Accept Refuse

EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

Document 52019PC0004

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL establishing the conditions for accessing other EU information systems for ETIAS purposes and amending Regulation (EU) 2018/1240, Regulation (EC) No 767/2008, Regulation (EU) 2017/2226 and Regulation (EU) 2018/1861

COM/2019/4 final

Brussels, 7.1.2019

COM(2019) 4 final

2019/0002(COD)

Proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

establishing the conditions for accessing other EU information systems for ETIAS purposes and amending Regulation (EU) 2018/1240, Regulation (EC) No 767/2008, Regulation (EU) 2017/2226 and Regulation (EU) 2018/1861


EXPLANATORY MEMORANDUM

1.    CONTEXT OF THE PROPOSAL

Reasons for and objectives of the proposal

In September 2018, the Council and the European Parliament adopted two legislative acts, a Regulation establishing the European Travel Information and Authorisation System (‘ETIAS’) 1 and an amendment of the Europol Regulation for the purpose of establishing ETIAS 2 .

Establishing ETIAS is among efforts undertaken in recent years at EU level to enhance the security of citizens and prevent irregular migration in an open Europe, securing and continuing to strengthen the management of external borders 3 , 4 . The context and the establishment of the system were announced in the 2016 State of the Union speech. President Juncker said: ‘We will defend our borders […] with strict controls […] on everyone crossing them. Every time someone enters or exits the EU, there will be a record of when, where and why. In November [2016] we will propose a European travel information and authorisation system – an automated system to determine who will be allowed to travel to Europe. That way we will know who is travelling to Europe before they even get here.

ETIAS will fill the information gap on travellers exempt from the requirement of being in possession of a visa when crossing the external borders. ETIAS will determine the eligibility of visa-exempt third-country nationals prior to their travel to the Schengen Area and whether such travel poses a security, irregular migration or high epidemic risk. ETIAS will also give travellers confidence that they would be able to cross the borders smoothly. If needed, ETIAS travel authorisation could be denied by ETIAS National Units.

The assessment of such risks will involve automated processing of personal data provided in the applications for travel authorisation. The ETIAS Regulation establishes that personal data in the applications will be compared with the data present in records, files or alerts registered in EU information systems or databases (the ETIAS Central System, Schengen Information System (‘SIS’), the Visa Information System (‘VIS’), the Entry/Exit System ‘(EES’) or Eurodac), in Europol data or in the Interpol databases (the Interpol Stolen and Lost Travel Document database (‘SLTD’) or the Interpol Travel Documents Associated with Notices database (‘TDAWN’)) 5 .

While the Regulation defines in its Article 20 which group of data from the ETIAS application files can be used to consult the other systems, not all those data are collected or recorded in the same way in the other EU information systems and Europol data. For instance in one of the systems, ‘country of issue of the travel document’ is collected while in another the same data is recorded in another way, e.g. as ‘three letter code of the issuing country of the travel document’. In other instances, a category of data is collected in one system but not in the other. For instance, ‘first names of parents of applicants’ are collected by ETIAS, but not in most of the other systems to be queried by ETIAS.

Also at the time the ETIAS proposal 6 was adopted, the situation as regards the different EU information systems to be queried by ETIAS was different from today. At the time the ETIAS proposal was adopted, two other new EU information technology systems had been proposed to be set up: discussions were ongoing on the EES Regulation 7 while the Commission’s proposal on the European Criminal Records Information System – Third Country Nationals (‘ECRIS-TCN’) 8 was just about to be proposed. As regards existing information systems, the legal texts of the SIS were evolving due to the proposed revisions to the SIS legal framework in December 2016, finally adopted by co-legislators in November 2018 9 . The recast of the Eurodac Regulation 10 had also been proposed by the Commission as part of the reform of the Common European Asylum System, but had not yet been adopted by co-legislators 11 . The recast Eurodac Regulation still remains to be adopted by co-legislators today.

Based on these considerations, the ETIAS Regulation stipulates, in its Article 11(2) that: “The amendments to the legal acts establishing the EU information systems that are necessary for establishing their interoperability with ETIAS as well as the addition of corresponding provisions in this Regulation shall be the subject of a separate legal instrument”.

The present proposal therefore aims to set out the technical amendments necessary to fully set up the ETIAS system by amending the legal acts of the EU information technology systems ETIAS queries. The present proposal also sets out coresponding provisions and amends the ETIAS Regulation accordingly.

First, the present initiative sets out amendments to the Regulation on ECRIS-TCN, on which recently, an ‘agreement in principle’ was found by the co-legislators. Thus, in line with the intention expressed by co-legislators in the ETIAS Regulation 12  it is now possible to include in ETIAS the necessary provisions on the relationship between ETIAS and ECRIS-TCN and to amend ECRIS-TCN accordingly.

Secondly, the present initiative also aims to establish the relations between ETIAS and the SIS. The revised SIS legal framework has been adopted in November 2018. The present proposal includes consequential amendments resulting from the adoption of the new SIS Regulations. In line with the new SIS legal framework it is proposed to include the new alert category on inquiry checks 13 for the assessment of applications. It is not proposed to include the alert category on return decisions as such alerts are erased at the moment a return decision is implemented. This means that persons that apply for an ETIAS authorisation after having left the EU will – by definition – not have a return record in the SIS. Thirdly, the present initiative seeks to amend the EES Regulation to establish technically its relationship with ETIAS.

Fourthly, the initiative also aims at amending the VIS Regulation in order to allow VIS to receive, process and answer ETIAS queries. Although in May 2018, the Commission presented a proposal to amend the VIS Regulation in order to upgrade that database, the present initiative puts forward amendments to the VIS Regulation currently in force, as the negotiations on the proposal for the upgraded VIS are not sufficiently advanced. However, if the proposal to amend the VIS Regulation were to be adopted first, it could become necessary to introduce some technical changes in the present proposal to align it with the amended version of the VIS Regulation. If the present proposal is adopted first, some technical changes could be required in the proposal amending the VIS Regulation before its adoption.

In addition, following the adoption of both the EES Regulation and ETIAS Regulation, it is now required to align the way EES and ETIAS are working together on the way EES and VIS are integrated for the purpose of border control process and registration of border crossings in EES. This will rationalise and simplify the work of border guards through the implementation of a more uniform border control process for all third-country national entering for a short stay.

The present initiative however does not include the amendments related to Eurodac, the EU asylum and irregular migration database, given that discussions have not yet been concluded on the May 2016 legislative proposal to strengthen Eurodac 14 . Furthermore, the data available in the current Eurodac are not sufficient for ETIAS purposes, given that the existing Eurodac only stores biometric data and a reference number, but no other personal data (e.g. name(s), age, date of birth) that would allow for contributing to the objectives of ETIAS. The May 2016 legislative proposal for a recast Eurodac Regulation seeks to extend the purpose of the database to the identification of illegally staying third-country nationals and those who have entered the EU irregularly. In particular, it provides for the storage of personal data such as the name(s), age, date of birth, nationality, and identity documents. These identity data are essential to ensure that Eurodac will be able to contribute to the objectives of ETIAS.

Once the co-legislators reach political agreement on the recast Eurodac Regulation, the recast Eurodac Regulation will need to be supplemented with the necessary amendments to connect Eurodac to ETIAS. Additionally, once the co-legislators adopt the Commission’s legislative proposals 15 for the interoperability of information systems for security, border and migration management, and following political agreement on the proposal for a recast Eurodac Regulation, the Commission will apply the same approach with regards to the necessary amendments to make Eurodac part of the interoperability of information systems.

Finally, in line with the April 2016 Communication on "Smarter Information Systems for borders and security", ETIAS is to be built based on a re-use of hardware and software components developed for the EES 16 . This is also the approach followed by the legislative proposals on the interoperability of information systems 17 . The technical development of the common identity repository and the European search portal as foreseen by the legislative proposals on the interoperability of information systems would be developed on the basis of the EES/ETIAS components.

This proposal therefore presents amendments to the ETIAS Regulation to specify that the ETIAS Central System would build upon the EES Central System’s hardware and software components in order to establish a shared identity repository for the storage of the identity alphanumeric data of both ETIAS applicants and third-country nationals registered in EES. This shared identity repository would be the basis for the implementation of the common identity repository once the co-legislators adopt the legislative proposals on the interoperability of information systems. Moreover, during a transitional period, before the European search portal is available, the automated processing of ETIAS applications would rely on a tool, which would be used as the basis for the development and implementation of the European search portal.

Due to the variable geometry in Member States' participation in EU policies in the area of freedom, security and justice, it is necessary to adopt two separate legal instruments which will nonetheless work seamlessly together to enable the comprehensive operation and use of the system.

Existing provisions in the area of the proposal

ETIAS was established by Regulation (EU) 2018/1240 18 . The Regulation specifies the objectives of ETIAS, defines its technical and organisational architecture, lays down rules concerning the operation and the use of the data to be entered into the system by the applicant and rules on the issue or refusal of the travel authorisations, lays down the purposes for which the data are to be processed, identifies the authorities authorised to access the data and specifies rules to ensure the protection of personal data.

In line with the ETIAS Regulation, this proposal introduces amendments to the legal acts establishing the EU information systems that are necessary for establishing their relation with ETIAS. It also adds corresponding provisions in the ETIAS Regulation itself.

This proposal is without prejudice to Directive 2004/38/EC 19 . The proposal does not in any respect amend Directive 2004/38/EC.

Consistency with other Union policies

This proposal is consistent with the European Agenda on Migration and subsequent communications, including the Communication of 14 September 2016 ‘Enhancing security in a world of mobility: improved information exchange in the fight against terrorism and stronger external borders’, as well as the European Agenda on Security 20 and the Commission’s work and progress reports towards an effective and genuine Security Union 21 .

2.LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY

Legal basis

The legal basis for this proposal is composed of Article 77(2)(a), (b) and (d) of the Treaty on the Functioning of the European Union (TFEU).

Under Article 77(2), (a), (b) and (d) TFEU, the European Parliament and the Council can adopt measures concerning the common policy on visas and other short-stay residence permits, the checks to which persons crossing external borders are subject, and any measure necessary for the gradual establishment of an integrated management system for external borders. Those treaty provisions (or their precursor, in the case of Article 77(2)(a) TFEU) were the legal basis for the adoption of the regulations establishing the Visa Information System (Article 62(2)(b)(ii) Treaty on the European Community, succeeded by Article 77(2)(a) TFEU), the Entry Exit System (Article 77(2) (b) and (d) TFEU), the European Travel Information and Authorisation System (Article 77(2) TFEU) and the Schengen Information System with regard to borders (Article 77(2)(b) and (d) TFEU). This proposal has the objective of amending those regulations and relies on Article 77(2)(a), (b) and (d) TFEU for that.

Subsidiarity

The Proposal contains amendments of Regulations setting up EU-wide information systems to manage the external borders and the security of an area without controls at internal borders. Such information technology systems can, by their nature, only be set up at EU level, and not by the Member States acting alone.

Proportionality

This proposal elaborates further on principles already established by the legislator in the ETIAS Regulation.

This becomes apparent from the following elements.

The specifications as regards exchanges of data between ETIAS and each of the other EU information systems are in line with the exchanges of data provided by Articles 20 and 23 of the ETIAS Regulation.

The granting of access rights to identity data in the EU information systems (EES, VIS, SIS, ECRIS-TCN) by the ETIAS Central Unit falls within the scope of responsibilities assigned to the ETIAS Central Unit pursuant to Articles 7, 22 and 75 of the ETIAS Regulation.

The granting of access rights to the other EU information systems for the manual processing of application by the ETIAS National Units falls within the scope of responsibilities assigned to the ETIAS National Units pursuant to Article 8 and Chapter IV of the ETIAS Regulation.

Including in this proposal the inclusion of alerts concerning an inquiry check are coherent with the provisions on the support of objectives of SIS in Article 23 ETIAS Regulation.

This proposal is proportionate in that it does not go further than what is required in terms of action at EU level to reach the objectives.

Choice of the instrument

A regulation of the European Parliament and the Council is proposed. The proposed legislation addresses the operation of central EU information systems for borders and security, all of which have been - or are proposed to be - established under regulations. As a consequence, only a regulation can be chosen as a legal instrument.

3.RESULTS OF EX-POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS

Stakeholder consultations

The ETIAS proposal was developed on the basis of a feasibility study. As part of this study, the Commission collected the views of Member State experts on border control and security. In addition, the main elements of the ETIAS proposal were discussed in the framework of the High-Level Expert Group on Interoperability that was set up as a follow-up of the Communication on Stronger and Smarter Borders of 6 April 2016. Consultation took also place with representatives of the air, sea and rail carriers, as well as with representatives of EU Member States with external land borders. As part of the feasibility study, a consultation of the Fundamental Rights Agency was also undertaken.

This proposal only introduces limited technical changes, mirroring provisions that are already established in the ETIAS Regulation. These limited technical adjustments do not justify having separate stakeholder consultations.

Impact assessment

This proposal is not supported by an impact assessment. The proposal is coherent with the ETIAS Regulation, the proposal of which was based on the results of the feasibility study conducted from June until October 2016.

As this proposal does not contains new political elements but merely introduces limited technical changes, mirroring provisions that are already established in the ETIAS Regulation, a impact assessment is not necessary.

Fundamental rights

As compared to the ETIAS Regulation, this proposal only specifies in more details which data is to be compared to which data in the other EU information systems and provides with the necessary amendments as regards granting access rights to those other systems to ETIAS Central and National Units. Therefore, this proposal complies with the Charter of Fundamental Rights of the European Union, in particular as regards the right to the protection of personal data, and is also in line with Article 16 TFEU which guarantees everyone the right to protection of personal data concerning them.

4.BUDGETARY IMPLICATIONS

The proposal does not have budgetary implications.

5.OTHER ELEMENTS

Participation

This proposal builds upon the Schengen acquis regarding the crossing of external borders and visa.

Therefore the following consequences in relation to the various protocols and agreements with associated countries have to be considered:

Denmark: In accordance with Articles 1 and 2 of the Protocol (no 22) on the position of Denmark, annexed to the Treaty on European Union (TEU) and the Treaty on the Functioning of the European Union (TFEU), Denmark does not take part in the adoption by the Council of measures pursuant to Title V of part Three of the TFEU. Given that this Regulation builds upon the Schengen acquis, Denmark shall, in accordance with Article 4 of that Protocol decide within a period of six months after the Council has decided on this Regulation whether it will implement it in its national law.

United Kingdom and Ireland: In accordance with Articles 4 and 5 of the Protocol integrating the Schengen acquis into the framework of the European Union and Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland, and Council Decision 2002/192/EC of 28 February 2002 concerning Ireland's request to take part in some of the provisions of the Schengen acquis, the United Kingdom and Ireland do not take part in the legal instruments organising and supporting the abolition of controls at internal borders and the flanking measures regarding the controls at external borders and visa.

This Regulation constitutes a development of this acquis, and therefore, the United Kingdom and Ireland are not taking part in the adoption of this Regulation and are not bound by it or subject to its application.

Iceland and Norway: The procedures laid down in the Association Agreement concluded by the Council and the Republic of Iceland and the Kingdom of Norway concerning the latter's association with the implementation, application and development of the Schengen acquis are applicable, since the present proposal builds on the Schengen acquis as defined in Annex A of that Agreement. 22

Switzerland: This Regulation constitutes a development of the provisions of the Schengen acquis, as provided for by the Agreement between the European Union, the European Community and the Swiss Confederation on the latter's association with the implementation, application and development of the Schengen acquis. 23

Liechtenstein: This Regulation constitutes a development of the provisions of the Schengen acquis, as provided for by the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis. 24

Croatia, Cyprus, Bulgaria and Romania: To the extent that it amends the Regulation establishing the ETIAS, this proposal builds on the conditions of entry as described in Article 6 of Regulation (EU) 2016/399, which were to be applied by those Member States upon accession to the European Union. To the extent that this proposal tends to amend the Regulations establishing VIS, SIS and EES, the full application by the four Member States concerned depends on a unanimous Council decision lifting the controls at internal borders with them; in the meantime, account should already be taken of Council Decisions 2010/365/EU 25 , (EU) 2017/733 26 , (EU) 2017/1908 27 and (EU) 2018/934 28 .    

2019/0002 (COD)

Proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

establishing the conditions for accessing other EU information systems for ETIAS purposes and amending Regulation (EU) 2018/1240, Regulation (EC) No 767/2008, Regulation (EU) 2017/2226 and Regulation (EU) 2018/1861

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 77(2)(a), (b) and (d) thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Economic and Social Committee 29 ,

Having regard to the opinion of the Committee of the Regions 30 ,

Acting in accordance with the ordinary legislative procedure,

Whereas:

(1)Regulation (EU) 2018/1240 of the European Parliament and of the Council 31 established the European Travel Information and Authorisation System (‘ETIAS’) for third-country nationals exempt from the requirement to be in possession of a visa when crossing the external borders. It laid down the conditions and procedures to issue or refuse a travel authorisation.

(2)ETIAS enables consideration of whether the presence of those third-country nationals in the territory of the Member States would pose a security, illegal immigration or high epidemic risk.

(3)In order to enable the verification referred to in Article 20 of Regulation (EU) 2018/1240, it is necessary to establish the interoperability referred to in Article 11 of that Regulation. Without this interoperability, ETIAS is unable to start its operations.

(4)This Regulation lays down how this interoperability and the conditions for the consultation of data stored in other EU information systems and Europol data by the ETIAS automated process for the purposes of identifying hits are to be implemented. As a result, it is necessary to amend Regulations of the European Parliament and of the Council (EU) 2018/1240, (EC) No 767/2008 32 , (EU) 2017/2226 33 , (EU) 2018/1861 (SIS border) 34 , in order to connect the ETIAS Central System to the other EU information systems and to Europol data and to specify the data that will be sent to and from those EU information systems and Europol data.

(5)For efficiency reasons and in order to decrease costs, ETIAS should, as provided for in Article 6(3) of Regulation (EU) 2018/1240, re-use hardware and software components developed for the Entry/Exit System (‘EES’) for the development of the shared identity repository. This repository used for the storage of the identity alphanumeric data of both ETIAS applicants and third-country nationals registered in the EES, should be developed in a way enabling its extension to become the future Common Identity Repository. In the same spirit, the tool to be established to enable ETIAS to compare its data with the ones of every other system consulted through a single query should be developed in a way enabling its evolution to become the future European Search Portal.

(6)Technical modalities should be defined to enable ETIAS to regularly and automatically verify in other systems whether the conditions for the retention of application files, as laid down in Regulation (EU) 2018/1240, are still fulfilled.

(7)It is necessary, for the purposes of ensuring the full attainment of ETIAS objectives, as well as to further the Schengen Information System (‘SIS’) objectives, to include in the scope of the automated verifications a new alert category introduced by the recent revision of SIS, namely the alert on persons subject to inquiry checks.

(8)ETIAS travel authorisation may be revoked following the registration in SIS of new alerts on refusal of entry and stay, or concerning a travel document reported as lost, stolen, misappropriated or invalidated. In order for ETIAS Central System to be automatically informed by SIS of such new alerts, an automated process should be established between SIS and ETIAS.

(9)With a view to rationalise and simplify the work of border guards through the implementation of a more uniform border control process for all third-country national entering for a short stay, following the adoption of Regulation (EU) 2017/2226 and Regulation (EU) 2018/1240, it is now desirable to align the way EES and ETIAS are working together on the way EES and VIS are integrated for the purpose of border control process and registration of border crossings in EES.

(10)The conditions under which the ETIAS Central Unit and ETIAS National Units may consult data stored in other EU information systems for the purposes of ETIAS should be safeguarded by clear and precise rules regarding the access by the ETIAS Central Unit and ETIAS National Units to the data stored in other EU information systems, the type of queries and categories of data, all of which should be limited to what is strictly necessary for the performance of their duties. In the same vein, the data stored in the ETIAS application file should only be visible to those Member States that are operating the underlying information systems in accordance with the modalities of their participation. As an example, the provisions of this Regulation relating to the Schengen Information System and the Visa Information System constitute provisions building upon all the provisions of the Schengen acquis, for which the Council Decisions 35 on the application of the provisions of the Schengen acquis relating to the Schengen Information System and the Visa Information System are relevant.

(11)According to Article 73 of Regulation (EU) 2018/1240, the European agency for the operational management of large-scale information systems in the area of freedom, security and justice ('eu-LISA'), established by Regulation (EU) 2018/1726 of the European Parliament and of the Council 36 , should be responsible for the design and development phase of the ETIAS Information System.

(12)This Regulation is without prejudice to Directive 2004/38/EC 37 .

(13)In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the TEU and to the TFEU, Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application. Given that this Regulation builds upon the Schengen acquis, Denmark shall, in accordance with Article 4 of that Protocol, decide within a period of six months after the Council has decided on this Regulation whether it will implement it in its national law.

(14)This Regulation constitutes a development of the provisions of the Schengen acquis in which the United Kingdom does not take part, in accordance with Council Decision 2000/365/EC 38 ; the United Kingdom is therefore not taking part in the adoption of this Regulation and is not bound by it or subject to its application.

(15)This Regulation constitutes a development of the provisions of the Schengen acquis in which Ireland does not take part, in accordance with Council Decision 2002/192/EC 39 ; Ireland is therefore not taking part in the adoption of this Regulation and is not bound by it or subject to its application.

(16)As regards Iceland and Norway, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latters’ association with the implementation, application and development of the Schengen acquis 40 which fall within the area referred to in Article 1, points A and B of Council Decision 1999/437/EC 41 .

(17)As regards Switzerland, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis 42 which fall within the area referred to in Article 1, points A and B of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/146/EC 43 and with Article 3 of Council Decision 2008/149/JHA 44 .

(18)As regards Liechtenstein, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis 45 which fall within the area referred to in Article 1, points A and B of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU 46 and with Article 3 of Council Decision 2011/349/EU 47 .

(19)As regards, Cyprus, Bulgaria, Romania and Croatia, the provisions of this Regulation that amend the Regulation establishing ETIAS constitute provisions building upon, or otherwise related to, the Schengen acquis within, respectively, the meaning of Article 3(1) of the 2003 Act of Accession, Article 4(1) of the 2005 Act of Accession and Article 4(1) of the 2011 Act of Accession respectively.

(20)As regards Cyprus, Bulgaria, Romania and Croatia, the provisions of this Regulation relating to the VIS, the SIS and the EES constitute provisions building upon, or otherwise relating to, the Schengen acquis within, respectively, the meaning of Article 3(2) of the 2003 Act of Accession, Article 4(2) of the 2005 Act of Accession and Article 4(2) of the 2011 Act of Accession read in conjunction with Council Decisions 2010/365/EU 48 , (EU) 2017/733 49 , (EU) 2017/1908 50 and (EU) 2018/934 51 .

(21)Regulations (EU) 2018/1240, (EC) No 767/2008, (EU) 2017/2226, and (EU) 2018/1861 (SIS border) of the European Parliament and of the Council should therefore be amended.

(22)The European Data Protection Supervisor was consulted, in accordance with Article 41(2) of Regulation (EU) 2018/1725 of the European Parliament and the Council 52 ,

HAVE ADOPTED THIS REGULATION:

CHAPTER I: AMENDMENTS TO REGULATION (EU) 2018/1240

Article 1

Amendments to Regulation (EU) 2018/1240 [ETIAS]

(1)in Article 3(1), the following point is added:

“(23) ‘other EU information systems’ means the Entry/Exit System (‘EES’), the Visa Information System (‘VIS’), the Schengen Information System (‘SIS’) and the European Criminal Record Information System – Third Country Nationals (‘ECRIS-TCN’).”;

(2)in Article 4, the following point is added:

53 “(h) support the objectives of the EES.”;

_____________

*     The numeration takes into account the amendment on this Regulation made by the Proposal for a Regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (borders and visa), COM(2018) 478 final”;

(3)in Article 6(3), the following sub-paragraphs are added:

“In particular, the ETIAS Central System shall build upon the EES Central System hardware and software components in order to establish a shared identity repository for the storage of the identity alphanumeric data of both ETIAS applicants and third-country nationals registered in EES. The identity alphanumeric data of ETIAS applicants stored in the shared identity repository shall form part of the ETIAS Central System. [This shared identity repository shall be the basis for the implementation of the Common Identity Repository (‘CIR’) established by Regulation Interoperability.]

This is without prejudice to keeping the EES and ETIAS data logically separated and subject to access as defined in the regulations establishing the respective information systems.”;

(4)Article 11 is replaced by the following:

“Article 11

Interoperability with other EU information systems and Europol data”;

1. Interoperability between the ETIAS Information System, other EU information systems and Europol data shall be established to enable the automated processing referred to in Articles 20, 23, Article 24(6)(c)(ii), Article 41 and Article 54(1)(b).

[Interoperability shall rely on the European Search Portal (‘ESP’), established by Article 6 of Regulation (EU) 2018/XXX (interoperability). During a transitional period, before the ESP is available, the automated processing shall rely on a tool developed by eu-LISA for the purpose of this paragraph. This tool shall be used as the basis for the development and implementation of the ESP, in accordance with Article 52 of that Regulation].

54 2. For the purpose of proceeding to the verifications referred to in Article 20(2)(i), the automated processing referred to in Article 11(1), shall enable the ETIAS Central System to query the VIS, established by Regulation (EC) 767/2008 of the European Parliament and of the Council*, with the following data of Articles 17(2)(a), (ab),(c) and (d) of this Regulation:

(a)surname (family name) ;

(a)surname at birth;

(b)first name(s) (given name(s)) ;

(c)date of birth;

(d)place of birth;

(e)country of birth;

(f)sex;

(g)current nationality;

(h)other nationalities (if any);

(i)type, number, the country of issue of the travel document.

3. For the purpose of proceeding to the verifications referred to in Article 20(2)(g) and (h), the automated processing referred to in Article 11(1), shall enable the ETIAS Central System to query the EES, established by Regulation (EU) 2017/2226, with the following data of Article 17(2)(a) to (d):

(a)surname (family name) ;

(b)surname at birth;

(c)first name(s) (given name(s));

(d)date of birth;

(e)sex;

(f)current nationality;

(g)other names (alias(es);

(h)artistic name(s);

(i)usual name(s));

(j)other nationalities (if any);

(k)type, number, the country of issue of the travel document.

4. For the purpose of proceeding to the verifications referred to in Article 20(2)(c), (m)(ii) and (o), and Article 23(1), the automated processing referred to in Article 11(1), shall enable the ETIAS Central System to query the SIS established by Regulation (EU) 2018/1860 (border checks) with the following data of Articles 17(2)(a) to (d) and Article 17(2)(k):

(a)surname (family name);

(b)surname at birth;

(c)first name(s) (given name(s));

(d)date of birth;

(e)place of birth;

(f)sex;

(g)current nationality;

(h)other names (alias(es);

(i)artistic name(s);

(j)usual name(s));

(k)other nationalities (if any);

(l)type, number, the country of issue of the travel document;

(m)for minors, surname and first name(s) of applicant’s parental authority or legal guardian.

5. For the purpose of proceeding to the verifications referred to in Article 20(2)(a), (d) and (m)(i) and Article 23(1), the automated processing referred to in Article 11(1), shall enable the ETIAS Central System to query the SIS established by Regulation (EU) 2018/1862 (police), with the following data of Articles 17(2)(a) to (d) and Article 17(2)(k):

(a)surname (family name);

(b)surname at birth;

(c)first name(s) (given name(s));

(d)date of birth;

(e)place of birth;

(f)sex ;

(g)current nationality;

(h)other names (alias(es) ;

(i)artistic name(s);

(j)usual name(s));

(k)other nationalities (if any);

(l)type, number, the country of issue of the travel document;

(m)for minors, surname and first name(s) of applicant’s parental authority or legal guardian.

6. For the purpose of proceeding to the verifications referred to in Article 20(2)(n), the automated processing referred to in Article 11(1), shall enable the ETIAS Central System to query the ECRIS-TCN data [in the CIR] established by [Regulation (EU) 2018/XXX], with the following data of Article 17(2)(a) to (d):

(a)surname (family name);

(b)surname at birth;

(c)first name(s) (given name(s));

(d)date of birth;

(e)place of birth;

(f)sex;

(g)current nationality;

(h)other names (alias(es);

(i)artistic name(s);

(j)usual name(s));

(k)other nationalities (if any);

(l)type, number, the country of issue of the travel document;

7.For the purpose of proceeding to the verifications referred to in Article 20(2)(j), the automated processing referred to in Article 11(1) shall enable the ETIAS Central System to query the Europol data, with the information of Article 17(2) as listed in Article 20(2) of this Regulation.

8. Where hits are identified, the tool referred to in Article 11, shall make temporarily available the results in the application file to the ETIAS Central Unit, until the end of the manual process pursuant to Article 22(2) and Article 23(2). Where the data made available correspond to those of the applicant or where doubts remain, the unique ID code of the data having triggered a hit shall be kept in the application file.

Where hits are identified, pursuant to this paragraph, the automated processing shall receive the appropriate notification in accordance with Article 21(1a) of Regulation (EU) 2016/794.

9. A hit shall be triggered where all or some of the data from the ETIAS application file used for the query correspond fully or partially to the data present in a record, alert or file of the other EU information systems consulted. The Commission shall, by means of an implementing act, define partial correspondence, including a degree of probability.

10. For the purpose of paragraph 1, the Commission, shall, by means of an implementing act, define the technical modalities for the implementation of Article 24(6)(c)(ii) and Article 54(1)(b) related to data retention.

11. For the purpose of Article 25(2), Article 28(8) and Article 29(9) when registering the data related to hits into the ETIAS application file, the origin of the data shall be indicated. This shall include the type of the alert, except for alerts referred to in Article 23(1), the source of the data (which other EU information systems or Europol data), the unique identification number used in the source of the data having triggered the hit and the Member State that entered or supplied the data having triggered the hit and, where available, the date and time when the data was entered in the other EU information systems or Europol data.

____________

* Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) (OJ L 218, 13.8.2008, p. 60).”;

(5)the following article is inserted:

“Article 11a
Support of the objectives of the EES

For the purpose of Articles 6, 14 and 17 of Regulation (EU) 2017/2226, an automated process, using the secure communication infrastructure of Article 6(2)(d) of this Regulation, shall query and import from the ETIAS Central System, the information referred to in Article 47(2) of this Regulation, as well as the application number and the end of validity period of an ETIAS travel authorisation, and update the entry/exit record in the EES accordingly.”;

(6)in Article 12, the sole paragraph is numbered as paragraph 1 and the following paragraph is added:

"2. For the purpose of paragraph 1, a cooperation agreement is to be agreed upon between the European Union and INTERPOL. This cooperation agreement shall provide for the modalities for the exchange of information and safeguards for the protection of personal data.";

(7)in Article 20(2), the following point is added:

“(n) whether the applicant corresponds to a person whose data is recorded in the ECRIS-TCN for terrorists offences and other serious criminal offences;

(8)in Article 22 the following paragraph is added:

“7. The ETIAS Information System shall keep records of all data processing operations carried out for assessments under paragraphs 1 to 6 by the ETIAS Central Unit. Those records shall be created and entered automatically in the application file. They shall show the date and time of each operation, the data linked to the hit received, the staff member having performed the manual processing under paragraphs 1 to 6 and the outcome of the verification and the corresponding justification.”;

(9)Article 23 is amended as follows:

(a)point (c) of paragraph 1 is replaced by the following:

“(c) an alert on persons for discreet checks, inquiry checks or specific checks.”;

(b)paragraph 2 is replaced by the following:

“2. Where the comparison referred to in paragraph 1 reports one or several hits, the ETIAS Central System shall send an automated notification to the ETIAS Central Unit. When notified, the ETIAS Central Unit shall have access to the application file and any linked application files, in order to verify whether the applicant’s personal data correspond to the personal data contained in the alert having triggered that hit and if a correspondence is confirmed, the ETIAS Central System shall send an automated notification to the SIRENE Bureau of the Member State that entered the alert. The SIRENE Bureau concerned shall further verify whether the applicant’s personal data correspond to the personal data contained in the alert having triggered the hit and take any appropriate follow-up action.”;

(c)the following paragraph is added:

“5. The ETIAS Information System shall keep records of all data processing operations carried out for assessments under paragraphs 1 to 4 by the ETIAS Central Unit. Those records shall be created and entered automatically in the application file. They shall show the date and time of each operation, the data linked to the hit received, the staff member of the Central Unit having performed the manual processing under paragraphs 1 to 4, the outcome of the verification and the corresponding justification.”;

(10)the following article is inserted:

“Article 25a
Use of other EU information systems for the manual processing of application by the ETIAS National Units

1. Without prejudice to Article 13(1) of this Regulation, ETIAS National Units shall have a direct access to and may consult, in a read-only format, the other EU information systems for examining applications for travel authorisation and adopting decisions relating to those applications in accordance with Article 26 of this Regulation. The ETIAS National Units may consult the data referred to in the following provisions:

(a)Articles 16 to 18 of Regulation (EU) 2017/2226;

(b)Articles 9 to 14 of the Regulation (EC) No 767/2008;

(c)Articles 24 and 25 of the SIS Regulation (EU) No 2018/1861 (Border checks);

(d)Articles 26, 32, 34, 36 and Article 38(2)(k) and (l), of the SIS Regulation (EU) No 2018/1862 (Police);

2.The ETIAS National Units shall also have access to the national criminal records registers in order to obtain the information on third country national and stateless persons convicted for a terrorist offence or other serious criminal offence for the purposes referred to in paragraph 1.

(11)in Article 26(3), point (b) is replaced by the following:

“(b) assess the security or illegal immigration risk and decide whether to issue or refuse a travel authorisation where the hit corresponds to any of the verifications referred to in point (b) and points (d) to (n) of Article 20(2).”;

(12)in Article 41, paragraph 3 is replaced by the following:

“3. Without prejudice to paragraph 2, where a new alert is issued in SIS concerning refusal of entry and stay, or concerning a travel document reported as lost, stolen, misappropriated or invalidated, SIS shall inform the ETIAS Central System. The ETIAS Central System shall verify whether this new alert corresponds to a valid travel authorisation. Where this is the case, the ETIAS Central System shall transfer the application file to the ETIAS National Unit of the Member State having entered the alert. Where a new alert for refusal of entry and stay has been issued, the ETIAS National Unit shall revoke the travel authorisation. Where the travel authorisation is linked to a travel document reported as lost, stolen, misappropriated or invalidated in SIS or SLTD, the ETIAS National Unit shall manually process the application file.”;

(13)Article 88 is amended as follow:

(a)in paragraph 1, point (a) is replaced by the following:

“(a) the necessary amendments to the legal acts establishing the EU information systems referred to in Article 11 with which interoperability, in the meaning of Article 11 of this Regulation, shall be established with the ETIAS Information System have entered into force, with the exception of the Eurodac recast;”

(b)point (d) is replaced by the following:

“(d) the measures referred to in Article 11(8), Article 11(9), Article 15(5), Article 17(3), (5) and (6), Article 18(4), Article 27(3) and (5), Article 33(2) and (3), Article 36(3), Article 38(3), Article 39(2), Article 45(3), Article 46(4), Article 48(4), Article 59(4), Article 73(3)(b), Article 83(1), (3), and (4) and Article 85(3) have been adopted;”;

(c)the following paragraphs are added:

“6. The interoperability, referred to in Article 11, with ECRIS-TCN shall start when [the CIR] enters into operations, which is scheduled in 2022. ETIAS’ operations shall start irrespective of whether that interoperability with ECRIS-TCN is put in place.

7. ETIAS shall start its operations irrespective of whether a cooperation agreement between the European Union and INTERPOL as referred to in Article 12(2) has been concluded and irrespective of whether it is possible to query Interpol’s databases.”.

(14)The second paragraph of Article 96 is amended as follow:

“This Regulation shall apply from the date determined by the Commission in accordance with Article 88, with the exception of Articles 6, 11, 11a, 12, 33, 34, 35, 59, 71, 72, 73, Articles 75 to 79, Articles 82, 85, 87, 89, 90, 91, Article 92(1) and (2), Articles 93 and 95, as well as the provisions related to the measures referred to in point (d) of Article 88(1), which shall apply from 9 October 2018.”

CHAPTER II: AMENDMENTS TO OTHER UNION INSTRUMENTS

Article 2

Amendments to Regulation (EC) No 767/2008 [VIS]

Regulation (EC) No 767/2008 is amended as follows:

(1)in Article 6, paragraph 2 is replaced by the following:

“2. Access to the VIS for consulting the data shall be reserved exclusively to the duly authorised staff of the authorities of each Member State, including to duly authorised staff of the ETIAS National Units, designated pursuant to Article 8 of Regulation (EU) 2018/1240 of the European Parliament and of the Council*, which are competent for the purposes laid down in Articles 15 to 22, and for the duly authorised staff of the national authorities of each Member States and of the EU bodies which are competent for the purposes laid down in [Article 20 and Article 21 of the Regulation 2018/xx on interoperability] limited to the extent that the data are required for the performance of their tasks in accordance with those purposes, and proportionate to the objectives pursued.”;

_____________

* Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).”;

(2)the following articles are inserted:

“Article 18b
Interoperability with ETIAS in the meaning of Article 11 of Regulation (EU) 2018/1240

1.From the start of operations of ETIAS, as provided for in Article 88(1) of Regulation (EU) 2018/1240, the ‘CS-VIS’ shall be connected to the tool referred to in Article 11 of Regulation (EU) 2018/1240 to enable the automated processing referred to in that Article.

2.The automated processing referred to in Article 11 of Regulation (EU) 2018/1240 shall enable the verifications provided for in Article 20 of that Regulation and the subsequent verifications of Articles 22 and 26 of that Regulation.

For the purpose of proceeding to the verifications point (i) of Article 20(2) of Regulation (EU) 2018/1240, the ETIAS Central System shall use the tool referred to in Article 11 of that Regulation to compare the data in ETIAS with the data in the VIS, in accordance with Article 11(8) of that Regulation, using the correspondences listed in the table in annex II.

Article 18c
Access to data from VIS by the ETIAS Central Unit

1.The ETIAS Central Unit, established within the European Border and Coast Guard Agency in accordance with Article 7 of Regulation (EU) 2018/1240, shall have, for the purpose of performing its tasks conferred on it by Regulation (EU) 2018/1240, the right to access and search relevant data in VIS in accordance with Article 11(8) of that Regulation.

2.Where a verification by the ETIAS Central Unit confirms the correspondence between data recorded in the ETIAS application file and data in the EES or where doubts remain, the procedure set out in Article 26 of Regulation (EU) 2018/1240 applies, without prejudice to Article 24 of Regulation (EU) 2018/1240.

Article 18d
Use of VIS for the manual processing by ETIAS National Units

1.Consultation of VIS by ETIAS National Units shall be done using the same alphanumerical data as those used for the automated processing referred to in Article 18b(2).

2.The ETIAS National Units, designated pursuant to Article 8(1) of Regulation (EU) 2018/1240, shall have access to and may consult VIS, in a read-only format, for the purpose of examining applications for travel authorisation pursuant to Article 8(2) of that Regulation. The ETIAS National Units may consult the data referred to in Articles 9 to 14 of this Regulation.

3.Following an access pursuant to paragraph 1, duly authorised staff of the ETIAS National Units shall only record the result of the assessment and shall record this result in the ETIAS application files.”;

(3)the following article is inserted:

“Article 34a
Keeping of logs

For the consultations listed in Article 18b of this Regulation, a log of each data processing operation carried out within VIS and ETIAS shall be kept in accordance with Article 34 of this Regulation and Article 69 of Regulation (EU) No 2018/1240.”;

(4)the annex is numbered as Annex I and the following annex is added:

“Annex II

Table of correspondences referred to in Article 18b

Data of Article 17(2) of Regulation 2018/1240 sent by ETIAS Central System

The VIS corresponding data of Article 9(4) of this Regulation against which the ETIAS data should be checked

surname (family name)

surnames

surname at birth

surnames at birth (former surname(s))

first name(s) (given name(s))

first name(s)

date of birth

date of birth

place of birth

place of birth

country of birth

country of birth

sex

Sex

current nationality

current nationality and nationality at birth

other nationalities (if any)

current nationality and nationality at birth

type of the travel document

type of the travel document

number of the travel document

number of the travel document

country of issue of the travel document

the authority which issued the travel document

Article 3

Amendment to Regulation (EU) 2017/2226 [EES]

Regulation (EU) 2017/2226 is amended as follows:

(1)in Article 6(1), the following point is added:

55 “(k) support the objectives of ETIAS established by Regulation (EU) 2018/1240 of the European Parliament and of the Council*.

_____________

* Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1)”;

(2)the following articles are inserted:

“Article 8a
Automated process with ETIAS

An automated process, using the secure communication infrastructure of Article 6(2)(d) of Regulation (EU) 2018/1240, shall enable the EES to create or update the entry/exit record or the refusal of entry record of a visa exempt third country national in the EES in accordance with Articles 14 and 17 of this Regulation.

Where an entry/exit record of a visa exempt third country national is created, the automated process shall enable the Central System of the EES the following:

(a)to query and import from the ETIAS Central System the information referred to in Article 47(2) of Regulation (EU) 2018/1240, the application number and the end of validity period of an ETIAS travel authorisation;

(b)to update the entry/exit record in the EES in accordance with Article 17(2) of this Regulation.

Article 8b
Interoperability with ETIAS in the meaning of Article 11 of Regulation (EU) 2018/1240

1.From the start of operations of ETIAS, as provided for in Article 88(1) of Regulation (EU) 2018/1240, the Central System of the EES shall be connected to the tool referred to in Article 11 of Regulation (EU) 2018/1240 to enable the automated processing referred to in that Article.

2.Without prejudice to Article 24 of Regulation (EU) 2018/1240, the automated processing referred to in Article 11 of Regulation (EU) 2018/1240 shall enable the verifications provided for in Article 20 of that Regulation and the subsequent verifications of Articles 22 and 26 of that Regulation.

For the purpose of proceeding to the verifications referred to in points (g) and (h) of Article 20(2) of Regulation (EU) 2018/1240, the ETIAS Central System shall use the tool referred to in Article 11 of that Regulation to compare the data in ETIAS with the data in the EES, in accordance with Article 11(8) of that Regulation, using the correspondences listed in the table in annex III.

The verifications shall be without prejudice to the specific rules provided for in Article 24(3) of Regulation (EU) No 2018/1240.”;

(3)in Article 9, the following paragraph 2a is inserted:

“2a. The duly authorised staff of the ETIAS National Units, designated pursuant to Article 8 of Regulation (EU) 2018/1240, shall have access to the EES to consult data in a read-only format.”;

(4)in Article 17(2) the following second sub-paragraph is added:

“The following data shall also be entered in the entry/exit record:

(a)the application number;

(b)the end of validity period of an ETIAS travel authorisation;

(c)in case of a travel authorisation with limited territorial validity, the Member State(s) for which it is valid.”;

(5)the following articles are inserted:

“Article 25a
Access to data from the EES by the ETIAS Central Unit

1.The ETIAS Central Unit, established within the European Border and Coast Guard Agency in accordance with Article 7 of Regulation (EU) 2018/1240, shall have, for the purpose of performing its tasks conferred on it by Regulation (EU) 2018/1240, the right to access and search data in the EES in accordance with Article 11(8) of that Regulation.

2.Where a verification by the ETIAS Central Unit confirms the correspondence between data recorded in the ETIAS application file and data in the EES or where doubts remain, the procedure set out in Article 26 of Regulation (EU) 2018/1240 applies.

Article 25b
Use of the EES for the manual processing by ETIAS National Units

1.Consultation of EES by ETIAS National Units referred to in Article 8(1) of Regulation (EU) 2018/1240 shall be done using the same alphanumerical data as those used for the automated processing referred to in Article 8b(2) of this Regulation.

2.The ETIAS National Units shall have access to and may consult the EES, in a read-only format, for the purpose of examining applications for travel authorisation, pursuant to Article 8(2) of that Regulation. The ETIAS National Units may consult the data referred to in Articles 16 to 18 of this Regulation, without prejudice to Article 24 of Regulation (EU) 2018/1240.

3.Following an access pursuant to paragraph 1, duly authorised staff of the ETIAS National Units shall record only the result of the assessment and shall record this result in the ETIAS application files.”;

(6)Article 28 is replaced by the following:

“Article 28
Keeping of data retrieved from the EES

Data retrieved from the EES pursuant to Articles 24, 25, 26 and 27 may be kept in national files and data retrieved from the EES pursuant to Article 25a may be kept in the ETIAS application files only where necessary in an individual case, in accordance with the purpose for which they were retrieved and with relevant Union law, in particular on data protection, and for no longer than strictly necessary in that individual case.”;

(7) in Article 46(2), the following second subparagraph is added:

“ For the consultations listed in Articles 8a, 8b and 25a of this Regulation, a log of each data processing operation carried out within the EES and ETIAS shall be kept in accordance with this Article and Article 69 of Regulation (EU) No 2018/1240.”;

(8)The following annex is added:

“Annex III

Table of correspondences referred to in Article 8b

Data of Article 17(2) of Regulation 2018/1240 sent by ETIAS Central System

The EES corresponding data of Article 17(1)(a) of this Regulation against which the ETIAS data should be checked

surname (family name)

surnames

surname at birth

surnames

first name(s) (given name(s))

first name or names (given names)

other names (alias(es), artistic name(s), usual name(s))

first name or names (given names)

date of birth

date of birth

sex

sex

current nationality

nationality or nationalities

other nationalities (if any)

nationality or nationalities

type of the travel document

type of the travel document

number of the travel document

number of the travel document

country of issue of the travel document

the three letter code of the issuing country of the travel document

Article 4

Amendments to Regulation (EU) 2018/1861 [SIS Border]

Regulation (EU) No 2018/1861 is amended as follows:

(1)in Chapter III, the following article is added:

“Article 18a
Keeping of logs for the purpose of the interoperability with ETIAS in the meaning of Article 11 of Regulation (EU) 2018/1240

Logs of each data processing operation carried out within SIS and ETIAS pursuant to Article 36a and 36b shall be kept in accordance with Article 18 of this Regulation and Article 69 of Regulation (EU) No 2018/1240 of the European Parliament and of the Council.*

_____________

* Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).”;

(2)in Article 34(1), the following point is added:

“(g) manual processing of ETIAS applications by the ETIAS National Unit, pursuant to Article 8 of Regulation (EU) 2018/1240.”;

(3)the following articles are inserted:

“Article 36a
Access to SIS data by the ETIAS Central Unit

1.The ETIAS Central Unit, established within the European Border and Coast Guard Agency in accordance with Article 7 of Regulation (EU) 2018/1240, shall have, for the purpose of performing its tasks conferred on it by Regulation (EU) 2018/1240, the right to access and search relevant data entered in SIS. The provisions of Article 36(4)-(8) apply to this access and search.

2.Without prejudice to Article 24 of Regulation (EU) 2018/1240, where a verification by the ETIAS Central Unit confirms the correspondence of the data recorded in the ETIAS application file to an alert in SIS, the procedure set out in Article 26 of Regulation (EU) 2018/1240 applies.

Article 36b
Interoperability with ETIAS in the meaning of Article 11 of Regulation (EU) 2018/1240

1.From the start of operations of ETIAS, as provided for in Article 88(1) of Regulation (EU) 2018/1240, the Central System of SIS shall be connected to the tool referred to in Article 11 of Regulation (EU) 2018/1240 to enable the automated processing referred to in that Article.

2.For the purpose of proceeding to the verifications of Article 20(2)(c), (m)(ii) and (o) of Regulation (EU) 2018/1240, the ETIAS Central System shall use the tool, referred to in Article 11 of that Regulation, to compare the data referred to in Article 11(4) Regulation (EU) 2018/1240, to data in SIS, in accordance with Article 11(8) of that Regulation.

3.Where a new alert referred to in Article 41(3) of Regulation (EU) 2018/1240 is entered in SIS, the Central System shall transmit the information on this alert, using the automated processing and the tool referred to in Article 11 of that Regulation, to the ETIAS Central System, in order to verify whether this new alert corresponds to an existing travel authorisation.”.;

CHAPTER III: FINAL PROVISIONS

Article 5

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

It shall apply from the date determined in accordance with the second paragraph of Article 96 of Regulation (EU) 2018/1240.

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.

Done at Brussels,

For the European Parliament    For the Council

The President    The President

(1)    Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).
(2)    Regulation (EU) 2018/1241 of the European Parliament and of the Council of 12 September 2018 amending Regulation (EU) 2016/794 for the purpose of establishing a European Travel Information and Authorisation System (ETIAS (OJ L 236, 19.9.2018, p. 72).
(3)    COM(2016) 602 final.
(4)    COM(2016) 205 final.
(5)    Article 20(2) and Article 23(1) of Regulation (EU) 2018/1240 referred to in footnote (1).
(6)    COM(2016) 731 final.
(7)    Regulation (EU) 2017/2226 establishing an Entry/Exit System (EES) of 9 December 2017, OJ L 327, p. 20.
(8)    COM(2017) 344 final.
(9)    COM(2016) 883 final, COM(2016) 882 final, COM(2016) 881 final.
(10)    Regulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (OJ L 180, 29.6.2013, p. 1).
(11)    The ETIAS Regulation has maintained references to Eurodac which were part of the Commission ETIAS proposal, while specifying, in Article 97 of the ETIAS Regulation (EU) 2018/1240, that provisions relating to the consultation of Eurodac will only apply once the recast of Eurodac will apply.
(12)    Recital (58) of Regulation (EU) 2018/1240 referred to in footnote (1).
(13)    Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU.
(14)    COM(2016) 272 final.
(15)    COM(2018) 478 final and COM(2018) 480 final.
(16)    Regulation (EU) 2226/2017 establishing an Entry/Exit System (EES) of 9 December 2017, OJ L 327, p. 20.
(17)    COM(2018) 478 final and COM(2018) 480 final.
(18)    See footnote (1).
(19)    Directive 2004/38/EC of the European Parliament and of the Council of 29 April 2004 on the right of citizens of the Union and their family members to move and reside freely within the territory of the Member States amending Regulation (EEC) No 1612/68 and repealing Directives 64/221/EEC, 68/360/EEC, 72/194/EEC, 73/148/EEC, 75/34/EEC, 75/35/EEC, 90/364/EEC, 90/365/EEC and 93/96/EEC (OJ L 158, 30.4.2004, p. 77).
(20)    COM(2015) 185 final.
(21)    COM(2018) 470 final.
(22)    OJ L 176, 10.7.1999, p. 36.
(23)    OJ L 53, 27.2.2008, p. 52.
(24)    OJ L 160, 18.6.2011, p. 19.
(25)    Council Decision 2010/365/EU of 29 June 2010 on the application of the provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Bulgaria and Romania ( OJ L 166, 1.7.2010, p. 17).
(26)    Council Decision (EU) 2017/733 of 25 April 2017 on the application of the provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Croatia (OJ L 108, 26.4.2017, p. 31).
(27)    Council Decision (EU) 2017/1908 of 12 October 2017 on the putting into effect of certain provisions of the Schengen acquis relating to the Visa Information System in the Republic of Bulgaria and Romania (OJ L 269, 19.10.2017, p. 39–43).
(28)    Council Decision (EU) 2018/934 of 25 June 2018 on the putting into effect of the remaining provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Bulgaria and Romania (OJ L 165, 2.7.2018, p. 37).
(29)    OJ C , , p. .
(30)    OJ C , , p. .
(31)    Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).
(32)    Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) (OJ L 218, 13.8.2008, p. 60).
(33)    Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011 (OJ L 327, 9.12.2017, p. 20).
(34)    Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and amending the Convention implementing the Schengen Agreement, and amending and repealing Regulation (EC) No 1987/2006 (OJ L 312, 7.12.2018, p. 14).
(35)    Council Decision 2010/365/EU of 29 June 2010 on the application of the provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Bulgaria and Romania ( OJ L 166, 1.7.2010, p. 17); Council Decision (EU) 2017/733 of 25 April 2017 on the application of the provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Croatia (OJ L 108, 26.4.2017, p. 31); Council Decision (EU) 2017/1908 of 12 October 2017 on the putting into effect of certain provisions of the Schengen acquis relating to the Visa Information System in the Republic of Bulgaria and Romania (OJ L 269, 19.10.2017, p. 39–43); Council Decision (EU) 2018/934 of 25 June 2018 on the putting into effect of the remaining provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Bulgaria and Romania (OJ L 165, 2.7.2018, p. 37).
(36)    Regulation (EU) 2018/1726 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), and amending Regulation (EC) No 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) No 1077/2011 (OJ L 295, 21.11.2018, p. 99).
(37)    OJ L 158, 30.4.2004, p. 77.
(38)    Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis (OJ L 131, 1.6.2000, p. 43).
(39)    Council Decision 2002/192/EC of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen acquis (OJ L 64, 7.3.2002, p. 20).
(40)    OJ L 176, 10.7.1999, p. 36.
(41)    Council Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis (OJ L 176, 10.7.1999, p. 31).
(42)    OJ L 53, 27.2.2008, p. 52.
(43)    Council Decision 2008/146/EC of 28 January 2008 on the conclusion, on behalf of the European Community, of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (OJ L 53, 27.2.2008, p. 1).
(44)    Council Decision 2008/149/JHA of 28 January 2008 on the conclusion on behalf of the European Union of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (OJ L 53, 27.2.2008, p. 50).
(45)    OJ L 160, 18.6.2011, p. 21.
(46)    Council Decision 2011/350/EU of 7 March 2011 on the conclusion, on behalf of the European Union, of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis, relating to the abolition of checks at internal borders and movement of persons (OJ L 160, 18.6.2011, p. 19).
(47)    Council Decision 2011/349/EU of 7 March 2011 on the conclusion on behalf of the European Union of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis relating in particular to judicial cooperation in criminal matters and police cooperation (OJ L 160, 18.6.2011, p. 1).
(48)    Council Decision 2010/365/EU of 29 June 2010 on the application of the provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Bulgaria and Romania ( OJ L 166, 1.7.2010, p. 17).
(49)    Council Decision (EU) 2017/733 of 25 April 2017 on the application of the provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Croatia (OJ L 108, 26.4.2017, p. 31).
(50)    Council Decision (EU) 2017/1908 of 12 October 2017 on the putting into effect of certain provisions of the Schengen acquis relating to the Visa Information System in the Republic of Bulgaria and Romania (OJ L 269, 19.10.2017, p. 39–43).
(51)    Council Decision (EU) 2018/934 of 25 June 2018 on the putting into effect of the remaining provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Bulgaria and Romania (OJ L 165, 2.7.2018, p. 37).
(52)    Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).
(53)    The numeration takes into account the amendment on this Regulation made by the Proposal for a Regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (borders and visa), COM(2018) 478 final.
(54)    The numeration takes into account the amendment on this Regulation made by the Proposal for a Regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (borders and visa), COM(2018) 478 final.
(55)    The numeration takes into account the amendment on this Regulation made by the Proposal for a Regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (borders and visa), COM(2018) 478 final.
Top