereof, in particular where no customs declaration or simplified declaration is presented or where it is incomplete or where there is a reason to believe that the data contained therein are false, the Commission or the competent authorities of each Member State may exchange with the competent authority of any other Member State or the Commission the following data:

    (a) 

    business name;

    (b) 

    trading name;

    (c) 

    address of the business;

    (d) 

    VAT identification number of the business;

    (e) 

    excise duties identification number ( 2 );

    (f) 

    information as to whether the VAT identification number and/or the excise duties identification number is in use;

    (g) 

    names of the managers, directors and, if available, principal shareholders of the business;

    (h) 

    number and date of issue of the invoice; and

    (i) 

    amount invoiced.

    This Article shall apply only to movements of goods as described in the first indent of Article 2(1).

    ▼B

    Article 3

    Where national authorities decide, in response to a request for administrative assistance or a communication based on this Regulation, to take action involving measures which may be implemented only with the authorization or at the demand of a judicial authority:

    — 
    any information thus obtained concerning the application of customs and agricultural legislation, or at least
    — 
    that part of the file required to put a stop to a fraudulent practice,

    shall be communicated as part of the administrative cooperation provided for by this Regulation.

    However, any such communication must have the prior authorization of the judicial authority if the necessity of such authorization derives from national law.

    TITLE I

    ASSISTANCE ON REQUEST

    Article 4

    1.  

    At the request of the applicant authority, the requested authority shall transmit to it any information which may enable it to ensure compliance with the provisions of customs or agricultural legislation, and in particular those concerning:

    — 
    the application of customs duties and charges having equivalent effect together with agricultural levies and other charges provided for under the common agricultural policy or the special arrangements applicable to certain goods resulting from the processing of agricultural products,
    — 
    operations forming part of the system of financing by the European Agricultural Guidance and Guarantee Fund.
    2.  
    In order to obtain the information sought, the requested authority or the administrative authority to which it has recourse shall proceed as though acting on its own account or at the request of another authority in its own country.

    Article 5

    At the request of the applicant authority, the requested authority shall supply it with any attestation, document or certified true copy of a document in its possession or obtained in the manner referred to in Article 4 (2) which relates to operations covered by customs or agricultural legislation.

    Article 6

    1.  
    At the request of the applicant authority, the requested authority shall, while observing the rules in force in the Member State in which it is based, notify the addressee or have it notified of all instruments or decisions which emanate from the administrative authorities and concern the application of customs or agricultural legislation.
    2.  
    Requests for notification, mentioning the subject of the instrument or decision to be communicated, shall be accompanied by a translation in the official language or an official language of the Member State in which the requested authority is based, without prejudice to the latter's right to waive such a translation.

    Article 7

    At the request of the applicant authority, the requested authority shall as far as possible keep a special watch or arrange for a special watch to be kept within its operational area:

    (a) 

    on persons, and more particularly their movements, where there are reasonable grounds for believing that they are breaching customs or agricultural legislation;

    (b) 

    on places where goods are stored in a way that gives grounds to suspect that they are intended to supply operations contrary to customs or agricultural legislation;

    (c) 

    on the movements of goods indicated as being the object of potential breaches of customs or agricultural legislation;

    (d) 

    on means of transport, where there are reasonable grounds for believing that they are being used to carry out operations in breach of customs or agricultural legislation.

    Article 8

    At the request of the applicant authority, the requested authority shall make available any information in its possession or obtained in the manner referred to in Article 4 (2), and particularly reports and other documents or certified true copies or extracts thereof, concerning operations detected or planned which constitute, or appear to the applicant authority to constitute, breaches of customs or agricultural legislation or, where applicable, concerning the findings of the special watch carried out pursuant to Article 7.

    However, original documents and items shall be provided only where this is not contrary to the legislation in force in the Member State in which the requested authority is based.

    Article 9

    1.  
    The requested authority shall at the request of the applicant authority carry out, or arrange to have carried out, the appropriate administrative enquiries concerning operations which constitute, or appear to the applicant authority to constitute, breaches of customs or agricultural legislation.

    The requested authority or the administrative authority to which it has recourse shall conduct administrative enquiries as though acting on its own account or at the request of another authority in its own country.

    The requested authority shall communicate the results of such administrative enquiries to the applicant authority.

    2.  
    By agreement between the applicant authority and the requested authority, officials appointed by the applicant authority may be present at the administrative enquiries referred to in paragraph 1.

    Administrative enquiries shall at all times be carried out by staff of the requested authority. The applicant authority's staff may not, of their own initiative, assume powers of inspection conferred on officials of the requested authority. They shall, however, have access to the same premises and the same documents as the latter, through their intermediary and for the sole purpose of the administrative enquiry being carried out.

    In so far as national provisions on criminal proceedings reserve certain acts to officials specifically designated by national law, the applicant authority's staff shall not take part in such acts. In any event, they shall not participate in particular in searches of premises or the formal questioning of persons under criminal law. They shall, however, have access to the information thus obtained subject to the conditions laid down in Article 3.

    Article 10

    By agreement between the applicant authority and the requested authority and in accordance with the arrangements laid down by the latter, officials duly authorized by the applicant authority may obtain, from the offices where the administrative authorities of the Member State in which the requested authority is based exercise their functions, information concerning the application of the law on customs and agricultural matters which is needed by the applicant authority and which is derived from documentation to which the staff of those offices have access. These officials shall be authorized to take copies of the said documentation.

    Article 11

    Staff of the applicant authority present in another Member State in accordance with Articles 9 and 10 must at all times be able to produce written authority stating their identity and their official functions.

    ▼M3

    Article 12

    Without prejudice to Article 51, information, including documents, certified true copies of documents, attestations, all instruments or decisions which emanate from administrative authorities, reports and any intelligence, obtained by the staff of the requested authority and communicated to the applicant authority in the course of the assistance provided for in Articles 4 to 11 may constitute admissible evidence in the same way as if they had been obtained in the Member State where the proceedings take place:

    (a) 

    in administrative proceedings of the Member State of the applicant authority, including subsequent appeal procedures;

    (b) 

    in judicial proceedings of the Member State of the applicant authority, unless otherwise explicitly stated by the requested authority at the time of communication of the information.

    ▼B

    TITLE II

    SPONTANEOUS ASSISTANCE

    Article 13

    The competent authorities of each Member State shall, as laid down in Articles 14 and 15, provide assistance to the competent authorities of the other Member States without prior request.

    Article 14

    Where they consider it useful for ensuring compliance with customs or agricultural legislation, each Member State's competent authorities shall:

    (a) 

    as far as is possible keep, or have kept, the special watch described in Article 7;

    (b) 

    communicate to the competent authorities of the other Member States concerned all information in their possession, and in particular reports and other documents or certified true copies or extracts thereof, concerning operations which constitute, or appear to them to constitute, breaches of customs or agricultural legislation.

    Article 15

    ►M2  1. ◄   
    The competent authorities of each Member State shall immediately send to the competent authorities of the other Member States concerned all relevant information concerning operations which constitute, or appear to them to constitute, breaches of customs or agricultural legislation, and in particular concerning the goods involved and new ways and means of carrying out such operations.

    ▼M2

    2.  
    The competent authorities of each Member State may also, by regular automatic exchange or occasional automatic exchange, communicate to the competent authority of any other Member State concerned information received concerning the entry, exit, transit, storage and end-use of goods, including postal traffic, moved between the customs territory of the Community and other territories, and the presence and movement within the customs territory of the Community of non-community and end-use goods, where necessary to prevent or detect operations which constitute, or appear to constitute, breaches of customs or agricultural legislation.

    ▼M3

    Article 16

    Without prejudice to Article 51, information, including documents, certified true copies of documents, attestations, all instruments or decisions which emanate from administrative authorities, reports and any intelligence, obtained by the staff of the communicating authority and communicated to the receiving authority in the course of the assistance provided for in Articles 13 to 15 may constitute admissible evidence in the same way as if they had been obtained in the Member State where the proceedings take place:

    (a) 

    in administrative proceedings of the Member State of the receiving authority, including subsequent appeal procedures;

    (b) 

    in judicial proceedings of the Member State of the receiving authority, unless otherwise explicitly stated by the communicating authority at the time of communication of the information.

    ▼B

    TITLE III

    RELATIONS WITH THE COMMISSION

    Article 17

    1.  

    The competent authorities of each Member State shall communicate to the Commission as soon as it is available to them:

    (a) 

    any information they consider relevant concerning:

    — 
    goods which have been or are suspected of having been the object of breaches of customs or agricultural legislation,
    — 
    methods or practices used or suspected of having been used to breach customs or agricultural legislation,
    — 
    requests for assistance, action taken and information exchanged in application of Articles 4 to 16 which are capable of revealing fraudulent tendencies in the field of customs and agriculture;
    (b) 

    any information on shortcomings or gaps in customs and agricultural legislation that become apparent or may be deduced from the application of that legislation.

    2.  
    The Commission shall communicate to the competent authorities in each Member State, as soon as it becomes available, any information that would help them to enforce customs or agricultural legislation.

    Article 18

    1.  

    Where a Member State's competent authorities become aware of operations which constitute, or appear to constitute, breaches of customs or agricultural legislation that are of particular relevance at Community level, and especially:

    ▼M2

    — 
    when they have, or might have, ramifications in other Member States or in third countries, or

    ▼B

    — 
    where it appears likely to the above authorities that similar operations have also been carried out in other Member States,

    they shall communicate to the Commission as soon as possible, either on their own initiative or in response to a reasoned request from the Commission, any relevant information, be it in the form of documents or copies or extracts thereof, needed to determine the facts so that the Commission may coordinate the steps taken by the Member States.

    The Commission shall convey this information to the competent authorities of the other Member States.

    ▼M2

    Within six months of the receipt of the information conveyed by the Commission, the competent authorities of the Member States shall forward to the Commission a summary of the anti-fraud measures taken by them on the basis of that information. The Commission shall, on the basis of those summaries, regularly prepare and convey to the Member States reports on the results of measures taken by the Member States.

    ▼B

    2.  
    Where a Member State's competent authorities invoke paragraph 1, they need not communicate information as provided in Articles 14 (b) and 15 to the competent authorities of the other member States concerned.
    3.  
    In response to a reasoned request from the Commission, the Member State's competent authorities shall act in the manner laid down in Articles 4 to 8.
    4.  
    Where the Commission considers that irregularities have taken place in one or more Member States, it shall inform the Member State or States concerned thereof and that State or those States shall at the earliest opportunity carry out an enquiry, at which Commission officials may be present under the conditions laid down in Articles 9 (2) and 11 of this Regulation.

    The Member State or States concerned shall, as soon as possible, communicate to the Commission the findings of the enquiry.

    5.  
    Officials of the Commission may collect the information specified in Article 10 under conditions laid down in that Article by common accord.
    6.  
    This Article is without prejudice to the Commission's right to information and scrutiny by virtue of other legislation in force.

    ▼M2

    7.  
    Without prejudice to the provisions of the Community Customs Code relating to the establishment of a common framework for risk management, the data exchanged between the Commission and the Member States pursuant to Articles 17 and 18 may be stored and used for the purpose of strategic and operational analysis.
    8.  
    The Member States and the Commission may exchange the results of operational and strategic analyses carried out under this Regulation.

    Article 18a

    ▼M3

    1.  
    Without prejudice to the competences of the Member States and with a view to assisting the authorities referred to in Article 29 to detect movements of goods that are the object of operations in potential breach of customs and agricultural legislation, and means of transport, including containers, used for that purpose, the Commission shall establish and manage a directory of data reported by carriers (‘transport directory’). The transport directory shall be directly accessible to those authorities. They may use the transport directory, including for the analysis of data and the exchange of information, only for the purposes of this Regulation.
    2.  

    In managing the transport directory, the Commission shall be empowered:

    (a) 

    to access or extract and store the contents of the data, by any means or in any form, and to use data in compliance with legislation applicable to intellectual property rights. The Commission shall put in place adequate safeguards, including technical and organisational measures and transparency requirements relating to data subjects. Data subjects shall have the right to access and correct data;

    (b) 

    to compare and contrast data that are accessible in or extracted from the transport directory, to index them and to enrich them from other data sources and to analyse them in compliance with Regulation (EC) No 45/2001 of the European Parliament and of the Council ( 3 );

    (c) 

    to make the data in the transport directory available to the authorities referred to in Article 29 of this Regulation, using electronic data-processing techniques.

    ▼M2

    3.  

    The data referred to in this Article concern in particular movements of containers and/or means of transport and goods and persons concerned with those movements. Those shall include, where available, the following data:

    (a) 

    for movements of containers:

    — 
    container number,
    — 
    container loading status,
    — 
    date of movement,
    — 
    type of movement (loaded, unloaded, transhipped, entered, left, etc.),
    — 
    name of vessel or registration of means of transport,
    — 
    number of voyage/journey,
    — 
    place,
    — 
    freight bill or other transport document;
    (b) 

    for movements of means of transport:

    — 
    name of vessel or registration of means of transport,
    — 
    freight bill or other transport document,
    — 
    number of containers,
    — 
    weight of load,
    — 
    description and/or coding of goods,
    — 
    reservation number,
    — 
    seal number,
    — 
    place of first loading,
    — 
    place of final unloading,
    — 
    places of transhipment,
    — 
    expected date of arrival at place of final unloading;
    (c) 

    for persons involved in the movements to which points (a) and (b) apply: the name, maiden name, forenames, former surnames, aliases, date and place of birth, nationality, sex and address;

    (d) 

    for businesses involved in the movements to which points (a) and (b) apply: the business name, trading name, address of the business, registration number, VAT identification number and excise duties identification number and address of the owners, shippers, consignees, freight forwarders, carriers and other intermediaries or persons involved in the international supply chain.

    ▼M3

    4.  

    For the movement of containers referred to in paragraph 3 of this Article, the Commission shall establish and manage a directory of reported Container Status Messages (‘CSM directory’). The CSM directory shall be directly accessible to the authorities referred to in Article 29. The carriers referred to in paragraph 1 of this Article that store data on the movement and status of containers or have such data stored on their behalf shall report Container Status Messages (CSMs) to the customs authorities of Member States in either of the following situations:

    (a) 

    containers destined to be brought by maritime vessel into the customs territory of the Union from a third country, excluding:

    — 
    containers destined to remain on board the same maritime vessel during its voyage and to leave the customs territory of the Union on board that maritime vessel; and
    — 
    containers destined to be unloaded and reloaded onto the same maritime vessel during its voyage in order to enable the unloading or loading of other goods and to leave the customs territory of the Union on board that maritime vessel;
    (b) 

    for shipments of goods in containers leaving the customs territory of the Union to a third country by maritime vessel and falling within the scope of:

    — 
    Article 2 of Council Directive 92/84/EEC ( 4 );
    — 
    Article 2 of Council Directive 2011/64/EU ( 5 ); or
    — 
    Article 2(1) of Council Directive 2003/96/EC ( 6 ).

    Data shall be transmitted by the carriers directly to the CSM directory.

    ▼M3

    5.  

    CSMs shall be reported:

    (a) 

    from the moment when the container was reported empty before being brought into or before leaving the customs territory of the Union until the container is again reported empty;

    (b) 

    for at least three months prior to the physical arrival to the customs territory of the Union until one month after the entry into the customs territory of the Union, in cases where specific CSMs needed to identify the relevant empty container events are not available in the carriers' electronic records; or

    (c) 

    for at least three months after exit from the customs territory of the Union, in cases where specific CSMs needed to identify the relevant empty container events are not available in the carriers' electronic records.

    6.  

    The carriers shall report CSMs for the following or equivalent events, in so far as these are known to the reporting carrier and the data for such events have been generated, collected or maintained in their electronic records:

    — 
    confirmation of booking,
    — 
    arrival at a loading or unloading facility,
    — 
    departure from a loading or unloading facility,
    — 
    loading onto or unloading from a conveyance,
    — 
    instruction of stuffing or stripping,
    — 
    confirmation of stuffing or stripping,
    — 
    intra-terminal movements,
    — 
    terminal gate inspection,
    — 
    sending for heavy repair.

    Each Member State shall provide for penalties for failure to comply with the obligation to provide data or for providing incomplete or false data. Such penalties shall be effective, proportionate and dissuasive.

    7.  
    Within the Commission, only designated analysts shall be empowered to process personal data to which points (b) and (c) of paragraph 2 apply.

    Personal data which are not necessary for detecting the movement of goods as referred to in paragraph 1 shall be deleted immediately or have any identifying factors removed. In any event, they may be stored for no more than three years.

    The Commission shall implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, accidental loss or unauthorised disclosure, alteration and access or any other unauthorised form of processing.

    8.  
    Data received from carriers shall be kept only for the time necessary to achieve the purpose for which they were introduced and may not be stored for more than five years.
    9.  
    The Commission and the Member States shall protect confidential business information received from carriers.

    The Commission and the Member States shall apply the highest technical, organisational and personnel security rules of professional secrecy or other equivalent duties of confidentiality to their designated experts in accordance with national and Union law.

    The Commission and the Member States shall ensure that requests from other Member States for confidential treatment of information exchanged by means of the CSM directory are complied with.

    ▼M2

    Article 18b

    1.  
    The Commission shall be authorised to provide training and all forms of assistance other than financial assistance for the liaison officers of third countries and of European and international organisations and agencies.
    2.  
    The Commission may make expertise, technical or logistical assistance, training or communication activity or any other operational support available to the Member States both for the achievement of the objectives of this Regulation and in the performance of Member States’ duties in the framework of the implementation of the customs cooperation provided for by Articles 29 and 30 of the Treaty on European Union.

    ▼M3

    Article 18c

    The Commission shall adopt, by means of implementing acts, provisions regarding the frequency of reporting, the format of the data in the CSMs and the method of transmission of the CSMs.

    Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 43a(2) by 29 February 2016.

    Article 18d

    1.  

    The Commission shall establish and manage a directory (‘import, export and transit directory’) containing data on:

    (a) 

    import of goods,

    (b) 

    transit of goods, and

    (c) 

    export of goods, to the extent that the goods referred to in this point fall within the scope of:

    (i) 

    Article 2 of Directive 92/84/EEC;

    (ii) 

    Article 2 of Directive 2011/64/EU; or

    (iii) 

    Article 2(1) of Directive 2003/96/EC.

    The import, export and transit directory shall be maintained as detailed in Annexes 37 and 38 to Commission Regulation (EEC) No 2454/93 ( 7 ).

    The Commission shall systematically replicate data from the sources operated by the Commission on the basis of Regulation (EU) No 952/2013 into the import, export and transit directory. The Member States may supply to the Commission data concerning the transit of goods within a Member State and direct export, depending on the availability of data and Member States' information technology infrastructure.

    The departments designated by the Commission and the national authorities referred to in Article 29 of this Regulation may use the import, export and transit directory to analyse data and compare data in the import, export and transit directory with CSMs reported under the CSM directory, and may exchange information on the results, for the purposes of this Regulation.

    2.  
    The import, export and transit directory shall be accessible to the national authorities referred to in Article 29 of this Regulation. Within the Commission, only designated analysts shall be empowered to process data contained in the import, export and transit directory.

    Member States shall have direct access to:

    (a) 

    data on all declarations established and lodged in the Member State concerned;

    (b) 

    data pertaining to economic operators with an EORI number provided for in Regulation (EEC) No 2454/93 and assigned by the authorities of that Member State;

    (c) 

    transit data;

    (d) 

    all other data except personal data referred to in Article 41b(2) of this Regulation.

    The competent authorities having entered data in the Customs Information System referred to in Article 23(1) of this Regulation, or data from an investigation file in the Customs files identification database referred to in Article 41a(1) of this Regulation in accordance with Article 41b of this Regulation, shall have access to all data in the import, export and transit directory pertaining to that entry or that investigation file.

    3.  
    Regulation (EC) No 45/2001 shall apply to the processing of personal data by the Commission in the context of data included in the import, export and transit directory.

    The Commission shall be considered as a controller within the meaning of point (d) of Article 2 of Regulation (EC) No 45/2001.

    The import, export and transit directory shall be subject to prior checking by the European Data Protection Supervisor in accordance with Article 27 of Regulation (EC) No 45/2001.

    Data contained in the import, export and transit directory may not be stored for more than five years, with an additional period of two years, if justified.

    4.  
    The import, export and transit directory shall not include the special categories of data within the meaning of Article 10(5) of Regulation (EC) No 45/2001.

    The Commission shall implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, accidental loss or unauthorised disclosure, alteration and access or any other unauthorised form of processing.

    5.  
    The Commission and the Member States shall protect confidential business information. The Commission and Member States shall apply the highest technical, organisational and personnel security rules of professional secrecy or other equivalent duties of confidentiality to their designated experts in accordance with national and Union law.

    The Commission and the Member States shall ensure that requests from other Member States for confidential treatment of information exchanged by means of the import, export and transit directory are complied with.

    Article 18e

    The Commission may request a Member State to provide documents which support import and export declarations and for which supporting documents have been generated or collected by economic operators, with respect to investigations related to the implementation of customs legislation.

    The request referred to in the first paragraph shall be addressed to the competent authorities. When more than one competent authority is designated by a Member State, the Member State shall specify the administrative department responsible for answering the request by the Commission.

    A Member State shall, within a period of four weeks starting from the receipt of the request by the Commission:

    — 
    provide the requested documentation; subject to justification, within an additional period of six weeks;
    — 
    notify the Commission that the request was impossible to satisfy due to the failure of the economic operator to provide the requested information; or
    — 
    decline the request as a consequence of a decision taken by that Member State's administrative or judicial authority according to Article 3.

    ▼B

    TITLE IV

    RELATIONS WITH THIRD COUNTRIES

    ▼M2

    Article 19

    Provided that the third country concerned has legally committed itself to providing the assistance necessary to assemble all the evidence of the irregular nature of operations which appear to be in breach of customs or agricultural legislation or to determine the extent of the operations which have been found to be in breach of such legislation, information obtained pursuant to this Regulation may be communicated to it:

    — 
    by the Commission or by the Member State concerned, subject, where appropriate, to the prior agreement of the competent authorities of the Member State which provided it, or
    — 
    by the Commission or the Member States concerned within the framework of a joint action if information is provided by more than one Member State, subject to the prior agreement of the competent authorities of the Member States which provided it.

    Such communication by a Member State shall be made in compliance with its domestic provisions applicable to the transfer of personal data to third countries.

    In all cases, it shall be ensured that the rules of the third country concerned offer a degree of protection equivalent to that provided for in Article 45(1) and (2).

    ▼B

    Article 20

    1.  
    In pursuit of the objectives of this Regulation, the Commission may, under the conditions laid down in Article 19, conduct Community administrative and investigative cooperation missions in third countries in coordination and close cooperation with the competent authorities of the Member States.
    2.  

    The Community missions to third countries referred to in paragraph 1 shall be governed by the following conditions:

    (a) 

    they may be undertaken at the Commission's initiative, where appropriate on the basis of information supplied by the European Parliament, or at the request of one or more Member States;

    (b) 

    they shall be carried out by Commission officials appointed for that purpose and by officials appointed for that purpose by the Member State(s) concerned;

    (c) 

    they may also, by agreement with the Commission and the Member States concerned, be carried out on behalf of the Community by officials of a Member State, in particular under a bilateral assistance agreement with a third country; in that event the Commission shall be informed of the results of the mission.

    ▼M2 —————

    ▼B

    3.  
    The Commission shall inform the Member States and the European Parliament of the results of missions carried out pursuant to this Article.

    Article 21

    ▼M3

    1.  
    The findings and information obtained in the course of the Community missions referred to in Article 20, and in particular documents passed on by the competent authorities of the third countries concerned, as well as the information obtained during the course of an administrative enquiry, including by the Commission's services, shall be handled in accordance with Article 45.

    ▼B

    2.  
    Article 12 shall apply mutatis mutandis to the findings and information referred to in paragraph 1.
    3.  
    For the purposes of their use pursuant to Article 12, original documents obtained or certified true copies thereof shall be forwarded by the Commission to the competent authorities of the Member States if they so request.

    Article 22

    Member States shall notify the Commission of information exchanged within the framework of mutual administrative assistance with third countries wherever, within the meaning of Article 18 (1), it is particularly relevant to the effectiveness of customs or agricultural legislation pursuant to this Regulation and the information falls within the scope of this Regulation.

    TITLE V

    CUSTOMS INFORMATION SYSTEM

    Chapter 1

    Establishment of a Customs Information System

    Article 23

    1.  
    An automated information system, the ‘Customs Information System’, hereinafter referred to as the ‘CIS’, is hereby established to meet the requirements of the administrative authorities responsible for applying the legislation on customs or agricultural matters, as well as those of the Commission.

    ▼M2

    2.  
    The aim of the CIS, in accordance with the provisions of this Regulation, shall be to assist in preventing, investigating and prosecuting operations which are in breach of customs or agricultural legislation by making information available more rapidly and thereby increasing the effectiveness of the cooperation and control procedures of the competent authorities referred to in this Regulation.

    ▼B

    3.  
    The customs authorities of the Member States may use the technical infrastucture of the CIS in the performance of their duties in the framework of the customs cooperation referred to in ►M2  in Articles 29 and 30 ◄ of the Treaty on European Union.

    In such a case, the Commission shall ensure the technical management of the infrastructure.

    ▼M3

    4.  
    The Commission shall be empowered to adopt delegated acts in accordance with Article 43 determining those operations in connection with the application of agricultural regulations which require the introduction of information into the CIS.

    Those delegated acts shall be adopted by 29 February 2016.

    ▼M2 —————

    ▼B

    6.  
    The Member States and the Commission, hereinafter referred to as the ‘CIS partners’, shall take part in the CIS under the conditions laid down in this Title.

    Chapter 2

    Operation and use of the CIS

    Article 24

    The CIS shall consist of a central database facility and it shall be accessible via terminals in each Member State and at the Commission. It shall comprise exclusively data necessary to fulfil its aim as stated in Article 23 (2), including personal data, in the following categories:

    (a) 

    commodities;

    (b) 

    means of transport;

    (c) 

    businesses;

    (d) 

    persons;

    (e) 

    fraud trends;

    (f) 

    availability of expertise;

    ▼M2

    (g) 

    goods detained, seized or confiscated;

    (h) 

    cash as defined in Article 2 of Regulation (EC) No 1889/2005 of the European Parliament and of the Council of 26 October 2005 on controls of cash entering or leaving the Community ( 8 ) detained, seized or confiscated.

    ▼M2

    Article 25

    ▼M3

    1.  
    The Commission shall adopt, by means of implementing acts, provisions regarding the items to be included in the CIS relating to each of the categories referred to in Article 24 to the extent that this is necessary to achieve the aim of the CIS. Personal data may not appear in the category referred to in Article 24(e). Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 43a(2) by 29 February 2016.

    ▼M2

    2.  

    With regard to the categories referred to in Article 24(a) to (d), the items of information to be included in respect of personal data shall comprise no more than:

    (a) 

    name, maiden name, forenames, former surnames and aliases;

    (b) 

    date and place of birth;

    (c) 

    nationality;

    (d) 

    sex;

    (e) 

    number and place and date of issue of the identity papers (passports, identity cards, driving licences);

    (f) 

    address;

    (g) 

    particular objective and permanent physical characteristics;

    (h) 

    a warning code indicating any history of being armed or violent or of having escaped;

    (i) 

    reason for inclusion of data;

    (j) 

    suggested action;

    (k) 

    registration number of the means of transport.

    3.  
    With regard to the category referred to in Article 24(f), the items of information to be included in respect of personal data shall comprise no more than the experts’ names and forenames.
    4.  

    With regard to the categories referred to in Article 24(g) and (h), the items of information to be included in respect of personal data shall comprise no more than:

    (a) 

    name, maiden name, forenames, former surnames and aliases;

    (b) 

    date and place of birth;

    (c) 

    nationality;

    (d) 

    sex;

    (e) 

    address.

    5.  
    In all cases, no personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and data concerning the health or sex life of an individual shall be included.

    ▼B

    Article 26

    The following principles must be observed in the implementation of the CIS where personal data are concerned:

    (a) 

    collection and any other operation for processing personal data must be carried out fairly and lawfully;

    (b) 

    data must be collected for the purposes defined in Article 23 (2) and not subsequently processed in a manner incompatible with those purposes;

    (c) 

    data must be adequate, relevant and not excessive in relation to the purposes for which they are processed;

    (d) 

    data must be accurate and, where necessary, kept up to date;

    (e) 

    data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes in view.

    ▼M2

    Article 27

    1.  

    Personal data which are included in the categories referred to in Article 24 shall be included in the CIS solely for the purposes of the following suggested actions:

    (a) 

    sighting and reporting;

    (b) 

    discreet surveillance;

    (c) 

    specific checks; and

    (d) 

    operational analysis.

    2.  
    Personal data which are included in the categories referred to in Article 24 may be included in the CIS only if, in particular on the basis of prior illegal activities or of information provided by way of assistance, there is a real indication that the person in question has carried out, is carrying out or is about to carry out operations in breach of customs or agricultural legislation which are of particular relevance at Community level.

    ▼B

    Article 28

    1.  

    If the actions referred to in Article 27 (1) are carried out, the following information may, in whole or in part, be collected and transmitted to the CIS partner which suggested the actions:

    (a) 

    the fact that the commodity, means of transport, business or person reported has been found;

    (b) 

    the place, time and reason for the check;

    (c) 

    route and destination of the journey;

    (d) 

    persons accompanying the person concerned or occupants of the means of transport;

    (e) 

    means of transport used;

    (f) 

    objects carried;

    (g) 

    the circumstances under which the commodity, means of transport, business or person was found.

    When such information is collected in the course of discreet surveillance, steps must be taken to ensure that the secret nature of the surveillance is not jeopardized.

    2.  
    In the context of the specific checks referred to in Article 27 (1), persons, means of transport and objects may be searched to the extent permissible and in accordance with the laws, regulations and procedures of the Member State in which the search takes place. If the specific checks are not permitted by the law of a Member State, they shall automatically be converted by that Member State into sighting and reporting or discreet surveillance.

    Article 29

    ▼M3

    1.  
    Access to data included in the CIS shall be reserved exclusively for the national authorities designated by each Member State and the departments designated by the Commission. Those national authorities shall be customs authorities, but may also include other authorities competent, according to the laws, regulations and procedures of the Member State in question, to act in order to achieve the aim stated in Article 23(2).

    The supplying CIS partner shall have the right to determine which among those national authorities mentioned in the first subparagraph of this paragraph may have access to data that it has included in the CIS.

    2.  
    Each Member State shall send the Commission a list of its designated competent national authorities which have access to the CIS, stating, for each authority, to which data it may have access and for what purposes.

    The Commission shall verify with the Member States concerned the list of the designated national authorities against disproportionate designations. After that verification, the Member States concerned shall confirm or amend the list of the designated national authorities. The Commission shall inform the other Member States accordingly. It shall also inform all the Member States of the corresponding details concerning the Commission departments authorised to have access to the CIS.

    The list of national authorities and Commission departments thus designated shall be published for information by the Commission in the Official Journal of the European Union and subsequent updates to the list shall be made public by the Commission on the internet.

    ▼B

    3.  
    Notwithstanding the provisions of paragraphs 1 and 2, the Council, acting on a proposal from the Commission, may decide to permit access to the CIS by international or regional organizations, provided that, where relevant, a protocol is at the same time concluded with those organizations in conformity with Article 7 (3) of the Convention between Member States of the Community on the use of information technology for customs purposes. In reaching the decision account shall be taken in particular of any existing bilateral or Community arrangements and of the adequacy of the level of data protection.

    Article 30

    1.  
    CIS partners may use data obtained from the CIS only in order to achieve the aim stated in Article 23 (2); however, they may use it for administrative or other purposes with the prior authorization of the CIS partner which introduced the data into the system subject to conditions imposed by it or, where applicable, the Commission, which included it in the System. Such other use shall be in accordance with the laws, regulations and procedures of the Member State which seeks to use it and, where appropriate, the corresponding provisions applicable to the Commission in this connection and should take into account the principles set out in the Annex.
    2.  
    Without prejudice to paragraphs 1 and 4 of this Article and Article 29 (3), data obtained from the CIS shall be used only ►C1  by national authorities designated by each Member State ◄ and by departments designated by the Commission competent, in accordance with the laws, regulations and procedures applicable to them, to act in order to achieve the aim stated in Article 23 (2).
    3.  
    Each Member State shall send the Commission a list of the authorities or departments referred to in paragraph 2.

    The Commission shall inform the other Member States accordingly. It shall also inform all the Member States of the corresponding details concerning the Commission departments authorized to have access to the CIS.

    ▼M3

    The list of the national authorities or departments thus designated shall be published for information by the Commission in the Official Journal of the European Union and subsequent updates to the list shall be made public by the Commission on the internet.

    4.  
    Data obtained from the CIS may, with the prior authorisation of, and subject to any conditions imposed by, the Member State which included them in the CIS, be communicated for use by national authorities other than those referred to in paragraph 2, third countries and international or regional organisations and/or Union agencies which contribute to the protection of the financial interests of the Union and the correct application of customs legislation. Each Member State shall take special measures to ensure the security of such data when they are being transmitted or supplied to departments located outside its territory.

    The first subparagraph of this paragraph shall apply mutatis mutandis to the Commission where it has entered the data in the CIS.

    ▼B

    Article 31

    1.  
    The inclusion of data in the CIS shall be governed by the laws, regulations and procedures of the supplying Member State and, where appropriate, the corresponding provisions applicable to the Commission in this connection, unless this Regulation lays down more stringent provisions.
    2.  
    The processing of data obtained from the CIS, including their use or performance of any action under Article 27 (1) suggested by the supplying CIS partner, shall be governed by the laws, regulations and procedures of the Member State processing or using such data and the corresponding provisions applicable to the Commission in this connection, unless this Regulation lays down more stringent provisions.

    Chapter 3

    Amendment of data

    Article 32

    1.  
    Only the supplying CIS partner shall have the right to amend, supplement, correct or delete data which it has included in the CIS.
    2.  
    Should a supplying CIS partner note, or have drawn to its attention, that the data it included are factually inaccurate or were included or are stored contrary to this Regulation, it shall amend, supplement, correct or delete the data, as appropriate, and shall advise the other CIS partners accordingly.
    3.  
    If a CIS partner has evidence to suggest that an item of data is factually inaccurate, or was included or is stored in the CIS contrary to this Regulation, it shall advise the supplying CIS partner as soon as possible. The latter shall check the data concerned and, if necessary, correct or delete the item without delay. The supplying CIS partner shall advise the other partners of any correction or deletion affected.
    4.  
    If, when including data in the CIS, a CIS partner notes that its report conflicts with a previous report with regard to content or suggested action, it shall immediately advise the partner which made the previous report. The two partners shall then attempt to resolve the matter. In the event of disagreement, the first report shall stand but those parts of the new report which do not conflict shall be included in the System.
    5.  
    Subject to the other provisions of this Regulation, where in any Member State a court, or other authority designated for the purpose within that Member State, makes a final decision to amend, supplement, correct or delete data in the CIS, the CIS partners shall align their action thereon.

    In the event of conflict between such decisions of courts or other authorities designated for the purpose including those referred to in Article 36 concerning correction or deletion, the Member State which included the data in question shall delete them from the System.

    The provisions in the first subparagraph shall apply mutatis mutandis where a Commission decision on data contained in the CIS is declared void by the Court of Justice.

    ▼M3

    Chapter 4

    Storage of data

    Article 33

    Data included in the CIS shall be kept only for the time necessary to achieve the purpose for which they were introduced and may not be stored for more than five years with an additional period of two years if justified.

    ▼B

    Chapter 5

    Personal-data protection

    Article 34

    1.  
    Each CIS partner intending to receive personal data from, or include them in, the CIS shall, no later than the date of application of this Regulation, adopt national legislation, or internal rules applicable to the Commission, guaranteeing the protection of the rights and freedoms of individuals with regard to the processing of personal data.
    2.  
    A CIS partner may receive personal data from, or include them in, the CIS only where the arrangements for the protection of such data provided for in paragraph 1 have entered into force. Each Member State shall also have previously designated a national supervisory authority or authorities as provided for in Article 37.

    ▼M2

    3.  

    To ensure the correct application of the data protection provisions of this Regulation, the Member States and the Commission shall regard the CIS as a personal data-processing system which is subject to:

    — 
    national provisions implementing Directive 95/46/EC,
    — 
    Regulation (EC) No 45/2001, and
    — 
    any more stringent provisions of this Regulation.

    Article 35

    1.  
    Subject to Article 30(1), CIS partners shall be prohibited from using personal data from the CIS for any purpose other than that stated in Article 23(2).
    2.  
    Data may be duplicated only for technical purposes, provided that such duplication is required for the purpose of searches carried out by the authorities referred to in Article 29.
    3.  

    Personal data included in CIS by a Member State or the Commission may not be copied in data-processing systems for which the Member States or the Commission are responsible, except in systems of risk management used to direct national customs controls or in an operational analysis system used to coordinate actions at Community level.

    In that case, only the analysts designated by the national authorities of each Member State and those designated by Commission services shall be empowered to process personal data obtained from the CIS within the framework respectively of a risk management system used to direct customs controls by national authorities or an operational analysis system used to coordinate actions at Community level.

    Member States shall send the Commission a list of the risk management departments whose analysts are authorised to copy and process personal data entered in the CIS. The Commission shall inform the other Member States accordingly. It shall also provide all Member States with the corresponding information regarding its own services responsible for operational analysis.

    The list of designated national authorities and Commission services shall be published for information by the Commission in the Official Journal of the European Union.

    Personal data copied from the CIS shall be kept only for the time necessary to achieve the purpose for which they were copied. The need for their retention shall be reviewed at least annually by the copying CIS partner. The storage period shall not exceed 10 years. Personal data which are not necessary for the continuation of the analysis shall be deleted immediately or have any identifying factors removed.

    ▼B

    Article 36

    1.  

    The rights of persons with regard to the personal data in the CIS, in particular their right of access, shall be put into effect:

    — 
    in accordance with the laws, regulations and procedures of the Member State in which such rights are invoked,
    — 
    in accordance with the internal rules applicable to the Commission referred to in Article 34 (1).

    If laid down in the laws, regulations and procedures of the Member State concerned, the national supervisory authority provided for in Article 37 shall decide whether information is to be communicated and the procedure for doing so.

    2.  
    A CIS partner to which an application for access to personal data is made may refuse access if communication would be likely to prejudice the prevention, investigation and prosecution of operations which are in breach of customs or agricultural legislation. A Member State may also refuse access as provided for in its laws, regulations and procedures in relation to cases where such refusal constitutes a measure necessary to safeguard national security, defence, public safety and the rights and freedoms of others. The Commission may refuse access where such refusal constitutes a measure necessary to safeguard the rights and freedoms of others.

    ▼M2

    In any event, access may be denied to any person whose data are processed during the period in which actions are carried out for the purposes of sighting and reporting or discreet surveillance and during the period in which the operational analysis of the data or administrative enquiry or criminal investigation is ongoing.

    ▼B

    3.  
    If the personal data for which an application for access has been made have been supplied by another CIS partner, access shall be permitted only if the supplying partner has been given the opportunity to state its position.
    4.  
    Any person may, in accordance with the laws, regulations and procedures of each Member State or with the internal rules applicable to the Commission, have personal data relating to himself corrected or deleted by each CIS partner if those data are factually inaccurate, or were included or are stored in the CIS contrary to the aim stated in Article 23 (2) or if the principles of Article 26 have not been observed.
    5.  

    In the territory of each Member State, any person may, in accordance with the laws, regulations and procedures of the Member State in question, bring an action or, if appropriate, a complaint before the courts or the authority designated for the purpose, in accordance with those laws, regulations and procedures, in connection with personal data relating to himself in the CIS, in order to:

    (a) 

    correct or delete factually inaccurate personal data;

    (b) 

    correct or delete personal data included or stored in the CIS contrary to this Regulation;

    (c) 

    obtain access to personal data;

    (d) 

    obtain compensation under Article 40 (2).

    With regard to data included by the Commission, an action may be brought before the Court of Justice in accordance with Article 173 of the Treaty.

    The Member States and the Commission undertake mutually to enforce the final decisions taken by a court, the Court of Justice or another authority designated to that end which concern points (a), (b) and (c) of the first subparagraph.

    6.  
    The references in this Article and in Article 32 (5) to a ‘final decision’ do not imply any obligation on the part of any Member State or the Commission to appeal against a decision taken by a court or other authority designated for the purpose.

    Chapter 6

    Personal-data protection supervision

    Article 37

    1.  
    Each Member State shall designate a national supervisory authority or authorities responsible for personal-data protection to carry out independent supervision of such data included in the CIS.

    The supervisory authorities, in conformity with their respective national legislations, shall carry out independent supervision and checks to ensure that the processing and use of data held in the CIS do not violate the rights of data subjects. For this purpose the supervisory authorities shall have access to the CIS.

    ▼M2

    2.  
    Any person may ask any national supervisory authority provided for in Article 28 of Directive 95/46/EC or the European Data Protection Supervisor provided for in Article 41(2) of Regulation (EC) No 45/2001 for access to the personal data concerning him in order to check that they are accurate and what use has been or is being made of them. This right shall be governed by the laws, regulations and procedures of the Member State in which the request is made or by Regulation (EC) No 45/2001, as the case may be. If the data were included by another Member State or by the Commission, the check shall be carried out in close cooperation with the national supervisory authority of that other Member State or with the European Data Protection Supervisor.

    ▼B

    3.  
    The Commission shall take every step within its departments to ensure personal-data protection supervision which offers safeguards of a level equivalent to that resulting from paragraph 1.

    ▼M2

    3a.  
    The European Data Protection Supervisor shall supervise compliance of the CIS with Regulation (EC) No 45/2001.

    ▼M2

    4.  
    The European Data Protection Supervisor shall convene a meeting at least once a year with all national data protection supervisory authorities competent for CIS-related supervisory issues.

    ▼M3

    5.  
    The European Data Protection Supervisor shall coordinate with the Joint Supervisory Authority, set up under Council Decision 2009/917/JHA ( 9 ), each acting within the scope of their respective competence, with a view to ensuring coordinated supervision and audits of the CIS.

    ▼B

    Chapter 7

    ▼M2

    Data security

    ▼B

    Article 38

    1.  

    All appropriate technical and organizational measures necessary to maintain security shall be taken:

    (a) 

    by the Member States and the Commission, each insofar as it concerns them, in respect of the terminals of the CIS located on their respective territories and in the Commission's offices;

    ▼M3 —————

    ▼M2

    (c) 

    by the Commission for the Community elements of the common communication network.

    ▼M3

    2.  

    In particular, both the Member States and the Commission shall take measures:

    (a) 

    to prevent any unauthorised person from having access to installations used for the processing of data;

    (b) 

    to prevent data and data media from being read, copied, modified or deleted by unauthorised persons;

    (c) 

    to prevent the unauthorised entry of data and any unauthorised consultation, modification or deletion of data;

    (d) 

    to prevent data in the CIS from being accessed by unauthorised persons by means of data-transmission equipment;

    (e) 

    to guarantee that, with respect to the use of the CIS, authorised persons have right of access only to data for which they have competence;

    (f) 

    to guarantee that it is possible to check and establish to which authorities data may be transmitted by data-transmission equipment;

    (g) 

    to guarantee that it is possible to check and establish ex post facto what data have been introduced into the CIS, when and by whom, and to monitor interrogation;

    (h) 

    to prevent the unauthorised reading, copying, modification or deletion of data during the transmission of data and the transport of data media.

    ▼M3 —————

    ▼B

    Article 39

    1.  
    Each of the Member States shall designate a department which shall be responsible for the security measures set out in Article 38, in relation to the terminals located in its territory, the review functions set out in Article 33 (1) and (2), and, in general, for the proper implementation of this Regulation insofar as is necessary under its laws, regulations and procedures.
    2.  
    The Commission, for its part, shall designate those of its departments which are to be responsible for the measures referred to in paragaph 1.

    Chapter 8

    Responsibilities and publication

    Article 40

    1.  
    Each CIS partner that has included data in the System shall be responsible for the accuracy, currency and lawfulness of those data. Each Member State or, where applicable, the Commission shall also be responsible for complying with the provisions of Article 26 of this Regulation.
    2.  
    Each CIS partner shall be liable, in accordance with national laws, regulations and procedures or the equivalent Community provisions, for injury caused to a person through the use of the CIS in the Member State concerned or at the Commission.

    This shall also be the case where the injury was caused by the supplying CIS partner entering inaccurate data or entering data contrary to this Regulation.

    3.  
    If the CIS partner against which an action in respect of inaccurate data is brought did not supply them, the partners concerned shall seek agreement as to what proportion, if any, of the sums paid out in compensation shall be reimbursed by the supplying partner to the other partner. Any such sums agreed shall be reimbursed on request.

    Article 41

    The Commission shall publish a communication in the Official Journal of the European Communities concerning the implementation of the CIS.

    ▼M2

    TITLE Va

    CUSTOMS FILES IDENTIFICATION DATABASE

    Chapter 1

    Establishment of a customs files identification database

    Article 41a

    1.  
    The CIS shall also include a specific database called the ‘Customs files identification database’ (FIDE). Subject to the provisions of this Title, all the provisions of this Regulation relating to the CIS shall also apply to the FIDE, and any reference to the CIS shall include that database.
    2.  
    The objectives of the FIDE shall be to help to prevent operations in breach of customs legislation and of agricultural legislation applicable to goods entering or leaving the customs territory of the Community and to facilitate and accelerate their detection and prosecution.
    3.  
    The purpose of the FIDE shall be to allow the Commission, when it opens a coordination file within the meaning of Article 18 or prepares a Community mission in a third country within the meaning of Article 20, and the competent authorities of a Member State designated as regards administrative enquiries in accordance with Article 29, when they open an investigation file or investigate one or more persons or businesses, to identify the competent authorities of the other Member States or the Commission departments which are or have been investigating the persons or businesses concerned, in order to achieve the objectives specified in paragraph 2 by means of information on the existence of investigation files.
    4.  
    If the Member State or the Commission making a search in the FIDE needs fuller information on the registered investigation files on persons or businesses, it shall ask for the assistance of the supplier Member State.
    5.  
    The customs authorities of the Member States may use the FIDE within the framework of customs cooperation provided for in Articles 29 and 30 of the Treaty on European Union. In such a case, the Commission shall ensure the technical management of the database.

    Chapter 2

    Operation and use of the FIDE

    Article 41b

    1.  

    The competent authorities may enter data from investigation files in the FIDE for the purposes defined in Article 41a(3) concerning cases which are in breach of customs legislation or agricultural legislation applicable to goods entering or leaving the customs territory of the Community and which are of particular relevance at Community level. The data shall cover only the following categories:

    (a) 

    persons and businesses which are or have been the subject of an administrative enquiry or a criminal investigation by the relevant service of a Member State, and

    — 
    are suspected of committing or of having committed a breach of customs or agriculture legislation or of participating in or of having participated in an operation in breach of such legislation,
    — 
    have been the subject of a finding relating to such an operation, or
    — 
    have been the subject of an administrative decision or an administrative penalty or judicial penalty for such an operation;
    (b) 

    the field concerned by the investigation file;

    (c) 

    the name, nationality and details of the relevant service in the Member State and the file number.

    The data referred to in points (a), (b) and (c) shall be introduced separately for each person or business. The creation of links between those data shall be prohibited.

    2.  

    The personal data referred to in paragraph 1(a) shall consist only of the following:

    (a) 

    for persons: the name, maiden name, forename, former surnames and alias, date and place of birth, nationality and sex;

    (b) 

    for businesses: the business name, trading name, address of the business, VAT identification number and excise duties identification number.

    3.  
    Data shall be entered for a limited period in accordance with Article 41d.

    Article 41c

    1.  
    The introduction and consultation of data in the FIDE shall be reserved exclusively to the authorities referred to in Article 41a.
    2.  

    Any consultation of the FIDE must specify the following personal data:

    (a) 

    for persons: the forename and/or name and/or maiden name and/or former surnames and/or alias and/or date of birth;

    (b) 

    for businesses: the business name and/or trading name and/or VAT identification number and/or excise duties identification number.

    Chapter 3

    Storage of data

    Article 41d

    ▼M3

    1.  

    The period for which data may be stored shall depend on the laws, regulations and procedures of the Member State supplying them. The maximum and non-cumulative periods, calculated from the date of entry of the data in the investigation file, which may not be exceeded are as follows:

    (a) 

    data concerning current investigation files may not be stored for more than three years without any operation in breach of customs and agricultural legislation being observed; data must be anonymised before that time limit if one year has elapsed since the last observation;

    (b) 

    data concerning administrative enquiries or criminal investigations in which an operation in breach of customs and agricultural legislation has been established but which have not given rise to an administrative decision, a conviction or an order to pay a criminal fine or an administrative penalty may not be stored for more than six years;

    (c) 

    data concerning administrative enquiries or criminal investigations which have given rise to an administrative decision, a conviction or an order to pay a criminal fine or an administrative penalty may not be stored for more than 10 years.

    ▼M2

    2.  
    At all stages of an investigation file as referred to in paragraph 1(a), (b) and (c), as soon as a person to whom, or a business to which, Article 41b applies is cleared of suspicion under the laws, regulations and procedures of the supplier Member State, data concerning that person or business shall immediately be deleted.

    ▼M3

    3.  
    The Commission shall make anonymous or delete the data as soon as the maximum storage period provided for in paragraph 1 has elapsed.

    ▼M2

    TITLE VI

    FINANCING

    Article 42a

    ▼M4 —————

    ▼M2

    3.  
    Without prejudice to the expenses relating to the operation of the CIS and the amounts provided for by way of compensation pursuant to Article 40, the Member States and the Commission shall waive all claims for the reimbursement of expenditure relating to the supply of information or of documents or to the implementation of an administrative investigation or of any other operational action pursuant to this Regulation which are carried out at the request of a Member State or the Commission, except as regards the allowances, if any, paid to experts.

    ▼B

    TITLE VII

    FINAL PROVISIONS

    ▼M3

    Article 43

    1.  
    The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.
    2.  
    The power to adopt delegated acts referred to in Article 23(4) shall be conferred on the Commission for a period of five years from 8 October 2015. The Commission shall draw up a report in respect of the delegation of power no later than nine months before the end of the five year period. The delegation of power shall be tacitly extended for periods of an identical duration, unless the European Parliament or the Council opposes such extension not later than three months before the end of each period.
    3.  
    The delegation of power referred to in Article 23(4) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.
    4.  
    As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.
    5.  
    A delegated act adopted pursuant to Article 23(4) shall enter into force only if no objection has been expressed either by the European Parliament or by the Council within a period of two months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by two months at the initiative of the European Parliament or of the Council.

    ▼M3

    Article 43a

    1.  
    The Commission shall be assisted by a committee. That committee shall be a committee within the meaning of Regulation (EU) No 182/2011 of the European Parliament and of the Council ( 10 ).
    2.  
    Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.

    Article 43b

    By 9 October 2017, the Commission shall carry out an assessment of:

    — 
    the necessity of extending the export data contained in the directories referred to in Articles 18a and 18d, by including data on goods other than the ones laid down in point (b) of the first subparagraph of Article 18a(4) and in point (c) of Article 18d(1), and
    — 
    the feasibility of extending the data contained in the transport directory, by including data on import, export and transit of goods by land and air.

    ▼B

    Article 44

    Without prejudice to the provisions ►M2  in Titles V and Va ◄ , the documents provided for in this Regulation may be replaced by computerized information produced in any form for the same purpose.

    Article 45

    1.  
    Regardless of the form, any information transmitted pursuant to this Regulation shall be of a confidential nature, including the data stored in the CIS. It shall be covered by the obligation of professional secrecy and shall enjoy the protection extended to like information under both the national law of the Member States receiving it and the corresponding provisions applicable to Community authorities.

    In particular, the information referred to in the first subparagraph may not be sent to persons other than those in the Member States or within the Community institutions whose functions require them to know or use it. Nor may it be used for purposes other than those provided for in this Regulation, unless the Member State, or the Commission, which supplied it or entered it in the CIS has expressly agreed, subject to the conditions laid down by that Member State or by the Commission and insofar as such communication or use is not prohibited by the provisions in force in the Member State in which the recipient authority is based.

    2.  
    Without prejudices to the provisions ►M2  in Titles V and Va ◄ , information concerning natural and legal persons shall be transmitted under this Regulation only where strictly necessary to prevent, investigate or take proceedings in respect of operations in breach of customs or agricultural legislation.
    3.  
    Paragraphs 1 and 2 shall not preclude the use of information obtained under this Regulation in any legal action or proceedings subsequently initiated in respect of failure to comply with customs or agricultural legislation.

    The competent authority which supplied that information shall be notified of such use forthwith.

    4.  
    Where the Commission is notified by a Member State that further enquiries have exonerated from involvement in irregularities a natural or legal person whose name was transmitted under this Regulation, the Commission shall forthwith notify all parties to whom these personal data have been transmitted on the basis of this Regulation. The person concerned shall then cease to be regarded as being involved in the irregularity that gave rise to the initial notification.

    Where the personal data relating to the person concerned are in the CIS, they shall be removed from it.

    Article 46

    For the purposes of applying this Regulation, Member States shall take all necessary steps to:

    (a) 

    ensure effective internal coordination between the administrative authorities referred to in Article 1 (1);

    (b) 

    establish in their mutual relations all necessary direct cooperation between the authorities empowered specifically for that purpose.

    Article 47

    Member States may decide by common accord whether procedures are needed to ensure the smooth operation of the mutual-assistance arrangements provided for in this Regulation, in particular in order to avoid any interruption of surveillance of persons or goods where this might be prejudicial to the detection of operations in breach of customs and agricultural legislation.

    Article 48

    1.  
    This Regulation shall not bind Member States' administrative authorities to grant each other assistance where that would be likely to be injurious to public policy (ordre public) or other fundamental interests, in particular with regard to data protection, of the Member State in which they are based.
    2.  
    Reasons shall be stated for any refusal to grant assistance.

    The Commission shall be informed as early as possible of any refusal to grant assistance and the reasons given for refusal.

    Article 49

    Without prejudice to the Commission's right to be notified under other regulations in force, Member States shall transmit to the Commission administrative or legal decisions or the main elements thereof relating to the application of penalties for breaches of customs or agricultural legislation in cases which have been the subject of communications under Articles 17 or 18.

    Article 50

    Without prejudice to the expenses associated with the implementation of the CIS or damages under Article 40, Member States and the Commission shall waive all claims for the reimbursement of expenses incurred under this Regulation save, where appropriate, in respect of fees paid to experts.

    Article 51

    This Regulation shall not affect the application in the Member States of rules on criminal procedure and mutual assistance in criminal matters, including those on secrecy of judicial inquiries.

    ▼M2

    Article 51a

    The Commission, in cooperation with the Member States, shall report each year to the European Parliament and to the Council on the measures taken in implementation of this Regulation.

    ▼B

    Article 52

    1.  
    Regulation (EEC) No 1468/81 is hereby repealed.
    2.  
    References made to the repealed Regulation shall be understood as referring to the present Regulation.

    Article 53

    ►M2  1. ◄   
    This Regulation shall enter into force on the third day following its publication in the Official Journal of the European Communities.

    It shall apply from 13 March 1998.

    ▼M3

    For carriers who, on 8 October 2015, are bound by private contracts that prevent them from fulfilling their obligation to report set out in Article 18a(4), that obligation shall apply from 9 October 2016.

    ▼M2 —————

    ▼B

    This Regulation shall be binding in its entirety and directly applicable in all Member States.




    ANNEX

    COMMUNICATION OF DATA

    (Article 30 (1))

    1.    Communication to other public bodies

    Communication of data to public bodies should be permissible only if, in a particular case:

    (a) 

    there exists a clear legal obligation or authorization, or with the authorization of the supervisory authority; or

    (b) 

    these data are essential for the recipient to fulfil his own lawful task, provided that the aim of the collection or processing to be carried out by the recipient is not incompatible with the original aim and that it is not precluded by the legal obligations of the communicating body.

    Communication is exceptionally permissible if, in a particular case:

    (a) 

    communication is undoubtedly in the interest of the data subject and the data subject has consented or if circumstances are such as to allow a clear presumption of such consent; or

    (b) 

    communication is necessary so as to prevent a serious and imminent danger.

    2.    Communication to private individuals

    The communication of data to private individuals should be permissible only if, in a particular case, there is a clear legal obligation or authorization, or with the authorization of the supervisory authority.

    Communication to private individuals is exceptionally permissible if, in a particular case:

    (a) 

    communication is undoubtedly in the interest of the data subject and the data subject has consented or circumstances are such as to allow a clear presumption of such consent; or

    (b) 

    communication is necessary so as to prevent a serious and imminent danger.

    3.    International communication

    Communication of data to foreign authorities should be permissible only:

    (a) 

    if there exists a clear legal provision under national or international law;

    (b) 

    in the absence of such a provision, if communication is necessary for the prevention of a serious and imminent danger;

    and provided that domestic regulations for the protection of the data subject are not prejudiced.

    4.1.    Requests for communication

    Subject to specific provisions contained in national legislation or in international agreements, requests for communication of data should provide indications as to the body or person requesting them as well as the reason for the request and its objective.

    4.2.    Conditions governing communication

    As far as possible, the quality of data should be verified at the latest before their communication. As far as possible, in all communications of data, judicial decisions, as well as decisions not to prosecute, should be indicated and data based on opinions or personal assessments should be checked at source beforce being communicated and their degree of accuracy or reliability indicated.

    If it is discovered that the data are no longer accurate and up-to-date, they should not be communicated; if outdated or inaccurate data have been communicated, the communicating body should inform as far as possible all the recipients of the data of their non-conformity.

    4.3.    Safeguards for communication

    The data communicated to other bodies, private individuals and foreign authorities should not be used for purposes other than those indicated in the request for communication.

    Use of the data for other purposes should, without prejudice to paragraphs 1 to 4.2, be made subject to the agreement of the communicating body.



    ( 1 ) Regulation (EU) No 952/2013 of the European Parliament and of the Council of 9 October 2013 laying down the Union Customs Code (OJ L 269, 10.10.2013, p. 1).

    ( 2 ) As provided for in Article 22(2)(a) of Council Regulation (EC) No 2073/2004 of 16 November 2004 on administrative cooperation in the field of excise duties (OJ L 359, 4.12.2004, p. 1.).

    ( 3 ) Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (OJ L 8, 12.1.2001, p. 1).

    ( 4 ) Council Directive 92/84/EEC of 19 October 1992 on the approximation of the rates of excise duty on alcohol and alcoholic beverages (OJ L 316, 31.10.1992, p. 29).

    ( 5 ) Council Directive 2011/64/EU of 21 June 2011 on the structure and rates of excise duty applied to manufactured tobacco (OJ L 176, 5.7.2011, p. 24).

    ( 6 ) Council Directive 2003/96/EC of 27 October 2003 restructuring the Community framework for the taxation of energy products and electricity (OJ L 283, 31.10.2003, p. 51).

    ( 7 ) Commission Regulation (EEC) No 2454/93 of 2 July 1993 laying down provisions for the implementation of Council Regulation (EEC) No 2913/92 establishing the Community Customs Code (OJ L 253, 11.10.1993, p. 1).

    ( 8 )  OJ L 309, 25.11.2005, p. 9.

    ( 9 ) Council Decision 2009/917/JHA of 30 November 2009 on the use of information technology for customs purposes (OJ L 323, 10.12.2009, p. 20).

    ( 10 ) Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission's exercise of implementing powers (OJ L 55, 28.2.2011, p. 13).

    Top