This document is an excerpt from the EUR-Lex website
Document 02018R1240-20210803
Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226
Consolidated text: Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226
Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226
In force
)
This consolidated text may not include the following amendments:
Amending act | Amendment type | Subdivision concerned | Date of effect |
---|---|---|---|
32024R1356 | Modified by | article 13 paragraph 4a | 12/06/2026 |
32024R1356 | Modified by | article 4 point (eb) | 12/06/2026 |
32024R1356 | Modified by | article 13 paragraph 5 | 12/06/2026 |
32024R1356 | Modified by | article 13 paragraph 4b | 12/06/2026 |
32024R1356 | Modified by | article 8 paragraph 2 point (i) | 12/06/2026 |
32024R1356 | Modified by | article 69 paragraph 1 point (ea) | 12/06/2026 |
32024R1356 | Modified by | article 35a | 12/06/2026 |
32024R1358 | Modified by | article 88 paragraph 6 | 12/06/2026 |
32024R1358 | Modified by | article 25a paragraph 1 point (f) | 12/06/2026 |
32024R1358 | Modified by | article 11 paragraph 6a | 12/06/2026 |
02018R1240 — EN — 03.08.2021 — 002.001
This text is meant purely as a documentation tool and has no legal effect. The Union's institutions do not assume any liability for its contents. The authentic versions of the relevant acts, including their preambles, are those published in the Official Journal of the European Union and available in EUR-Lex. Those official texts are directly accessible through the links embedded in this document
REGULATION (EU) 2018/1240 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 September 2018 (OJ L 236 19.9.2018, p. 1) |
Amended by:
|
|
Official Journal |
||
No |
page |
date |
||
REGULATION (EU) 2019/817 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 20 May 2019 |
L 135 |
27 |
22.5.2019 |
|
REGULATION (EU) 2021/1152 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 7 July 2021 |
L 249 |
15 |
14.7.2021 |
Corrected by:
REGULATION (EU) 2018/1240 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 12 September 2018
establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226
CHAPTER I
GENERAL PROVISIONS
Article 1
Subject matter
Article 2
Scope
This Regulation applies to the following categories of third-country nationals:
nationals of third countries listed in Annex II to Council Regulation (EC) No 539/2001 ( 2 ) who are exempt from the visa requirement for intended stays in the territory of the Member States of a duration of no more than 90 days in any 180-day period;
persons who, pursuant to Article 4(2) of Regulation (EC) No 539/2001, are exempt from the visa requirement for intended stays in the territory of the Member States of a duration of no more than 90 days in any 180-day period;
third-country nationals who are exempt from the visa requirement and who fulfil the following conditions:
they are family members of a Union citizen to whom Directive 2004/38/EC applies or of a national of a third country enjoying the right of free movement equivalent to that of Union citizens under an agreement between the Union and its Member States on the one hand and a third country on the other; and
they do not hold a residence card pursuant to Directive 2004/38/EC or a residence permit pursuant to Regulation (EC) No 1030/2002.
This Regulation does not apply to:
refugees or stateless persons or other persons who do not hold the nationality of any country who reside in a Member State and who are holders of a travel document issued by that Member State;
third-country nationals who are family members of a Union citizen to whom Directive 2004/38/EC applies and who hold a residence card pursuant to that Directive;
third-country nationals who are family members of a third-country national enjoying a right of free movement equivalent to that of Union citizens, under an agreement between the Union and its Member States on the one hand and a third country on the other, and who hold a residence card pursuant to Directive 2004/38/EC or a residence permit pursuant to Regulation (EC) No 1030/2002;
holders of residence permits referred to in point 16 of Article 2 of Regulation (EU) 2016/399;
holders of uniform visas;
holders of national long-stay visas;
nationals of Andorra, Monaco and San Marino and holders of a passport issued by the Vatican City State or the Holy See;
nationals of third countries who are holders of a local border traffic permit issued by the Member States pursuant to Regulation (EC) No 1931/2006 of the European Parliament and of the Council ( 3 ) when such holders exercise their right within the context of the Local Border Traffic regime;
persons or categories of persons referred to in points (a) to (f) of Article 4(1) of Regulation (EC) No 539/2001;
third-country nationals holding diplomatic or service passports who have been exempted from the visa requirement pursuant to an international agreement concluded by the Union and a third country;
persons who are subject to a visa requirement pursuant to Article 4(3) of Regulation (EC) No 539/2001;
Article 3
Definitions
For the purposes of this Regulation, the following definitions apply:
‘external borders’ means the external borders as defined in point 2 of Article 2 of Regulation (EU) 2016/399;
‘law enforcement’ means the prevention, detection or investigation of terrorist offences or other serious criminal offences;
‘second line check’ means a second line check as defined in point 13 of Article 2 of Regulation (EU) 2016/399;
‘border authority’ means the border guard assigned in accordance with national law to carry out border checks as defined in point 11 of Article 2 of Regulation (EU) 2016/399;
‘travel authorisation’ means a decision issued in accordance with this Regulation which is required for third-country nationals referred to in Article 2(1) of this Regulation to fulfil the entry condition laid down in point (b) of Article 6(1) of Regulation (EU) 2016/399 and which indicates:
that no factual indications or reasonable grounds based on factual indications have been identified to consider that the presence of the person on the territory of the Member States poses or will pose a security, illegal immigration or high epidemic risk;
that no factual indications or reasonable grounds based on factual indications have been identified to consider that the presence of the person on the territory of the Member States poses or will pose a security, illegal immigration or high epidemic risk, although doubt remains concerning the existence of sufficient reasons to refuse the travel authorisation, in accordance with Article 36(2);
where factual indications have been identified to consider that the presence of the person on the territory of the Member States poses or will pose a security, illegal immigration or high epidemic risk, that the territorial validity of the authorisation has been limited in accordance with Article 44; or
where factual indications have been identified to consider that the presence of the person on the territory of the Member States poses or will pose a security risk, that the traveller is the subject of an alert in SIS on persons for discreet checks or specific checks or of an alert in SIS on persons wanted for arrest for surrender purposes on the basis of an European Arrest Warrant or wanted for arrest for extradition purposes, in support of the objectives of SIS referred to in point (e) of Article 4;
‘security risk’ means the risk of a threat to public policy, internal security or international relations for any of the Member States;
‘illegal immigration risk’ means the risk of a third-country national not fulfilling the conditions of entry and stay as set out in Article 6 of Regulation (EU) 2016/399;
‘high epidemic risk’ means any disease with epidemic potential as defined by the International Health Regulations of the World Health Organization (WHO) or the European Centre for Disease Prevention and Control (ECDC) and other infectious diseases or contagious parasitic diseases if they are the subject of protection provisions applying to nationals of the Member States;
‘applicant’ means any third-country national referred to in Article 2 who has submitted an application for a travel authorisation;
‘travel document’ means a passport or other equivalent document entitling the holder to cross the external borders and to which a visa may be affixed;
‘short stay’ means stays in the territory of the Member States within the meaning of Article 6(1) of Regulation (EU) 2016/399;
‘overstayer’ means a third-country national who does not fulfil, or no longer fulfils the conditions relating to the duration of a short stay on the territory of the Member States;
‘app for mobile devices’ means a software application designed to run on mobile devices such as smartphones and tablet computers;
‘hit’ means the existence of a correspondence established by comparing the personal data recorded in an application file of the ETIAS Central System with the specific risk indicators referred to in Article 33 or with the personal data present in a record, file or alert registered in the ETIAS Central System, in another EU information system or database listed in Article 20(2) (‘EU information systems’), in Europol data or in an Interpol database queried by the ETIAS Central System;
‘terrorist offence’ means an offence which corresponds or is equivalent to one of the offences referred to in Directive (EU) 2017/541;
‘serious criminal offence’ means an offence which corresponds or is equivalent to one of the offences referred to in Article 2(2) of Framework Decision 2002/584/JHA, if it is punishable under national law by a custodial sentence or a detention order for a maximum period of at least three years;
‘Europol data’ means personal data processed by Europol for the purpose referred to in point (a) of Article 18(2) of Regulation (EU) 2016/794;
‘electronically signed’ means the confirmation of agreement through the ticking of an appropriate box in the application form or the request for consent;
‘minor’ means a third-country national or a stateless person below the age of 18 years;
‘consulate’ means a Member State’s diplomatic mission or a Member State’s consular post as defined by the Vienna Convention on Consular Relations of 24 April 1963;
‘designated authority’ means an authority designated by a Member State pursuant to Article 50 as responsible for the prevention, detection or investigation of terrorist offences or of other serious criminal offences;
‘immigration authority’ means the competent authority responsible, in accordance with national law, for one or more of the following:
checking within the territory of the Member States whether the conditions for entry to, or stay on, the territory of the Member States are fulfilled;
examining the conditions for, and taking decisions related to, the residence of third-country nationals on the territory of the Member States insofar as that authority does not constitute a ‘determining authority’ as defined in point (f) of Article 2 of Directive 2013/32/EU of the European Parliament and of the Council ( 6 ), and, where relevant, providing advice in accordance with Council Regulation (EC) No 377/2004 ( 7 );
the return of third-country nationals to a third country of origin or transit;
‘CIR’ means the common identity repository established by Article 17(1) of Regulation (EU) 2019/817;
‘ESP’ means the European search portal established by Article 6(1) of Regulation (EU) 2019/817;
‘ETIAS Central System’ means the Central System referred to in point (a) of Article 6(2) together with the CIR to the extent that the CIR contains the data referred to in Article 6(2a);
‘identity data’ means the data referred to in points (a), (b) and (c) of Article 17(2);
‘travel document data’ means the data referred to in points (d) and (e) of Article 17(2) and the three letter code of the country issuing the travel document as referred to in point (c) of Article 19(3) ►M2 ; ◄
‘other EU information systems’ means the Entry/Exit System (‘EES’), established by Regulation (EU) 2017/2226, the Visa Information System (‘VIS’), established by Regulation (EC) No 767/2008 of the European Parliament and of the Council ( 8 ), the Schengen Information System (‘SIS’), established by Regulations (EU) 2018/1860 ( 9 ), (EU) 2018/1861 ( 10 ) and (EU) 2018/1862 ( 11 ) of the European Parliament and of the Council, Eurodac, established by Regulation (EU) No 603/2013 of the European Parliament and of the Council ( 12 ) and the European Criminal Record Information System – Third-Country Nationals (‘ECRIS-TCN’), established by Regulation (EU) 2019/816 of the European Parliament and of the Council ( 13 )
Article 4
Objectives of ETIAS
By supporting the competent authorities of the Member States, ETIAS shall:
contribute to a high level of security by providing for a thorough security risk assessment of applicants, prior to their arrival at external border crossing points, in order to determine whether there are factual indications or reasonable grounds based on factual indications to conclude that the presence of the person on the territory of the Member States poses a security risk;
contribute to the prevention of illegal immigration by providing for an illegal immigration risk assessment of applicants prior to their arrival at external border crossing points;
contribute to the protection of public health by providing for an assessment of whether the applicant poses a high epidemic risk within the meaning of point 8 of Article 3(1) prior to his or her arrival at external border crossing points;
enhance the effectiveness of border checks;
support the objectives of SIS related to alerts on third-country nationals subject to a refusal of entry and stay, alerts on persons wanted for arrest for surrender purposes or extradition purposes, alerts on missing persons, alerts on persons sought to assist with a judicial procedure, alerts on persons for discreet checks or specific checks and alerts on third-country nationals subject to a return decision;
support the objectives of the EES;
contribute to the prevention, detection and investigation of terrorist offences or of other serious criminal offences;
contribute to the correct identification of persons.
Article 5
General structure of ETIAS
ETIAS consists of:
the ETIAS Information System as referred to in Article 6;
the ETIAS Central Unit as referred to in Article 7;
the ETIAS National Units as referred to in Article 8.
Article 6
Establishment and technical architecture of the ETIAS Information System
The ETIAS Information System shall be composed of:
a Central System, including the ETIAS watchlist referred to in Article 34;
the CIR;
a national uniform interface (NUI) in each Member State based on common technical specifications and identical for all Member States enabling the ETIAS Central System to connect to the national border infrastructures and to the central access points in Member States referred to in Article 50(2) in a secure manner;
a communication infrastructure between the ETIAS Central System and the NUIs which shall be secure and encrypted;
a secure communication infrastructure between the Central System and the central infrastructures of the ESP and the CIR;
a secure communication channel between the ETIAS Central System and the EES Central System;
a public website and an app for mobile devices;
an email service;
a secure account service enabling applicants to provide any additional information or documentation required;
a verification tool for applicants;
a tool enabling applicants to give or withdraw their consent for an additional retention period of their application file;
a tool enabling Europol and Member States to assess the potential impact of entering new data into the ETIAS watchlist on the proportion of applications that are manually processed;
a carrier gateway;
a secure web service enabling the ETIAS Central System to communicate with the public website, the app for mobile devices, the email service, the secured account service, the carrier gateway, the verification tool for applicants, the consent tool for applicants, the payment intermediary and the Interpol databases;
software enabling the ETIAS Central Unit and the ETIAS National Units to process applications and to manage consultations with other ETIAS National Units as referred to in Article 28 and with Europol as referred to in Article 29;
a central repository of data for the purposes of reporting and statistics.
Article 7
ETIAS Central Unit
The ETIAS Central Unit shall be operational 24 hours a day, 7 days a week. It shall have the following responsibilities:
in cases where the automated application process has reported a hit, verifying in accordance with Article 22 whether the applicant’s personal data correspond to the personal data of the person having triggered that hit in the ETIAS Central System, any of the EU information systems that are consulted, Europol data, any of the Interpol databases referred to in Article 12, or the specific risk indicators referred to in Article 33, and where a correspondence is confirmed or where after such verification doubts remain, launching the manual processing of the application as referred to in Article 26;
ensuring that the data it enters in the applications files are up to date in accordance with the relevant provisions of Articles 55 and 64;
defining, establishing, assessing ex ante, implementing, evaluating ex post, revising and deleting the specific risk indicators as referred to in Article 33 after consultation of the ETIAS Screening Board;
ensuring that the verifications performed in accordance with Article 22 and the corresponding results are recorded in the application files;
carrying out regular audits of the processing of applications and of the implementation of Article 33, including by regularly assessing their impact on fundamental rights, in particular with regard to privacy and personal data protection;
indicating, where necessary, the Member State responsible for the manual processing of applications as referred to in Article 25(2);
in cases of technical problems or unforeseen circumstances, facilitating where necessary the consultations between Member States referred to in Article 28 and between the Member State responsible and Europol referred to in Article 29;
notifying carriers in cases of a failure of the ETIAS Information System as referred to in Article 46(1);
notifying the ETIAS National Units of the Member States of a failure of the ETIAS Information System as referred to in Article 48(1);
processing requests for consultation of data in the ETIAS Central System by Europol as referred to in Article 53;
providing the general public with all relevant information in relation to the application for a travel authorisation as referred to in Article 71;
cooperating with the Commission as regards the information campaign referred to in Article 72;
providing support in writing to travellers who have encountered problems when filling in the application form and have requested assistance through a standard contact form; maintaining a list of frequent questions and answers available online;
ensuring follow-up and regularly reporting to the Commission on reported abuses by commercial intermediaries as referred to in Article 15(5).
The ETIAS Central Unit shall publish an annual activity report. That report shall include:
statistics on:
the number of travel authorisations issued automatically by the ETIAS Central System;
the number of applications verified by the ETIAS Central Unit;
the number of applications processed manually per Member State;
the number of applications that were refused by third country and the grounds for the refusal;
the extent to which the deadlines referred to in Article 22(6) and Articles 27, 30 and 32 have been met.
general information on the functioning of the ETIAS Central Unit, its activities as set out in this Article and information on current trends and challenges affecting the conduct of its tasks.
The annual activity report shall be transmitted to the European Parliament, the Council and the Commission by 31 March of the following year.
Article 8
ETIAS National Units
The ETIAS National Units shall be responsible for:
examining and deciding on applications for travel authorisation where the automated application process has reported a hit and the manual processing of the application has been initiated by the ETIAS Central Unit;
ensuring that the tasks performed under point (a) and the corresponding results are recorded in the application files;
ensuring that the data they enter in the application files are up to date in accordance with the relevant provisions of Articles 55 and 64;
deciding to issue travel authorisations with limited territorial validity as referred to in Article 44;
ensuring coordination with other ETIAS National Units and Europol concerning the consultation requests referred to in Articles 28 and 29;
providing applicants with information regarding the procedure to be followed in the event of an appeal under Article 37(3);
annulling and revoking a travel authorisation as referred to in Articles 40 and 41.
Article 9
ETIAS Screening Board
The ETIAS Screening Board shall be consulted:
by the ETIAS Central Unit on the definition, establishment, assessment ex ante, implementation, evaluation ex post, revision and deletion of the specific risk indicators referred to in Article 33;
by Member States on the implementation of the ETIAS watchlist referred to in Article 34;
by Europol on the implementation of the ETIAS watchlist referred to in Article 34.
Article 10
ETIAS Fundamental Rights Guidance Board
The ETIAS Fundamental Rights Guidance Board shall also support the ETIAS Screening Board in the execution of its tasks when consulted by the latter on specific issues related to fundamental rights, in particular with regard to privacy, personal data protection and non-discrimination.
The ETIAS Fundamental Rights Guidance Board shall have access to the audits referred to in point (e) of Article 7(2).
Article 11
Interoperability with other EU information systems and Europol data
For the purpose of proceeding with the verifications referred to in point (i) of Article 20(2), the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6) and point (b) of Article 54(1) shall enable the ETIAS Central System to query VIS with the following data provided by applicants under points (a), (aa), (c) and (d) of Article 17(2):
surname (family name);
surname at birth;
first name(s) (given name(s));
date of birth;
place of birth;
country of birth;
sex;
current nationality;
other nationalities (if any);
type, number, the country of issue of the travel document.
For the purpose of proceeding with the verifications referred to in points (g) and (h) of Article 20(2), the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) shall enable the ETIAS Central System to query the EES with the following data provided by applicants under points (a) to (d) of Article 17(2):
surname (family name);
surname at birth;
first name(s) (given name(s));
date of birth;
sex;
current nationality;
other names (alias(es));
artistic name(s);
usual name(s);
other nationalities (if any);
type, number, the country of issue of the travel document.
For the purpose of proceeding with the verifications referred to in points (c), (m)(ii) and (o) of Article 20(2) and in Article 23 of this Regulation, the automated verifications pursuant to Article 20, Article 23, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) of this Regulation shall enable the ETIAS Central System to query SIS, as established by Regulations (EU) 2018/1860 and (EU) 2018/1861, with the following data provided by applicants under points (a) to (d) and (k) of Article 17(2) of this Regulation:
surname (family name);
surname at birth;
first name(s) (given name(s));
date of birth;
place of birth;
sex;
current nationality;
other names (alias(es));
artistic name(s);
usual name(s);
other nationalities (if any);
type, number, the country of issue of the travel document;
for minors, surname and first name(s) of the person exercising parental authority or of the applicant’s legal guardian.
For the purpose of proceeding with the verifications referred to in points (a), (d) and (m)(i) of Article 20(2) and in Article 23(1) of this Regulation, the automated verifications pursuant to Article 20, Article 23, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) of this Regulation shall enable the ETIAS Central System to query SIS, as established by Regulation (EU) 2018/1862, with the following data provided by applicants under points (a) to (d) and (k) of Article 17(2) of this Regulation:
surname (family name);
surname at birth;
first name(s) (given name(s));
date of birth;
place of birth;
sex;
current nationality;
other names (alias(es));
artistic name(s);
usual name(s);
other nationalities (if any);
type, number, the country of issue of the travel document;
for minors, surname and first name(s) of the person exercising parental authority or of the applicant’s legal guardian.
For the purpose of proceeding with the verifications referred to in point (n) of Article 20(2), the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6), and point (b) of Article 54(1) shall enable the ETIAS Central System to query ECRIS-TCN with the following data provided by applicants under points (a) to (d) of Article 17(2):
surname (family name);
surname at birth;
first name(s) (given name(s));
date of birth;
place of birth;
country of birth;
sex;
current nationality;
other names (alias(es));
artistic name(s);
usual name(s);
other nationalities (if any);
type, number, the country of issue of the travel document.
Where the automated verifications pursuant to Article 20 report a hit, those automated verifications shall receive the appropriate notification in accordance with Article 21(1a) of Regulation (EU) 2016/794.
For the purpose of Articles 25(2), 28(8) and 29(9), when registering the data related to hits in the application file, the origin of the data shall be indicated by the following data:
the type of the alert, with the exception of alerts as referred to in Article 23(1);
the source of the data, namely the other EU information system from which the data originated or Europol data, as appropriate;
the reference number in the queried EU information system of the record having triggered the hit and the Member State that entered or supplied the data having triggered the hit; and
where available, the date and time when the data was entered in the other EU information system or Europol data.
The data referred to in points (a) to (d) of the first subparagraph shall only be accessible and visible by the ETIAS Central Unit where the ETIAS Central System is not able to identify the Member State responsible.
Article 11b
Support of the objectives of the EES
For the purpose of Articles 6, 14, 17 and 18 of Regulation (EU) 2017/2226, an automated process, using the secure communication channel referred to in point (da) of Article 6(2) of this Regulation, shall query and import from the ETIAS Central System the information referred to in Article 47(2) of this Regulation, as well as the application number and the expiry date of the ETIAS travel authorisation, and shall create or update the entry/exit record or the refusal of entry record in the EES accordingly.
Article 11c
Interoperability between ETIAS and the EES for the purpose of the revocation of an ETIAS travel authorisation at the request of an applicant
Article 12
Querying the Interpol databases
Article 13
Access to data stored in ETIAS
When exceptionally, according to a flag, a second line check is recommended at the border or additional verifications are needed for the purpose of a second line check, border authorities shall access the ETIAS Central System to obtain the additional information provided for in point (e) of Article 39(1) or point (f) of Article 44(6).
Access by immigration authorities to the ETIAS Central System in accordance with Article 65(3) shall be limited to the data referred to in that Article.
Article 14
Non-discrimination and fundamental rights
Processing of personal data within the ETIAS Information System by any user shall not result in discrimination against third-country nationals on the grounds of sex, race, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age or sexual orientation. It shall fully respect human dignity and integrity and fundamental rights, including the right to respect for one’s private life and to the protection of personal data. Particular attention shall be paid to children, the elderly and persons with a disability. The best interests of the child shall be a primary consideration.
CHAPTER II
APPLICATION
Article 15
Practical arrangements for submitting an application
120 days before the expiry of the travel authorisation, the ETIAS Central System shall automatically inform the holder of that travel authorisation via the email service of:
the expiry date of the travel authorisation;
the possibility to submit an application for a new travel authorisation;
the obligation to be in possession of a valid travel authorisation for the entire duration of a short stay on the territory of Member States.
Article 16
The public website and the app for mobile devices
Article 17
Application form and personal data of the applicant
The applicant shall provide the following personal data in the application form:
surname (family name), first name(s) (given name(s)), surname at birth; date of birth, place of birth, sex, current nationality;
country of birth, first name(s) of the parents of the applicant;
other names (alias(es), artistic name(s), usual name(s)), if any;
other nationalities, if any;
type, number and country of issue of the travel document;
the date of issue and the date of expiry of the validity of the travel document;
the applicant’s home address or, if not available, his or her city and country of residence;
email address and, if available, phone numbers;
education (primary, secondary, higher or none);
current occupation (job group); where the application is subject to the manual processing in accordance with the procedure laid down in Article 26, the Member State responsible may in accordance with Article 27 request that the applicant provide additional information concerning his or her exact job title and employer or, for students, the name of their educational establishment;
Member State of first intended stay, and optionally, the address of first intended stay;
for minors, surname and first name(s), home address, email address and, if available, phone number of the person exercising parental authority or of the applicant’s legal guardian;
where he or she claims the status of family member referred to in point (c) of Article 2(1):
his or her status of family member;
the surname, first name(s), date of birth, place of birth, country of birth, current nationality, home address, email address and, if available, phone number of the family member with whom the applicant has family ties;
his or her family ties with that family member in accordance with Article 2(2) of Directive 2004/38/EC;
in the case of applications filled in by a person other than the applicant, the surname, first name(s), name of firm, organisation if applicable, email address, mailing address and phone number if available of that person; relationship to the applicant and a signed representation declaration.
In addition, the applicant shall provide answers to the following questions:
whether he or she has been convicted in the previous 25 years of a terrorist offence or in the previous 15 years of any other criminal offence listed in the Annex, and if so when and in which country;
whether he or she has stayed in a specific war or conflict zone over the previous 10 years and the reasons for the stay;
whether he or she has been the subject of any decision requiring him or her to leave the territory of a Member State or of any third countries listed in Annex II to Regulation (EC) No 539/2001 or whether he or she was subject to any return decision issued over the previous 10 years.
Article 18
Travel authorisation fee
CHAPTER III
CREATION OF THE APPLICATION FILE AND EXAMINATION OF THE APPLICATION BY THE ETIAS CENTRAL SYSTEM
Article 19
Admissibility and creation of the application file
The ETIAS Information System shall automatically verify whether, following submission of an application:
all the fields of the application form are filled in and contain all the items referred to in Article 17(2) and (4);
the travel authorisation fee has been collected.
Upon creation of the application file, the ETIAS Central System shall record and store the following data:
the application number;
status information, indicating that a travel authorisation has been requested;
the personal data referred to in Article 17(2) and, where applicable, Article 17(4) and (6), including the three-letter code of the country issuing the travel document;
the data referred to in Article 17(8);
the date and the time the application form was submitted as well as a reference to the successful payment of the travel authorisation fee and the unique reference number of the payment.
Upon creation of the application file, the applicant shall immediately receive a notification via the email service explaining that, during the processing of the application, the applicant may be asked to provide additional information or documentation or, in exceptional circumstances, attend an interview. This notification shall include:
status information, acknowledging the submission of an application for travel authorisation; and
the application number.
The notification shall enable the applicant to make use of the verification tool provided for in point (h) of Article 6(2).
Article 20
Automated processing
The ETIAS Central System shall launch a query by using the ESP to compare the relevant data referred to in points (a), (aa), (b), (c), (d), (f), (g), (j), (k) and (m) of Article 17(2) and in Article 17(8) to the data present in a record, file or alert registered in an application file stored in the ETIAS Central System, SIS, the EES, the VIS, Eurodac, ECRIS-TCN, Europol data and in the Interpol SLTD and TDAWN databases. In particular, the ETIAS Central System shall verify:
whether the travel document used for the application corresponds to a travel document reported lost, stolen, misappropriated or invalidated in SIS;
whether the travel document used for the application corresponds to a travel document reported lost, stolen or invalidated in the SLTD;
whether the applicant is subject to a refusal of entry and stay alert entered in SIS;
whether the applicant is subject to an alert in respect of persons wanted for arrest for surrender purposes on the basis of a European Arrest Warrant or wanted for arrest for extradition purposes in SIS;
whether the applicant and the travel document correspond to a refused, revoked or annulled travel authorisation in the ETIAS Central System;
whether the data provided in the application concerning the travel document correspond to another application for travel authorisation associated with different identity data referred to in point (a) of Article 17(2) in the ETIAS Central System;
whether the applicant is currently reported as an overstayer or whether he or she has been reported as an overstayer in the past in the EES;
whether the applicant is recorded as having been refused entry in the EES;
whether the applicant has been subject to a decision to refuse, annul or revoke a short stay visa recorded in VIS;
whether the data provided in the application correspond to data recorded in Europol data;
whether the applicant is registered in Eurodac;
whether the travel document used for the application corresponds to a travel document recorded in a file in TDAWN;
in cases where the applicant is a minor, whether the applicant’s parental authority or legal guardian:
is subject to an alert in respect of persons wanted for arrest for surrender purposes on the basis of a European Arrest Warrant or wanted for arrest for extradition purposes in SIS;
is subject to a refusal of entry and stay alert entered in SIS;
whether the applicant corresponds to a person whose data has been recorded in ECRIS-TCN and flagged in accordance with point (c) of Article 5(1) of Regulation (EU) 2019/816; those data shall be used only for the purpose of the verification by the ETIAS Central Unit pursuant to Article 22 of this Regulation and for the purpose of the consultation of the national criminal records by the ETIAS National Units pursuant to Article 25a(2) of this Regulation; ETIAS National Units shall consult national criminal records prior to the assessments and decisions referred to in Article 26 of this Regulation and, where applicable, prior to the assessments and opinions pursuant to Article 28 of this Regulation;
whether the applicant is subject to an alert on return entered in SIS.
Article 21
Results of the automated processing
Article 22
Verification by the ETIAS Central Unit
When consulted, the ETIAS Central Unit shall have access to the application file and any linked application files, as well as to all the hits triggered during automated verifications pursuant to Article 20(2), (3) and (5) and to the information identified by the ETIAS Central System under Article 20(7) and (8).
The ETIAS Central Unit shall verify whether the data recorded in the application file correspond to one or more of the following:
the specific risk indicators referred to in Article 33;
the data present in the ETIAS Central System;
the data present in one of the EU information systems that are consulted;
Europol data;
the data present in the Interpol SLTD or TDAWN databases.
Article 23
Support of the objectives of SIS
The ETIAS Central System shall launch a query by using the ESP to compare the relevant data referred to in points (a), (aa), (b) and (d) of Article 17(2) to the data present in SIS in order to determine whether the applicant is the subject of one of the following alerts:
an alert on missing persons;
an alert on persons sought to assist with a judicial procedure;
an alert on persons for discreet checks, inquiry checks or specific checks.
The ETIAS Central System shall also send an automated notification to the SIRENE Bureau of the Member State that entered the alert having triggered a hit against SIS during the automated processing referred to in Article 20 where, following verification by the ETIAS Central Unit as referred to in Article 22, that alert has led to manual processing of the application in accordance with Article 26.
When the hit concerns an alert on return, the SIRENE Bureau of the issuing Member State shall verify, in cooperation with its ETIAS National Unit, whether the deletion of the alert on return in accordance with Article 14(1) of Regulation (EU) 2018/1860 and the entry of an alert for refusal of entry and stay in accordance with Article 24(3) of Regulation (EU) 2018/1861 is required.
The notification provided to the SIRENE Bureau of the Member State that entered the alert shall contain the following data:
surname(s), first name(s) and, if any, alias(es);
place and date of birth;
sex;
nationality and, if any, other nationalities;
Member State of first intended stay, and if available, the address of first intended stay;
the applicant’s home address or, if not available, his or her city and country of residence;
travel authorisation status information, indicating whether a travel authorisation has been issued, refused or whether the application is subject to manual processing pursuant to Article 26;
a reference to any hits obtained in accordance with paragraphs 1 and 2, including the date and time of the hit.
Article 24
Specific rules for family members of Union citizens or of other third-country nationals enjoying the right of free movement under Union law
When a third-country national referred to in point (c) of Article 2(1) applies for a travel authorisation, the following specific rules shall apply:
the applicant shall not reply to the question referred to in point (c) of Article 17(4);
the fee referred to in Article 18 shall be waived.
When processing an application for a travel authorisation for a third-country national referred to in point (c) of Article 2(1), the ETIAS Central System shall not verify whether:
the applicant is currently reported as an overstayer or whether he or she has been reported as an overstayer in the past through consultation of the EES as referred to in point (g) of Article 20(2);
the applicant corresponds to a person whose data is recorded in Eurodac as referred to in point (k) of Article 20(2).
The specific risk indicators based on illegal immigration risks determined pursuant to Article 33 shall not apply.
The following rules shall also apply:
in the notification laid down in Article 38(1) the applicant shall receive information regarding the fact that, when crossing the external border, he or she needs to be able to prove his or her status as family member referred to in point (c) of Article 2(1); such information shall also include a reminder that the family member of a citizen exercising the right of free movement who is in possession of a travel authorisation only has a right to enter if that family member is accompanied by or joining the Union citizen or other third-country national exercising his or her right of free movement;
an appeal as referred to in Article 37(3) shall be lodged in accordance with Directive 2004/38/EC;
the retention period of the application file referred to in Article 54(1) shall be:
the period of validity of the travel authorisation;
five years from the last decision to refuse, annul or revoke the travel authorisation in accordance with Articles 37, 40 and 41. If the data present in a record, file or alert registered in one of the EU information systems, Europol data, the Interpol SLTD or TDAWN databases, the ETIAS watchlist, or the ETIAS screening rules giving rise to such a decision are deleted before the end of that five-year period, the application file shall be deleted within seven days from the date of the deletion of the data in that record, file or alert. For that purpose, the ETIAS Central System shall regularly and automatically verify whether the conditions for the retention of application files referred to in this point are still fulfilled. Where they are no longer fulfilled, it shall delete the application file in an automated manner.
For the purpose of facilitating a new application after the expiry of the validity period of an ETIAS travel authorisation, the application file may be stored in the ETIAS Central System for an additional period of no more than three years after the end of the validity period of the travel authorisation and only where, following a request for consent, the applicant freely and explicitly consents by means of an electronically signed declaration. Requests for consent shall be presented in a manner which is clearly distinguishable from other matters, in an intelligible and easily accessible form and using clear and plain language, in accordance with Article 7 of Regulation (EU) 2016/679.
Consent shall be requested following the provision of information under Article 15(2). The automatically provided information shall remind the applicant of the purpose of the data retention in line with the information referred to in point (o) of Article 71.
CHAPTER IV
EXAMINATION OF THE APPLICATION BY THE ETIAS NATIONAL UNITS
Article 25
Member State responsible
The Member State responsible for the manual processing of applications under Article 26 (the ‘Member State responsible’) shall be identified by the ETIAS Central System as follows:
where only one Member State is identified as having entered or supplied the data that triggered the hit pursuant to Article 20, that Member State shall be the Member State responsible;
where several Member States are identified as having entered or supplied the data that triggered the hits pursuant to Article 20, the Member State responsible shall be:
the Member State that has entered or supplied the most recent data on an alert referred to in point (d) of Article 20(2); or
if none of those data correspond to an alert referred to in point (d) of Article 20(2), the Member State that has entered or supplied the most recent data on an alert referred to in point (c) of Article 20(2); or
if none of those data correspond to an alert referred to in either point (c) or (d) of Article 20(2), the Member State that has entered or supplied the most recent data on an alert referred to in point (a) of Article 20(2);
where several Member States are identified as having entered or supplied the data that triggered the hits pursuant to Article 20, but none of those data correspond to alerts referred to in point (a), (c) or (d) of Article 20(2), the Member State responsible shall be the one that entered or supplied the most recent data.
For the purposes of points (a) and (c) of the first subparagraph, hits triggered by data not entered or supplied by a Member State shall not be taken into account in order to identify the Member State responsible. Where the manual processing of an application is not triggered by data entered or supplied by a Member State, the Member State responsible shall be the Member State of first intended stay.
Article 25a
Use of other EU information systems for the manual processing of applications by the ETIAS National Units
Without prejudice to Article 13(1), the duly authorised staff of the ETIAS National Units shall have direct access to and may consult, in a read-only format, the other EU information systems for the purposes of examining applications for travel authorisation and adopting decisions relating to those applications in accordance with Article 26. The ETIAS National Units may consult:
the data referred to in Articles 16, 17 and 18 of Regulation (EU) 2017/2226;
the data referred to in Articles 9 to 14 of Regulation (EC) No 767/2008;
the data referred to in Article 20 of Regulation (EU) 2018/1861 processed for the purposes of Articles 24, 25 and 26 of that Regulation;
the data referred to in Article 20 of Regulation (EU) 2018/1862 processed for the purposes of Article 26 and points (k) and (l) of Article 38(2) of that Regulation;
the data referred to in Article 4 of Regulation (EU) 2018/1860 processed for the purposes of Article 3 of that Regulation.
Article 26
Manual processing of applications by the ETIAS National Units
Following the manual processing of the application, the ETIAS National Unit of the Member State responsible shall:
issue a travel authorisation; or
refuse a travel authorisation.
Where the automated processing laid down in Article 20(2) has reported a hit, the ETIAS National Unit of the Member State responsible shall:
refuse a travel authorisation where the hit corresponds to one or several of the verifications referred to in points (a) and (c) of Article 20(2);
assess the security or illegal immigration risk and decide whether to issue or refuse a travel authorisation where the hit corresponds to any of the verifications referred to in points (b) and (d) to (o) of Article 20(2).
Where the automated processing under point (o) of Article 20(2) has reported a hit, the ETIAS National Unit of the Member State responsible shall:
refuse the applicant’s travel authorisation where the verification under the third subparagraph of Article 23(2) led to the deletion of the alert on return and the entry of an alert for refusal of entry and stay;
assess the security or illegal immigration risk and decide whether to issue or refuse a travel authorisation in all other cases.
The ETIAS National Unit of the Member State having entered the data shall consult its SIRENE Bureau to verify whether the deletion of the alert on return in accordance with Article 14(1) of Regulation (EU) 2018/1860 and, where applicable, the entry of an alert for refusal of entry and stay in accordance with Article 24(3) of Regulation (EU) 2018/1861 is required.
Where the automated processing under point (n) of Article 20(2) has reported a hit, but has not reported a hit under point (c) of that paragraph, the ETIAS National Unit of the Member State responsible shall give particular consideration to the absence of such a hit in its assessment of the security risk in order to decide whether to issue or refuse a travel authorisation.
The results of the assessment of the security, illegal immigration or high epidemic risk and the justification behind the decision to issue or refuse a travel authorisation shall be recorded in the application file by the staff member having performed the risk assessment.
Article 27
Request for additional information or documentation from the applicant
If the consulate located the nearest to the place of residence of the applicant is at a distance of more than 500 km, the applicant shall be offered the possibility to conduct the interview by remote means of audio and video communication. If the distance is less than 500 km, the applicant and the ETIAS National Unit of the Member State responsible may jointly agree to the use of such means of audio and video communication. Where such means of audio and video communication are used, the interview shall be conducted by the ETIAS National Unit of the Member State responsible or, exceptionally, by one of that Member State’s consulates. The remote means of audio and video communication shall ensure an appropriate level of security and confidentiality.
The reason for requesting an interview shall be recorded in the application file.
Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 90(2).
The invitation to the interview shall be recorded in the application file by the ETIAS Central System.
The interview by remote means of audio and video communication shall be conducted in the language of the ETIAS National Unit of the Member State responsible requesting the interview or its chosen language for the submission of additional information or documentation.
The interview taking place in a consulate shall be conducted in an official language of the third country in which the consulate is located, or any other language agreed by the applicant and the consulate.
Following the interview, the interviewer shall issue an opinion which provides justifications for his or her recommendations.
The elements addressed and the opinion shall be included in a form to be recorded in the application file on the same day as the date of the interview.
The form used for the interview and the additional information or documentation recorded in the application file shall be consulted only for the purpose of assessing and deciding on the application, for the purpose of managing an appeal procedure and for the purpose of processing a new application by the same applicant.
Article 28
Consultation of other Member States
The ETIAS National Unit of the Member States consulted shall:
provide a reasoned positive opinion on the application; or
provide a reasoned negative opinion on the application.
The positive or negative opinion shall be recorded in the application file by the ETIAS National Unit of the Member State consulted.
For the purpose of the manual processing pursuant to Article 26, the reasoned positive or negative opinion shall only be visible by the ETIAS National Unit of the Member State consulted and by the ETIAS National Unit of the Member State responsible.
Article 29
Consultation of Europol
Article 30
Deadlines for notification to the applicant
Within 96 hours of the submission of an application which is admissible in accordance with Article 19, the applicant shall receive a notification indicating:
whether his or her travel authorisation has been issued or refused; or
that additional information or documentation is requested and that the applicant may be invited to an interview, indicating the maximum processing times applicable under Article 32(2).
Article 31
Verification tool
The Commission shall arrange for a verification tool for applicants to check the status of their applications and to check the period of validity and status of their travel authorisations (valid, refused, annulled or revoked). This tool shall be made accessible via the dedicated public website or via the app for mobile devices referred to in Article 16.
The Commission shall adopt delegated acts in accordance with Article 89 to further define the verification tool.
Article 32
Decision on the application
Before expiry of the deadlines referred to in paragraphs 1 and 2 of this Article, a decision shall be taken to:
issue a travel authorisation in accordance with Article 36; or
refuse a travel authorisation in accordance with Article 37.
CHAPTER V
THE ETIAS SCREENING RULES AND THE ETIAS WATCHLIST
Article 33
The ETIAS screening rules
The Commission shall adopt a delegated act in accordance with Article 89 to further define the risks related to security or illegal immigration or a high epidemic risk on the basis of:
statistics generated by the EES indicating abnormal rates of overstaying and refusals of entry for a specific group of travellers;
statistics generated by ETIAS in accordance with Article 84 indicating abnormal rates of refusals of travel authorisations due to a security, illegal immigration or high epidemic risk associated with a specific group of travellers;
statistics generated by ETIAS in accordance with Article 84 and the EES indicating correlations between information collected through the application form and overstaying by travellers or refusals of entry;
information substantiated by factual and evidence-based elements provided by Member States concerning specific security risk indicators or threats identified by that Member State;
information substantiated by factual and evidence-based elements provided by Member States concerning abnormal rates of overstaying and refusals of entry for a specific group of travellers for that Member State;
information concerning specific high epidemic risks provided by Member States as well as epidemiological surveillance information and risk assessments provided by the ECDC and disease outbreaks reported by the WHO.
The specific risks shall be reviewed at least every six months and, where necessary, a new implementing act shall be adopted by the Commission in accordance with the examination procedure referred to in Article 90(2).
Based on the specific risks determined in accordance with paragraph 3, the ETIAS Central Unit shall establish a set of specific risk indicators consisting of a combination of data including one or several of the following:
age range, sex, nationality;
country and city of residence;
level of education (primary, secondary, higher or none);
current occupation (job group).
Article 34
The ETIAS watchlist
On the basis of the information referred to in paragraph 2, the ETIAS watchlist shall be composed of data consisting of one or more of the following items:
surname;
surname at birth;
date of birth;
other names (alias(es), artistic name(s), usual name(s));
travel document(s) (type, number and country of issuance of the travel document(s));
home address;
email address:
phone number;
the name, email address, mailing address, phone number of a firm or organisation;
IP address.
If available, the following items of data shall be added to the related items constituted of at least one of the items of data listed above: first name(s), place of birth, country of birth, sex and nationality.
Article 35
Responsibilities and tasks regarding the ETIAS watchlist
Before Europol or a Member State enters data into the ETIAS watchlist, it shall:
determine whether the information is adequate, accurate and important enough to be included in the ETIAS watchlist;
assess the potential impact of the data on the proportion of applications manually processed;
verify whether the data correspond to an alert entered in SIS.
CHAPTER VI
ISSUE, REFUSAL, ANNULMENT OR REVOCATION OF A TRAVEL AUTHORISATION
Article 36
Issue of a travel authorisation
The ETIAS National Unit of the Member State responsible may also attach such a flag upon the request of a consulted Member State. Such a flag shall only be visible to the border authorities.
The flag shall be removed automatically once the border authorities have carried out the check and have entered the entry record in the EES.
Article 37
Refusal of a travel authorisation
A travel authorisation shall be refused if the applicant:
used a travel document which is reported as lost, stolen, misappropriated or invalidated in SIS;
poses a security risk;
poses an illegal immigration risk;
poses a high epidemic risk;
is a person for whom an alert has been entered in SIS for the purpose of refusing entry and stay;
fails to reply to a request for additional information or documentation within the deadlines referred to in Article 27;
fails to attend an interview as referred to in Article 27(4).
Article 38
Notification on the issue or refusal of a travel authorisation
Once a travel authorisation is issued, the applicant shall immediately receive a notification via the email service, including:
a clear statement that the travel authorisation has been issued and the travel authorisation application number;
the commencement and expiry dates of the travel authorisation;
a clear statement that upon entry the applicant will have to present the same travel document as that indicated in the application form and that any change of travel document will require a new application for a travel authorisation;
a reminder of the entry conditions laid down in Article 6 of Regulation (EU) 2016/399 and the fact that a short stay is only possible for a duration of no more than 90 days in any 180-day period;
a reminder that the mere possession of a travel authorisation does not confer an automatic right of entry;
a reminder that the border authorities may request supporting documents at external borders in order to verify fulfilment of the conditions of entry and stay;
a reminder that the possession of a valid travel authorisation is a condition for stay that has to be fulfilled during the entire duration of a short stay on the territory of Member States;
a link to the web service referred to in Article 13 of Regulation (EU) 2017/2226 enabling third-country nationals to verify at any moment their remaining authorised stay;
where applicable, the Member States to which the applicant is authorised to travel;
a link to the ETIAS public website containing information on the possibility for the applicant to request the revocation of the travel authorisation, the possibility for the travel authorisation to be revoked if the conditions for issuing it are no longer met and the possibility for its annulment where it becomes evident that the conditions for issuing it were not met at the time it was issued;
information on the procedures for exercising the rights under Articles 13 to 16 of Regulation (EC) No 45/2001 and Articles 15 to 18 of Regulation (EU) 2016/679; the contact details of the data protection officer of the European Border and Coast Guard Agency, of the European Data Protection Supervisor and of the national supervisory authority of the Member State of first intended stay where the travel authorisation has been issued by the ETIAS Central System, or of the Member State responsible where the travel authorisation has been issued by an ETIAS National Unit.
Where a travel authorisation has been refused, the applicant shall immediately receive a notification via the email service including:
a clear statement that the travel authorisation has been refused and the travel authorisation application number;
a reference to the ETIAS National Unit of the Member State responsible that refused the travel authorisation and its address;
a statement of the grounds for refusal of the travel authorisation indicating the applicable grounds from those listed in Article 37(1) and (2) enabling the applicant to lodge an appeal;
information on the right to lodge an appeal and the time limit for doing so; a link to the information referred to in Article 16(7) on the website;
information on the procedures for exercising the rights under Articles 13 to 16 of Regulation (EC) No 45/2001 and Articles 15 to 18 of Regulation (EU) 2016/679; the contact details of the data protection officer of the European Border and Coast Guard Agency, of the European Data Protection Supervisor and of the national supervisory authority of the Member State responsible.
Article 39
Data to be added to the application file following the decision to issue or to refuse a travel authorisation
Where a decision has been taken to issue a travel authorisation, the ETIAS Central System or, where the decision has been taken following manual processing as provided for in Chapter IV, the ETIAS National Unit of the Member State responsible shall add the following data to the application file without delay:
status information indicating that the travel authorisation has been issued;
a reference as to whether the travel authorisation was issued by the ETIAS Central System or following manual processing; in the latter case a reference to the ETIAS National Unit of the Member State responsible which took the decision and its address;
the date of the decision to issue the travel authorisation;
the commencement and expiry dates of the travel authorisation;
any flags attached to the travel authorisation as laid down in Article 36(2) and (3), together with an indication of the reasons for such flag(s), and additional information relevant to second line checks in the case of Article 36(2), and additional information relevant to border authorities in the case of Article 36(3).
Where a decision has been taken to refuse a travel authorisation, the ETIAS National Unit of the Member State responsible shall add the following data to the application file:
status information indicating that the travel authorisation has been refused;
a reference to the ETIAS National Unit of the Member State responsible that refused the travel authorisation and its address;
date of the decision to refuse the travel authorisation;
the grounds for refusal of the travel authorisation, by indicating the grounds from those listed in Article 37(1) and (2).
Article 40
Annulment of a travel authorisation
Article 41
Revocation of a travel authorisation
Article 42
Notification of the annulment or revocation of a travel authorisation
Where a travel authorisation has been annulled or revoked, the applicant shall immediately receive a notification via the email service including:
a clear statement that the travel authorisation has been annulled or revoked and the travel authorisation application number;
a reference to the ETIAS National Unit of the Member State responsible that annulled or revoked the travel authorisation and its address;
a statement of the grounds for the annulment or revocation of the travel authorisation indicating the applicable grounds from those listed in Article 37(1) and (2) enabling the applicant to lodge an appeal;
information on the right to lodge an appeal and the time limit for doing so; a link to the information referred to in Article 16(7) on the website;
a clear statement that the possession of a valid travel authorisation is a condition for stay that has to be fulfilled during the entire duration of a short stay on the territory of Member States;
information on the procedures for exercising the rights under Articles 13 to 16 of Regulation (EC) No 45/2001 and Articles 15 to 18 of Regulation (EU) 2016/679; the contact details of the data protection officer of the European Border and Coast Guard Agency, of the European Data Protection Supervisor and of the national supervisory authority of the Member State responsible.
Article 43
Data to be added to the application file following the decision to annul or to revoke a travel authorisation
Where a decision has been taken to annul or to revoke a travel authorisation, the ETIAS National Unit of the Member State responsible that annulled or revoked the travel authorisation shall add the following data to the application file without delay:
status information indicating that the travel authorisation has been annulled or revoked;
a reference to the ETIAS National Unit of the Member State responsible that revoked or annulled the travel authorisation and its address; and
date of the decision to annul or revoke the travel authorisation.
Article 44
Issue of a travel authorisation with limited territorial validity on humanitarian grounds, for reasons of national interest or because of international obligations
Where an application has been deemed admissible in accordance with Article 19, the Member State to which the third-country national concerned intends to travel may exceptionally issue a travel authorisation with limited territorial validity when that Member State considers it necessary on humanitarian grounds in accordance with its national law, for reasons of national interest or because of international obligations, notwithstanding the fact that:
the manual processing pursuant to Article 26 is not yet completed; or
a travel authorisation has been refused, annulled or revoked.
Such authorisations will generally be valid only in the territory of the issuing Member State. However, they may also exceptionally be issued with a territorial validity covering more than one Member State, subject to the consent of each such Member State through their ETIAS National Units. Where an ETIAS National Unit is considering issuing a travel authorisation with limited territorial validity covering several Member States, that ETIAS National Unit of the Member State responsible shall consult those Member States.
Where a travel authorisation with limited territorial validity has been requested or issued in the circumstances referred to in point (a) of the first subparagraph of this paragraph, this shall not interrupt the manual processing of the application allowing issue of a travel authorisation without limited territorial validity.
Where a travel authorisation with limited territorial validity is issued, the following data shall be added to the application file by the ETIAS National Unit which issued that authorisation:
status information indicating that a travel authorisation with limited territorial validity has been issued;
the Member State(s) to which the travel authorisation holder is entitled to travel and the validity period of that travel authorisation;
the ETIAS National Unit of the Member State that issued the travel authorisation with limited territorial validity and its address;
date of the decision to issue the travel authorisation with limited territorial validity;
a reference to the humanitarian grounds, reasons of national interest or international obligations invoked;
any flags attached to the travel authorisation, as laid down in Article 36(2) and (3), together with an indication of the reasons for such flag(s) and additional information relevant to second line checks in the case of Article 36(2), and additional information relevant to border authorities in the case of Article 36(3).
Where an ETIAS National Unit issues a travel authorisation with limited territorial validity with no information or documentation having been submitted by the applicant, that ETIAS National Unit shall record and store appropriate information or documentation in the application file justifying that decision.
Where a travel authorisation with limited territorial validity has been issued, the applicant shall receive a notification via the email service, including:
a clear statement that a travel authorisation with limited territorial validity has been issued and the travel authorisation application number;
the commencement and expiry dates of the travel authorisation with limited territorial validity;
a clear statement of the Member States to which the holder of the authorisation is entitled to travel and that he or she can only travel within the territory of those Member States;
a reminder that the possession of a valid travel authorisation is a condition for stay that has to be fulfilled during the entire duration of a short stay on the territory of the Member State for which the travel authorisation with limited territorial validity has been issued;
a link to the web service referred to in Article 13 of Regulation (EU) 2017/2226 enabling third-country nationals to verify at any moment their remaining authorised stay.
CHAPTER VII
USE OF ETIAS BY CARRIERS
Article 45
Access to data for verification by carriers
The ETIAS Information System shall, through the carrier gateway, provide the carriers with an ‘OK/NOT OK’ answer indicating whether or not the person has a valid travel authorisation. If a travel authorisation has been issued with limited territorial validity in accordance with Article 44, the response provided by the ETIAS Central System shall take into account the Member State(s) for which the authorisation is valid as well as the Member State of entry indicated by the carrier. Carriers may store the information sent and the answer received in accordance with the applicable law. The OK/NOT OK answer shall not be regarded as a decision to authorise or refuse entry in accordance with Regulation (EU) 2016/399.
The Commission shall, by means of implementing acts, adopt detailed rules concerning the conditions for the operation of the carrier gateway and the data protection and security rules applicable. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 90(2).
Logs shall be stored for a period of two years. Logs shall be protected by appropriate measures against unauthorised access.
Article 46
Fall-back procedures in the case of a technical impossibility to access data by carriers
CHAPTER VIII
USE OF ETIAS BY BORDER AUTHORITIES AT THE EXTERNAL BORDERS
Article 47
Access to data for verification at the external borders
The ETIAS Central System shall respond by indicating:
whether or not the person has a valid travel authorisation, including whether the person’s status corresponds to the status referred to in point (c) of Article 2(1) and, in the case of a travel authorisation with limited territorial validity issued under Article 44, the Member State or Member States for which it is valid;
any flag attached to the travel authorisation under Article 36(2) and (3);
whether the travel authorisation will expire within the next 90 days and the remaining validity period;
the data referred to in points (k) and (l) of Article 17(2).
Where the ETIAS Central System responds by indicating a flag referred to in Article 36(3) and where additional verifications are needed, border authorities may access the ETIAS Central System to obtain the additional information provided for in point (e) of Article 39(1) or point (f) of Article 44(6).
Article 48
Fall-back procedures in the case of a technical impossibility to access data at the external borders
CHAPTER IX
USE OF ETIAS BY IMMIGRATION AUTHORITIES
Article 49
Access to data by immigration authorities
Access to the ETIAS Central System under paragraph 1 of this Article shall be allowed only where the following conditions are met:
a prior search has been conducted in the EES under Article 26 of Regulation (EU) 2017/2226; and
the search result indicates that the EES does not contain an entry record corresponding to the presence of the third-country national on the territory of Member States.
Where necessary, fulfilment of the conditions referred to in points (a) and (b) of the first subparagraph of this paragraph shall be verified by accessing the logs in the EES provided for under Article 46 of Regulation (EU) 2017/2226 which correspond to the search referred to in point (a) of the first subparagraph of this paragraph and to the answer referred to in point (b) of that subparagraph.
In the case of minors, the immigration authorities shall also have access to the information relating to the traveller’s parental authority or legal guardian referred to in point (k) of Article 17(2).
CHAPTER X
PROCEDURE AND CONDITIONS FOR ACCESS TO THE ETIAS CENTRAL SYSTEM FOR LAW ENFORCEMENT PURPOSES
Article 50
Member States’ designated authorities
The designated authority and the central access point may be part of the same organisation if permitted under national law, but the central access point shall act fully independently of the designated authorities when performing its tasks under this Regulation. The central access point shall be separate from the designated authorities and shall not receive instructions from them as regards the outcome of the verification which it shall carry out independently.
Member States may designate more than one central access point to reflect their organisational and administrative structures in the fulfilment of their constitutional or other legal requirements.
Member States shall notify eu-LISA and the Commission of their designated authorities and central access points and may at any time amend or replace their notifications.
Article 51
Procedure for access to the ETIAS Central System for law enforcement purposes
Where an ex post verification reveals that the consultation of or access to data recorded in the ETIAS Central System was not justified, all the authorities that accessed the data shall erase the data they accessed from the ETIAS Central System. The authorities shall inform the relevant central access point of the Member State in which the request was made of the erasure.
Article 52
Conditions for access to data recorded in the ETIAS Central System by designated authorities of Member States
Designated authorities may request consultation of data stored in the ETIAS Central System if all the following conditions are met:
access for consultation is necessary for the purposes of the prevention, detection or investigation of a terrorist offence or another serious criminal offence;
access for consultation is necessary and proportionate in a specific case; and
evidence or reasonable grounds exist to consider that the consultation of data stored in the ETIAS Central System will contribute to the prevention, detection or investigation of any of the criminal offences in question, in particular where there is a substantiated suspicion that the suspect, perpetrator or victim of a terrorist offence or other serious criminal offence falls under a category of traveller covered by this Regulation.
Consultation of the ETIAS Central System shall be limited to searching with one or several of the following items of data recorded in the application file:
surname (family name) and, if available, first name(s) (given names);
other names (alias(es), artistic name(s), usual name(s));
number of the travel document;
home address;
email address;
phone numbers;
IP address.
Consultation of the ETIAS Central System with the data listed under paragraph 2 may be combined with the following data in the application file to narrow down the search:
nationality or nationalities;
sex;
date of birth or age range.
Article 53
Procedure and conditions for access to data recorded in the ETIAS Central System by Europol
The reasoned request shall contain evidence that all the following conditions are met:
the consultation is necessary to support and strengthen action by Member States in preventing, detecting or investigating terrorist offences or other serious criminal offences falling under Europol’s mandate;
the consultation is necessary and proportionate in a specific case;
the consultation shall be limited to searching with data referred to in Article 52(2) in combination with the data listed under Article 52(3) where necessary;
evidence or reasonable grounds exist to consider that the consultation will contribute to the prevention, detection or investigation of any of the criminal offences in question, in particular where there is a substantiated suspicion that the suspect, perpetrator or victim of a terrorist offence or other serious criminal offence falls under a category of traveller covered by this Regulation.
CHAPTER XI
RETENTION AND AMENDMENT OF DATA
Article 54
Data retention
Each application file shall be stored in the ETIAS Central System for:
the period of validity of the travel authorisation;
five years from the last decision to refuse, annul or revoke the travel authorisation in accordance with Articles 37, 40 and 41. If the data present in a record, file or alert registered in one of the EU information systems, Europol data, the Interpol SLTD or TDAWN databases, the ETIAS watchlist, or the ETIAS screening rules giving rise to such a decision are deleted before the end of that five-year period, the application file shall be deleted within seven days from the date of the deletion of the data in that record, file or alert. For that purpose, the ETIAS Central System shall regularly and automatically verify whether the conditions for the retention of application files referred to in this point are still fulfilled. Where they are no longer fulfilled, it shall delete the application file in an automated manner.
Consent shall be requested following the automatic provision of information under Article 15(2). The automatically provided information shall remind the applicant of the purpose of the data retention in line with the information referred to in point (o) of Article 71 and of the possibility to withdraw consent at any time.
The applicant may withdraw his or her consent at any time, in accordance with Article 7(3) of Regulation (EU) 2016/679. If the applicant withdraws consent, the application file shall automatically be erased from the ETIAS Central System.
eu-LISA shall develop a tool to enable applicants to give and withdraw their consent. That tool shall be made accessible via the dedicated public website or via the app for mobile devices.
The Commission shall adopt delegated acts in accordance with Article 89 to further define the tool to be used by the applicants to give and withdraw their consent.
Article 55
Amendment of data and advance data erasure
Where a third-country national has acquired the nationality of a Member State or has fallen under the scope of points (a) to (c) of Article 2(2), the authorities of that Member State shall verify whether that person has a valid travel authorisation and, where relevant, shall erase the application file without delay from the ETIAS Central System. The authority responsible for erasing the application file shall be:
the ETIAS National Unit of the Member State that issued the travel document as referred to in point (a) of Article 2(2);
the ETIAS National Unit of the Member State the nationality of which he or she has acquired;
the ETIAS National Unit of the Member State that issued the residence card or residence permit.
CHAPTER XII
DATA PROTECTION
Article 56
Data protection
Where the processing of personal data by the ETIAS National Units is performed by competent authorities assessing the applications for the purposes of the prevention, detection or investigation of terrorist offences or other serious criminal offences, Directive (EU) 2016/680 shall apply.
Where the ETIAS National Unit decides on the issue, refusal, revocation or annulment of a travel authorisation, Regulation (EU) 2016/679 shall apply.
Article 57
Data controller
Article 58
Data processor
Article 59
Security of processing
Without prejudice to Article 22 of Regulation (EC) No 45/2001 and Articles 32 and 34 of Regulation (EU) 2016/679, eu-LISA, the ETIAS Central Unit and the ETIAS National Units shall adopt the necessary measures, including a security plan and a business continuity and disaster recovery plan, in order to:
physically protect data, including by making contingency plans for the protection of critical infrastructure;
deny unauthorised persons access to the secure web service, the email service, the secure account service, the carrier gateway, the verification tool for applicants and the consent tool for applicants;
deny unauthorised persons access to data processing equipment and national installations in accordance with the purposes of ETIAS;
prevent the unauthorised reading, copying, modification or removal of data media;
prevent the unauthorised input of data and the unauthorised inspection, modification or deletion of recorded personal data;
prevent the use of automated data processing systems by unauthorised persons using data communication equipment;
prevent the unauthorised processing of data in the ETIAS Central System and any unauthorised modification or deletion of data processed in the ETIAS Central System;
ensure that persons authorised to access the ETIAS Information System have access only to the data covered by their access authorisation, by means of individual and unique user identities and confidential access modes only;
ensure that all authorities with a right of access to the ETIAS Information System create profiles describing the functions and responsibilities of persons who are authorised to access the data and make their profiles available to the supervisory authorities;
ensure that it is possible to verify and establish to which bodies personal data may be transmitted using data communication equipment;
ensure that it is possible to verify and establish what data has been processed in the ETIAS Information System, when, by whom and for what purpose;
prevent the unauthorised reading, copying, modification or deletion of personal data during the transmission of personal data to or from the ETIAS Central System or during the transport of data media, in particular by means of appropriate encryption techniques;
ensure that, in the event of an interruption, installed systems can be restored to normal operation;
ensure reliability by making sure that any faults in the functioning of ETIAS are properly reported and that necessary technical measures are put in place to ensure that personal data can be restored in the event of corruption due to a malfunctioning of ETIAS;
monitor the effectiveness of the security measures referred to in this paragraph and take the necessary organisational measures related to internal monitoring to ensure compliance with this Regulation.
Article 60
Security incidents
Article 61
Self-monitoring
The European Border and Coast Guard Agency, Europol and Member States shall ensure that each authority entitled to access the ETIAS Information System takes the measures necessary to comply with this Regulation and cooperates, where necessary, with the supervisory authority.
Article 62
Penalties
Member States shall lay down the rules on penalties applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties provided for shall be effective, proportionate and dissuasive.
Article 63
Liability
Without prejudice to the right to compensation from, and liability of the controller or processor under Regulation (EU) 2016/679, Directive (EU) 2016/680 and Regulation (EC) No 45/2001:
any person or Member State that has suffered material or non-material damage as a result of an unlawful personal data processing operation or any other act incompatible with this Regulation by a Member State shall be entitled to receive compensation from that Member State;
any person or Member State that has suffered material or non-material damage as a result of any act by eu-LISA incompatible with this Regulation shall be entitled to receive compensation from that agency. eu-LISA shall be liable for unlawful personal data processing operations in accordance with its role as processor or, where applicable, controller.
A Member State or eu-LISA shall be exempted from their liability under the first subparagraph, in whole or in part, if they prove that they are not responsible for the event which gave rise to the damage.
Article 64
Right of access to, of rectification, of completion, of erasure of personal data and of restriction of processing
Where in response to a request, it is found that the data stored in the ETIAS Central System are factually inaccurate or have been recorded unlawfully, the ETIAS Central Unit or the ETIAS National Unit of the Member State responsible shall rectify or erase those data in the ETIAS Central System without delay.
Where in response to a request pursuant to this paragraph, a travel authorisation is amended by the ETIAS Central Unit or an ETIAS National Unit during its validity period, the ETIAS Central System shall carry out the automated processing laid down in Article 20 to determine whether the amended application file triggers a hit pursuant to Article 20(2) to (5). Where the automated processing does not report any hit, the ETIAS Central System shall issue an amended travel authorisation with the same validity period of the original and notify the applicant. Where the automated processing reports one or several hits, the ETIAS National Unit of the Member State responsible shall assess the security, illegal immigration or high epidemic risk in accordance with Article 26. It shall then decide whether to issue an amended travel authorisation or, where it concludes that the conditions for granting the travel authorisation are no longer met, revoke the travel authorisation.
Article 65
Communication of personal data to third countries, international organisations and private parties
By way of derogation from Article 49 of this Regulation, if necessary for the purpose of return, the immigration authorities may access the ETIAS Central System to retrieve data to be transferred to a third country in individual cases only where all of the following conditions are met:
a prior search has been conducted in the EES in accordance with Article 26 of Regulation (EU) 2017/2226; and
this search indicates that the EES does not contain data concerning the third-country national to be returned.
Where necessary, fulfilment of these conditions shall be verified by accessing the logs provided for in Article 46 of Regulation (EU) 2017/2226 corresponding to the search referred to in point (a) of the first subparagraph of this paragraph and to the answer corresponding to point (b) of that subparagraph.
If those conditions are met, the immigration authorities shall have access to query the ETIAS Central System with some or all of the data referred to in points (a) to (e) of Article 17(2) of this Regulation. If an ETIAS application file corresponds to those data, the immigration authorities will have access to the data referred to in points (a) to (g) of Article 17(2) of this Regulation and, in case of minors, point (k) of paragraph 2 of that Article.
By way of derogation from paragraph 1 of this Article, the data accessed from the ETIAS Central System by the immigration authorities may be transferred to a third country in individual cases if necessary in order to prove the identity of third-country nationals for the sole purpose of return, and only where one of the following conditions is satisfied:
the Commission has adopted a decision on the adequate level of protection of personal data in that third country in accordance with Article 45(3) of Regulation (EU) 2016/679;
appropriate safeguards have been provided as referred to in Article 46 of Regulation (EU) 2016/679, such as through a readmission agreement which is in force between the Union or a Member State and the third country in question;
point (d) of Article 49(1) of Regulation (EU) 2016/679 applies.
The data referred to in ►M1 points (a), (aa), (b), (d), (e) and (f) of Article 17(2) ◄ of this Regulation may be transferred only where all of the following conditions are satisfied:
the transfer of the data is carried out in accordance with the relevant provisions of Union law, in particular provisions on data protection, including Chapter V of Regulation (EU) 2016/679, readmission agreements, and the national law of the Member State transferring the data;
the third country has agreed to process the data only for the purposes for which they were provided; and
a return decision adopted pursuant to Directive 2008/115/EC of the European Parliament and of the Council ( 17 ) has been issued in relation to the third-country national concerned, provided that the enforcement of such a return decision is not suspended and provided that no appeal has been lodged which may lead to the suspension of its enforcement.
By way of derogation from paragraph 2 of this Article, the data from the ETIAS Central System referred to in Article 52(4) accessed by the designated authorities for the purposes referred to in Article 1(2) may be transferred or made available by the designated authority to a third country in individual cases, but only where all of the following conditions are met:
there is an exceptional case of urgency where there is:
an imminent danger associated with a terrorist offence; or
an imminent danger to the life of a person and that danger is associated with a serious criminal offence;
the transfer of data is necessary for the prevention, detection or investigation in the territory of the Member States or in the third country concerned of such a terrorist offence or serious criminal offence;
the designated authority has access to such data in accordance with the procedure and the conditions set out in Articles 51 and 52;
the transfer is carried out in accordance with the applicable conditions set out in Directive (EU) 2016/680, in particular Chapter V thereof;
a duly motivated written or electronic request from the third country has been submitted;
the reciprocal provision of any information in systems for travel authorisation held by the requesting third country to the Member States operating the ETIAS is ensured.
Where a transfer is made pursuant to the first subparagraph of this paragraph, such a transfer shall be documented and the documentation shall, on request, be made available to the supervisory authority established in accordance with Article 41(1) of Directive (EU) 2016/680, including the date and time of the transfer, information about the receiving competent authority, the justification for the transfer and the personal data transferred.
Article 66
Supervision by the supervisory authority
Article 67
Supervision by the European Data Protection Supervisor
Article 68
Cooperation between supervisory authorities and the European Data Protection Supervisor
Article 69
Keeping of logs
eu-LISA shall keep logs of all data processing operations within the ETIAS Information System. Those logs shall include the following:
the purpose of the access;
the date and time of each operation;
the data used for the automated processing of the applications;
where relevant, a reference to the use of the ESP to query the ETIAS Central System as referred to in Article 7(2) of Regulation (EU) 2019/817;
the hits triggered while carrying out the automated processing laid down in Article 20;
the data used for the verification of identity stored in the ETIAS Central System or other information systems and databases;
the results of the verification process referred to in Article 22; and
the staff member having performed it.
The ETIAS National Unit of the Member State responsible shall keep records of the staff member duly authorised to enter or retrieve the data.
In addition, the competent authorities shall keep records of the staff members duly authorised to enter and retrieve the data.
eu-LISA and the ETIAS National Units shall make the logs available to the European Data Protection Supervisor and to the competent supervisory authorities on request.
Article 70
Keeping of logs for requests for data consultation in order to prevent, detect and investigate terrorist offences or other serious criminal offences
The logs referred to in paragraph 2 shall show:
the exact purpose of the request for consultation of or access to data stored in the ETIAS Central System, including the terrorist offence or other serious criminal offence concerned and, for Europol, the exact purpose of the request for consultation;
the decision taken with regard to the admissibility of the request;
the national file reference;
the date and exact time of the request for access made by the central access point to the ETIAS Central System;
where applicable, the use of the urgency procedure referred to in Article 51(4) and the outcome of the ex post verification;
which of the data or set of data referred to in Article 52(2) and (3) have been used for consultation; and
in accordance with national rules or with Regulation (EU) 2016/794, the identifying mark of the official who carried out the search and of the official who ordered the search or transmission of data.
CHAPTER XIII
PUBLIC AWARENESS
Article 71
Information to the general public
After consulting the Commission and the European Data Protection Supervisor, the ETIAS Central Unit shall provide the general public with all relevant information in relation to applying for a travel authorisation. Such information shall be available on the public website and shall include:
the criteria, conditions and procedures for applying for a travel authorisation;
information concerning the website and the app for mobile devices where the application can be submitted;
information on the possibility that an application may be submitted by another person or a commercial intermediary;
information on the possibility to report abuses from commercial intermediaries using the form referred to in Article 15(5);
the deadlines for deciding on an application provided for in Article 32;
the fact that a travel authorisation is linked to the travel document indicated in the application form and that consequently the expiry and any modification of the travel document will result in the invalidity or non-recognition of the travel authorisation when crossing the border;
the fact that applicants are responsible for the authenticity, completeness, correctness and reliability of the data they submit and for the veracity and reliability of the statements they make;
the fact that decisions on applications must be notified to the applicant, that where a travel authorisation is refused, such decisions must state the grounds for the refusal and that applicants whose applications are refused have a right to appeal, with information regarding the procedure to be followed in the event of an appeal, including details of the competent authority, as well as the time limit for lodging an appeal;
the fact that applicants have the possibility to contact the ETIAS Central Unit indicating that the purpose of their travel is based on humanitarian grounds or is linked to international obligations and the conditions and procedures for doing so;
the entry conditions laid down in Article 6 of Regulation (EU) 2016/399 and the fact that a short stay is only possible for a duration of no more than 90 days in any 180-day period, except for third-country nationals benefiting from more favourable provisions of a bilateral agreement preexisting the Convention Implementing the Schengen Agreement;
the fact that the mere possession of a travel authorisation does not confer an automatic right of entry;
the fact that the border authorities may request supporting documents at external borders in order to verify the fulfilment of the conditions of entry;
the fact that the possession of a valid travel authorisation is a condition for stay that has to be fulfilled during the entire duration of a short stay on the territory of Member States;
a link to the web service referred to in Article 13 of Regulation (EU) 2017/2226 enabling third-country nationals to verify at any moment their remaining authorised stay;
the fact that the data entered into the ETIAS Information System are used for the purposes of border management, including for checks in databases, and that the data may be accessed by the Member States and Europol for the purposes of the prevention, detection and investigation of terrorist offences or of other serious criminal offences, under the procedures and conditions referred to in Chapter X;
the period for which data will be stored;
the rights of data subjects under Regulations (EC) No 45/2001, (EU) 2016/679 and (EU) 2016/794 and Directive (EU) 2016/680;
the possibility for travellers to obtain support as provided for in point (m) of Article 7(2).
Article 72
Information campaign
The Commission shall, in cooperation with the European External Action Service, the ETIAS Central Unit, and the Member States, including their consulates in the third countries concerned, accompany the start of operations by ETIAS with an information campaign to inform third-country nationals falling within the scope of this Regulation of the requirement for them to be in possession of a valid travel authorisation both to cross the external borders and for the entire duration of their short stay on the territory of Member States.
That information campaign shall be conducted regularly and in at least one of the official languages of the countries whose nationals fall within the scope of this Regulation.
CHAPTER XIV
RESPONSIBILITIES
Article 73
Responsibilities of eu-LISA during the designing and development phase
eu-LISA shall define the design of the physical architecture of the system including its communication infrastructure as well as its technical specifications and their evolution and the NUIs. Those technical specifications shall be adopted by eu-LISA’s Management Board, subject to a favourable opinion from the Commission. eu-LISA shall also implement any necessary adaptations to the EES, SIS, Eurodac or VIS deriving from the establishment of interoperability with ETIAS.
eu-LISA shall develop and implement the ETIAS Central System, including the ETIAS watchlist, the NUIs, the communication infrastructure, and the secure communication channel between the ETIAS Central System and the EES Central System, as soon as possible after the entry into force of this Regulation and the adoption by the Commission of:
the measures provided for in Articles 6(4), 16(10), 17(9), Article 31 and Articles 35(7), 45(2), 54(2), 74(5), 84(2) and 92(8); and
the measures adopted in accordance with the examination procedure referred to in Article 90(2) necessary for the development and technical implementation of the ETIAS Central System, the NUIs, the communication infrastructure, the secure communication channel between the ETIAS Central System and the EES Central System and the carrier gateway, in particular implementing acts for:
accessing the data in accordance with Articles 22 to 29 and Articles 33 to 53;
amending, erasing and advance erasure of data in accordance with Article 55;
keeping and accessing the logs in accordance with Articles 45 and 69;
performance requirements;
specifications for technical solutions to connect central access points in accordance with Articles 51, 52 and 53.
The development shall consist of the elaboration and implementation of the technical specifications, testing and overall project coordination. In this regard, the tasks of eu-LISA shall also be to:
perform a security risk assessment;
follow the principles of privacy by design and by default during the entire lifecycle of the development of ETIAS; and
conduct a security risk assessment regarding the interoperability of ETIAS with the EU information systems and Europol data referred to in Article 11.
eu-LISA’s Management Board shall establish the rules of procedure of the Programme Management Board which shall include in particular rules on:
chairmanship;
meeting venues;
preparation of meetings;
admission of experts to the meetings;
communication plans to ensure that non-participating members of eu-LISA’s Management Board are fully informed.
The chairmanship shall be held by a Member State which is fully bound under Union law by the legislative instruments governing the development, establishment, operation and use of all the large-scale IT systems managed by eu-LISA.
All travel and subsistence expenses incurred by the members of the Programme Management Board shall be paid by eu-LISA. Article 10 of the eu-LISA Rules of Procedure shall apply mutatis mutandis. The Programme Management Board’s secretariat shall be ensured by eu-LISA.
The EES-ETIAS Advisory Group shall meet regularly until the start of operations by ETIAS. It shall report after each meeting to the Programme Management Board. It shall provide the technical expertise to support the tasks of the Programme Management Board and shall follow-up on the state of preparation of the Member States.
Article 74
Responsibilities of eu-LISA following the entry into operations of ETIAS
Technical management of ETIAS shall consist of all the tasks necessary to keep the ETIAS Information System functioning 24 hours a day, 7 days a week in accordance with this Regulation, in particular the maintenance work and technical developments necessary to ensure that the system functions at a satisfactory level of technical quality, in particular as regards the response time for consultation of the ETIAS Central System in accordance with the technical specifications.
Article 75
Responsibilities of the European Border and Coast Guard Agency
The European Border and Coast Guard Agency shall be responsible for:
the setting up and operation of the ETIAS Central Unit and ensuring the conditions for the secure management of data stored in ETIAS;
the automated processing of applications; and
the ETIAS screening rules.
Article 76
Responsibilities of Member States
Each Member State shall be responsible for:
the connection to the NUI;
the organisation, management, operation and maintenance of the ETIAS National Units for the manual processing of applications for travel authorisation where the automated processing has reported a hit, as referred to in Article 26;
the organisation of central access points and their connection to the NUI for the purposes of preventing, detecting and investigating terrorist offences or other serious criminal offences;
the management and arrangements for access of duly authorised staff of the competent national authorities to the ETIAS Information System in accordance with this Regulation and to establish and regularly update a list of such staff and their profiles;
the set up and operation of the ETIAS National Units;
entering data into the ETIAS watchlist related to terrorist offences or other serious criminal offences pursuant to Article 34(2) and (3); and
ensuring that each of its authorities entitled to access the ETIAS Information System takes the measures necessary to comply with this Regulation, including those necessary to ensure the respect of fundamental rights and data security.
They shall also take part in trainings offered by eu-LISA on the technical use of the ETIAS Information System and on data quality.
Article 77
Responsibilities of Europol
CHAPTER XV
AMENDMENTS TO OTHER UNION INSTRUMENTS
Article 78
Amendment to Regulation (EU) No 1077/2011
The following article is inserted in Regulation (EU) No 1077/2011:
‘Article 5b
Tasks relating to ETIAS
In relation to ETIAS, the Agency shall perform the tasks conferred on it by Article 73 of Regulation (EU) 2018/1240 of the European Parliament and of the Council ( *1 ).
Article 79
Amendment to Regulation (EU) No 515/2014
In Article 6 of Regulation (EU) No 515/2014, the following paragraph is inserted:
Article 80
Amendments to Regulation (EU) 2016/399
Regulation (EU) 2016/399 is amended as follows:
Article 6(1) is amended as follows:
point (b) is replaced by the following:
they are in a possession of a valid visa if required pursuant to Council Regulation (EC) No 539/2001 ( *3 ) or of a valid travel authorisation if required pursuant to Regulation (EU) 2018/1240 of the European Parliament and of the Council ( *4 ), except where they hold a valid residence permit or a valid long-stay visa;
the following subparagraphs are added:
‘For a transitional period established pursuant to Article 83(1) and (2) of Regulation (EU) 2018/1240, the use of the European Travel Information and Authorisation System (ETIAS) shall be optional and the requirement to be in possession of a valid travel authorisation set out in point (b) of the first subparagraph of this paragraph shall not apply. Member States shall inform third-country nationals subject to the travel authorisation requirement crossing the external borders of the requirement to have a valid travel authorisation from the expiry of the transitional period. For this purpose, Member States shall distribute a common leaflet to this category of travellers as referred to in Article 83(2) of Regulation (EU) 2018/1240.
During a grace period established pursuant to Article 83(3) of Regulation (EU) 2018/1240 the border authorities shall exceptionally allow third-country nationals subject to the travel authorisation requirement who are not in possession of a travel authorisation to cross the external borders where they fulfil all the remaining conditions of this Article, provided that they are crossing the external borders of the Member States for the first time since the end of the transitional period referred to in Article 83(1) and (2) of Regulation (EU) 2018/1240. Border authorities shall inform such third-country nationals of the requirement to be in possession of a valid travel authorisation in accordance with this Article. For this purpose, the border authorities shall distribute to these travellers a common leaflet as referred to in Article 83(3) of Regulation (EU) 2018/1240 informing them that they are exceptionally allowed to cross the external borders while not fulfilling the obligation to be in possession of a valid travel authorisation and explaining that obligation.’.
Article 8(3) is amended as follows:
in point (a), point (ii) is replaced by the following:
verification that the travel document is accompanied, where applicable, by the requisite visa, travel authorisation or residence permit;’
the following point is inserted:
‘(ba) if the third-country national holds a travel authorisation referred to in point (b) of Article 6(1) of this Regulation the thorough checks on entry shall also comprise the verification of the authenticity, validity and status of the travel authorisation and, if applicable, of the identity of the holder of the travel authorisation through consultation of ETIAS in accordance with Article 47 of Regulation (EU) 2018/1240. Where it is technically impossible to proceed with the consultation or to perform the search that are referred to in Article 47(1) and (2) of Regulation (EU) 2018/1240, Article 48(3) of that Regulation shall apply.’.
In Annex V, Part B, in the standard form for refusal of entry at the border, point (C) in the list of reasons for refusal is replaced by the following:
has no valid visa, travel authorisation or residence permit.’.
Article 81
Amendments to Regulation (EU) 2016/1624
Regulation (EU) 2016/1624 is amended as follows:
In Article 8(1), the following point is inserted:
‘(qa) fulfil the tasks and obligations entrusted to the European Border and Coast Guard Agency referred to in Regulation (EU) 2018/1240 of the European Parliament and of the Council ( *5 ) and ensure the setting up and operation of the ETIAS Central Unit in accordance with Article 7 of that Regulation.
In Chapter II, the following Section is added:
‘
Article 33a
Establishment of the ETIAS Central Unit
Article 82
Amendment to Regulation (EU) 2017/2226
In Article 64 of Regulation (EU) 2017/2226, the following paragraph is added:
CHAPTER XVI
FINAL PROVISIONS
Article 83
Transitional period and transitional measures
During the period of grace, entries into the territories of the Member States not operating the EES shall not be taken into consideration.
Article 84
Use of data for reporting and statistics
The duly authorised staff of the competent authorities of Member States, the Commission, eu-LISA and the ETIAS Central Unit shall have access to consult the following data, solely for the purposes of reporting and statistics, without allowing for individual identification and in accordance with the safeguards related to non-discrimination referred to in Article 14:
application status information;
nationalities, sex and year of birth of the applicant;
the country of residence;
education (primary, secondary, higher or none);
current occupation (job group);
the type of the travel document and three-letter code of the issuing country;
the type of travel authorisation and, for a travel authorisation with limited territorial validity as referred to in Article 44, a reference to the Member State(s) issuing the travel authorisation with limited territorial validity;
the validity period of the travel authorisation; and
the grounds for refusing, revoking or annulling a travel authorisation.
The Commission shall, by means of implementing acts, adopt detailed rules on the operation of the central repository and the data protection and security rules applicable to the repository. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 90(2).
The daily statistics shall be stored in the central repository for reporting and statistics referred to in Article 39 of Regulation (EU) 2019/817.
Article 85
Costs
eu-LISA shall pay particular attention to the risk of costs increases and ensure sufficient monitoring of contractors.
The following costs shall be excluded:
Member States’ project management office (meetings, missions, offices);
hosting of national IT systems (space, implementation, electricity, cooling);
operation of national IT systems (operators and support contracts);
design, development, implementation, operation and maintenance of national communication networks.
Article 86
Revenues
The revenues generated by the ETIAS shall constitute internal assigned revenue in accordance with Article 21(4) of Regulation (EU, Euratom) No 966/2012 of the European Parliament and of the Council ( 20 ). They shall be assigned to cover the costs of the operation and maintenance of ETIAS. Any revenue remaining after covering these costs shall be assigned to the Union budget.
Article 87
Notifications
Three months after ETIAS has started operations in accordance with Article 88, eu-LISA shall publish a consolidated list of those authorities in the Official Journal of the European Union. Member States shall also notify the Commission and eu-LISA of any changes of those authorities without delay. In the event of such changes, eu-LISA shall publish once a year an updated consolidated version of that information. eu-LISA shall maintain a continuously updated public website containing that information.
The Commission shall publish the information referred to in paragraphs 1 and 3 in the Official Journal of the European Union. In the event of changes to the information, the Commission shall publish once a year an updated consolidated version of it. The Commission shall maintain a continuously updated public website containing the information.
Article 88
Start of operations
The Commission shall determine the date from which ETIAS is to start operations once the following conditions have been met:
the necessary amendments to the legal acts establishing the other EU information systems with which interoperability, within the meaning of Article 11 of this Regulation, is to be established with the ETIAS Information System have entered into force, with the exception of the recast of Regulation (EU) No 603/2013;
the Regulation entrusting eu-LISA with the operational management of ETIAS has entered into force;
the necessary amendments to the legal acts establishing the EU information systems referred to in Article 20(2) providing for an access to these databases for the ETIAS Central Unit have entered into force;
the measures referred to in Article 11(9) and (10), Article 15(5), Article 17(3), (5) and (6), Article 18(4), Article 27(3) and (5), Article 33(2) and (3), Article 36(3), Article 38(3), Article 39(2), Article 45(3), Article 46(4), Article 48(4), Article 59(4), point (b) of Article 73(3), Article 83(1), (3), and (4) and Article 85(3) have been adopted;
eu-LISA has declared the successful completion of a comprehensive test of ETIAS;
eu-LISA and the ETIAS Central Unit have validated the technical and legal arrangements to collect and transmit the data referred to in Article 17 to the ETIAS Central System and have notified them to the Commission;
the Member States and the ETIAS Central Unit have notified to the Commission the data concerning the various authorities referred to in Article 87(1) and (3).
Article 89
Exercise of the delegation
Article 90
Committee procedure
Article 91
Advisory group
The responsibilities of eu-LISA’s EES Advisory Group shall be extended to cover ETIAS. That EES-ETIAS Advisory Group shall provide eu-LISA with expertise related to ETIAS in particular in the context of the preparation of its annual work programme and its annual activity report.
Article 92
Monitoring and evaluation
By 10 April 2019 and every six months thereafter during the development phase of the ETIAS Information System, Europol and the European Border and Coast Guard Agency shall submit a report to the European Parliament and to the Council on the state of preparation for the implementation of this Regulation including detailed information about the costs incurred and information as to any risks which may impact the overall costs of the system to be borne by the general budget of the Union in accordance with Article 85.
Once the development is finalised, eu-LISA shall submit a report to the European Parliament and to the Council explaining in detail how the objectives, in particular relating to planning and costs, were achieved as well as justifying any divergences.
Three years after the start of operations of ETIAS and every four years thereafter, the Commission shall evaluate ETIAS and shall make any necessary recommendations to the European Parliament and to the Council. That evaluation shall include:
the querying of Interpol SLTD and TDAWN databases through ETIAS, including information on the number of hits against those Interpol databases, the number of travel authorisations refused following such hits and information on any problems encountered, as well as, if appropriate, an assessment of the need for a legislative proposal amending this Regulation;
the results achieved by ETIAS having regard to its objectives, mandate and tasks;
the impact, effectiveness and efficiency of ETIAS’ performance and its working practices in light of its objectives, mandate and tasks;
an assessment of the security of ETIAS;
the ETIAS screening rules used for the purpose of risk assessment;
the impact of the ETIAS watchlist including the number of travel authorisation applications which were refused for reasons that took into account a positive hit against the ETIAS watchlist;
the possible need to modify the mandate of the ETIAS Central Unit and the financial implications of any such modification;
the impact on fundamental rights;
the impact on diplomatic relations between the Union and the third countries involved;
the revenue generated through the travel authorisation fee, the costs incurred in connection with the development of ETIAS, the costs for the operation of ETIAS, the costs incurred by eu-LISA, Europol and the European Border and Coast Guard Agency in relation to their tasks pursuant to this Regulation, as well as any revenue allocated in accordance with Article 86;
the use of ETIAS for law enforcement purposes on the basis of the information referred to in paragraph 8 of this Article;
the number of applicants being invited for an interview and the percentage it represents of the total number of applicants, the reasons for requesting an interview, the number of remote interviews, the number of decisions where the travel authorisation has been granted, has been granted with a flag or has been refused, and the number of applicants invited to an interview who did not attend it, and if appropriate, an assessment of the need for a legislative proposal amending this Regulation.
The Commission shall transmit the evaluation report to the European Parliament, the Council, the European Data Protection Supervisor and the European Agency for Fundamental Rights.
In order to assess the extent to which the querying of ECRIS-TCN through the ETIAS Central System has contributed to the achievement of the objective of ETIAS, the evaluations referred to in the first subparagraph shall include the following:
a comparison of the number of simultaneous hits, for the same application, in ECRIS-TCN relating to convictions for terrorist offences as listed in the Annex to this Regulation and in SIS relating to alerts for refusal of entry and stay;
a comparison of the number of simultaneous hits, for the same application, in ECRIS-TCN relating to any other criminal offences as listed in the Annex to this Regulation and in SIS relating to alerts for refusal of entry and stay;
for applications where the only hit is in ECRIS-TCN, a comparison of the number of refusals of travel authorisations with the total number of hits reported by the query of ECRIS-TCN.
The ETIAS Fundamental Rights Guidance Board shall provide opinions as regards the evaluations referred to in this paragraph.
The evaluations may be accompanied, where necessary, by legislative proposals.
While respecting the provisions of national law on the publication of sensitive information, each Member State and Europol shall prepare annual reports on the effectiveness of access to data stored in the ETIAS Central System for law enforcement purposes containing information and statistics on:
the exact purpose of the consultation including the type of terrorist offence or other serious criminal offence;
reasonable grounds given for the substantiated suspicion that the suspect, perpetrator or victim is covered by this Regulation;
the number of requests for access to the ETIAS Central System for law enforcement purposes;
the number and type of cases which have resulted in hits;
the number and type of cases in which the urgency procedure referred to in Article 51(4) was used, including those cases where that urgency was not accepted by the ex post verification carried out by the central access point.
A technical solution shall be made available to Member States in order to facilitate the collection of those data pursuant to Chapter X for the purpose of generating statistics referred to in this paragraph. The Commission shall, by means of implementing acts, adopt the specifications of the technical solution. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 90(2).
Article 93
Practical handbook
The Commission shall, in close cooperation with the Member States and the relevant Union agencies, make available a practical handbook, which shall contain guidelines, recommendations and best practices for the implementation of this Regulation. The practical handbook shall take into account relevant existing handbooks. The Commission shall adopt the practical handbook in the form of a recommendation.
Article 94
Ceuta and Melilla
This Regulation shall not affect the special rules applying to the cities of Ceuta and Melilla, as defined in the Declaration of the Kingdom of Spain on the cities of Ceuta and Melilla in the Final Act to the Agreement on the Accession of the Kingdom of Spain to the Convention implementing the Schengen Agreement of 14 June 1985.
Article 95
Financial contribution of the countries associated with the implementation, application and development of the Schengen acquis
Under the relevant provisions of their association agreements, arrangements shall be made in relation to the financial contributions of the countries associated with the implementation, application and development of the Schengen acquis.
Article 96
Entry into force and applicability
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
This Regulation shall apply from the date determined by the Commission in accordance with Article 88, with the exception of Articles 6, 11, 12, 33, 34, 35, 59, 71, 72, 73, Articles 75 to 79, Articles 82, 85, 87, 89, 90, 91, Article 92(1) and (2), Articles 93 and 95, as well as the provisions related to the measures referred to in point (d) of Article 88(1), which shall apply from 9 October 2018.
Article 11b shall apply from 3 August 2021.
The provisions relating to the consultation of Eurodac shall apply from the date the recast of Regulation (EU) No 603/2013 of the European Parliament and of the Council ( 21 ) becomes applicable.
This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.
ANNEX
List of criminal offences referred to in point (a) of Article 17(4)
terrorist offences,
participation in a criminal organisation,
trafficking in human beings,
sexual exploitation of children and child pornography,
illicit trafficking in narcotic drugs and psychotropic substances,
illicit trafficking in weapons, munitions and explosives,
corruption,
fraud, including that against the financial interests of the Union,
laundering of the proceeds of crime and counterfeiting of currency, including the euro,
computer-related crime/cybercrime,
environmental crime, including illicit trafficking in endangered animal species and in endangered plant species and varieties,
facilitation of unauthorised entry and residence,
murder, grievous bodily injury,
illicit trade in human organs and tissue,
kidnapping, illegal restraint and hostage-taking,
organised and armed robbery,
illicit trafficking in cultural goods, including antiques and works of art,
counterfeiting and piracy of products,
forgery of administrative documents and trafficking therein,
illicit trafficking in hormonal substances and other growth promoters,
illicit trafficking in nuclear or radioactive materials,
rape,
crimes within the jurisdiction of the International Criminal Court,
unlawful seizure of aircraft or ships,
sabotage,
trafficking in stolen vehicles,
industrial espionage,
arson,
racism and xenophobia.
( 1 ) Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (OJ L 135, 22.5.2019, p. 27).
( 2 ) Council Regulation (EC) No 539/2001 of 15 March 2001 listing the third countries whose nationals must be in possession of visas when crossing the external borders and those whose nationals are exempt from that requirement (OJ L 81, 21.3.2001, p. 1).
( 3 ) Regulation (EC) No 1931/2006 of the European Parliament and of the Council of 20 December 2006 laying down rules on local border traffic at the external land borders of the Member States and amending the provisions of the Schengen Convention (OJ L 405, 30.12.2006, p. 1).
( 4 ) Directive 2014/66/EU of the European Parliament and of the Council of 15 May 2014 on the conditions of entry and residence of third-country nationals in the framework of an intra-corporate transfer (OJ L 157, 27.5.2014, p. 1).
( 5 ) Directive (EU) 2016/801 of the European Parliament and of the Council of 11 May 2016 on the conditions of entry and residence of third-country nationals for the purposes of research, studies, training, voluntary service, pupil exchange schemes or educational projects and au pairing (OJ L 132, 21.5.2016, p. 21).
( 6 ) Directive 2013/32/EU of the European Parliament and of the Council of 26 June 2013 on common procedures for granting and withdrawing international protection (OJ L 180, 29.6.2013, p. 60).
( 7 ) Council Regulation (EC) No 377/2004 of 19 February 2004 on the creation of an immigration liaison officers network (OJ L 64, 2.3.2004, p. 1).
( 8 ) Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of information between Member States on short-stay visas, long-stay visas and residence permits (VIS Regulation) (OJ L 218, 13.8.2008, p. 60).
( 9 ) Regulation (EU) 2018/1860 of the European Parliament and of the Council of 28 November 2018 on the use of the Schengen Information System for the return of illegally staying third-country nationals (OJ L 312, 7.12.2018, p. 1).
( 10 ) Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and amending the Convention implementing the Schengen Agreement, and amending and repealing Regulation (EC) No 1987/2006 (OJ L 312, 7.12.2018, p. 14).
( 11 ) Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU (OJ L 312, 7.12.2018, p. 56).
( 12 ) Regulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (OJ L 180, 29.6.2013, p. 1).
( 13 ) Regulation (EU) 2019/816 of the European Parliament and of the Council of 17 April 2019 establishing a centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN) to supplement the European Criminal Records Information System and amending Regulation (EU) 2018/1726 (OJ L 135, 22.5.2019, p. 1).
( 14 ) Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (OJ L 135, 22.5.2019, p. 85).
( 15 ) Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second generation Schengen Information System (SIS II) (OJ L 381, 28.12.2006, p. 4).
( 16 ) Council Directive 2001/51/EC of 28 June 2001 supplementing the provisions of Article 26 of the Convention implementing the Schengen Agreement of 14 June 1985 (OJ L 187, 10.7.2001, p. 45).
( 17 ) Directive 2008/115/EC of the European Parliament and of the Council of 16 December 2008 on common standards and procedures in Member States for returning illegally staying third-country nationals (OJ L 348, 24.12.2008, p. 98).
( 18 ) Council Regulation (EU) No 1053/2013 of 7 October 2013 establishing an evaluation and monitoring mechanism to verify the application of the Schengen acquis and repealing the Decision of the Executive Committee of 16 September 1998 setting up a Standing Committee on the evaluation and implementation of Schengen (OJ L 295, 6.11.2013, p. 27).
( 19 ) OJ L 56, 4.3.1968, p. 1.
( *1 ) Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).’.
( *2 ) Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).’.
( *3 ) Council Regulation (EC) No 539/2001 of 15 March 2001 listing the third countries whose nationals must be in possession of visas when crossing the external borders and those whose nationals are exempt from that requirement (OJ L 81, 21.3.2001, p. 1).
( *4 ) Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).’;
( *5 ) Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).’.
( *6 ) Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).’.
( 20 ) Regulation (EU, Euratom) No 966/2012 of the European Parliament and of the Council of 25 October 2012 on the financial rules applicable to the general budget of the Union and repealing Council Regulation (EC, Euratom) No 1605/2002 (OJ L 298, 26.10.2012, p. 1).
( 21 ) Regulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (OJ L 180, 29.6.2013, p. 1).