This document is an excerpt from the EUR-Lex website
Document 02017R2226-20210803
Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011
Consolidated text: Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011
Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011
This consolidated text may not include the following amendments:
Amending act | Amendment type | Subdivision concerned | Date of effect |
---|---|---|---|
32024R1356 | Modified by | article 6 paragraph 1 point (l) | 12/06/2026 |
32024R1356 | Modified by | article 24a | 12/06/2026 |
32024R1356 | Modified by | article 9 paragraph 2b | 12/06/2026 |
32024R1356 | Modified by | article 46 paragraph 1 point (a) | 12/06/2026 |
32024R1356 | Modified by | article 9 paragraph 4 | 12/06/2026 |
02017R2226 — EN — 03.08.2021 — 003.001
This text is meant purely as a documentation tool and has no legal effect. The Union's institutions do not assume any liability for its contents. The authentic versions of the relevant acts, including their preambles, are those published in the Official Journal of the European Union and available in EUR-Lex. Those official texts are directly accessible through the links embedded in this document
REGULATION (EU) 2017/2226 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 30 November 2017 (OJ L 327 9.12.2017, p. 20) |
Amended by:
|
|
Official Journal |
||
No |
page |
date |
||
REGULATION (EU) 2018/1240 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 September 2018 |
L 236 |
1 |
19.9.2018 |
|
REGULATION (EU) 2019/817 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 20 May 2019 |
L 135 |
27 |
22.5.2019 |
|
REGULATION (EU) 2021/1134 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 7 July 2021 |
L 248 |
11 |
13.7.2021 |
|
REGULATION (EU) 2021/1152 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 7 July 2021 |
L 249 |
15 |
14.7.2021 |
Corrected by:
REGULATION (EU) 2017/2226 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 30 November 2017
establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011
CHAPTER I
GENERAL PROVISIONS
Article 1
Subject matter
This Regulation establishes an ‘Entry/Exit System’ (EES) for:
the recording and storage of the date, time and place of entry and exit of third–country nationals crossing the borders of the Member States at which the EES is operated;
the calculation of the duration of the authorised stay of such third-country nationals;
the generation of alerts to Member States when the authorised stay has expired; and
the recording and storage of the date, time and place of refusal of entry of third-country nationals whose entry for a short stay has been refused, as well as the authority of the Member State which refused the entry and the reasons therefor.
Article 2
Scope
This Regulation applies to:
third-country nationals admitted for a short stay to the territory of the Member States who are subject to border checks in accordance with Regulation (EU) 2016/399 when crossing the borders at which the EES is operated; and
third-country nationals, on entry to and exit from the territory of the Member States, who:
are members of the family of a Union citizen to whom Directive 2004/38/EC applies or of a national of a third country enjoying the right of free movement equivalent to that of Union citizens under an agreement between the Union and its Member States, on the one hand, and a third country, on the other; and
do not hold a residence card pursuant to Directive 2004/38/EC or a residence permit pursuant to Council Regulation (EC) No 1030/2002 ( 2 ).
This Regulation does not apply to:
third–country nationals who are members of the family of a Union citizen to whom Directive 2004/38/EC applies and who hold a residence card pursuant to that Directive, whether or not they accompany or join that Union citizen;
third-country nationals who are members of the family of a national of a third country, whether or not they accompany or join that national of a third country, where:
that national of a third country enjoys the right of free movement equivalent to that of Union citizens under an agreement between the Union and its Member States, on the one hand, and a third country, on the other; and
those third-country nationals hold a residence card pursuant to Directive 2004/38/EC or a residence permit pursuant to Regulation (EC) No 1030/2002;
holders of residence permits referred to in point 16 of Article 2 of Regulation (EU) 2016/399 other than those covered by points (a) and (b) of this paragraph;
holders of long-stay visas;
nationals of Andorra, Monaco and San Marino and ►C1 holders of a passport issued by the Vatican City State or the Holy See; ◄
persons or categories of persons exempt from border checks or benefiting from specific rules in relation to border checks as referred to in point (g) of Article 6a(3) of Regulation (EU) 2016/399;
persons or categories of persons referred to in points (h), (i), (j) and (k) of Article 6a(3) of Regulation (EU) 2016/399.
The provisions of this Regulation regarding the calculation of the duration of the authorised stay and the generation of alerts to Member States when the authorised stay has expired do not apply to third-country nationals who:
are members of the family of a Union citizen to whom Directive 2004/38/EC applies or of a national of a third country enjoying the right of free movement equivalent to that of Union citizens under an agreement between the Union and its Member States, on the one hand, and a third country, on the other; and
do not hold a residence card pursuant to Directive 2004/38/EC or a residence permit pursuant to Regulation (EC) No 1030/2002.
Article 3
Definitions
For the purposes of this Regulation, the following definitions apply:
‘external borders’ means external borders as defined in point 2 of Article 2 of Regulation (EU) 2016/399;
‘internal borders’ means internal borders as defined in point 1 of Article 2 of Regulation (EU) 2016/399;
‘border authority’ means the border guard assigned in accordance with national law to carry out border checks as defined in point 11 of Article 2 of Regulation (EU) 2016/399;
‘immigration authority’ means the competent authority responsible, in accordance with national law, for one or more of the following:
checking within the territory of the Member States whether the conditions for entry to, or stay on, the territory of the Member States are fulfilled;
examining the conditions for, and taking decisions related to, the residence of third-country nationals on the territory of the Member States insofar as that authority does not constitute a ‘determining authority’ as defined in point (f) of Article 2 of Directive 2013/32/EU of the European Parliament and of the Council ( 5 ), and, where relevant, providing advice in accordance with Council Regulation (EC) No 377/2004 ( 6 );
the return of third-country nationals to a third country of origin or transit;
‘visa authority’ means the visa authority as defined in point 3 of Article 4 of Regulation (EC) No 767/2008;
‘third-country national’ means any person who is not a citizen of the Union within the meaning of Article 20(1) TFEU, with the exception of persons who enjoy the right of free movement equivalent to that of Union citizens under agreements between the Union and its Member States, on the one hand, and third countries, on the other;
‘travel document’ means a passport or other equivalent document entitling the holder to cross the external borders and to which a visa may be affixed;
‘short stay’ means stays on the territory of the Member States of a duration of no more than 90 days in any 180-day period as referred to in Article 6(1) of Regulation (EU) 2016/399;
‘short-stay visa’ means visa as defined in point (a) of point 2 of Article 2 of Regulation (EC) No 810/2009 of the European Parliament and of the Council ( 7 );
‘national short-stay visa’ means an authorisation issued by a Member State which does not apply the Schengen acquis in full with a view to an intended stay on the territory of that Member State of a duration of no more than 90 days in any 180-day period;
‘authorised stay’ means the exact number of days during which a third-country national is permitted to legally stay on the territory of the Member States, counting from the date of the entry in accordance with the applicable provisions;
‘Member State responsible’ means the Member State which has entered data in the EES;
‘verification’ means the process of comparing sets of data to establish the validity of a claimed identity (one-to-one check);
‘identification’ means the process of determining a person’s identity through a database search against multiple sets of data (one-to-many check);
‘alphanumeric data’ means data represented by letters, digits, special characters, spaces and punctuation marks;
‘fingerprint data’ means the data relating to the four fingerprints of the index, middle finger, ring finger and little finger from the right hand where present, and otherwise from the left hand;
‘facial image’ means digital images of the face;
‘biometric data’ means fingerprint data and facial image;
‘overstayer’ means a third-country national who does not fulfil or no longer fulfils the conditions relating to the duration of his or her authorised short stay on the territory of the Member States;
‘eu-LISA’ means the European Agency for the operational management of large-scale information systems in the area of freedom, security and justice established by Regulation (EU) No 1077/2011;
‘supervisory authorities’ means the supervisory authority established in accordance with Article 51(1) of Regulation (EU) 2016/679 and the supervisory authority established in accordance with Article 41(1) of Directive (EU) 2016/680;
‘EES data’ means all data stored in the EES Central System and in the CIR in accordance with Articles 15 to 20;
‘identity data’ means the data referred to in point (a) of Article 16(1) as well as the relevant data referred to in Articles 17(1) and 18(1);
‘law enforcement’ means the prevention, detection or investigation of terrorist offences or other serious criminal offences;
‘terrorist offence’ means an offence under national law which corresponds or is equivalent to one of the offences referred to in Directive (EU) 2017/541;
‘serious criminal offence’ means an offence which corresponds or is equivalent to one of the offences referred to in Article 2(2) of Framework Decision 2002/584/JHA, if it is punishable under national law by a custodial sentence or a detention order for a maximum period of at least three years;
‘designated authority’ means an authority designated by a Member State pursuant to Article 29 as responsible for the prevention, detection or investigation of terrorist offences or of other serious criminal offences;
‘self-service system’ means a self-service system as defined in point 23 of Article 2 of Regulation (EU) 2016/399;
‘e-gate’ means an e-gate as defined in point 24 of Article 2 of Regulation (EU) 2016/399;
‘Failure To Enrol Rate’ (FTER) means the proportion of registrations with insufficient quality of the biometric enrolment;
‘False Positive Identification Rate’ (FPIR) means the proportion of returned matches during a biometric search which do not belong to the checked traveller;
‘False Negative Identification Rate’ (FNIR) means the proportion of missed matches during a biometric search even though the traveller’s biometric data were registered;
‘ESP’ means the European search portal established by Article 6(1) of Regulation (EU) 2019/817;
‘CIR’ means the common identity repository established by Article 17(1) of Regulation (EU) 2019/817.
Article 4
Borders at which the EES is operated and use of the EES at those borders
Article 5
Set-up of the EES
eu-LISA shall develop the EES and ensure its operational management, including the functionalities for processing biometric data as referred to in point (d) of Article 16(1) and points (b) and (c) of Article 17(1), as well as the adequate security of the EES.
Article 6
Objectives of the EES
By recording and storing data in the EES and by providing Member States with access to such data, the objectives of the EES shall be to:
enhance the efficiency of border checks by calculating and monitoring the duration of the authorised stay on the entry and exit of third-country nationals admitted for a short stay;
assist in the identification of third-country nationals who do not or no longer fulfil the conditions for entry to, or for short stay on, the territory of the Member States;
allow the identification and detection of overstayers and enable the competent national authorities of the Member States to take appropriate measures;
allow refusals of entry in the EES to be checked electronically;
enable automation of border checks on third-country nationals;
enable visa authorities to have access to information on the lawful use of previous visas;
inform third-country nationals of the duration of their authorised stay;
gather statistics on the entries and exits, refusals of entry and overstays of third-country nationals in order to improve the assessment of the risk of overstays and support evidence-based Union migration policy making;
combat identity fraud and the misuse of travel documents;
ensure the correct identification of persons;
support the objectives of the European Travel Information and Authorisation System (ETIAS) established by Regulation (EU) 2018/1240 of the European Parliament and of the Council ( 8 ).
By granting access to designated authorities in accordance with the conditions set out in this Regulation, the objectives of the EES shall be to:
contribute to the prevention, detection and investigation of terrorist offences or of other serious criminal offences;
enable the generation of information for investigations related to terrorist offences or other serious criminal offences, including the identification of perpetrators, suspects and victims of those offences who have crossed the external borders.
The EES shall, where relevant, support Member States in operating their national facilitation programmes established in accordance with Article 8d of Regulation (EU) 2016/399, in order to facilitate border crossing for third-country nationals, by:
enabling the national competent authorities referred to in Article 8d of Regulation (EU) 2016/399 to have access to information on previous short stays or refusals of entry for the purposes of the examination of applications for access to national facilitation programmes and the adoption of decisions referred to in Article 25 of this Regulation;
notifying the border authorities that access is granted to a national facilitation programme.
Article 7
Technical architecture of the EES
The EES shall be composed of:
a Central System (EES Central System);
the CIR central infrastructure as referred to in point (a) of Article 17(2) of Regulation (EU) 2019/817;
a National Uniform Interface (NUI) in each Member State based on common technical specifications and identical for all Member States, enabling the connection of the EES Central System to the national border infrastructures in Member States in a secure manner;
a Secure Communication Channel between the EES Central System and the VIS Central System;
a Communication Infrastructure, which shall be secure and encrypted, between the EES Central System and the NUIs;
the web service referred to in Article 13;
a secure communication infrastructure between the EES Central System and the central infrastructures of the ESP and the CIR.
Article 8
Interoperability with the VIS
Interoperability shall enable the border authorities using the EES to consult the VIS from the EES in order to:
retrieve the visa-related data directly from the VIS and import them into the EES in order to create or update the entry/exit record or the refusal of entry record of a visa holder in the EES in accordance with Articles 14, 16 and 18 of this Regulation and Article 18a of Regulation (EC) No 767/2008;
retrieve the visa-related data directly from the VIS and import them into the EES in order to update the entry/exit record in the event that a visa is annulled, revoked or extended in accordance with Article 19 of this Regulation and Articles 13, 14 and 18a of Regulation (EC) No 767/2008;
verify, pursuant to Article 23 of this Regulation and Article 18(2) of Regulation (EC) No 767/2008, the authenticity and validity of the relevant visa or whether the conditions for entry to the territory of the Member States in accordance with Article 6 of Regulation (EU) 2016/399 are fulfilled;
verify at the borders at which the EES is operated whether a visa-exempt third-country national has been previously registered in the VIS in accordance with Article 23 of this Regulation and Article 19a of Regulation (EC) No 767/2008; and
where the identity of a visa holder is verified using fingerprints, verify at the borders at which the EES is operated the identity of a visa holder by comparing the fingerprints of the visa holder with the fingerprints recorded in the VIS in accordance with Article 23 of this Regulation and Article 18(6) of Regulation (EC) No 767/2008.
Interoperability shall enable the visa authorities using the VIS to consult the EES from the VIS in order to:
examine visa applications and adopt decisions relating to those applications in accordance with Article 24 of this Regulation and Article 15(4) of Regulation (EC) No 767/2008;
examine, for the Member States which do not yet apply the Schengen acquis in full but operate the EES, applications for national short-stay visas and adopt decisions relating to those applications;
update the visa-related data in the entry/exit record in the event that a visa is annulled, revoked or extended in accordance with Article 19 of this Regulation and Articles 13 and 14 of Regulation (EC) No 767/2008.
Article 8a
Automated process with ETIAS
Where an entry/exit record or a refusal of entry record of a visa exempt third-country national is created, the automated process referred to in the first subparagraph shall enable the EES Central System:
to query and to import from the ETIAS Central System the information referred to in Article 47(2) of Regulation (EU) 2018/1240, the application number and the expiry date of the ETIAS travel authorisation;
to update the entry/exit record in the EES in accordance with Article 17(2) of this Regulation; and
to update the refusal of entry record in the EES in accordance with point (b) of Article 18(1) of this Regulation.
Article 8b
Interoperability with ETIAS
For the purpose of proceeding with the verifications referred to in points (g) and (h) of Article 20(2) of Regulation (EU) 2018/1240, the ETIAS Central System shall use the ESP to compare the data stored in ETIAS with EES data, in accordance with Article 11(8) of that Regulation, using the data listed in the correspondence table set out in Annex III to this Regulation.
The verifications referred to in points (g) and (h) of Article 20(2) of Regulation (EU) 2018/1240 shall be without prejudice to the specific rules provided for in Article 24(3) of that Regulation.
Article 9
Access to the EES for entering, amending, erasing and consulting data
The EES shall provide the functionality for the centralised management of that list. The detailed rules on managing that functionality shall be laid down in implementing acts. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 68(2).
Article 10
General principles
Article 11
Automated calculator and obligation to inform third-country nationals on the remaining authorised stay
The automated calculator shall not apply to third-country nationals:
who are members of the family of a Union citizen to whom Directive 2004/38/EC applies or of a national of a third country enjoying the right of free movement equivalent to that of Union citizens under an agreement between the Union and its Member States, on the one hand, and a third country, on the other; and
who do not hold a residence card pursuant to Directive 2004/38/EC or a residence permit pursuant to Regulation (EC) No 1030/2002.
The automated calculator shall inform the competent authorities:
on entry, of the maximum duration of authorised stay of third-country nationals and whether the number of authorised entries of a short-stay visa issued for one or two entries has been exhausted;
during checks or verifications carried out within the territory of the Member States, of the remaining authorised stay or duration of overstay of the third-country nationals;
on exit, of any overstay of third-country nationals;
when examining and deciding on short-stay visa applications, of the maximum remaining duration of authorised stay based on intended entry dates.
In the case referred to in the first subparagraph, the automated calculator shall only verify:
compliance with the overall limit of 90 days in any 180-day period; and
for short-stay visas, compliance with the period of validity of such visas.
Article 12
Information mechanism
Article 13
Web service
In the case referred to in the first subparagraph, the web service shall enable third-country nationals to verify the compliance with the overall limit of 90 days in any 180-day period and to receive information on the remaining authorised stay under that limit. This information shall be provided for stays in the 180-day period preceding the consultation of the web service or their intended date of entry or exit, or both.
Logs shall be stored for a period of two years. Logs shall be protected by appropriate measures against unauthorised access.
Article 13a
Fall-back procedures in the case of technical impossibility to access data by carriers
CHAPTER II
ENTRY AND USE OF DATA BY COMPETENT AUTHORITIES
Article 14
Procedures for entering data in the EES
Where a previous individual file has been created for the third-country national, the border authority shall, where necessary:
update that individual file, namely the data referred to in Articles 16, 17 and 18, as applicable, and
enter an entry record for each entry and an exit record for each exit in accordance with Articles 16 and 17 or, where applicable, a refusal of entry record in accordance with Article 18.
The records referred to in point (b) of the first subparagraph of this paragraph shall be linked to the individual file of the third-country national concerned.
Where applicable, the data referred to in Article 19(1), (2), (4) and (5) shall be added to the entry/exit record of the third-country national concerned. The travel documents and identities used legitimately by a third-country national shall be added to the third-country national’s individual file.
Where a previous individual file is recorded and the third-country national presents a valid travel document which differs from the one that was previously recorded, the data referred to in point (d) of Article 16(1) and point (b) of Article 17(1) shall also be updated in accordance with Article 15.
Article 15
Facial image of third-country nationals
Article 16
Personal data of third-country nationals subject to a visa requirement
At the borders at which the EES is operated, the border authority shall create the individual file of a third-country national subject to a visa requirement by entering the following data:
surname (family name); first name or names (given names); date of birth; nationality or nationalities; sex;
the type and number of the travel document or documents and the three letter code of the issuing country of the travel document or documents;
the date of expiry of the validity of the travel document or documents;
the facial image as referred to in Article 15.
On each entry of a third-country national subject to a visa requirement at a border at which the EES is operated, the following data shall be entered in an entry/exit record:
the date and time of the entry;
the border crossing point of the entry and the authority that authorised the entry;
where applicable, the status of that third-country national indicating that he or she is a third-country national who:
is a member of the family of a Union citizen to whom Directive 2004/38/EC applies or of a national of a third country enjoying the right of free movement equivalent to that of Union citizens under an agreement between the Union and its Member States, on the one hand, and a third country, on the other; and
does not hold a residence card pursuant to Directive 2004/38/EC or a residence permit pursuant to Regulation (EC) No 1030/2002;
where applicable, the short-stay visa sticker number, including the three letter code of the issuing Member State, the type of short-stay visa, the end date of the maximum duration of the stay as authorised by the short-stay visa, which shall be updated at each entry, and the date of expiry of the validity of the short-stay visa;
on the first entry on the basis of a short-stay visa, the number of entries and the duration of stay authorised by the short-stay visa as indicated on the short-stay visa sticker;
where applicable, the information indicating that the short-stay visa has been issued with limited territorial validity pursuant to point (b) of Article 25(1) of Regulation (EC) No 810/2009;
for the Member States which do not yet apply the Schengen acquis in full but operate the EES, a notification, where applicable, indicating that the third-country national used a national short-stay visa for the entry.
The entry/exit record referred to in the first subparagraph shall be linked to the individual file of that third-country national using the individual reference number created by the EES upon creation of that individual file.
On each exit of a third-country national subject to a visa requirement at a border at which the EES is operated, the following data shall be entered in the entry/exit record:
the date and time of the exit;
the border crossing point of the exit.
Where that third-country national uses a visa other than the visa recorded in the last entry record, the data of the entry/exit record listed in points (d) to (g) of paragraph 2 shall be updated accordingly.
The entry/exit record referred to in the first subparagraph shall be linked to the individual file of that third-country national.
Article 17
Personal data of visa-exempt third-country nationals
The border authority shall create the individual file of visa-exempt third-country nationals by entering the following:
the data provided for in points (a), (b) and (c) of Article 16(1);
the facial image as referred to in Article 15;
fingerprint data from the right hand, where present, and otherwise the corresponding fingerprint data from the left hand; fingerprint data shall have sufficient resolution and quality to be used in automated biometric matching;
where relevant, the data provided for in Article 16(6).
The following data shall also be entered in the entry/exit record:
the ETIAS application number;
the expiry date of the ETIAS travel authorisation;
in the case of an ETIAS travel authorisation with limited territorial validity, the Member State or Member States for which it is valid;
However, where the physical impossibility is of a temporary nature, that fact shall be recorded in the EES and the person shall be required to give the fingerprints on exit or at the subsequent entry. This information shall be deleted from the EES once the fingerprints have been given. The border authorities shall be entitled to request further clarification on the grounds for the temporary impossibility to give fingerprints. Member States shall ensure that appropriate procedures guaranteeing the dignity of the person are in place in the event of difficulties encountered in the capturing of fingerprints.
Article 18
Personal data of third-country nationals who have been refused entry
Where a decision has been taken by the border authority, in accordance with Article 14 of and Annex V to Regulation (EU) 2016/399, to refuse the entry of a third-country national for a short stay on the territory of the Member States and where no previous file is recorded in the EES for that third-country national, the border authority shall create an individual file in which it shall enter:
for third-country nationals subject to a visa requirement, the alphanumeric data required pursuant to Article 16(1) of this Regulation and, where relevant, the data referred to in Article 16(6) of this Regulation;
for visa-exempt third-country nationals, the alphanumeric data required pursuant to Article 17(1) and (2) of this Regulation.
Where the third-country national is refused entry on the basis of a reason corresponding to point B, D or H of Part B of Annex V to Regulation (EU) 2016/399 and where no previous file with biometric data is recorded in the EES for that third-country national, the border authority shall create an individual file in which it shall enter the alphanumeric data required pursuant to Article 16(1) or Article 17(1) of this Regulation, as appropriate, as well as the following data:
for third-country nationals subject to a visa requirement, the facial image referred to in point (d) of Article 16(1) of this Regulation;
for visa-exempt third-country nationals, the biometric data required pursuant to points (b) and (c) of Article 17(1) of this Regulation;
for third-country nationals subject to a visa requirement who are not registered in the VIS, the facial image referred to in point (d) of Article 16(1) of this Regulation and the fingerprint data as referred to point (c) of Article 17(1) of this Regulation.
Where a decision has been taken by the border authority, in accordance with Article 14 of and Annex V to Regulation (EU) 2016/399, to refuse the entry of a third-country national for a short stay to the territory of the Member States, the following data shall be entered in a separate refusal of entry record:
the date and time of refusal of entry;
the border crossing point;
the authority that refused the entry;
the point or points corresponding to the reasons for refusing entry in accordance with Part B of Annex V to Regulation (EU) 2016/399.
In addition, for third-country nationals subject to a visa requirement, the data provided for in points (d) to (g) of Article 16(2) of this Regulation shall be entered in the refusal of entry record.
In order to create or update the refusal of entry record of third-country nationals subject to a visa requirement, the data provided for in points (d), (e) and (f) of Article 16(2) of this Regulation may be retrieved from the VIS and imported into the EES by the competent border authority in accordance with Article 18a of Regulation (EC) No 767/2008.
Article 19
Data to be added where an authorisation for short stay is revoked, annulled or extended
Where a decision has been taken to revoke or annul an authorisation for short stay or a visa or to extend the duration of an authorised stay or visa, the competent authority that has taken such a decision shall add the following data to the latest relevant entry/exit record:
the status information indicating that the authorisation for short stay or the visa has been revoked or annulled or that the duration of the authorised stay or the visa has been extended;
the identity of the authority that revoked or annulled the authorisation for short stay or the visa or extended the duration of the authorised stay or the visa;
the place and date of the decision to revoke or annul the authorisation for short stay or the visa or to extend the duration of the authorised stay or the visa;
where applicable, the new visa sticker number, including the three letter code of the issuing country;
where applicable, the period of the extension of the duration of authorised stay;
where applicable, the new expiry date of the authorised stay or the visa.
The entry/exit record shall indicate the grounds for revocation or annulment of the short stay, which shall be:
a return decision adopted pursuant to Directive 2008/115/EC of the European Parliament and of the Council ( 11 );
any other decision taken by the competent authorities of the Member State, in accordance with national law, resulting in the return, removal or voluntary departure of a third-country national who does not fulfil or no longer fulfils the conditions for the entry into or for the stay on the territory of the Member States.
Article 20
Data to be added in case of rebuttal of the presumption that a third-country national does not fulfil the conditions of duration of authorised stay
Without prejudice to Article 22, where no individual file has been created in the EES for a third-country national present on the territory of a Member State or where there is no last relevant entry/exit record for such a third-country national, the competent authorities may presume that the third-country national does not fulfil or no longer fulfils the conditions relating to duration of authorised stay within the territory of the Member States.
In the case referred to in the first paragraph of this Article, Article 12 of Regulation (EU) 2016/399 shall apply and, if the presumption is rebutted in accordance with Article 12(3) of that Regulation, the competent authorities shall:
create an individual file for that third-country national in the EES, if necessary;
update the latest entry/exit record by entering the missing data in accordance with Articles 16 and 17 of this Regulation; or
erase an existing file where Article 35 of this Regulation provides for such erasure.
Article 21
Fall-back procedures where it is technically impossible to enter data or in the event of failure of the EES
Member States shall inform the Commission of the stamping of travel documents in the event of the exceptional situations referred to in the first subparagraph of this paragraph. The Commission shall adopt implementing acts concerning the detailed rules on the information to be provided to the Commission. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 68(2).
Article 22
Transitional period and transitional measures
Article 23
Use of data for verification at the borders at which the EES is operated
In addition, for the purposes of consulting the VIS for verification in accordance with Article 18 of Regulation (EC) No 767/2008, for third-country nationals who are subject to a visa requirement, the border authorities shall launch a search in the VIS directly from the EES using the same alphanumeric data or, where applicable, ►C1 consult the VIS in accordance with Article 18(3) of Regulation (EC) No 767/2008. ◄
If the search in the EES with the data set out in the first subparagraph of this paragraph indicates that data on the third-country national are recorded in the EES, the border authorities shall compare the live facial image of the third-country national with the facial image referred to in point (d) of Article 16(1) and point (b) of Article 17(1) of this Regulation or the border authorities shall, in the case of visa-exempt third-country nationals, proceed to a verification of fingerprints against the EES and, in the case of third-country nationals subject to a visa requirement, proceed to a verification of fingerprints directly against the VIS in accordance with Article 18 of Regulation (EC) No 767/2008. For the verification of fingerprints against the VIS for visa holders, the border authorities may launch the search in the VIS directly from the EES as provided in Article 18(6) of that Regulation.
If the verification of the facial image fails, the verification shall be carried out using fingerprints and vice versa.
In addition to the identification referred to in first subparagraph of this paragraph, the following provisions shall apply:
for third-country nationals who are subject to a visa requirement, if the search in the VIS with the data referred to in Article 18(1) of Regulation (EC) No 767/2008 indicates that data on the third-country national are recorded in the VIS, a verification of fingerprints against the VIS shall be carried out in accordance with Article 18(5) of Regulation (EC) No 767/2008. For this purpose, the border authority may launch a search from the EES to the VIS as provided for in Article 18(6) of Regulation (EC) No 767/2008. Where a verification of a third-country national pursuant to paragraph 2 of this Article failed, the border authorities shall access the VIS data for identification in accordance with Article 20 of Regulation (EC) No 767/2008.
for third-country nationals who are not subject to a visa requirement and for whom no data are found in the EES further to the identification run in accordance with Article 27 of this Regulation, the VIS shall be consulted in accordance with Article 19a of Regulation (EC) No 767/2008. The border authority may launch a search from the EES to the VIS as provided for in Article 19a of Regulation (EC) No 767/2008.
CHAPTER III
USE OF THE EES BY OTHER AUTHORITIES
Article 24
Use of the EES for examining and deciding on visas
In addition, visa authorities of a Member State which does not yet apply the Schengen acquis in full but operates the EES shall consult the EES when examining national short-stay visa applications and adopting decisions relating to those applications, including decisions to annul, revoke or extend the period of validity of an issued national short-stay visa.
Visa authorities shall be given access to search the EES directly from the VIS with one or several of the following data:
the data referred to in points (a), (b) and (c) of Article 16(1);
the short-stay visa sticker number, including the three letter code of the issuing Member State referred to in point (d) of Article 16(2);
the fingerprint data or the fingerprint data combined with the facial image.
Article 25
Use of the EES for examining applications for access to national facilitation programmes
The competent authorities shall be given access to search with one or several of the following:
the data referred to in points (a), (b) and (c) of Article 16(1) or the data referred to in point (a) of Article 17(1);
the fingerprint data or the fingerprint data combined with the facial image.
Article 25a
Access to EES data by the ETIAS Central Unit
Article 25b
Use of the EES for the manual processing of applications by the ETIAS National Units
Article 26
Access to data for verification within the territory of the Member States
If the search indicates that data on the third-country national are recorded in the EES, the immigration authorities may:
compare the live facial image of the third-country national with the facial image referred to in point (d) of Article 16(1) and point (b) of Article 17(1) of this Regulation; or
verify the fingerprints of visa-exempt third-country nationals in the EES and of third-country nationals subject to a visa requirement in the VIS in accordance with Article 19 of Regulation (EC) No 767/2008.
Article 27
Access to data for identification
Where the search with the fingerprint data or with the fingerprint data combined with the facial image indicates that data on that third-country national are not recorded in the EES, access to data for identification shall be carried out in the VIS in accordance with Article 20 of Regulation (EC) No 767/2008. At borders at which the EES is operated, prior to any identification against the VIS, the competent authorities shall first access the VIS in accordance with Articles 18 or 19a of Regulation (EC) No 767/2008.
Where the fingerprints of that third-country national cannot be used or the search with the fingerprint data or with the fingerprint data combined with the facial image has failed, the search shall be carried out with all or some of the data referred to in points (a), (b) and (c) of Article 16(1) and point (a) of Article 17(1).
Article 28
Keeping of data retrieved from the EES
Data retrieved from the EES pursuant to Articles 24, 25, 26 and 27 may be kept in national files and data retrieved from the EES pursuant to Articles 25a and 25b may be kept in the ETIAS application files only where necessary in an individual case in accordance with the purpose for which they were retrieved and in accordance with relevant Union law, in particular on data protection, and for no longer than strictly necessary in that individual case.
CHAPTER IV
PROCEDURE AND CONDITIONS FOR ACCESS TO THE EES FOR LAW ENFORCEMENT PURPOSES
Article 29
Member States’ designated authorities
The designated authority and the central access point may be part of the same organisation if permitted under national law, but the central access point shall act fully independently of the designated authorities when performing its tasks under this Regulation. The central access point shall be separate from the designated authorities and shall not receive instructions from them as regards the outcome of the verification which it shall carry out independently.
Member States may designate more than one central access point to reflect their organisational and administrative structures in the fulfilment of their constitutional or legal requirements.
Article 30
Europol
The Europol central access point shall act independently when performing its tasks under this Regulation and shall not receive instructions from the Europol designated authority as regards the outcome of the verification.
Article 31
Procedure for access to the EES for law enforcement purposes
Article 32
Conditions for access to EES data by designated authorities
Designated authorities may access the EES for consultation where all of the following conditions are met:
access for consultation is necessary for the purpose of the prevention, detection ►C1 or investigation of a terrorist offence or another serious criminal offence; ◄
access for consultation is necessary and proportionate in a specific case;
evidence or reasonable grounds exist to consider that the consultation of the EES data will contribute to the prevention, detection or investigation of any of the criminal offences in question, in particular where there is a substantiated suspicion that the suspect, perpetrator or victim of a terrorist offence or other serious criminal offence falls under a category covered by this Regulation.
Access to the EES as a tool for the purpose of identifying an unknown suspect, perpetrator or suspected victim of a terrorist offence or other serious criminal offence shall be allowed where, in addition to the conditions listed in paragraph 1, the following conditions are met:
a prior search has been conducted in national databases; and
in the case of searches with fingerprints, a prior search has been launched in the automated fingerprint identification system of the other Member States under Decision 2008/615/JHA where comparisons of fingerprints are technically available, and either that search has been fully carried out, or that search has not been fully carried out within two days of being launched.
However, the additional conditions in points (a) and (b) of the first subparagraph shall not apply where there are reasonable grounds to believe that a comparison with the systems of the other Member States would not lead to the verification of the identity of the data subject or in a case of urgency where there is a need to prevent an imminent danger to the life of a person associated with a terrorist offence or another serious criminal offence. Those reasonable grounds shall be included in the electronic or written request sent by the operating unit of the designated authority to the central access point.
A request for consultation of the VIS on the same data subject may be submitted in parallel to a request for consultation of the EES in accordance with the conditions laid down in Council Decision 2008/633/JHA ( 12 ).
Consultation of the EES for the purpose of identification as referred to in paragraph 2 shall be limited to searching in the individual file with any of the following EES data:
fingerprints of visa-exempt third-country nationals or of holders of an FTD. In order to launch this consultation of the EES, latent fingerprints may be used and may therefore be compared with the fingerprints stored in the EES;
facial images.
Consultation of the EES, in the event of a hit, shall give access to any other data taken from the individual file as listed in Article 16(1) and (6), Article 17(1) and Article 18(1).
Consultation of the EES for the travel history of the third-country national concerned shall be limited to searching with one or several of the following EES data in the individual file, in the entry/exit records or in the refusal of entry records:
surname (family name); first name or names (given names); date of birth; nationality or nationalities; sex;
type and number of travel document or documents, three letter code of the issuing country and date of expiry of the validity of the travel document;
visa sticker number and the date of expiry of the validity of the visa;
fingerprints, including latent fingerprints;
facial image;
date and time of entry, authority that authorised the entry and entry border crossing point;
date and time of exit and exit border crossing point.
Consultation of the EES shall, in the event of a hit, give access to the data listed in the first subparagraph as well as to any other data taken from the individual file, the entry/exit records and refusal of entry records, including data related to the revocation or extension of an authorisation for short stay in accordance with Article 19.
Article 33
Procedure and conditions for access to EES data by Europol
Europol shall have access to consult the EES where all the following conditions are met:
the consultation is necessary to support and strengthen action by Member States in preventing, detecting or investigating terrorist offences or other serious criminal offences falling under Europol’s mandate;
the consultation is necessary and proportionate in a specific case;
evidence or reasonable grounds exist to consider that the consultation of the EES data will contribute to the prevention, detection or investigation of any of the criminal offences in question, in particular where there is a substantiated suspicion that the suspect, perpetrator or victim of a terrorist offence or other serious criminal offence falls under a category covered by this Regulation.
A request for consultation of the VIS on the same data subject may be submitted in parallel to a request for consultation of the EES in accordance with the conditions laid down in Decision 2008/633/JHA.
CHAPTER V
RETENTION AND AMENDMENT OF THE DATA
Article 34
Data retention period
Article 35
Amendment of data and advance data erasure
Where a third-country national has acquired the nationality of a Member State or has fallen under the scope of Article 2(3) before the expiry of the applicable period referred to in Article 34, the individual file and the entry/exit records linked to that individual file in accordance with Articles 16 and 17 and the refusal of entry records linked to that individual file in accordance with Article 18 shall, without delay, and in any event not later than five working days from the date on which that third-country national has acquired the nationality of a Member State or has fallen under the scope of Article 2(3) before the expiry of the period referred to in Article 34, be erased from the EES, as well as, where applicable, from the list of identified persons referred to in Article 12(3), by:
the Member State the nationality of which he or she has acquired; or
the Member State that issued the residence permit or card or long-stay visa.
Where a third-country national has acquired the nationality of Andorra, Monaco or San Marino ►C1 or where a third-country national is in possession of a passport issued by the Vatican City State or the Holy See, he or she shall inform ◄ the competent authorities of the Member State he or she next enters of that change. That Member State shall erase his or her data without delay from the EES. The third-country national in question shall have access to an effective judicial remedy to ensure that the data are erased.
CHAPTER VI
DEVELOPMENT, OPERATION AND RESPONSIBILITIES
Article 36
Adoption of implementing acts by the Commission prior to development
The Commission shall adopt the implementing acts necessary for the development and technical implementation ►M2 of the EES Central System and the CIR ◄ , the NUIs, the Communication Infrastructure, the web service referred to in Article 13 and the data repository referred to in Article 63(2), in particular measures for:
the specifications for the quality, resolution and use of fingerprints for biometric verification and identification in the EES;
the specifications for the quality, resolution and use of the facial image for biometric verification and identification in the EES, including where taken live or extracted electronically from the eMRTD;
entering the data in accordance with Articles 16 to 20;
accessing the data in accordance with Articles 23 to 33;
amending, erasing and advance erasure of data in accordance with Article 35;
keeping and accessing the logs in accordance with Article 46;
performance requirements, including the minimum specifications for technical equipment and requirements regarding the biometric performance of the EES, in particular in terms of the required False Positive Identification Rate, False Negative Identification Rate and Failure To Enrol Rate;
the specifications and conditions for the web service referred to in Article 13, including specific provisions for the protection of the data where provided by or to carriers;
the establishment and the high level design of interoperability as referred to in Article 8;
the specifications and conditions for the data repository referred in Article 63(2);
the establishment of the list of identified persons referred to in Article 12(3) and the procedure to make that list available to Member States;
the specifications for technical solutions to connect central access points in accordance with Articles 31, 32 and 33 and for a technical solution to collect the statistical data required pursuant to Article 72(8).
Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 68(2).
For the adoption of the implementing acts set out in point (i) of the first paragraph of this Article, the Committee set up by Article 68 of this Regulation shall consult the VIS Committee set up by Article 49 of Regulation (EC) No 767/2008.
Article 37
Development and operational management
eu-LISA shall define the design of the physical architecture of the EES including its Communication Infrastructure, as well as the technical specifications and their evolution regarding the EES Central System, the NUIs, the Communication Infrastructure, the Secure Communication Channel between the EES Central System and the VIS Central System, the web service referred to in Article 13 of this Regulation and the data repository referred to in Article 63(2) of this Regulation. Those technical specifications shall be adopted by eu-LISA’s Management Board, subject to a favourable opinion of the Commission. eu-LISA shall also implement any necessary adaptations to the VIS deriving from the establishment of interoperability with the EES as well as from the implementation of the amendments to Regulation (EC) No 767/2008 set out in Article 61 of this Regulation.
eu-LISA shall develop and implement the EES Central System, the NUIs, the Communication Infrastructure, the Secure Communication Channel between the EES Central System and the VIS Central System, the web service referred to in Article 13 and the data repository referred to Article 63(2) as soon as possible after the adoption by the Commission of the measures provided for in Article 36.
The development shall consist of the elaboration and implementation of the technical specifications, testing and overall project coordination.
When developing, and when implementing, the EES Central System, the NUIs, the Communication Infrastructure, the Secure Communication Channel between the EES Central System and the VIS Central System, the web service referred to in Article 13 and the data repository referred to in Article 63(2), the tasks of eu–LISA shall also be to:
perform a security risk assessment;
follow the principles of privacy by design and by default during the entire lifecycle of the development of the EES;
conduct a security risk assessment regarding the interoperability with the VIS referred to in Article 8 and assess the required security measures needed for the implementation of the interoperability with the VIS.
The Programme Management Board shall meet regularly and at least three times per quarter. It shall ensure the adequate management of the design and development phase of the EES and ensure the consistency between central and national EES projects.
The Programme Management Board shall submit written reports every month to eu-LISA’s Management Board on the progress of the project. The Programme Management Board shall have no decision-making power nor any mandate to represent the members of eu-LISA’s Management Board.
eu-LISA’s Management Board shall establish the rules of procedure of the Programme Management Board which shall include in particular rules on:
its chairmanship;
meeting venues;
the preparation of meetings;
the admission of experts to meetings;
communication plans ensuring full information to non-participating members of eu-LISA’s Management Board.
The chairmanship of the Programme Management Board shall be held by a Member State which is fully bound under Union law by the legislative instruments governing the development, establishment, operation and use of all the large-scale IT systems managed by eu-LISA.
All travel and subsistence expenses incurred by the members of the Programme Management Board shall be paid by eu-LISA and Article 10 of the eu-LISA Rules of Procedure shall apply mutatis mutandis. eu-LISA shall provide the Programme Management Board with a secretariat.
During the designing and development phase, the EES Advisory Group referred to in Article 69 shall be composed of national EES project managers and chaired by eu-LISA. It shall meet regularly and at least three times per quarter until the start of operations of the EES. It shall report after each meeting to the Programme Management Board. It shall provide the technical expertise to support the tasks of the Programme Management Board and shall follow-up on the state of preparation of the Member States.
Operational management of the EES shall consist of all the tasks necessary to keep the EES functioning 24 hours a day, 7 days a week in accordance with this Regulation, in particular the maintenance work and technical developments necessary to ensure that the EES functions at a satisfactory level of operational quality, in particular as regards the response time for interrogation of the EES Central System by border authorities, in accordance with the technical specifications.
Article 38
Responsibilities of Member States and Europol
Each Member State shall be responsible for:
the integration of the existing national border infrastructure and its connection to the NUI;
the organisation, management, operation and maintenance of its existing national border infrastructure and of its connection to the EES for the purpose of Article 6 with the exception of Article 6(2);
the organisation of central access points and their connection to the NUI for the purpose of law enforcement;
the management of, and arrangements for, access by the duly authorised staff, and by the duly empowered staff, of the competent national authorities to the EES in accordance with this Regulation and the creation and regular update of a list of those staff and their profiles.
Article 39
Responsibility for data processing
Each Member State shall ensure that the data collected and recorded in the EES is processed lawfully and, in particular, that only duly authorised staff have access to the data for the performance of their tasks. The Member State responsible shall ensure, in particular, that the data are:
collected lawfully and in full respect of the human dignity of the third-country national concerned;
registered lawfully in the EES;
accurate and up-to-date when they are transmitted to the EES.
eu-LISA shall ensure that the EES is operated in accordance with this Regulation and the implementing acts referred to in Article 36. In particular, eu-LISA shall:
take the necessary measures to ensure the security of the EES Central System and the Communication Infrastructure between the EES Central System and the NUI, without prejudice to the responsibilities of the Member States;
ensure that only duly authorised staff have access to data processed in the EES.
Article 40
Keeping of data in national files and national entry/exit systems
Article 41
Communication of data to third countries, international organisations and private entities
By way of derogation from paragraph 1 of this Article, the data referred to in Article 16(1) and points (a), (b) and (c) of Article 17(1) of this Regulation may be transferred by border authorities or immigration authorities to a third country or to an international organisation listed in the Annex I to this Regulation in individual cases, if necessary in order to prove the identity of third-country nationals for the sole purpose of return, only where one of the following conditions is satisfied:
the Commission has adopted a decision on the adequate protection of personal data in that third country in accordance with Article 45(3) of Regulation (EU) 2016/679;
appropriate safeguards as referred to in Article 46 of Regulation (EU) 2016/679 have been provided, such as through a readmission agreement which is in force between the Union or a Member State and the third country in question; or
point (d) of Article 49(1) of Regulation (EU) 2016/679, applies.
The data referred to in Article 16(1) and points (a), (b) and (c) of Article 17(1) of this Regulation may be transferred in accordance with paragraph 2 of this Article only where all of the following conditions are satisfied:
the transfer of the data is carried out in accordance with the relevant provisions of Union law, in particular provisions on data protection, including Chapter V of Regulation (EU) 2016/679, and readmission agreements, and the national law of the Member State transferring the data;
the third country or international organisation has agreed to process the data only for the purposes for which they were provided; and
a return decision adopted pursuant to Directive 2008/115/EC has been issued in relation to the third-country national concerned, provided that the enforcement of such a return decision is not suspended and provided that no appeal has been lodged which may lead to the suspension of its enforcement.
By way of derogation from paragraph 5 of this Article, the data referred to in points (a), (b) and (c) of Article 16(1), points (a) and (b) of Article 16(2), points (a) and (b) of Article 16(3) and point (a) of Article 17(1) may be transferred by the designated authority to a third country in individual cases, only where all of the following conditions are met:
there is an exceptional case of urgency where there is:
an imminent danger associated with a terrorist offence; or
an imminent danger to the life of a person and that danger is associated with a serious criminal offence;
the transfer of data is necessary for the prevention, detection or investigation in the territory of the Member States or in the third country concerned of such a terrorist offence or serious criminal offence;
the designated authority has access to such data in accordance with the procedure and the conditions set out in Articles 31 and 32;
the transfer is carried out in accordance with the applicable conditions set out in Directive (EU) 2016/680, in particular Chapter V thereof;
a duly motivated written or electronic request from the third country has been submitted; and
the reciprocal provision of any information on entry/exit records held by the requesting third country to the Member States operating the EES is ensured.
Where a transfer is made pursuant to the first subparagraph of this paragraph, such a transfer shall be documented and the documentation shall, on request, be made available to the supervisory authority established in accordance with Article 41(1) of Directive (EU) 2016/680, including the date and time of the transfer, information about the receiving competent authority, the justification for the transfer and the personal data transferred.
Article 42
Conditions for communication of data to a Member State which does not yet operate the EES and to a Member State to which this Regulation does not apply
The data referred to in points (a), (b) and (c) of Article 16(1), points (a) and (b) of Article 16(2), points (a) and (b) of Article 16(3) and point (a) of Article 17(1) may be transferred by a designated authority to a Member State which does not yet operate the EES and to a Member State to which this Regulation does not apply, in individual cases, only where all of the following conditions are met:
there is an exceptional case of urgency where there is:
an imminent danger associated with a terrorist offence; or
a serious criminal offence;
the transfer of data is necessary for the prevention, detection or investigation of such a terrorist offence or serious criminal offence;
the designated authority has access to such data in accordance with the procedure and the conditions set out in Articles 31 and 32;
Directive (EU) 2016/680 applies;
a duly motivated written or electronic request has been submitted; and
the reciprocal provision of any information on entry/exit records held by the requesting Member State to the Member States operating the EES is ensured.
Where a transfer is made pursuant to the first subparagraph of this paragraph, such a transfer shall be documented and the documentation shall, on request, be made available to the supervisory authority established in accordance with Article 41(1) of Directive (EU) 2016/680, including the date and time of the transfer, information about the receiving competent authority, the justification for the transfer and the personal data transferred.
Article 43
Data security
Each Member State shall, in relation to its national border infrastructure, adopt the necessary measures, including a security plan and a business continuity and disaster recovery plan, in order to:
physically protect data, including by making contingency plans for the protection of critical infrastructure;
deny unauthorised persons access to data-processing equipment and national installations in which the Member State carries out operations in accordance with the purposes of the EES;
prevent the unauthorised reading, copying, modification or removal of data media;
prevent the unauthorised entering of data and the unauthorised inspection, modification or erasure of stored personal data;
prevent the use of automated data-processing systems by unauthorised persons using data communication equipment;
prevent the unauthorised processing of data in the EES and any unauthorised modification or erasure of data processed in the EES;
ensure that persons authorised to access the EES have access only to the data covered by their access authorisation, by means of individual and unique user identities and confidential access modes only;
ensure that all authorities with a right of access to the EES create profiles describing the functions and responsibilities of persons who are authorised to enter, amend, erase, consult and search the data and make their profiles available to the supervisory authorities;
ensure that it is possible to verify and establish to which bodies personal data may be transmitted using data communication equipment;
ensure that it is possible to verify and establish which data have been processed in the EES, as well as when, by whom and for what purpose they have been processed;
prevent the unauthorised reading, copying, modification or erasure of personal data during the transmission of personal data to or from the EES or during the transport of data media, in particular by means of appropriate encryption techniques;
ensure that, in the event of an interruption, installed systems can be restored to normal operation;
ensure reliability by making sure that any faults in the functioning of the EES are properly reported;
monitor the effectiveness of the security measures referred to in this paragraph and take the necessary organisational measures related to internal monitoring to ensure compliance with this Regulation.
Article 44
Security incidents
Article 45
Liability
Article 46
Keeping of logs by eu-LISA and Member States
eu-LISA shall keep logs of all data processing operations within the EES. Those logs shall include the following:
the purpose of access referred to in Article 9(2);
the date and time;
the data transmitted as referred to in Articles 16 to 19;
the data used for interrogation as referred to in Articles 23 to 27; and
the name of the authority entering or retrieving the data; and
a reference to the use of the ESP to query the EES as referred to in Article 7(2) of Regulation (EU) 2019/817.
Logs of each data processing operation carried out within the EES and ETIAS pursuant to Articles 8a, 8b and 25a of this Regulation shall be kept in accordance with this Article and Article 69 of Regulation (EU) 2018/1240.
Article 47
Self-monitoring
Member States shall ensure that each authority entitled to access EES data takes the measures necessary to comply with this Regulation and cooperates, where necessary, with the supervisory authorities.
Article 48
Penalties
Member States shall take the necessary measures to ensure that any use of data entered in the EES in a manner contrary to this Regulation is punishable by effective, ►C1 proportionate and dissuasive penalties in accordance with ◄ national law, Article 84 of Regulation (EU) 2016/679 and Article 57 of Directive (EU) 2016/680.
Article 49
Data Protection
CHAPTER VII
RIGHTS AND SUPERVISION ON DATA PROTECTION
Article 50
Right of information
Without prejudice to the right of information in Article 13 of Regulation (EU) 2016/679, third-country nationals whose data are to be recorded in the EES shall be informed by the Member State responsible of the following:
the fact that the EES may be accessed by the Member States and Europol for law enforcement purposes;
the obligation on visa-exempt third-country nationals and on holders of an FTD to have their fingerprints taken;
the obligation on all third-country nationals subject to registration in the EES to have their facial image recorded;
that the collection of the data is mandatory for the examination of entry conditions;
the fact that entry will be refused if a third-country national refuses to provide the requested biometric data for registration, verification or identification in the EES;
the right to receive information about the maximum remaining duration of their authorised stay in accordance with Article 11(3);
the fact that personal data stored in the EES may be transferred to a third country or an international organisation listed in Annex I for the purposes of return, to a third country in accordance with Article 41(6) and to Member States in accordance with Article 42;
the existence of the right to request from the controller access to data relating to them, the right to request that inaccurate data relating to them be rectified, that incomplete personal data relating to them be completed, that unlawfully processed personal data concerning them be erased or that the processing thereof be restricted, as well as the right to receive information on the procedures for exercising those rights, including the contact details of the controller and the supervisory authorities, or of the European Data Protection Supervisor if applicable, which shall hear complaints concerning the protection of personal data;
the fact that EES data will be accessed for border management and facilitation purposes and that overstays will automatically lead to the addition of their data to the list of identified persons referred to in Article 12(3), as well as the possible consequences of overstaying;
the data retention period set for entry and exit records, refusal of entry records, and for individual files pursuant to Article 34;
the right for overstayers to have their personal data erased from the list of identified persons referred to in Article 12(3) and rectified in the EES, where they provide evidence that they exceeded the authorised duration of stay due to unforeseeable and serious events;
the right to lodge a complaint to the supervisory authorities.
Article 51
Information campaign
The Commission shall, in cooperation with the supervisory authorities and the European Data Protection Supervisor, accompany the start of operations of the EES with an information campaign informing the public and, in particular, third-country nationals, about the objectives of the EES, the data stored in the EES, the authorities having access and the rights of persons concerned. Such information campaigns shall be conducted regularly.
Article 52
Right of access to, rectification, completion and erasure of personal data, and of restriction of the processing thereof
The Member State responsible or the Member State to which the request has been made shall reply to such requests within 45 days of receipt of the request.
In the event that visa-related data recorded in the EES are factually incorrect, incomplete or have been recorded unlawfully, the Member State responsible or, where applicable, the Member State to which the request has been made shall first check the accuracy of these data against the VIS and shall, if necessary, amend them in the EES. Should the data recorded in the VIS be the same as in the EES, the Member State responsible or, where applicable, the Member State to which the request has been made, shall contact the authorities of the Member State which is responsible for entering these data in the VIS within seven days. The Member State which is responsible for entering the data in the VIS shall check the accuracy of the visa-related data and the lawfulness of their processing in the EES within 30 days of such contact and inform the Member State responsible or the Member State to which the request has been made which shall, if necessary, rectify or complete the personal data of the person concerned or restrict the processing of such data in, or erase such data from, the EES without delay and, where applicable, from the list of identified persons referred to in Article 12(3).
Article 53
Cooperation to enforce the rights on data protection
In order to achieve the aims referred to in the first subparagraph, the supervisory authority of the Member State responsible which transmitted the data and the supervisory authority of the Member State to which the request has been made shall cooperate with each other.
Article 54
Remedies
Article 55
Supervision by the supervisory authority
Article 56
Supervision by the European Data Protection Supervisor
Article 57
Cooperation between supervisory authorities and the European Data Protection Supervisor
Article 58
Protection of personal data accessed in accordance with Chapter IV
Article 59
Logging and documentation
The log or documentation shall show, in all cases:
the exact purpose of the request for access to EES data, including the terrorist offence or other serious criminal offence concerned and, for Europol, the exact purpose of the request for access;
the reasonable grounds given for not making comparisons with other Member States under Decision 2008/615/JHA, in accordance with point (b) of Article 32(2) of this Regulation;
the national file reference;
the date and exact time of the request for access by the central access point to the EES Central System;
the name of the authority which requested access for consultation;
where applicable, the use of the urgency procedure referred to in Article 31(2) of this Regulation and the decision taken with regard to the ex-post verification;
the data used for consultation;
in accordance with national rules or with Regulation (EU) 2016/794, the unique user identity of the official who carried out the search and of the official who ordered the search.
CHAPTER VIII
AMENDMENTS TO OTHER UNION INSTRUMENTS
Article 60
Amendment to the Convention implementing the Schengen Agreement
Article 20 of the Convention implementing the Schengen Agreement is amended as follows:
paragraph 2 is replaced by the following:
Paragraph 1 shall not affect each Contracting Party’s right to extend beyond 90 days in any 180-day period an alien’s stay on its territory:
in exceptional circumstances; or
in accordance with a bilateral agreement concluded before the entry into force of this Convention and notified to the Commission in accordance with paragraph 2d.’;
the following paragraphs are inserted:
Where the alien has not lodged a request during the 90-day stay in any 180-day period, his or her stay may be extended pursuant to a bilateral agreement concluded by a Contracting Party and his or her stay beyond the 90-day stay in any 180-day period preceding that extension may be presumed lawful by the competent authorities of that Contracting Party, provided that that alien presents credible evidence which proves that during that time he or she stayed only on the territory of that Contracting Party.
The competent authority which extended the stay shall inform the alien concerned that the extension of stay authorises the alien concerned to stay only on the territory of that Contracting Party and that he or she is to exit at the external borders of that Contracting party.
Article 61
Amendments to Regulation (EC) No 767/2008
Regulation (EC) No 767/2008 is amended as follows:
Article 10(1) is amended as follows:
the following point is inserted:
if applicable, the information indicating that the visa has been issued with limited territorial validity pursuant to Article 25(1)(b) of Regulation (EC) No 810/2009;’;
the following point is added:
if applicable, the status of the person indicating that the third-country national is a member of the family of a Union citizen to whom Directive 2004/38/EC of the European Parliament and of the Council ( *2 ) applies or of a third-country national enjoying the right of free movement equivalent to that of Union citizens under an agreement between the Union and its Member States, on the one hand, and a third country, on the other.
in Article 13, the following paragraph is added:
in Article 14, the following paragraph is added:
Article 15 is amended as follows:
in paragraph 2, points (b) and (c) are replaced by the following:
surname (family name), first name or names (given names); date of birth; nationality or nationalities; sex;
the type and number of the travel document; three letter code of the issuing country of the travel document; and the date of expiry of the validity of the travel document;’;
the following paragraphs are added:
in Chapter III, the following Article is inserted:
‘Article 17a
Interoperability with the EES
Interoperability shall enable the visa authorities using the VIS to consult the EES from the VIS:
when examining and deciding on visa applications as referred to in Article 24 of Regulation (EU) 2017/2226 and Article 15(4) of this Regulation;
in order to retrieve and export the visa-related data directly from the VIS into the EES in the event that a visa is annulled, revoked or extended in accordance with Article 19 of Regulation (EU) 2017/2226 and Articles 13 and 14 of this Regulation.
Interoperability shall enable the border authorities using the EES to consult the VIS from the EES in order to:
retrieve the visa-related data directly from the VIS and import them into the EES so that an entry/exit record or refusal of entry record of a visa holder may be created or updated in the EES in accordance with Articles 14, 16 and 18 of Regulation (EU) 2017/2226 and Article 18a of this Regulation;
retrieve the visa-related data directly from the VIS and import them into the EES in the event that a visa is annulled, revoked or extended in accordance with Article 19 of Regulation (EU) 2017/2226 and Articles 13 and 14 of this Regulation;
verify the authenticity and validity of the visa, whether the conditions for entry to the territory of the Member States in accordance with Article 6 of Regulation (EU) 2016/399 of the European Parliament and of the Council ( *4 ) are fulfilled, or both, as referred to in Article 18(2) of this Regulation;
check whether visa-exempt third-country nationals for whom an individual file is not recorded in the EES were previously registered in the VIS in accordance with Article 23 of Regulation (EU) 2017/2226 and Article 19a of this Regulation;
verify, where the identity of a visa holder is verified using fingerprints, the identity of a visa holder with fingerprints against the VIS in accordance with Articles 23(2) and 23(4) of Regulation (EU) 2017/2226 and Article 18(6) of this Regulation.
Article 18 is replaced by the following:
‘Article 18
Access to data for verification at borders at which the EES is operated
For the sole purpose of verifying the identity of the visa holders, the authenticity, temporal and territorial validity and status of the visa or whether the conditions for entry to the territory of the Member States in accordance with Article 6 of Regulation (EU) 2016/399 are fulfilled, or both, the competent authorities for carrying out checks at borders at which the EES is operated shall have access to the VIS to search using the following data:
surname (family name), first name or names (given names); date of birth; nationality or nationalities; sex; type and number of the travel document or documents; three letter code of the issuing country of the travel document or documents; and the date of expiry of the validity of the travel document or documents; or
the number of the visa sticker.
If the search with the data listed in paragraph 1 indicates that data are stored in the VIS on one or more issued or extended visas which are within their validity period and are under their territorial validity for the border crossing, the competent authority for carrying out checks at borders at which the EES is operated shall be given access to consult the following data contained in the application file concerned as well as in an application file or files linked pursuant to Article 8(4), solely for the purposes referred to in paragraph 1 of this Article:
the status information and the data taken from the application form, ►C2 referred to in points (2) and (4) of Article 9; ◄
photographs;
the data referred to in Articles 10, 13 and 14 and entered in respect of the visa(s) issued, annulled or revoked or of the visa or visas whose validity is extended.
In addition, for those visa holders for whom certain data are not required to be provided for legal reasons or factually cannot be provided, the competent authority for carrying out checks at borders at which the EES is operated shall receive a notification related to the specific data field or fields concerned which shall be marked as ‘not applicable’.
If the search with the data listed in paragraph 1 of this Article indicates that data on the person are recorded in the VIS but no valid visa is recorded, the competent authority for carrying out checks at borders at which the EES is operated shall be given access to consult the following data contained in the application file or files as well as in an application file or files linked pursuant to Article 8(4), solely for the purposes referred to in paragraph 1 of this Article:
the status information and the data taken from the application form, ►C2 referred to in points (2) and (4) of Article 9; ◄
photographs;
the data referred to in Articles 10, 13 and 14 and entered in respect of the visa(s) issued, annulled or revoked or of the visa or visas whose validity is extended.
In addition to the consultation carried out under paragraph 1 of this Article, the competent authority for carrying out checks at borders at which the EES is operated shall verify the identity of a person against the VIS if the search with the data listed in paragraph 1 of this Article indicates that data on the person are recorded in the VIS and one of the following conditions is met:
the identity of the person cannot be verified against the EES in accordance with Article 23(2) of Regulation (EU) 2017/2226, because:
the visa holder is not yet registered into the EES;
the identity is verified, at the border crossing point concerned, using fingerprints in accordance with Article 23(2) of Regulation (EU) 2017/2226;
there are doubts as to the identity of the visa holder;
of any other reason;
the identity of the person can be verified against the EES but Article 23(5) of Regulation (EU) 2017/2226 applies.
The competent authorities for carrying out checks at borders at which the EES is operated shall verify the fingerprints of the visa holder against the fingerprints recorded in the VIS. For visa holders whose fingerprints cannot be used, the search referred to in paragraph 1 shall be carried out only with the alphanumeric data provided for in paragraph 1.
the following Article is inserted:
‘Article 18a
Retrieval of VIS data for creating or updating an entry/exit record or a refusal of entry record of a visa holder in the EES
Solely for the purpose of creating or updating an entry/exit record or a refusal of entry record of a visa holder in the EES in accordance with Article 14(2) and Articles 16 and 18 of Regulation (EU) 2017/2226, the competent authority for carrying out checks at borders at which the EES is operated shall be given access to retrieve from the VIS and import into the EES the data stored in the VIS and listed in points (c) to (f) of Article 16(2) of that Regulation.’;
the following Article is inserted:
‘Article 19a
Use of the VIS before creating in the EES the individual files of visa-exempt third-country nationals
If the search with the data listed in paragraph 2 of this Article and the verification carried out under paragraph 4 of this Article indicate that data on the person are recorded in the VIS, the competent authority for carrying out checks at borders at which the EES is operated shall be given access to consult the following data contained in the application file concerned as well as in an application file or files linked pursuant to Article 8(4), solely for the purpose referred to in paragraph 1 of this Article:
the status information and the data taken from the application form, ►C2 referred to in points (2) and (4) of Article 9; ◄
photographs;
the data referred to in Articles 10, 13 and 14 and entered in respect of the visa or visas issued, annulled or revoked or of the visa or visas whose validity is extended.
in Article 20(1), the first subparagraph is replaced by the following:
in Article 26, the following paragraph is inserted:
Article 34 is amended as follows:
paragraph 1 is replaced by the following:
Each Member State and the Management Authority shall keep records of all data processing operations within the VIS. Those records shall indicate:
the purpose of access referred to in Article 6(1) and in Articles 15 to 22;
the date and time;
the type of data transmitted as referred to in Articles 9 to 14;
the type of data used for interrogation as referred to in Article 15(2), Article 17 and Articles 18(1) and (6), 19(1), 19a(2) and (4), 20(1), 21(1) and 22(1); and
the name of the authority entering or retrieving the data.
In addition, each Member State shall keep records of the staff duly authorised to enter or retrieve the data.’;
the following paragraph is inserted:
Article 62
Amendments to Regulation (EU) No 1077/2011
Regulation (EU) No 1077/2011 is amended as follows:
in Article 1, paragraph 2 is replaced by the following:
the following Article is inserted:
‘Article 5a
Tasks relating to the EES
In relation to the EES, the Agency shall perform:
the tasks conferred on it by Regulation (EU) 2017/2226;
tasks relating to training on the technical use of the EES.’;
in Article 7, paragraphs 5 and 6 are replaced by the following:
in Article 8, paragraph 1 is replaced by the following:
in Article 12, paragraph 1 is amended as follows:
the following point is inserted:
adopt the reports on the development of the EES pursuant to Article 72(2) of Regulation (EU) 2017/2226;’;
point (t) is replaced by the following:
adopt the reports on the technical functioning of SIS II pursuant to Article 50(4) of Regulation (EC) No 1987/2006 and Article 66(4) of Decision 2007/533/JHA, of VIS pursuant to Article 50(3) of Regulation (EC) No 767/2008 and Article 17(3) of Decision 2008/633/JHA and of EES pursuant to Article 72(4) of Regulation (EU) 2017/2226;’;
point (v) is replaced by the following:
make comments on the European Data Protection Supervisor’s reports on the audits pursuant to Article 45(2) of Regulation (EC) No 1987/2006, Article 42(2) of Regulation (EC) No 767/2008, Article 31(2) of Regulation (EU) No 603/2013 and Article 56(2) of Regulation (EU) 2017/2226 and ensure appropriate follow-up to those audits;’;
the following point is inserted:
publish statistics related to the EES pursuant to Article 63 of Regulation (EU) 2017/2226;’;
the following point is inserted:
ensure annual publication of the list of competent authorities pursuant to Article 65(2) of Regulation (EU) 2017/2226;’;
in Article 15, paragraph 4 is replaced by the following:
Article 17 is amended as follows:
in paragraph 5, point (g) is replaced by the following:
without prejudice to Article 17 of the Staff Regulations, establish confidentiality requirements in order to comply with Article 17 of Regulation (EC) No 1987/2006, Article 17 of Decision 2007/533/JHA, Article 26(9) of Regulation (EC) No 767/2008, Article 4(4) of Regulation (EU) No 603/2013 and Article 37(4) of Regulation (EU) 2017/2226;’;
in paragraph 6, the following point is added:
reports on the state of play of the development of the EES referred to in Article 72(2) of Regulation (EU) 2017/2226.’;
Article 19 is amended as follows:
in paragraph 1, the following point is inserted:
EES Advisory Group;’;
paragraph 3 is replaced by the following:
‘Europol and Eurojust may each appoint a representative to the SIS II Advisory Group. Europol may also appoint a representative to the VIS, Eurodac and EES Advisory Groups.’.
CHAPTER IX
FINAL PROVISIONS
Article 63
Use of data for reporting and statistics
The duly authorised staff of the competent authorities of Member States, the Commission and eu-LISA shall have access to consult the following data, solely for the purposes of reporting and statistics without allowing for individual identification and in accordance with the safeguards related to non-discrimination referred to in Article 10(2):
status information;
nationality, sex and year of birth of the third-country national;
date and border crossing point of the entry to a Member State and date and border crossing point of the exit from a Member State;
the type of the travel document and the three letter code of the issuing country;
the number of persons identified as overstayers referred to in Article 12, the nationalities of persons identified as overstayers and the border crossing point of entry;
the data entered in respect of any stay revoked or any stay whose validity is extended;
the three letter code of the Member State that issued the visa, if applicable;
the number of persons exempt from the requirement to give fingerprints pursuant to Article 17(3) and (4);
the number of third-country nationals refused entry, the nationalities of third-country nationals refused entry, the type of border (land, air or sea) of the border crossing point at which entry was refused and the reasons for which entry has been refused as referred to in point (d) of Article 18(6).
The duly authorised staff of the European Border and Coast Guard Agency established by Regulation (EU) 2016/1624 of the European Parliament and of the Council ( 15 ) shall have access to consult the data referred to in the first subparagraph of this paragraph for the purpose of carrying out risk analyses and vulnerability assessments as referred to in Articles 11 and 13 of that Regulation.
The daily statistics shall be stored in the central repository for reporting and statistics.
Article 64
Costs
The following costs shall be excluded:
Member States’ project management office (meetings, missions, offices);
hosting of national IT systems (space, implementation, electricity, cooling);
operation of national IT systems (operators and support contracts);
customisation of existing border checks and policing systems for national entry-exit systems;
project management of national entry-exit systems;
design, development, implementation, operation and maintenance of national communication networks;
automated border control systems, self-service systems and e-gates.
Article 65
Notifications
Article 66
Start of operations
The Commission shall decide the date from which the EES is to start operations, after the following conditions are met:
the measures referred to in Article 36 and Article 50(4) and (5) have been adopted;
eu-LISA has declared the successful completion of a comprehensive test of the EES, which is to be conducted by eu-LISA in cooperation with the Member States;
the Member States have validated the technical and legal arrangements to collect and transmit the data referred to in Articles 16 to 20 to the EES and have notified them to the Commission;
the Member States have notified the Commission as referred to in Article 65(1), (2) and (3).
The EES shall be operated by:
the Member States which apply the Schengen acquis in full; and
the Member States which do not yet apply the Schengen acquis in full but for which all the following conditions are met:
the verification in accordance with applicable Schengen evaluation procedures has been successfully completed;
the provisions of the Schengen acquis relating to the SIS have been put into effect in accordance with the relevant Act of Accession; and
the provisions of the Schengen acquis relating to the VIS which are necessary for the operation of the EES as defined in this Regulation have been put into effect in accordance with the relevant Act of Accession.
Article 67
Ceuta and Melilla
This Regulation shall not affect the special rules applying to the cities of Ceuta and Melilla, as defined in the Declaration of the Kingdom of Spain on the cities of Ceuta and Melilla in the Final Act to the Agreement on the Accession of the Kingdom of Spain to the Convention implementing the Schengen Agreement of 14 June 1985.
Article 68
Committee procedure
Article 69
Advisory Group
An Advisory Group shall be established by eu-LISA in order to provide it with the expertise related to the EES, in particular in the context of the preparation of its annual work programme and its annual activity report. During the design and development phase of the EES, Article 37(2) shall apply.
Article 70
Training
eu-LISA shall perform tasks related to provision of training on the technical use of the EES in accordance with Regulation (EU) No 1077/2011.
Article 71
Practical handbook
The Commission shall, in close cooperation with the Member States, eu-LISA and other relevant agencies, make available a practical handbook for the implementation and management of the EES. The practical handbook shall provide technical and operational guidelines, recommendations and best practices. The Commission shall adopt the practical handbook in the form of a recommendation.
Article 72
Monitoring and evaluation
Three years after the start of operations of the EES and every four years thereafter, the Commission shall produce an overall evaluation of the EES. This overall evaluation shall include:
an assessment of the application of this Regulation;
an examination of the results achieved against objectives and the impact on fundamental rights;
an assessment of the continuing validity of the underlying rationale of the EES;
an assessment of the adequacy of the biometric data used for the proper functioning of the EES;
an assessment of the use of stamps in the exceptional circumstances referred to in Article 21(2);
an assessment of the security of the EES;
an assessment of any implications, including any disproportionate impact on the flow of traffic at border crossing points and those with a budgetary impact on the Union budget.
The evaluations shall include any necessary recommendations. The Commission shall transmit the evaluation report to the European Parliament, to the Council, to the European Data Protection Supervisor and to the European Union Agency for Fundamental Rights established by Council Regulation (EC) No 168/2007 ( 16 ).
Those evaluations shall also include an assessment of the use made of the provisions referred to in Article 60 both in terms of frequency — number of third-country nationals making use of these provisions per Member State, their nationality and average duration of their stay — and practical implications, and shall take into account any related developments in the Union’s visa policy. The first evaluation report may include options in view of phasing out the provisions referred to in Article 60 and replacing them with a Union instrument. It shall be accompanied, where appropriate, by a legislative proposal amending the provisions referred to in Article 60.
While respecting the provisions of national law on the publication of sensitive information, each Member State and Europol shall prepare annual reports on the effectiveness of access to EES data for law enforcement purposes containing information and statistics on:
whether the consultation was carried out for the purpose of identification or for entry/exit records, and the type of terrorist offence or serious criminal offence that led to the consultation;
the grounds given to substantiate the suspicion that the person concerned was covered by this Regulation;
the grounds given not to launch the consultation of other Member States’ automated fingerprint identification systems under Decision 2008/615/JHA in accordance with point (b) of Article 32(2) of this Regulation;
the number of requests for access to the EES for law enforcement purposes;
the number and type of cases in which access to the EES for law enforcement purposes led to successful identifications;
the number and type of cases in which the urgency procedures referred to in Article 31(2) and in the second subparagraph of Article 32(2) were used, including those cases where that urgency was not accepted by the ex post verification carried out by the central access point.
A technical solution shall be made available to Member States in order to facilitate the collection of the data listed in the first subparagraph of this paragraph for the purpose of generating statistics referred to in this paragraph. The Commission shall adopt implementing acts concerning the specifications of the technical solution. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 68(2).
Member States’ and Europol’s annual reports shall be transmitted to the Commission by 30 June of the subsequent year.
Article 73
Entry into force and applicability
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
This Regulation shall apply from the date decided by the Commission in accordance with Article 66(1) thereof, with the exception of the following provisions, which shall apply from 29 December 2017: Articles 5, 36, 37, 38, 43, 51 of this Regulation; point (5) of Article 61 of this Regulation, as regards Article 17a(5) of Regulation (EC) No 767/2008; point (10) of Article 61 of this Regulation, as regards Article 26(3a) of Regulation (EC) No 767/2008; and Articles 62, 64, 65, 66, 68, 69 and 70 and Article 72(2) of this Regulation.
This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.
ANNEX I
LIST OF INTERNATIONAL ORGANISATIONS REFERRED TO IN ARTICLE 41(2)
UN organisations (such as the UNHCR);
The International Organization for Migration (IOM);
The International Committee of the Red Cross.
ANNEX II
SPECIFIC PROVISIONS FOR THIRD-COUNTRY NATIONALS WHO CROSS THE BORDER ON THE BASIS OF A VALID FTD
By way of derogation from Article 16(1) to (3) of this Regulation, for third-country nationals who cross a border on the basis of a valid FTD, the border authorities shall:
create or update their individual file containing the data referred to in points (a), (b) and (c) of Article 17(1) of this Regulation. In addition, their individual file shall indicate that the third-country national concerned holds an FTD. That indication shall automatically result in the addition of the multiple entry characteristic of the FTD to the entry/exit record,
enter in an entry/exit record for each of the entries performed on the basis of a valid FTD the data set out in points (a), (b) and (c) of Article 16(2) of this Regulation, as well as the indication that the entry was performed on the basis of an FTD.
In order to calculate the maximum duration of the transit, the date and time of entry shall be considered as the starting point of that duration. The date and time of expiry of the authorised transit shall be calculated automatically by the EES in accordance with Article 3(2) of Regulation (EC) No 693/2003.
In addition, at the first entry on the basis of an FTD, the date of expiry of the validity of the FTD shall be entered into the entry/exit record.
Article 16(3) and (4) shall apply mutatis mutandis to third-country nationals holding an FTD.
For verification at a border at which the EES is operated and within the territory of the Member States, third-country nationals who cross the border on the basis of a valid FTD shall be subject, mutatis mutandis, to the verifications and identifications provided for under Articles 23 and 26 of this Regulation and Article 19a of Regulation (EC) No 767/2008 that are applicable to visa-exempt third-country nationals.
Points (1) to (4) shall not apply to third-country nationals who cross the border on the basis of a valid FTD, provided that all of the following conditions are met:
they transit by train; and
they do not disembark within the territory of a Member State.
ANNEX III
Correspondence table
Data as referred to in Article 17(2) of Regulation (EU) 2018/1240 sent by the ETIAS Central System |
The corresponding EES data referred to in point (a) of Article 17(1) of this Regulation with which the data in ETIAS are to be compared |
surname (family name) |
surnames |
surname at birth |
surnames |
first name(s) (given name(s)) |
first name or names (given names) |
other names (alias(es), artistic name(s), usual name(s)) |
first name or names (given names) |
date of birth |
date of birth |
sex |
sex |
current nationality |
nationality or nationalities |
other nationalities (if any) |
nationality or nationalities |
type of the travel document |
type of the travel document |
number of the travel document |
number of the travel document |
country of issue of the travel document |
the three letter code of the issuing country of the travel document |
( 1 ) Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (OJ L 135, 22.5.2019, p. 27).
( 2 ) Council Regulation (EC) No 1030/2002 of 13 June 2002 laying down a uniform format for residence permits for third-country nationals (OJ L 157, 15.6.2002, p. 1).
( 3 ) Directive 2014/66/EU of the European Parliament and of the Council of 15 May 2014 on the conditions of entry and residence of third-country nationals in the framework of an intra- corporate transfer (OJ L 157, 27.5.2014, p. 1).
( 4 ) Directive (EU) 2016/801 of the European Parliament and of the Council of 11 May 2016 on the conditions of entry and residence of third-country nationals for the purposes of research, studies, training, voluntary service, pupil exchange schemes or educational projects and au pairing (OJ L 132, 21.5.2016, p. 21).
( 5 ) Directive 2013/32/EU of the European Parliament and of the Council of 26 June 2013 on common procedures for granting and withdrawing international protection (OJ L 180, 29.6.2013, p. 60).
( 6 ) Council Regulation (EC) No 377/2004 of 19 February 2004 on the creation of an immigration liaison officers network (OJ L 64, 2.3.2004, p. 1).
( 7 ) Regulation (EC) No 810/2009 of the European Parliament and of the Council of 13 July 2009 establishing a Community Code on Visas (Visa Code) (OJ L 243, 15.9.2009, p. 1).
( 8 ) Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).
( 9 ) Commission Decision 2008/602/EC of 17 June 2008 laying down the physical architecture and requirements of the national interfaces and of the communication infrastructure between the central VIS and the national interfaces for the development phase (OJ L 194, 23.7.2008, p. 3).
( 10 ) Council Regulation (EC) No 693/2003 of 14 April 2003 establishing a specific Facilitated Transit Document (FTD), a Facilitated Rail Transit Document (FRTD) and amending the Common Consular Instructions and the Common Manual (OJ L 99, 17.4.2003, p. 8).
( 11 ) Directive 2008/115/EC of the European Parliament and of the Council of 16 December 2008 on common standards and procedures in Member States for returning illegally staying third-country nationals (OJ L 348, 24.12.2008, p. 98).
( 12 ) Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences (OJ L 218, 13.8.2008, p. 129).
( 13 ) OJ L 56, 4.3.1968, p. 1.
( 14 ) Council Regulation (EU) No 1053/2013 of 7 October 2013 establishing an evaluation and monitoring mechanism to verify the application of the Schengen acquis and repealing the Decision of the Executive Committee of 16 September 1998 setting up a Standing Committee on the evaluation and implementation of Schengen (OJ L 295, 6.11.2013, p. 27).
( *1 ) Regulation (EU) 2017/2226 of the European Parliament and of the Council of establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011 (OJ L 327, 9.12.2017, p. 20).’.
( *2 ) Directive 2004/38/EC of the European Parliament and of the Council of 29 April 2004 on the right of citizens of the Union and their family members to move and reside freely within the territory of the Member States amending Regulation (EEC) No 1612/68 and repealing Directives 64/221/EEC, 68/360/EEC, 72/194/EEC, 73/148/EEC, 75/34/EEC, 75/35/EEC, 90/364/EEC, 90/365/EEC and 93/96/EEC (OJ L 158, 30.4.2004, p. 77).’;
( *3 ) Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011 (OJ L 327, 9.12.2017, p. 20).’;
( *4 ) Regulation (EU) 2016/399 of the European Parliament and of the Council of 9 March 2016 on a Union Code on the rules governing the movement of persons across borders (Schengen Borders Code) (OJ L 77, 23.3.2016, p. 1).’.
( *5 ) Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011 (OJ L 327, 9.12.2017, p. 20).’;
( *6 ) Regulation (EU, Euratom) No 966/2012 of the European Parliament and of the Council of 25 October 2012 on the financial rules applicable to the general budget of the Union and repealing Council Regulation (EC, Euratom) No 1605/2002 (OJ L 298, 26.10.2012, p. 1).’;
( 15 ) Regulation (EU) 2016/1624 of the European Parliament and of the Council of 14 September 2016 on the European Border and Coast Guard and amending Regulation (EU) 2016/399 of the European Parliament and of the Council and repealing Regulation (EC) No 863/2007 of the European Parliament and of the Council, Council Regulation (EC) No 2007/2004 and Council Decision 2005/267/EC (OJ L 251, 16.9.2016, p. 1).
( 16 ) Council Regulation (EC) No 168/2007 of 15 February 2007 establishing a European Union Agency for Fundamental Rights (OJ L 53, 22.2.2007, p. 1).