EUROPEAN COMMISSION

Brussels,13.6.2018

COM(2018) 480 final

2017/0352(COD)

Amended proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

on establishing a framework for interoperability between EU information systems (police and judicial cooperation, asylum and migration) and amending [Regulation (EU) 2018/XX [the Eurodac Regulation],] Regulation (EU) 2018/XX [the Regulation on SIS in the field of law enforcement], Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] and Regulation (EU) 2018/XX [the eu-LISA Regulation]

{SWD(2017) 473 final}
{SWD(2017) 474 final}

EXPLANATORY MEMORANDUM

1.CONTEXT OF THE PROPOSAL

•Background of the proposal

In the past three years, the EU has experienced an increase in irregular border crossings into the EU, and an evolving and ongoing threat to internal security as demonstrated by a series of terrorist attacks. EU citizens expect external border controls on persons, and checks within the Schengen area, to be effective, to enable effective management of migration and to contribute to internal security. These challenges have brought into sharper focus the urgent need to join up and strengthen in a comprehensive manner the EU’s information tools for border management, migration and security.

Information management in the EU can and must be made more effective and efficient, in full respect of fundamental rights including, in particular, the right to the protection of personal data, in order to better protect the EU’s external borders, improve the management of migration and enhance internal security for the benefit of all citizens. There are already a number of information systems at EU level, and more systems are being developed, to provide border guards, immigration and law enforcement officers with relevant information on persons. For this support to be effective, the information provided by EU information systems needs to be complete, accurate and reliable. However, there are structural shortcomings in the EU information management architecture. National authorities face a complex landscape of differently governed information systems. Moreover, the architecture of data management for borders and security is fragmented, as information is stored separately in unconnected systems. This leads to blind spots. As a consequence, the various information systems at EU level are currently not interoperable — that is, able to exchange data and share information so that authorities and competent officials have the information they need, when and where they need it. Interoperability of EU-level information systems can significantly contribute to eliminating the current blind spots where persons, including those possibly involved in terrorist activities, can be recorded in different, unconnected databases under different aliases.

In April 2016, the Commission presented a Communication Stronger and smarter information systems for borders and security 2 to address a number of structural shortcomings related to information systems. 3  The aim of the April 2016 Communication was to initiate a discussion on how information systems in the European Union can better enhance border and migration management and internal security. The Council, for its part, similarly recognised the urgent need for action in this area. In June 2016, it endorsed a roadmap to enhance information exchange and information management including interoperability solutions in the Justice and Home Affairs area. 4 The purpose of the roadmap was to support operational investigations and to swiftly provide front-line practitioners — such as police officers, border guards, public prosecutors, immigration officers and others — with comprehensive, topical and high-quality information to cooperate and act effectively. The European Parliament has also urged action in this area. In its July 2016 Resolution 5 on the Commission’s work programme for 2017, the European Parliament called for ‘proposals to improve and develop existing information systems, address information gaps and move towards interoperability, as well as proposals for compulsory information sharing at EU level, accompanied by necessary data protection safeguards’. President Juncker's State of the Union address in September 2016 6 and the European Council conclusions of December 2016 7 highlighted the importance of overcoming the current shortcomings in data management and of improving the interoperability of existing information systems.

In June 2016, as a follow-up to the April 2016 Communication, the Commission set up a high-level expert group on information systems and interoperability 8 in order to address the legal, technical and operational challenges of enhancing interoperability between central EU systems for borders and security, including their necessity, technical feasibility, proportionality and data protection implications. The final report of the high-level expert group was published in May 2017. 9 It set out a range of recommendations to strengthen and develop the EU’s information systems and their interoperability. The EU Agency for Fundamental Rights, the European Data Protection Supervisor and the EU Counter-Terrorism Coordinator all participated actively in the work of the expert group. Each submitted supportive statements, while acknowledging that wider issues on fundamental rights and data protection had to be addressed in moving forward. Representatives of the Secretariat of the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs and of the General Secretariat of the Council attended as observers. The high-level expert group concluded that it is necessary and technically feasible to work towards practical solutions for interoperability and that they can, in principle, both deliver operational gains and be established in compliance with data protection requirements.

Building on the expert group’s report and recommendations, the Commission set out, in the Seventh progress report towards an effective and genuine Security Union, 10 a new approach to the management of data for borders, security and migration management where all centralised EU information systems for security, border and migration management are interoperable in full respect of fundamental rights. The Commission announced its intention to pursue work towards creating a European search portal capable of querying simultaneously all relevant EU systems in the areas of security, border and migration management, possibly with more streamlined rules for law enforcement access, and to develop for these systems a shared biometric matching service (possibly with a hit-flagging functionality 11 ) and a common identity repository. It announced its intention to present, as soon as possible, a legislative proposal on interoperability.

The European Council conclusions of June 2017 12 reiterated the need to act. Building on the June 2017 conclusions 13 of the Justice and Home Affairs Council, the European Council invited the Commission to prepare, as soon as possible, draft legislation enacting the recommendations made by the high-level expert group. This initiative also responds to the Council’s call for a comprehensive framework for law enforcement access to the various databases in the area of justice and home affairs, with a view to greater simplification, consistency, effectiveness and attention to operational needs 14 . In order to reinforce the efforts to make the European Union a safer society, in full compliance with fundamental rights, the Commission announced, in the context of its 2018 Work Programme 15 , a proposal on the interoperability of information systems to be presented by the end of 2017.

•Objectives of the proposal

The general objectives of this initiative result from the Treaty-based goals of improving the management of the Schengen external borders and contributing to the internal security of the European Union. They also stem from policy decisions by the Commission and relevant (European) Council Conclusions. These objectives are further elaborated in the European Agenda on Migration and subsequent communications, including the Communication on preserving and strengthening Schengen, 16 the European Agenda on Security 17 and the Commission’s work and progress reports towards an effective and genuine Security Union. 18  

Whilst building in particular on the April 2016 Communication and the findings of the high-level expert group, the objectives of this proposal are intrinsically linked to the above.

The specific objectives of this proposal are to:

(1)ensure that end-users, particularly border guards, law enforcement officers, immigration officials and judicial authorities have fast, seamless, systematic and controlled access to the information that they need to perform their tasks;

(2)provide a solution to detect multiple identities linked to the same set of biometric data, with the dual purpose of ensuring the correct identification of bona fide persons and combating identity fraud;

(3)facilitate identity checks of third-country nationals, on the territory of a Member State, by police authorities; and

(4)facilitate and streamline access by law enforcement authorities to non-law enforcement information systems at EU level, where necessary for the prevention, investigation, detection or prosecution of serious crime and terrorism.

In addition to these primary operational objectives, this proposal will also contribute to:

·facilitating the technical and operational implementation by Member States of existing and future new information systems;

·strengthening and streamlining the data security and data protection conditions that govern the respective systems; and

·improving and harmonising data quality requirements of the respective systems.

Finally, this proposal includes provisions for the establishment and governance of the Universal Message Format (UMF) as an EU standard for the development of information systems in the area of justice and home affairs, and the establishment of a central repository for reporting and statistics.

•Scope of the proposal

Together with its sister proposal presented the same day, this interoperability proposal focuses on the EU information systems for security, border and migration management that are operated at the central level, three of them existing, one on the brink of development, and two others at the stage of proposals under discussion between co-legislators. Each system has its own objectives, purposes, legal bases, rules, user groups and institutional context.

The three existing centralised information systems so far are:

·the Schengen Information System (SIS) with a broad spectrum of alerts on persons (refusals of entry or stay, EU arrest warrant, missing persons, judicial procedure assistance, discreet and specific checks) and objects (including lost, stolen and invalidated identity or travel documents); 19

·the Eurodac system with fingerprint data of asylum applicants and third-country nationals who have crossed the external borders irregularly or who are illegally staying in a Member State; and

·the Visa Information System (VIS) with data on short-stay visas.

In addition to these existing systems, the Commission proposed in 2016-2017 three new centralised EU information systems:

·the Entry/Exit System (EES), for which the legal basis has just been agreed, which will replace the current system of manual stamping of passports and will electronically register the name, type of travel document, biometrics and the date and place of entry and exit of third-country nationals visiting the Schengen area for a short stay;

·the proposed European Travel Information and Authorisation System (ETIAS), which would, once adopted, be a largely automated system that would gather and verify information submitted by visa-exempt third-country nationals ahead of their travel to the Schengen area; and

·the proposed European Criminal Record Information System for third-country nationals (ECRIS-TCN system), which would be an electronic system for exchanging information on previous convictions handed down against third-country nationals by criminal courts in the EU.

These six systems are complementary and — with the exception of the Schengen Information System (SIS) — exclusively focused on third-country nationals. The systems support national authorities in managing borders, migration, visa processing and asylum, and in fighting crime and terrorism. The latter applies in particular to the SIS, which is the most widely used law enforcement information-sharing instrument today.

In addition to these information systems, centrally managed at EU level, the scope of this proposal also includes Interpol’s Stolen and Lost Travel Documents (SLTD) database, which pursuant to the provisions of the Schengen Borders Code is systematically queried at the EU’s external borders, and Interpol's Travel Documents Associated with Notices (TDAWN) database. It also covers Europol data, as far as this is relevant for the functioning of the proposed ETIAS system and for assisting Member States when querying data on serious crime and terrorism.

National information systems and decentralised EU information systems are outside the scope of this initiative. Provided that the necessity will be demonstrated, decentralised systems such as those operated under the Prüm framework, 20 the Passenger Name Record (PNR) Directive 21 and the Advance Passenger Information Directive 22 may at a later stage be linked up to one or more of the components proposed under this initiative. 23

To respect the distinction between the matters which constitute a development of the Schengen acquis regarding borders and visa on the one hand and other systems which concern the Schengen acquis on police cooperation or are not related to the Schengen acquis on the other, this proposal deals with access to the Visa Information System, the Schengen Information System as currently regulated by Regulation (EC) No 1987/2006, the Entry-Exit System and the European Travel information and Authorisation System.

•The necessary technical components to achieve interoperability

In order to achieve the objectives of this proposal, four interoperability components need to be established:

·European search portal — ESP

·Shared biometric matching service — shared BMS

·Common identity repository — CIR

·Multiple-identity detector — MID

Each of these components is described in detail in the Commission Staff Working Document on the impact assessment accompanying this proposal.

The four components combined lead to the following interoperability solution:

The objectives and functioning of these four components can be summarised as follows:

(1)    The European search portal (ESP) is the component that would enable the simultaneous query of multiple systems (Central-SIS, Eurodac, VIS, the future EES, and the proposed ETIAS and ECRIS-TCN systems, as well as the relevant Interpol systems and Europol data) using identity data (both biographical and biometric). It would ensure that users of the EU information systems have fast, seamless, efficient, systematic and controlled access to all information that they need to perform their tasks.

A query through the European search portal would immediately, in a matter of seconds, return information from the various systems to which the user has legal access. Depending on the purpose of the query, and the corresponding access rights, the ESP would be provided with specific configurations.

The ESP does not process any new data, and it does not store any data; it would act as a single window or ‘message broker’ to query various central systems and retrieve the necessary information seamlessly, and would do so in full respect of the access control and data protection requirements of the underlying systems. The ESP would facilitate the correct and authorised use of each of the existing EU information systems, and would make it easier and cheaper for Member States to consult and use the systems, in line with the legal instruments that govern these systems.

(2)    The shared biometric matching service (shared BMS) would enable the querying and comparison of biometric data (fingerprints and facial images) from several central systems (in particular, SIS, Eurodac, VIS, the future EES and the proposed ECRIS-TCN system). The proposed ETIAS will not contain biometric data and would therefore not be linked to the shared BMS.

Where each existing central system (SIS, Eurodac, VIS) currently has a dedicated, proprietary search engine for biometric data 24 , a shared biometric matching service would provide a common platform where the data is queried and compared simultaneously. The shared BMS would generate substantial benefits in terms of security, cost, maintenance and operation by relying on one unique technological component instead of five different ones. The biometric data (fingerprint and facial images) are exclusively retained by the underlying systems. The shared BMS would create and retain a mathematical representation of the biometric samples (a template) but would discard the actual data, which remains thus stored in one location, only once.

The shared BMS would be a key enabler to help detect connections between data sets and different identities assumed by the same person in different central systems. Without a shared BMS, none of the other three components will be able to function.

(3) The common identity repository (CIR) would be the shared component for storing biographical 25 and biometric identity data of third-country nationals recorded in Eurodac, VIS, the future EES, the proposed ETIAS and the proposed ECRIS-TCN system. Each of these five central systems records or will record biographical data on specific persons for specific reasons. This would not change. The relevant identity data would be stored in the CIR but would continue to 'belong' to the respective underlying systems that recorded this data.

The CIR would not contain SIS data. The complex technical architecture of SIS containing national copies, partial national copies and possible national biometric matching systems would make the CIR very complex to a degree where it may no longer be technically and financially feasible.

The key objective of the CIR is to facilitate the biographical identification of a third-country national. It would offer increased speed of operations, improved efficiency and economies of scale. The establishment of the CIR is necessary to enable effective identity checks of third-country nationals, including on the territory of a Member State. In addition, by adding a ‘hit-flag functionality’ to the CIR it would be possible to check the presence (or non-existence) of data in any of the systems covered by the CIR through a simple hit/no-hit notification. This way, the CIR would also help streamlining of access by law enforcement authorities to non-law enforcement information systems, while maintaining a high data protection safeguard (see the section on the two-step approach to law enforcement access, hereunder).

Out of the five systems to be covered by the CIR, the future EES, the proposed ETIAS and the proposed ECRIS-TCN system are new systems that still need to be developed. The current Eurodac does not have biographical data; this extension will be developed once the new legal base for Eurodac is adopted. The current VIS does contain biographical data, but the necessary interactions between VIS and the future EES will require an upgrading of the existing VIS. The creation of the CIR therefore would arrive at the right moment. It would not in any way involve duplicating existing data. Technically, the CIR would be developed on the basis of the EES/ETIAS platform.

(4) The multiple-identity detector (MID) would check whether the queried identity data exists in more than one of the systems connected to it. The MID covers the systems that store identity data in the CIR (Eurodac, VIS, the future EES, the proposed ETIAS and the proposed ECRIS-TCN system) as well as the SIS. The MID would enable the detection of multiple identities linked to the same set of biometric data, with the dual purpose of ensuring the correct identification of bona fide persons and combating identity fraud.

The MID would enable to establish that different names belong to the same identity. It is a necessary innovation to effectively address the fraudulent use of identities, which is a serious breach of security. The MID would only show those biographical identity records that have a link in different central systems. These links would be detected by using the shared biometric matching service on the basis of biometric data and would need to be confirmed or rejected by the authority that recorded the data in the information system that led to the creation of the link. To assist the authorised users of the MID in this task, the system would need to label the identified links in four categories:

·Yellow link -    potentially differing biographical identities on the same person

·White link - confirmation that the different biographical identities belong to the same bona fide person

·Green link - confirmation that different bona fide persons happen to share the same biographic identity

· Red link - suspicion that different biographical identities are unlawfully used by the same person.

This proposal describes the procedures that would be put in place to handle these different categories. The identity of affected bona fide persons should be disambiguated as quickly as possible, by turning the yellow link into a confirmed green or white link, so as to ensure that no unnecessary inconveniences will be faced. Where, on the other hand, the assessment leads to the confirmation of a red link, or a change from a yellow into a red link, appropriate action would need to be taken.

•    The two-step approach to law enforcement access as provided by the common    identity repository

Law enforcement is defined as a secondary or ancillary objective of Eurodac, VIS, the future EES and the proposed ETIAS. As a result, the possibility of accessing data stored in these systems for the purpose of law enforcement is restricted. Law enforcement authorities can only consult directly these non-law enforcement information systems for the purpose of prevention, investigation, detection or prosecution of terrorism and other serious criminal offences. Moreover, the respective systems are governed by different access conditions and safeguards and some of those current rules could hinder the speed of the legitimate use of the systems by these authorities. More generally, the principle of prior search limits the possibility of Member State authorities to consult systems for justified law enforcement purposes and could thereby result in missed opportunities to uncover necessary information.

In its April 2016 Communication, the Commission acknowledged the need to optimise the existing tools for law enforcement purposes, whilst respecting data protection requirements. This necessity was confirmed and reiterated by Member States and relevant agencies in the framework of the high-level expert group. 

In light of the above, by creating the CIR with a so-called 'hit-flag functionality', this proposal introduces the possibility for accessing the EES, the VIS, the ETIAS and Eurodac using a two-step data consultation approach. This two-step approach would not change the fact that law enforcement is a strictly ancillary objective of these systems and therefore needs to follow strict rules for access.

As a first step, a law enforcement officer would launch a query on a specific person using the person's identity data, travel document or biometric data to check whether information on the searched person is stored in the CIR. Where such data is present, the officer will receive a reply indicating which EU information system(s) contains data on this person (the hit-flag). The officer would not have actual access to any data in any of the underlying systems.

As a second step, the officer may individually request access to each system that has been indicated as containing data, in order to obtain the complete file on the queried person, in line with the existing rules and procedures established by each system concerned. This second step access would remain subject to prior authorisation by a designated authority and would continue to require a specific user ID and logging.

This new approach would also bring added value to law enforcement authorities due to the existence of potential links in the MID. The MID would help the CIR identifying existing links, which makes the search even more accurate. The MID would be able to indicate whether the person is known under different identities in different information systems.

The two-step data consultation approach is particularly valuable in cases where the suspect, perpetrator or suspected victim of a terrorist offence or other serious criminal offence is unknown. Indeed, in those cases, the CIR would enable identifying the information system that knows the person in one single search. By doing so, the existing conditions of prior searches in national databases and of a prior search in the automated fingerprint identification system of other Member States under Decision 2008/615/JHA ('Prüm check') become redundant.

The new two-step consultation approach would only enter into force once the necessary interoperability components are fully operational.   

•Additional elements of this proposal to support the interoperability components

(1)    In addition to the above components, this draft Regulation also includes the proposal to establish a central repository for reporting and statistics (CRRS). This repository is necessary to enable the creation and sharing of reports with (anonymous) statistical data for policy, operational and data quality purposes. The current practice of gathering statistical data only on the individual information systems is detrimental to data security and performance and it does not enable the correlating of data across systems.

The CRRS would provide a dedicated, separate repository for anonymous statistics extracted from SIS, VIS, Eurodac, the future EES, the proposed ETIAS, the proposed ECRIS-TCN system, the common identity repository, the multiple-identity detector and the shared biometric matching service. The repository would provide for the possibility of secured sharing of reports (as regulated by the respective legal instruments) to Member States, Commission (including Eurostat) and EU agencies.

Developing one central repository instead of separate repositories for each system would lead to a lower cost and less effort for its establishment, operations and maintenance. It would also bring a higher level of data security as data is stored and access control is managed in one repository.

(2)    This draft Regulation also proposes to establish the Universal Message Format (UMF) as the standard that would be used at EU level to orchestrate interactions between multiple systems in an interoperable way, including the systems developed and managed by eu-LISA. The use of the standard by Europol and Interpol would also be encouraged.

The UMF standard introduces a common and unified technical language to describe and link data elements, in particular the elements relating to persons and (travel) documents. Using UMF when developing new information systems guarantees easier integration and interoperability with other systems, in particular for Member States needing to build interfaces to communicate with these new systems. In this respect, the compulsory use of UMF when developing new systems can be considered a necessary precondition for the introduction of the interoperability components proposed in this Regulation.

In order to ensure the complete roll-out across the EU of the UMF standard, an appropriate governance structure is proposed. The Commission would be responsible for establishing and developing the UMF standard, in the framework of an examination procedure with the Member States. Schengen associated states EU agencies and international bodies participating in the UMF projects (such as eu-LISA, Europol and Interpol) will also be involved. The proposed governance structure is vital for the UMF in order to extend and expand the standard while guaranteeing maximum usability and applicability.

(3)    This draft Regulation furthermore introduces the concepts of automated data quality control mechanisms and common quality indicators, and the need for Member States to ensure the highest level of data quality when feeding and using the systems. If data is not of the highest quality, there can be consequences not just for not being able to identify wanted persons, but also by affecting the fundamental rights of innocent people. To overcome problems that can arise from the input of data by human operators, automatic validation rules can prevent operators from making mistakes. The goal would be to automatically identify apparently incorrect or inconsistent data submissions so that the originating Member State is able to verify the data and carry out any necessary remedial actions. This would be supplemented by regular data quality reports to be produced by the eu-LISA.

•Consequences for other legal instruments

Together with its sister proposal, this draft Regulation introduces innovations that will require amendments of other legal instruments:

·Regulation (EU) No 2016/399 (the Schengen Borders Code)

·Regulation (EU) 2017/2226 (the EES Regulation)

·Regulation (EC) No 767/2008 (the VIS Regulation)

·Council Decision 2004/512/EC (the VIS Decision)

·Council Decision 2008/633/JHA (the VIS/law enforcement access Decision)

·[the ETIAS Regulation]

·[the Eurodac Regulation]

·[the SIS Regulations]

·[the ECRIS-TCN Regulation, including the corresponding provisions of Regulation (EU) 2016/1624 (the European Border and Coast Guard Regulation)]

· [the eu-LISA Regulation]

This current proposal and its sister proposal include detailed provisions for the necessary changes to the legal instruments that are currently stable texts as adopted by the co-legislators: the Schengen Borders Code, the EES Regulation, the VIS Regulation, Council Decision 2008/633/JHA and Council Decision 2004/512/EC.

The other listed instruments (Regulations on ETIAS, Eurodac, SIS, ECRIS-TCN, eu-LISA) are currently under negotiation in the European Parliament and Council. For these instruments, it is therefore not possible to set out the necessary amendments at this stage. The Commission will present such amendments for each of these instruments within two weeks of a political agreement on the respective draft Regulations being reached.

In those cases where instruments were not yet formally adopted  by the co-legislators the necessary changes are proposed to either the texts for which a political agreement has been endorsed by COREPER and LIBE Committee (this is the case for ETIAS), or the text for which a political agreement has been reached in trilogues (SIS and eu-LISA).

As for the two cases where negotiations are still ongoing, the necessary changes are proposed to the text as it stands on 31 May 2018 for ECRIS-TCN.

However, the two amending proposals on interoperability do not include the amendments relating to Eurodac, the EU asylum and irregular migration database, given that discussions have not yet been concluded on the May 2016 legislative proposal 26 to strengthen Eurodac. The current architecture of the existing Eurodac system is technically unsuitable to become part of the interoperability of information systems given that it only stores biometric data and a reference number, but no other personal data (e.g. name(s), age, date of birth) that would allow for the detection of multiple identities linked to the same set of biometric data. The May 2016 legislative proposal seeks to extend the purpose of Eurodac to the identification of illegally staying third-country nationals and those who have entered the EU irregularly. In particular, it provides for the storage of personal data such as the name(s), age, date of birth, nationality, and identity documents. These identity data are essential to ensure that Eurodac will be able to contribute to the objectives of interoperability and function with its technical framework.

This necessity underlines the need for the co-legislators to urgently reach agreement on the legislative proposal. Pending agreement on the legislative proposal to strengthen Eurodac, the data of illegally staying third-country nationals and those who have entered the EU irregularly could not be part of the interoperability of EU information systems. Once the co-legislators reach agreement on the legislative proposal to strengthen Eurodac, or have achieved sufficient progress, the Commission will present the related amendments to the interoperability proposals within two weeks.

•Consistency with existing policy provisions in the policy area

•Consistency with other Union policies in the area of Justice and Home Affairs

This proposal together with its sister proposal delivers on, and is in line with, the European Agenda on Migration and subsequent communications, including the Communication on preserving and strengthening Schengen 32 , as well as the European Agenda on Security 33 and the Commission’s work and progress reports towards an effective and genuine Security Union 34 . It is consistent with other Union policies, in particular as follows:

·Internal security: the European Agenda on Security states that common high standards of border management are essential to prevent cross-border crime and terrorism. This proposal further contributes to achieving a high level of internal security by offering the means for authorities to have fast, seamless, systematic and controlled access to the information they require.

·Asylum: the proposal includes Eurodac as one of the central EU systems to be covered by interoperability.

·External border management and security: this proposal reinforces the SIS and VIS systems, which contribute to the efficient control of the Union’s external borders, as well as the future EES and the proposed ETIAS and ECRIS-TCN system.

2.LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY

•Legal basis

•Subsidiarity

•Proportionality

•Choice of the instrument

3.RESULTS OF STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS

•Public consultation

·help staff on the ground access the information they need;

·avoid duplication of data, reduce overlaps and highlight discrepancies in data;

·identify people more reliably — including people with multiple identities — and reduce identity fraud.

•Eurobarometer survey

In June 2017, a Special Eurobarometer 36 survey was conducted, showing that the EU’s strategy of sharing information at EU level to combat crime and terrorism has widespread public support: almost all respondents (92 %) agree that national authorities should share information with the authorities of other Member States to better fight crime and terrorism. 

A clear majority (69 %) of respondents expressed the view that the police and other national law enforcement authorities should share information with other EU countries on a systematic basis. In all Member States, a majority of respondents think that information should be shared in every case.

•High-level expert group on information systems and interoperability

This draft Regulation also responds to the high-level experts group’s recommendations on data quality, the Universal Message Format (UMF) and the establishment of a data warehouse (here presented as the central repository for reporting and statistics (CRRS)).

The fourth interoperability component proposed in this draft Regulation (the multiple-identity detector) was not identified by the high-level expert group, but arose during the course of additional technical analysis and the proportionality assessment conducted by the Commission.

•Technical studies

•Impact assessment

The impact assessment evaluated if and how each of the identified objectives could be achieved by using one or more of the technical components identified by the high-level expert group and through subsequent analysis. Where necessary it also looked into sub-options necessary to meet these objectives, whilst respecting the data protection framework. The impact assessment concluded that:

·To meet the objective of providing authorised users with fast, seamless, systematic and controlled access to relevant information systems, a European search portal (ESP) should be created, built on a shared biometric matching service (shared BMS) to address all databases.

·To meet the objective of facilitating identity checks of third-country nationals, on the territory of a Member State, by authorised officers, a common identity repository (CIR) should be created, containing the minimum set of identification data, and built on the same shared BMS.

·To meet the objective of detecting multiple identities linked to the same set of biometric data, with the dual purpose of facilitating identity checks for bona fide travellers and combating identity fraud, a multiple-identity detector (MID) should be built, containing links between multiple identities across systems.

·To meet the objective of facilitating and streamlining access by law enforcement authorities to non-law enforcement information systems, for the purpose of preventing, investigating, detecting or prosecuting serious crime and terrorism, a ‘hit-flag’ functionality should be included in the CIR.

Since all objectives must be met, the complete solution is the combination of ESP, CIR (with hit flagging) and MID, all relying on the shared BMS.

The major positive impact will be the improvement of border management and increased internal security within the European Union. The new components will streamline and expedite access by national authorities to the necessary information and identification of third-country nationals. They will enable authorities to make cross-links to already existing, necessary information on individuals during border checks, for visa or asylum applications, and for police work. This will enable access to information that can support reliable decisions being made, whether relating to investigations of serious crime and terrorism or decisions in the field of migration and asylum. Whilst not directly affecting EU nationals (the proposed measures are primarily focused on third-country nationals whose data is recorded in an EU centralised information system), the proposals are expected to generate increased public trust by ensuring that their design and use increases the security of EU citizens.

 •Fundamental rights

•Protection of personal data

Given the personal data involved, interoperability will especially have an impact on the right to the protection of personal data. This right is established by Article 8 of the Charter and Article 16 of the Treaty on the Functioning of the European Union, and in Article 8 of the European Convention on Human Rights. As underlined by the Court of Justice of the EU 41 , the right to the protection of personal data is not an absolute right, but must be considered in relation to its function in society 42 . Data protection is closely linked to respect for private and family life protected by Article 7 of the Charter.

According to the General Data Protection Regulation 43 , the free movement of data within the EU is not to be restricted for reasons of data protection. However, a series of principles must be met. Indeed, to be lawful, any limitation on the exercise of the fundamental rights protected by the Charter must comply with the following criteria, laid down in its Article 52(1):

·it must be provided for by law;

·it must respect the essence of the rights;

·it must genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others;

·it must be necessary; and

·it must be proportional.

This current proposal embeds all these data protection rules, as set out in full detail in the impact assessment accompanying this proposed Regulation. The proposal is based on the principles of data protection by design and by default. It includes all appropriate provisions limiting data processing to what is necessary for the specific purpose and granting data access only to those entities that ‘need to know’. Data retention periods (where relevant) are appropriate and limited. Access to data is reserved exclusively for duly authorised staff of the Member State authorities or EU bodies that are competent for the specific purposes of each information system and limited to the extent that the data are required for the performance of tasks in accordance with these purposes.

4.BUDGETARY IMPLICATIONS

The budgetary implications are included in the attached financial statement which replaces the one annexed to the former proposal. It covers the remaining period of the current multiannual financial framework (until 2020) and the seven years of the following period (2021-2027). The proposed budget for the years 2021 until 2027 is covered by compatible with the Commission proposal for the next multiannual financial framework of 2 May 2018. The proposed budget for the years 2021 and beyond is included for illustrative purposes and does not prejudge the next multiannual financial framework.

(1)The development and integration by eu-LISA of the four interoperability components, and the central repository for reporting and statistics, and their subsequent maintenance and operations.

(2)The data migration to the shared biometric matching service (shared BMS) and the common identity repository (CIR). In the case of the shared BMS, the biometric templates of the corresponding data from the three systems that currently use biometrics (SIS, VIS and Eurodac) need to be recreated on the shared BMS. In the case of CIR, the personal data elements from VIS need to be migrated to the CIR, and the possible links found between identities in SIS, VIS and Eurodac need to be validated. This last process, in particular, is resource intensive.

(3)The update by eu-LISA of the national uniform interface (NUI) already included in the EES Regulation to become a generic component that allows the exchange of messages between Member States and the central system(s).

(4)The integration of Member State national systems with the NUI that will convey the messages exchanged with CIR/ multiple-identity detector through the European search portal.

(5)The training on the use of the interoperability components by end-users, including through the European Union Agency for Law Enforcement Training (CEPOL).

The total budget required over nine years (2019-2027) amounts to EUR 424.7 461.0 million covering the following items:

(6)A budget of EUR 225 261.3 million for eu-LISA which covers the total cost for the development of the programme delivering the five interoperability components ( € 68.3 million), the maintenance cost from the moment components are delivered up until 2027 (€ 56.1 million), a specific budget of € 25.0 million for the migration of data from existing systems to the shared BMS and the additional costs for the NUI update, network, training and meetings. A specific budget of € 18.7 million covers the cost of upgrading and operating ECRIS-TCN in high-availability mode from 2022. A specific budget of EUR 36.3 million covers the cost for upgrading the network and the central SIS (Schengen Information System) for the estimated increase of searches that is likely to occur as a result of interoperability.

(7)A budget of EUR 136.3 million for Member States to cover the changes to their national systems in order to use the interoperability components, the NUI delivered by eu-LISA and a budget for the training of the substantial end-user community..

(8)A budget of EUR 48.9 million for Europol to cover the upgrade of Europol's IT systems to the volume of messages to be handled and the increased performance levels. The interoperability components will be used by ETIAS in order to consult the Europol data.

(9)A budget of EUR 4.8 million for the European Border and Coast Guard Agency for hosting a team of specialists who during one year will validate the links between identities at the moment the multiple-identity detector goes live.

(10)A budget of EUR 2.0 million for European Union Agency for Law Enforcement Training (CEPOL) to cover the preparation and delivery of training to operational staff.

(11)A provision of EUR 7.7 million for DG HOME in order to cover a limited increase of staff and related costs during the development period of the different components, as the Commission will also have to fulfil additional tasks during that period and takes the responsibility for the committee dealing with Universal Message Format.

The Internal Security Fund (ISF) Borders Regulation is the financial instrument under the 2014-2020 MFF where the budget for the implementation of the interoperability initiative has been included. It provides in Article 5(b) that EUR 791 million is to be implemented through a programme for developing IT systems based on existing and/or new IT systems, supporting the management of migration flows across the external borders subject to the adoption of the relevant Union legislative acts and under the conditions laid down in Article 15(5). Of this EUR 791 million, EUR 480.2 million is reserved for the development of the EES, EUR 210 million for ETIAS and EUR 67.9 million for the revision of SIS. The remainder (EUR 32.9 million) is to be reallocated using ISF-B mechanisms. The current proposal requires EUR 32.1 million for the current multiannual financial framework period (2019/20) which therefore fits with the remaining budget.

5.ADDITIONAL INFORMATION

•Implementation plans and monitoring, evaluation and reporting arrangements

•Detailed explanation of the specific provisions of the proposal

Chapter I sets out the general provisions for this Regulation. It explains: the principles underlying the Regulation; the components established therein; the objectives that interoperability seeks to address; the scope of this Regulation; the definitions of the terms used in this Regulation; and the principle of non-discrimination regarding the processing of data under this Regulation.

Chapter II sets out the provisions for the European search portal (ESP). This chapter provides for the establishment of the ESP and its technical architecture, to be developed by eu-LISA. It specifies the aim of the ESP and identifies those who may use the ESP and how they are to use it in accordance with existing access rights for each of the central systems. There is a provision for eu-LISA to create user profiles for each category of user. This chapter sets out how the ESP will query central systems and provides for the content and format of replies to users. Chapter II also provides that eu-LISA will keep logs of all processing operations, and provides for the fall-back procedure in case the ESP would be unable to access one or more of the central systems.

Chapter III sets out the provisions for the shared biometric matching service (shared BMS). This chapter provides for the establishment of the shared BMS and its technical architecture, to be developed by eu-LISA. It specifies the aim of the shared BMS and sets out what data it stores. It explains the relationship between the shared BMS and the other components. Chapter III also provides that the shared BMS will not continue to store data once the data is no longer contained in the respective central system and provides that eu-LISA will keep logs of all processing operations.

Chapter IV sets out the provisions for the common identity repository (CIR). This chapter provides for the establishment of the CIR and its technical architecture, to be developed by eu-LISA. It sets out the aim of the CIR and clarifies which data will be stored, and how, including provisions to ensure the quality of the data stored. This chapter provides that the CIR will create individual files based on data held in the central systems, and that individual files are updated in line with changes in the individual central systems. Chapter IV also specifics how the CIR will operate in relation to the multiple-identity detector. This chapter identifies those who may have access to the CIR and how they may access the data in accordance with access rights, and more specific provisions depending on whether access is for identification purposes or, as a first step of the two-step approach, for accessing the EES, the VIS, the ETIAS and Eurodac via the CIR for law enforcement purposes. Chapter IV also provides that eu-LISA will keep logs of all processing operations concerning the CIR.

Chapter V sets out the provisions for the multiple-identity detector (MID). This chapter provides for the establishment of the MID and its technical architecture, to be developed by eu-LISA. It explains the aim of the MID and regulates the use of the MID in accordance with access rights to each of the central systems. Chapter V sets out when and how the MID will launch searches to detect multiple identities, and how results are delivered and to be followed up, including when necessary through manual verification. Chapter V sets out a classification of the types of link that can result from the search depending on whether the result shows a single identity, multiple identities or shared identity data. This chapter provides that the MID will store linked data held in the central systems while data remains in two or more individual central systems. Chapter V also provides that eu-LISA will keep logs of all processing operations concerning the MID.

Chapter VI makes provision for measures to support interoperability. It provides for improving data quality, establishing the Universal Message Format as the common standard for information exchange supporting interoperability, and creating a central repository for reporting and statistics.

Chapter VII relates to data protection. This chapter makes provisions ensuring that data processed under this Regulation is processed lawfully and appropriately, in line with the provisions of Regulation No 45/2001. It explains who the data processor will be for each of the interoperability measures proposed in this Regulation, sets out measures required from eu-LISA and Member State authorities to ensure the security of data processing, the confidentiality of data, the appropriate handling of security incidents and the appropriate monitoring of compliance with the measures in this Regulation. The chapter also contains provisions regarding the rights of data subjects, including the right to be informed that data regarding them has been stored and processed under this Regulation, and the right to access, correct and erase personal data that has been stored and processed under this Regulation. This chapter further sets out the principle that data processed under this Regulation must not be transferred or made available to any third country, international organisation or private party, with the exception of Interpol for some specific purposes, and data received from Europol via the European search portal where the rules of Regulation 2016/794 on subsequent data processing apply. Lastly, the chapter sets out the provisions relating to supervision and audit in relation to data protection.

Chapter VIII sets out the responsibilities eu-LISA before and after the entry into operations of the measures in this proposal, and for Member States, Europol and the ETIAS central unit.

Chapter VIIIa concerns amendments to other Union instruments. This chapter introduces the changes to other legal instruments that are necessary for the full implementation of this interoperability proposal. This proposal includes detailed provisions for the necessary changes to the draft legal instruments that are currently stable texts as provisionally agreed by the co-legislators: [the Eurodac Regulation,] the proposed Regulation on SIS in the field of law enforcement, the Regulation on the ECRIS-TCN system, and on eu-LISA.

Chapter IX sets out details relating to: statistical and reporting requirements relating to data processed under this Regulation; transitional measures that will be required; arrangements relating to costs arising from this Regulation; requirements relating to notifications; the process for the start of operations of measures proposed in this Regulation; governance arrangements including the formation of a committee and an advisory group, eu-LISA's responsibility in relation to training, and a practical handbook to support implementation and management of the interoperability components; procedures relating to monitoring and evaluation of the measures proposed in this Regulation; and provision for the entry into force of this Regulation.

2017/0352 (COD)

Amended proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

on establishing a framework for interoperability between EU information systems (police and judicial cooperation, asylum and migration) and amending [Regulation (EU) 2018/XX [the Eurodac Regulation],] Regulation (EU) 2018/XX [the Regulation on SIS in the field of law enforcement], Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] and Regulation (EU) 2018/XX [the eu-LISA Regulation]

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16(2), Article 74, Article 78(2)(e), Article 79(2)(c), Article 82(1)(d), Article 85(1), Article 87(2)(a) and Article 88(2) thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

After consulting the European Data Protection Supervisor,

Having regard to the opinion of the European Economic and Social Committee, 44  

Having regard to the opinion of the Committee of the Regions, 45  

Acting in accordance with the ordinary legislative procedure,

Whereas:

(1)In its Communication of 6 April 2016 entitled Stronger and Smarter Information Systems for Borders and Security 46 , the Commission underlined the need to improve the Union's data management architecture for border management and security. The Communication initiated a process towards achieving the interoperability between EU information systems for security, border and migration management, with the aim to address the structural shortcomings related to these systems that impede the work of national authorities and to ensure that border guards, customs authorities, police officers and judicial authorities have the necessary information at their disposal.

(2)In its Roadmap to enhance information exchange and information management including interoperability solutions in the Justice and Home Affairs area of 6 June 2016 47 , the Council identified various legal, technical and operational challenges in the interoperability of EU information systems and called for the pursuit of solutions.

(3)In its Resolution of 6 July 2016 on the strategic priorities for the Commission Work Programme 2017 48 , the European Parliament called for proposals to improve and develop existing EU information systems, address information gaps and move towards their interoperability, as well as proposals for compulsory information sharing at EU level, accompanied by the necessary data protection safeguards.

(4)The European Council of 15 December 2016 49 called for continued delivery on the interoperability of EU information systems and databases.

(5)In its final report of 11 May 2017 50 , the high-level expert group on information systems and interoperability concluded that it is necessary and technically feasible to work towards practical solutions for interoperability and that they can, in principle, both deliver operational gains and be established in compliance with data protection requirements.

(6)In its Communication of 16 May 2017 entitled Seventh progress report towards an effective and genuine Security Union 51 , the Commission set out, in line with its Communication of 6 April 2016 and confirmed by the findings and recommendations of the high-level expert group on information systems and interoperability, a new approach to the management of data for borders, security and migration where all EU information systems for security, border and migration management are interoperable in full respect of fundamental rights.

(7)In its Conclusions of 9 June 2017 52 on the way forward to improve information exchange and ensure the interoperability of EU information systems, the Council invited the Commission to pursue the solutions for interoperability as proposed by the high-level expert group.

(8)The European Council of 23 June 2017 53 underlined the need to improve the interoperability between databases and invited the Commission to prepare, as soon as possible, draft legislation enacting the proposals made by the high-level expert group on information systems and interoperability.

(9)With a view to improve the management of the external borders, to contribute to preventing and combating irregular migration and to contribute to a high level of security within the area of freedom, security and justice of the Union, including the maintenance of public security and public policy and safeguarding the security in the territories of the Member States, interoperability between EU information systems, namely the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS)], Eurodac, the Schengen Information System (SIS), and the [European Criminal Records Information System for third-country nationals (ECRIS-TCN)] should be established in order for these EU information systems and their data to supplement each other. To achieve this, a European search portal (ESP), a shared biometric matching service (shared BMS), a common identity repository (CIR) and a multiple-identity detector (MID) should be established as interoperability components.

(10)The interoperability between the EU information systems should allow said systems to supplement each other in order to facilitate the correct identification of persons, contribute to fighting identity fraud, improve and harmonise data quality requirements of the respective EU information systems, facilitate the technical and operational implementation by Member States of existing and future EU information systems, strengthen and simplify the data security and data protection safeguards that govern the respective EU information systems, streamline the law enforcement access to the EES, the VIS, the [ETIAS] and Eurodac, and support the purposes of the EES, the VIS, the [ETIAS], Eurodac, the SIS and the [ECRIS-TCN system].

(11)The interoperability components should cover the EES, the VIS, the [ETIAS], Eurodac, the SIS, and the [ECRIS-TCN system]. They should also cover the Europol data to the extent of enabling it to be queried simultaneously with these EU information systems.

(12)The interoperability components should concern persons in respect of whom personal data may be processed in the EU information systems and by Europol, namely third-country nationals whose personal data is processed in the EU information systems and by Europol, and to EU citizens whose personal data is processed in the SIS and by Europol.

(13)The European search portal (ESP) should be established to facilitate technically the ability of Member State authorities and EU bodies to have fast, seamless, efficient, systematic and controlled access to the EU information systems, the Europol data and the Interpol databases needed to perform their tasks, in accordance with their access rights, and to support the objectives of the EES, the VIS, the [ETIAS], Eurodac, the SIS, the [ECRIS-TCN system] and the Europol data. Enabling the simultaneous querying of all relevant EU information systems in parallel, as well as of the Europol data and the Interpol databases, the ESP should act as a single window or ‘message broker’ to search various central systems and retrieve the necessary information seamlessly and in full respect of the access control and data protection requirements of the underlying systems.

(14)Those European search portal (ESP) end-users that have the right to access Europol data under Regulation (EU) 2016/794 of the European Parliament and of the Council 54 should be able to query the Europol data simultaneously with the EU information systems to which they have access. Any further data processing following such a query should take place in accordance with Regulation (EU) 2016/794, including restrictions on access or use imposed by the data provider.

(15)The European search portal (ESP) should be developed and configured in such a way that it does not allow the use of fields of data for the query that are not related to persons or travel documents or that are not present in an EU information system, in the Europol data or in the Interpol database.

(16)To ensure fast and systematic use of all EU information systems, the European search portal (ESP) should be used to query the common identity repository, the EES, the VIS, [the ETIAS], Eurodac and [the ECRIS-TCN system]. However, the national connection to the different EU information systems should remain in order to provide a technical fall back. The ESP should also be used by Union bodies to query the Central SIS in accordance with their access rights and in order to perform their tasks. The ESP should be an additional means to query the Central SIS, the Europol data and the Interpol systems, complementing the existing dedicated interfaces.

(17)Biometric data, such as fingerprints and facial images, are unique and therefore much more reliable than alphanumeric data for identifying a person. The shared biometric matching service (shared BMS) should be a technical tool to reinforce and facilitate the work of the relevant EU information systems and the other interoperability components. The main purpose of the shared BMS should be to facilitate the identification of an individual who may be registered in different databases, by matching their biometric data across different systems and by relying on one unique technological component instead of five different ones in each of the underlying systems. The shared BMS should contribute to security, as well as financial, maintenance and operational benefits by relying on one unique technological component instead of different ones in each of the underlying systems. All automated fingerprint identification systems, including those currently used for Eurodac, the VIS and the SIS, use biometric templates comprised of data derived from a feature extraction of actual biometric samples. The shared BMS should regroup and store all these biometric templates in one single location, facilitating cross-system comparisons using biometric data and enabling economies of scale in developing and maintaining the EU central systems.

(18)Biometric data constitute sensitive personal data. This regulation should lay down the basis for and the safeguards for processing of such data for the purpose of uniquely identifying the persons concerned.

(19)The systems established by Regulation (EU) 2017/2226 of the European Parliament and of the Council 55 , Regulation (EC) No 767/2008 of the European Parliament and of the Council 56 , [the ETIAS Regulation] for the management of the borders of the Union, the system established by [the Eurodac Regulation] to identify the applicants for international protection and combat irregular migration, and the system established by [the ECRIS-TCN system Regulation] require in order to be effective to rely on the accurate identification of the third-country nationals whose personal data are stored therein.

(20)The common identity repository (CIR) should therefore facilitate and assist in the correct identification of persons registered in the EES, the VIS, [the ETIAS], Eurodac and [the ECRIS-TCN system].

(21)Personal data stored in these EU information systems may relate to the same persons but under different or incomplete identities. Member States dispose of efficient ways to identify their citizens or registered permanent residents in their territory, but the same is not true for third-country nationals. The interoperability between EU information systems should contribute to the correct identification of third-country nationals. The common identity repository (CIR) should store the personal data concerning third-country nationals present in the systems that are necessary to enable the more accurate identification of those individuals, therefore including their identity, travel document and biometric data, regardless of the system in which the data was originally collected. Only the personal data strictly necessary to perform an accurate identity check should be stored in the CIR. The personal data recorded in the CIR should be kept for no longer than is strictly necessary for the purposes of the underlying systems and should be automatically deleted when the data is deleted in the underlying systems in accordance with their logical separation.

(22)The new processing operation consisting in the storage of such data in the common identity repository (CIR) instead of the storage in each of the separate systems is necessary to increase the accuracy of the identification that is made possible by the automated comparison and matching of such data. The fact that the identity and biometric data of third-country nationals is stored in the CIR should not hinder in any way the processing of data for the purposes of the EES, the VIS, the ETIAS, Eurodac or the ECRIS-TCN system Regulations, as the CIR should be a new shared component of those underlying systems.

(23)In that connection, creating an individual file in the common identity repository (CIR) for each person that is recorded in the EES, the VIS, the ETIAS, Eurodac or the ECRIS-TCN system, is necessary to achieve the purpose of correct identification of third-country nationals within the Schengen area, and to support the multiple-identity detector for the dual purpose of facilitating identity checks for bona fide travellers and combating identity fraud. The individual file should store in one single place and make accessible to the duly authorised end-users all the possible identities linked to a person.

(24)The common identity repository (CIR) should thus support the functioning of the multiple-identity detector and to facilitate and streamline access by law enforcement authorities to the EU information systems that are not established exclusively for purposes of prevention, investigation, detection or prosecution of serious crime.

(25)The common identity repository (CIR) should provide for a shared container for identity and biometric data of third-country nationals registered in the EES, the VIS, [the ETIAS], Eurodac and the [ECRIS-TCN system], serving as the shared component between these systems for storage of this data, and to allow its querying.

(26)All records in the common identity repository (CIR) should be logically separated by automatically tagging each record with the underlying system owning that record. The access control of the CIR should use these tags to allow the record to be accessible or not.

(27)In order to ensure the correct identification of a person, Member State authorities competent for preventing and combating irregular migration and competent authorities within the meaning of Article 3(7) of Directive 2016/680 should be allowed to query the common identity repository (CIR) with the biometric data of that person taken during an identity check.

(28)Where the biometric data of the person cannot be used or if the query with that data fails, the query should be carried out with identity data of that person in combination with travel document data. Where the query indicates that data on that person are stored in the common identity repository (CIR), Member State authorities should have access to consult the identity data of that person stored in the CIR, without providing any indication as to which EU information system the data belongs to.

(29)Member States should adopt national legislative measures designating the authorities competent to perform identity checks with the use of the common identity repository (CIR) and laying down the procedures, conditions and criteria of such checks in line with the principle of proportionality. In particular, the power to collect biometric data during an identity check of a person present before the member of those authorities should be provided for by national legislative measures.

(30)This Regulation should also introduces a new possibility for streamlined access to data beyond identity data present in the EES, the VIS, [the ETIAS] or Eurodac by Member State designated law enforcement authorities and Europol. Data, including data other than identity data contained in those systems, may be necessary for the prevention, detection, investigation and prosecution of terrorist offences or serious criminal offences in a specific case.

(31)Full access to the necessary data contained in the EU information systems necessary for the purposes of preventing, detecting and investigating terrorist offences or other serious criminal offences, beyond the relevant identity data covered under common identity repository (CIR) obtained using biometric data of that person taken during an identity check, should continue to be governed by the provisions in the respective legal instruments. The designated law enforcement authorities and Europol do not know in advance which of the EU information systems contains data of the persons they need to inquire upon. This results in delays and inefficiencies in the conduct of their tasks. The end-user authorised by the designated authority should therefore be allowed to see in which of the EU information systems the data corresponding to the query introduced are recorded. The concerned system would thus be flagged following the automated verification of the presence of a hit in the system (a so-called hit-flag functionality).

(32)The logs of the queries of the common identity repository should indicate the purpose of the query. Where such a query was performed using the two-step data consultation approach, the logs should include a reference to the national file of the investigation or case, therefore indicating that such query was launched for the purposes of preventing, detecting and investigating terrorist offences or other serious criminal offences.

(33)The query of the common identity repository (CIR) by Member State designated authorities and Europol in order to obtain a hit-flag type of response indicating the data is recorded in the EES, the VIS, [the ETIAS] or Eurodac requires automated processing of personal data. A hit-flag would not reveal personal data of the concerned individual other than an indication that some of his or her data are stored in one of the systems. No adverse decision for the concerned individual should be made by the authorised end-user solely on the basis of the simple occurrence of a hit-flag. Access by the end-user of a hit-flag would therefore realise a very limited interference with the right to protection of personal data of the concerned individual, while it would be necessary to allow the designated authority and Europol to address its request for access for personal data more effectively directly to the system that was flagged as containing it.

(34)The two-step data consultation approach is particularly valuable in cases where the suspect, perpetrator or suspected victim of a terrorist offence or other serious criminal offence is unknown. In those cases the common identity repository (CIR) should enable identifying the information system that knows the person in one single search. By creating the obligation to use this new law enforcement access approach in these cases, access to the personal data stored in the EES, the VIS, [the ETIAS] and Eurodac should take place without the requirements of a prior search in national databases and the launch of a prior search in the automated fingerprint identification system of other Member States under Decision 2008/615/JHA. The principle of prior search effectively limits the possibility of Member State’ authorities to consult systems for justified law enforcement purposes and could thereby result in missed opportunities to uncover necessary information. The requirements of a prior search in national databases and the launch of a prior search in the automated fingerprint identification system of other Member States under Decision 2008/615/JHA should only cease to apply once the alternative safeguard of the two-step approach to law enforcement access through the CIR has become operational.

(35)The multiple-identity detector (MID) should be established to support the functioning of the common identity repository and to support the objectives of the EES, the VIS, [the ETIAS], Eurodac, the SIS and [the ECRIS-TCN system]. In order to be effective in fulfilling their respective objectives, all of these EU information systems require the accurate identification of the persons whose personal data are stored therein.

(36)The possibility to achieve the objectives of the EU information systems is undermined by the current inability for the authorities using these systems to conduct sufficiently reliable verifications of the identities of the third-country nationals whose data are stored in different systems. That inability is determined by the fact that the set of identity data stored in a given individual system may be fraudulent, incorrect, or incomplete, and that there is currently no possibility to detect such fraudulent, incorrect or incomplete identity data by way of comparison with data stored in another system. To remedy this situation it is necessary to have a technical instrument at Union level allowing accurate identification of third-country nationals for these purposes.

(37)The multiple-identity detector (MID) should create and store links between data in the different EU information systems in order to detect multiple identities, with the dual purpose of facilitating identity checks for bona fide travellers and combating identity fraud. The MID should only contain the links between individuals present in more than one EU information system, strictly limited to the data necessary to verify that a person is recorded lawfully or unlawfully under different biographical identities in different systems, or to clarify that two persons having similar biographical data may not be the same person. Data processing through the European search portal (ESP) and the shared biometric matching service (shared BMS) in order to link individual files across individual systems should be kept to an absolute minimum and therefore is limited to a multiple-identity detection at the time new data is added to one of the information systems included in the common identity repository and in the SIS. The MID should include safeguards against potential discrimination or unfavourable decisions for persons with multiple lawful identities.

(38)This Regulation provides for new data processing operations aimed at identifying the persons concerned correctly. This constitutes an interference with their fundamental rights as protected by Articles 7 and 8 of the Charter of Fundamental Rights. Since the effective implementation of the EU information systems is dependent upon correct identification of the individuals concerned, such interference is justified by the same objectives for which each of those systems have been established, the effective management of the Union's borders, the internal security of the Union, the effective implementation of the Union's asylum and visa policies and the fight against irregular migration.

(39)The European search portal (ESP) and shared biometric matching service (shared BMS) should compare data in common identity repository (CIR) and SIS on persons when new records are created by a national authority or an EU body. Such comparison should be automated. The CIR and the SIS should use the shared BMS to detect possible links on the basis of biometric data. The CIR and the SIS should use the ESP to detect possible links on the basis of alphanumeric data. The CIR and the SIS should be able to identify identical or similar data on the third-country national stored across several systems. Where such is the case, a link indicating that it is the same person should be established. The CIR and the SIS should be configured in such a way that small transliteration or spelling mistakes are detected in such a way as not to create any unjustified hindrance to the concerned third-country national.

(40)The national authority or EU body that recorded the data in the respective EU information system should confirm or change these links. This authority should have access to the data stored in the common identity repository (CIR) or the SIS and in the multiple-identity detector (MID) for the purpose of the manual identity verification.

(41)Access to the multiple-identity detector (MID) by Member State authorities and EU bodies having access to at least one EU information system included in the common identity repository (CIR) or to the SIS should be limited to so called red links where the linked data shares the same biometric but different identity data and the authority responsible for the verification of different identities concluded it refers unlawfully to the same person, or where the linked data has similar identity data and the authority responsible for the verification of different identities concluded it refers unlawfully to the same person. Where the linked identity data is not similar, a yellow link should be established and a manual verification should take place in order to confirm the link or change its colour accordingly.

(42)The manual verification of multiple identities should be ensured by the authority creating or updating the data that triggered a hit resulting in a link with data already stored in another EU information system. The authority responsible for the verification of multiple identities should assess whether there are multiple lawful or unlawful identities. Such assessment should be performed where possible in the presence of the third-country national and where necessary by requesting additional clarifications or information. Such assessment should be performed without delay, in line with legal requirements for the accuracy of information under Union and national law.

(43)For the links obtained in relation to the Schengen Information System (SIS) related to the alerts in respect of persons wanted for arrest or for surrender or extradition purposes, on missing or vulnerable persons, on persons sought to assist with a judicial procedure, on persons for discreet checks or specific checks or on unknown wanted persons, the authority responsible for the verification of multiple identities should be the SIRENE Bureau of the Member State that created the alert. Indeed those categories of SIS alerts are sensitive and should not necessarily be shared with the authorities creating or updating the data in one of the other EU information systems. The creation of a link with SIS data should be without prejudice to the actions to be taken in accordance with the [SIS Regulations].

(44)eu-LISA should establish automated data quality control mechanisms and common data quality indicators. eu-LISA should be responsible to develop a central monitoring capacity for data quality and to produce regular data analysis reports to improve the control of implementation and application by Member States of EU information systems. The common quality indicators should include the minimum quality standards to store data in the EU information systems or the interoperability components. The goal of such a data quality standards should be for the EU information systems and interoperability components to automatically identify apparently incorrect or inconsistent data submissions so that the originating Member State is able to verify the data and carry out any necessary remedial actions.

(45)The Commission should evaluate eu-LISA quality reports and should issue recommendations to Member States where appropriate. Member States should be responsible for preparing an action plan describing actions to remedy any deficiencies in data quality and should report on its progress regularly.

(46)The Universal Message Format (UMF) should establish a standard for structured, cross-border information exchange between information systems, authorities and/or organisations in the field of Justice and Home affairs. UMF should define a common vocabulary and logical structures for commonly exchanged information with the objective to facilitate interoperability by enabling the creation and reading of the contents of the exchange in a consistent and semantically equivalent manner.

(47)A central repository for reporting and statistics (CRRS) should be established to generate cross-system statistical data and analytical reporting for policy, operational and data quality purposes. eu-LISA should establish, implement and host the CRRS in its technical sites containing anonymous statistical data from the above-mentioned systems, the common identity repository, the multiple-identity detector and the shared biometric matching service (shared BMS). The data contained in the CRRS should not enable the identification of individuals. eu-LISA should render the data anonymous and should record such anonymous data in the CRRS. The process for rendering the data anonymous should be automated and no direct access by eu-LISA staff should be granted to any personal data stored in the EU information systems or in the interoperability components.

(48)Regulation (EU) 2016/679 should apply to the processing of personal data under this Regulation by national authorities unless such processing is carried out by the designated authorities or central access points of the Member States for the purposes of the prevention, detection or investigation of terrorist offences or of other serious criminal offences, when Directive (EU) 2016/680 of the European Parliament and of the Council should apply.

(49)The specific provisions on data protection of [the Eurodac Regulation], [the Regulation on SIS in the field of law enforcement], [the Regulation on SIS in the field of illegal return] and [the ECRIS-TCN System Regulation] should apply to the processing of personal data in those respective systems.

(50)Regulation (EC) No 45/2001 of the European Parliament and of the Council 57 should apply to the processing of personal data by eu-LISA and other institutions and bodies of the Union when carrying out their responsibilities under this Regulation, without prejudice to Regulation (EU) 2016/794, which should apply to the processing of personal data by Europol.

(51)The national supervisory authorities established in accordance with [Regulation (EU) 2016/679] should monitor the lawfulness of the processing of personal data by the Member States, whilst the European Data Protection Supervisor as established by Regulation (EC) No 45/2001 should monitor the activities of the Union institutions and bodies in relation to the processing of personal data. The European Data Protection Supervisor and the supervisory authorities should cooperate with each other in the monitoring of the processing of personal data by interoperability components.

(52)"(...) The European Data Protection Supervisor was consulted in accordance with Article 28(2) of Regulation (EC) No 45/2001 and delivered an opinion on … "

(53)Insofar as confidentiality is concerned, the relevant provisions of the Staff Regulations of officials and the Conditions of Employment of other servants of the European Union should apply to officials or other servants employed and working in connection with SIS.

(54)Both the Member States and eu-LISA should maintain security plans in order to facilitate the implementation of security obligations and should cooperate with each other in order to address security issues. eu-LISA should also make sure there is a continuous use of the latest technological developments to ensure data integrity regarding the development, design and management of the interoperability components.

(55)To support the purposes of statistics and reporting, it is necessary to grant access to authorised staff of the competent authorities, institutions and bodies identified in this Regulation to consult certain data related to certain interoperability components without enabling individual identification.

(56)In order to allow competent authorities and the EU bodies to adapt to the new requirements on the use of the European search portal (ESP), it is necessary to provide for a transitional period. Similarly, in order to allow for the coherent and optimal functioning of the multiple-identity detector (MID), transitional measures should be established for the start of its operations.

(57)The costs for the development of the interoperability components projected under the current Multiannual Financial Framework are lower than the remaining amount on the budget earmarked for Smart Borders in Regulation (EU) No 515/2014 of the European Parliament and the Council 58 . Accordingly, this Regulation, pursuant to Article 5(5)(b) of Regulation (EU) No 515/2014, should reallocate the amount currently attributed for developing IT systems supporting the management of migration flows across the external borders.

(58)In order to supplement certain detailed technical aspects of this Regulation, the power to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union should be delegated to the Commission in respect of the profiles for the users of the European search portal (ESP) and the content and format of the ESP replies. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level, and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement on Better Law-Making of 13 April 2016 59 . In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council should receive all documents at the same time as Member State experts, and their experts should systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts.

(59)In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission to adopt detailed rules on: automated data quality control mechanisms, procedures and indicators; development of the UMF standard; procedures for determining cases of similarity of identities; the operation of the central repository for reporting and statistics; and cooperation procedure in case of security incidents. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council 60 .

(60)Regulation 2016/794 shall apply for any processing of Europol data for the purposes of this Regulation.

(61)This Regulation is without prejudice to the application of Directive 2004/38/EC.

(62)In accordance with Article 3 of the Agreement between the European Community and the Kingdom of Denmark on the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in Denmark or any other Member State of the European Union and ‘Eurodac’ for the comparison of fingerprints for the effective application of the Dublin Convention 61 , Denmark is to notify the Commission whether it will implement the contents of this Regulation, insofar as it relates to Eurodac [and the automated system for registration, monitoring and the allocation mechanism for applications for international protection referred to in Article 44 of Regulation (EU) XX/XX establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person (recast)].

(63)Insofar as its provisions relate to SIS as governed by Decision 2007/533/JHA, the United Kingdom is taking part in this Regulation, in accordance with Article 5(1) of Protocol No 19 on the Schengen acquis integrated into the framework of the European Union, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union (Protocol on the Schengen acquis) and Article 8(2) of Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis 62 . Furthermore, insofar as its provisions relate to Eurodac [and the automated system for registration, monitoring and the allocation mechanism for applications for international protection referred to in Article 44 of Regulation (EU) XX/XX establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person (recast)] the United Kingdom may notify to the President of the Council its wish to take part in the adoption and application of this Regulation, in accordance with Article 3 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the TEU and to the TFEU (Protocol on the position of the United Kingdom and Ireland). Insofar as its provisions relate to [the ECRIS-TCN system], in accordance with Articles 1 and 2 and Article 4a(1) of Protocol 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the TEU and the TFEU, the United Kingdom is not taking part in the adoption of this Regulation and is not bound or subject to its application. In accordance with Article 3 and Article 4a(1) of Protocol 21, the United Kingdom may notify its wish to take part in the adoption of this Regulation.

(64)Insofar as its provisions relate to SIS as governed by Decision 2007/533/JHA, Ireland is taking part in this Regulation, in accordance with Article 5(1) of Protocol No 19 on the Schengen acquis integrated into the framework of the European Union, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union (Protocol on the Schengen acquis), and Article 6(2) of Council Decision 2002/192/EC of 28 February 2002 concerning Ireland's request to take part in some of the provisions of the Schengen acquis 63 . Furthermore, insofar as its provisions relate to Eurodac [and the automated system for registration, monitoring and the allocation mechanism for applications for international protection referred to in Article 44 of Regulation (EU) XX/XX establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person (recast)], Ireland may notify to the President of the Council its wish to take part in the adoption and application of this Regulation, in accordance with Article 3 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union (Protocol on the position of the United Kingdom and Ireland). Insofar as its provisions relate to [the ECRIS-TCN system], in accordance with Articles 1 and 2 and Article 4a(1) of Protocol 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the TEU and the TFEU, Ireland is not taking part in the adoption of this Regulation and is not bound or subject to its application. In accordance with Article 3 and Article 4a(1) of Protocol 21, Ireland may notify its wish to take part in the adoption of this Regulation.

(65)As regards Iceland and Norway, as regards Eurodac [and the automated system for registration, monitoring and the allocation mechanism for applications for international protection referred to in Article 44 of Regulation (EU) XX/XX establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person (recast)], this Regulation constitutes a new measure within the meaning of the Agreement between the European Community and the Republic of Iceland and the Kingdom of Norway concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Iceland or Norway.

(66)As regards Switzerland, as regards Eurodac [and the automated system for registration, monitoring and the allocation mechanism for applications for international protection referred to in Article 44 of Regulation (EU) XX/XX establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person (recast)], this Regulation constitutes a new measure related to Eurodac within the meaning of the Agreement between the European Community and the Swiss Confederation concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Switzerland.

(67)As regards Liechtenstein, as regards Eurodac, [and the automated system for registration, monitoring and the allocation mechanism for applications for international protection referred to in Article 44 of Regulation (EU) XX/XX establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person (recast)] this Regulation constitutes a new measure within the meaning of the Protocol between the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Community and the Swiss Confederation concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Switzerland.

(68)This Regulation respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union and shall be applied in accordance with those rights and principles,

HAVE ADOPTED THIS REGULATION:

CHAPTER I
General provisions

Article 1

Subject matter

1.This Regulation, together with [Regulation 2018/xx on interoperability borders and visa], establishes a framework to ensure the interoperability between the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS)], Eurodac, the Schengen Information System (SIS), and [the European Criminal Records Information System for third-country nationals (ECRIS-TCN)] in order for those systems and data to supplement each other.

2.The framework shall include the following interoperability components:

(a)a European search portal (ESP);

(b)a shared biometric matching service (shared BMS);

(c)a common identity repository (CIR);

(d)a multiple-identity detector (MID).

3.This Regulation also lays down provisions on data quality requirements, on a Universal Message Format (UMF), on a central repository for reporting and statistics (CRRS) and lays down the responsibilities of the Member States and of the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA), with respect to the design and operation of the interoperability components.

4.This Regulation also adapts the procedures and conditions for Member State law enforcement authorities and for the European Union Agency for Law Enforcement Cooperation (Europol) access to the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS),] and Eurodac for the purposes of the prevention, detection and investigation of terrorist offences or of other serious criminal offences falling under their competence.

Article 2
Objectives of interoperability

1.By ensuring interoperability, this Regulation shall have the following objectives:

(a)to improve the management of the external borders;

(b)to contribute to preventing and combating irregular migration;

(c)to contribute to a high level of security within the area of freedom, security and justice of the Union including the maintenance of public security and public policy and safeguarding the security in the territories of the Member States;

(d)to improve the implementation of the common visa policy; and

(e)to assist in examining application for international protection.

2.The objectives of ensuring interoperability shall be achieved by:

(a)ensuring the correct identification of persons;

(b)contributing to fighting identity fraud;

(c)improving and harmonising data quality requirements of the respective EU information systems;

(d)facilitating the technical and operational implementation by Member States of existing and future EU information systems;

(e)strengthening and simplifying and making more uniform the data security and data protection conditions that govern the respective EU information systems;

(f)streamlining the conditions for law enforcement access to the EES, the VIS, [the ETIAS] and Eurodac;

(g)supporting the purposes of the EES, the VIS, [the ETIAS], Eurodac, the SIS and [the ECRIS-TCN system].

Article 3

Scope

1.This Regulation applies to Eurodac, the Schengen Information System (SIS) and [the European Criminal Records Information System for third-country nationals (ECRIS-TCN)].

2.This Regulation also applies to the Europol data to the extent of enabling querying it simultaneously to the EU information systems referred to in paragraph 1 in accordance with Union law.

3.This Regulation applies to persons in respect of whom personal data may be processed in the EU information systems referred to in paragraph 1 and in the Europol data referred to in paragraph 2.

Article 4
Definitions

For the purposes of this Regulation, the following definitions apply:

(1)‘external borders’ means external borders as defined in Article 2(2) of Regulation (EU) 2016/399;

(2)‘border checks’ means border checks as defined in Article 2(11) of Regulation (EU) 2016/399;

(3)‘border authority’ means the border guard assigned in accordance with national law to carry out border checks;

(4)‘supervisory authorities’ means the supervisory authority established in accordance with Article 51(1) of Regulation (EU) 2016/679 and the supervisory authority established in accordance with Article 41(1) of Directive (EU) 2016/680;

(5)‘verification’ means the process of comparing sets of data to establish the validity of a claimed identity (one-to-one check);

(6)‘identification’ means the process of determining a person’s identity through a database search against multiple sets of data (one-to-many check);

(7)‘third-country national’ means a person who is not a citizen of the Union within the meaning of Article 20(1) of the Treaty, or a stateless person or a person whose nationality is unknown;

(8)‘alphanumeric data’ means data represented by letters, digits, special characters, spaces and punctuation marks;

(9)‘identity data’ means the data referred to in Article 27(3)(a) to (h);

(10)‘fingerprint data’ means the data relating to the fingerprints of an individual;

(11)‘facial image’ means digital images of the face;

(12)‘biometric data’ means fingerprint data and/or facial image;

(13)‘biometric template’ means a mathematical representation obtained by feature extraction from biometric data limited to the characteristics necessary to perform identifications and verifications;

(14)‘travel document’ means a passport or other equivalent document entitling the holder to cross the external borders and to which a visa may be affixed;

(15)‘travel document data’ means the type, number and country of issuance of the travel document, the date of expiry of the validity of the travel document and the three-letter code of the country issuing the travel document;

(16)‘travel authorisation’ means travel authorisation as defined in Article 3 of the [ETIAS Regulation];

(17)‘shortstay visa’ means visa as defined in Article 2(2)(a) of Regulation (EC) No 810/2009;

(18)‘EU information systems’ means the large-scale IT systems managed by eu-LISA;

(19)‘Europol data’ means personal data provided to Europol for the purpose referred to in Article 18(2)(a) of Regulation (EU) 2016/794;

(20)‘Interpol databases’ means the Interpol Stolen and Lost Travel Document database (SLTD) and the Interpol Travel Documents Associated with Notices database (Interpol TDAWN);

(21)‘match’ means the existence of a correspondence established by comparing two or more occurrences of personal data recorded or being recorded in an information system or database;

(22)‘hit’ means the confirmation of one match or several matches;

(23)'police authority' means 'competent authority' as defined in Article 3(7) of Directive 2016/680;

(24)‘designated authorities’ means the Member State designated authorities referred to in Article 29(1) of Regulation (EU) 2017/2226, Article 3(1) of Council Decision 2008/633/JHA, [Article 43 of the ETIAS Regulation] and [Article 6 of the Eurodac Regulation];

(25)‘terrorist offence’ means an offence under national law which corresponds or is equivalent to one of the offences referred to in Directive (EU) 2017/541;

(26)‘serious criminal offence’ means an offence which corresponds or is equivalent to one of the offences referred to in Article 2(2) of Framework Decision 2002/584/JHA, if it is punishable under national law by a custodial sentence or a detention order for a maximum period of at least three years;

(27)'EES' means the Entry/Exit System as referred to in Regulation (EU) 2017/2226;

(28)'VIS' means the Visa Information System as referred to in Regulation (EC) No 767/2008;

(29)['ETIAS' means the European Travel Information and Authorisation System as referred to in the ETIAS Regulation];

(30)'Eurodac' means Eurodac as referred to in the [Eurodac Regulation];

(31)'SIS' means the Schengen Information System as referred to [in the Regulation on SIS in the field of border checks, Regulation on SIS in the field of law enforcement and Regulation on SIS in the field of illegal return];

(32)['ECRIS-TCN System' means the European Criminal Records Information System holding conviction information on third-country national and stateless persons as referred to in the ECRIS-TCN System Regulation];

(33)'ESP' means the European search portal as referred to in Article 6;

(34)'shared BMS' means the shared biometric matching service as referred to in Article 15;

(35)'CIR' means the common identity repository as referred to in Article 17;

(36)'MID' means the multiple-identity detector as referred to in Article 25;

(37)'CRRS' means the central repository for reporting and statistics as referred to in Article 39.

Article 5
Non-discrimination

Processing of personal data for the purposes of this Regulation shall not result in discrimination against persons on any grounds such as sex, racial or ethnic origin, religion or belief, disability, age or sexual orientation. It shall fully respect human dignity and integrity. Particular attention shall be paid to children, the elderly and persons with a disability.

CHAPTER II
European Search Portal

Article 6

European search portal

1.A European search portal (ESP) is established for the purposes of ensuring that Member State authorities and EU bodies have fast, seamless, efficient, systematic and controlled access to the EU information systems, the Europol data and the Interpol databases that they need to perform their tasks in accordance with their access rights and of supporting the objectives of the EES, the VIS, [the ETIAS], Eurodac, the SIS, [the ECRIS-TCN system] and the Europol data.

2.The ESP shall be composed of:

(a)a central infrastructure, including a search portal enabling the simultaneous querying of the EES, the VIS, [the ETIAS], Eurodac, the SIS, [the ECRIS-TCN system] as well as of the Europol data and the Interpol databases;

(b)a secure communication channel between the ESP, Member States and EU bodies that are entitled to use the ESP in accordance with Union law;

(c)a secure communication infrastructure between the ESP and the EES, the VIS, [the ETIAS], Eurodac, the Central-SIS, [the ECRIS-TCN system], the Europol data and the Interpol databases as well as between the ESP and the central infrastructures of the common identity repository (CIR) and the multiple-identity detector.

3.eu-LISA shall develop the ESP and ensure its technical management.

Article 7

Use of the European search portal

1.The use of the ESP shall be reserved to the Member State authorities and EU bodies having access to the EES, [the ETIAS], the VIS, the SIS, Eurodac and [the ECRIS-TCN system], to the CIR and the multiple-identity detector as well as the Europol data and the Interpol databases in accordance with Union or national law governing such access.

2.The authorities referred to in paragraph 1 shall use the ESP to search data related to persons or their travel documents in the central systems of Eurodac and [the ECRIS-TCN system] in accordance with their access rights under Union and national law. They shall also use the ESP to query the CIR in accordance with their access rights under this Regulation for the purposes referred to in Articles 20, 21 and 22.

3.The Member State authorities referred to in paragraph 1 may use the ESP to search data related to persons or their travel documents in the Central SIS referred to in the [Regulation on SIS in the field of border checks and of the Regulation on SIS in the field of law enforcement]. Access to the Central SIS via the ESP shall be established through the national system (N.SIS) of each Member State in accordance with [Article 4(2) of the Regulation on SIS in the field of border checks and of the Regulation on SIS in the field of law enforcement].

4.The EU bodies shall use the ESP to search data related to persons or their travel documents in the Central SIS.

5.The authorities referred to in paragraph 1 may use the ESP to search data related to persons or their travel documents in the Europol data in accordance with their access rights under Union and national law.

Article 8

Profiles for the users of the European search portal

1.For the purposes of enabling the use of the ESP, eu-LISA shall create a profile for each category of user of the ESP in accordance with the technical details and access rights referred to in paragraph 2, including, in accordance with Union and national law:

(a)the fields of data to be used for querying;

(b)the EU information systems, the Europol data and the Interpol databases that shall and may be consulted and that shall provide a reply to the user; and

(c)the data provided in each reply.

2.The Commission shall adopt delegated acts in accordance with Article 63 to specify the technical details of the profiles referred to in paragraph 1 for the users of the ESP referred to in Article 7(1) in accordance with their access rights.

Article 9

Queries

1.The users of the ESP shall launch a query by introducing data in the ESP in accordance with their user profile and access rights. Where a query has been launched, the ESP shall query simultaneously, with the data introduced by the user of the ESP, the EES, [the ETIAS], the VIS, the SIS, Eurodac, [the ECRIS-TCN system] and the CIR as well as the Europol data and the Interpol databases.

2.The fields of data used to launch a query via the ESP shall correspond to the fields of data related to persons or travel documents that may be used to query the various EU information systems, the Europol data and the Interpol databases in accordance with the legal instruments governing them.

3.eu-LISA shall implement an interface control document (ICD) based on the UMF referred to in Article 38 for the ESP.

4.The EES, [the ETIAS], the VIS, the SIS, Eurodac, [the ECRIS-TCN system], the CIR and the multiple-identity detector, as well as the Europol data and the Interpol databases, shall provide the data that they contain resulting from the query of the ESP.

5.When querying the Interpol databases, the design of the ESP shall ensure that the data used by the user of the ESP to launch a query is not shared with the owners of Interpol data.

6.The reply to the user of the ESP shall be unique and shall contain all the data to which the user has access under Union law. Where necessary, the reply provided by the ESP shall indicate to which information system or database the data belongs.

7.The Commission shall adopt a delegated act in accordance with Article 63 to specify the content and format of the ESP replies.

Article 10

Keeping of logs

1.Without prejudice to [Article 39 of the Eurodac Regulation], [Articles 12 and 18 of the Regulation on SIS in the field of law enforcement], [Article 29 of the ECRIS-TCN Regulation] and Article 40 of Regulation (EU) 2016/794, eu-LISA shall keep logs of all data processing operations within the ESP. Those logs shall include, in particular, the following:

(a)the Member State authority and the individual user of the ESP, including the ESP profile used as referred to in Article 8;

(b)the date and time of the query;

(c)the EU information systems and the Europol data queried;

(d)in accordance with national rules or with Regulation (EU) 2016/794 or, when applicable, Regulation (EU) 45/2001, the identifying mark of the person who carried out the query.

2.The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. Those logs shall be protected by appropriate measures against unauthorised access and erased one year after their creation, unless they are required for monitoring procedures that have already begun.

Article 11

Fall-back procedures in case of technical impossibility to use the European search portal

1.Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1) or the CIR, because of a failure of the ESP, the users of the ESP shall be notified by eu-LISA.

2.Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1) or the CIR, because of a failure of the national infrastructure in a Member State, that Member State's competent authority shall notify eu-LISA and the Commission.

3.In both scenarios, and until the technical failure is addressed, the obligation referred to in Article 7(2) and (4) shall not apply and Member States may access the information systems referred to in Article 9(1) or the CIR directly using their respective national uniform interfaces or national communication infrastructures.

CHAPTER III
Shared Biometric Matching Service

Article 12

Shared biometric matching service

1.A shared biometric matching service (shared BMS) storing biometric templates and enabling querying with biometric data across several EU information systems is established for the purposes of supporting the CIR and the multiple-identity detector and the objectives of the EES, the VIS, Eurodac, the SIS and [the ECRIS-TCN system].

2.The shared BMS shall be composed of:

(a)a central infrastructure, including a search engine and the storage of the data referred to in Article 13;

(b)a secure communication infrastructure between the shared BMS, Central-SIS and the CIR.

3.eu-LISA shall develop the shared BMS and ensure its technical management.

Article 13

Data stored in the shared biometric matching service

1.The shared BMS shall store the biometric templates that it shall obtain from the following biometric data:

(a)the data referred to in Article 16(1)(d) and Article 17(1)(b) and (c) of Regulation (EU) 2017/2226;

(b)the data referred to in Article 9(6) of Regulation (EC) No 767/2008;

(c)[the data referred to in Article 20(2)(w) and (x) of the Regulation on SIS in the field of border checks;

(d)the data referred to in Article 20(3)(w) and (x) of the Regulation on SIS in the field of law enforcement;

(e)the data referred to in Article 4(3)(t) and (u) of the Regulation on SIS in the field of illegal return];

(f)[the data referred to in Article 13(a) of the Eurodac Regulation;]

(g)[the data referred to in Article 5(1)(b) and Article 5(2) of the ECRIS-TCN Regulation.]

2.The shared BMS shall include in each biometric template a reference to the information systems in which the corresponding biometric data is stored.

3.Biometric templates shall only be entered in the shared BMS following an automated quality check of the biometric data added to one of the information systems performed by the shared BMS to ascertain the fulfilment of a minimum data quality standard.

4.The storage of the data referred to in paragraph 1 shall meet the quality standards referred to in Article 37(2).

Article 14

Searching biometric data with the shared biometric matching service

In order to search the biometric data stored within the CIR and the SIS, the CIR and the SIS shall use the biometric templates stored in the shared BMS. Queries with biometric data shall take place in accordance with the purposes provided for in this Regulation and in the EES Regulation, the VIS Regulation, the Eurodac Regulation, the [SIS Regulations] and [the ECRIS-TCN Regulation].

Article 15

Data retention in the shared biometric matching service

The data referred to in Article 13 shall be stored in the shared BMS for as long as the corresponding biometric data is stored in the CIR or the SIS.

Article 16

Keeping of logs

1.Without prejudice to [Article 39 of the Eurodac Regulation], [Article 12 and 18 of the Regulation on SIS in the field of law enforcement] and [Article 29 of the ECRIS-TCN Regulation], eu-LISA shall keep logs of all data processing operations within the shared BMS. Those logs shall include, in particular, the following:

(a)the history related to the creation and storage of biometric templates;

(b)a reference to the EU information systems queried with the biometric templates stored in the shared BMS;

(c)the date and time of the query;

(d)the type of biometric data used to launch the query;

(e)the length of the query;

(f)the results of the query and date and time of the result;

(g)in accordance with national rules or with Regulation (EU) 2016/794 or, when applicable, Regulation (EU) 45/2001, the identifying mark of the person who carried out the query.

2.The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. Those logs shall be protected by appropriate measures against unauthorised access and erased one year after their creation, unless they are required for monitoring procedures that have already begun. The logs referred to in paragraph 1(a) shall be erased once the data is erased.

CHAPTER IV
Common Identity Repository

Article 17

Common identity repository

1.A common identity repository (CIR), creating an individual file for each person that is recorded in the EES, the VIS, [the ETIAS], Eurodac or [the ECRIS-TCN system] containing the data referred to in Article 18, is established for the purpose of facilitating and assisting the correct identification of persons registered in the EES, the VIS, [the ETIAS], the Eurodac and [the ECRIS-TCN system], of supporting the functioning of the multiple-identity detector and of facilitating and streamlining access by law enforcement authorities to non-law enforcement information systems at EU level, where necessary for the prevention, investigation, detection or prosecution of serious crime.

2.The CIR shall be composed of:

(a)a central infrastructure that shall replace the central systems of respectively the EES, the VIS, [the ETIAS], Eurodac and [the ECRIS-TCN system] to the extent that it shall store the data referred to in Article 18;

(b)a secure communication channel between the CIR, Member States and EU bodies that are entitled to use the European search portal (ESP) in accordance with Union law;

(c)a secure communication infrastructure between the CIR and the EES, [the ETIAS], the VIS, Eurodac and [the ECRIS-TCN system] as well as with the central infrastructures of the ESP, the shared BMS and the multiple-identity detector.

3.eu-LISA shall develop the CIR and ensure its technical management.

Article 18

The common identity repository data

1.The CIR shall store the following data – logically separated – according to the information system from which the data was originated:

(a)– (not applicable);

(b)– (not applicable);

(c)– (not applicable);

(d)[the data referred to in Article 13(a) to (e), (g) and (h) of the [Eurodac Regulation;]

(e)[the data referred to in Article 5(1)(b) and 5(2) and the following data of Article 5(1)(a) of the ECRIS-TCN Regulation: surname or family name; first name(s) (given name(s)); sex; date of birth; place and country of birth; nationality or nationalities; gender and where applicable previous names, pseudonyms(s) and/or alias name(s).]

2.For each set of data referred to in paragraph 1, the CIR shall include a reference to the information systems to which the data belongs.

3.The storage of the data referred to in paragraph 1 shall meet the quality standards referred to in Article 37(2).

Article 19

Adding, amending and deleting data in the common identity repository

1.Where data is added, amended or deleted in Eurodac or [the ECRIS-TCN system], the data referred to in Article 18 stored in the individual file of the CIR shall be added, amended or deleted accordingly in an automated manner.

2.Where the multiple-identity detector creates a white or red link in accordance with Articles 32 and 33 between the data of two or more of the EU information systems constituting the CIR, instead of creating a new individual file, the CIR shall add the new data to the individual file of the linked data.

       Article 20

Access to the common identity repository for identification

1.Where a Member State police authority has been so empowered by national legislative measures as referred to in paragraph 2, it may, solely for the purpose of identifying a person, query the CIR with the biometric data of that person taken during an identity check.

Where the query indicates that data on that person is stored in the CIR, the Member States authority shall have access to consult the data referred to in Article 18(1).

Where the biometric data of the person cannot be used or where the query with that data fails, the query shall be carried out with identity data of the person in combination with travel document data, or with the identity data provided by that person.

2.Member States wishing to avail themselves of the possibility provided for in this Article shall adopt national legislative measures. Such legislative measures shall specify the precise purposes of identity checks within the purposes referred to in Article 2(1)(b) and (c). They shall designate the police authorities competent and lay down the procedures, conditions and criteria of such checks.

Article 21

Access to the common identity repository for the detection of multiple identities

1.Where a query of the CIR results in a yellow link in accordance with Article 28(4), the authority responsible for the verification of different identities determined in accordance with Article 29 shall have access, solely for the purpose of that verification, to the identity data stored in the CIR belonging to the various information systems connected to a yellow link.

2.Where a query of the CIR results in a red link in accordance with Article 32, the authorities referred to in Article 26(2) shall have access, solely for the purposes of fighting identity fraud, to the identity data stored in the CIR belonging to the various information systems connected to a red link.

Article 22

Querying the common identity repository for law enforcement purposes

1.For the purposes of preventing, detecting and investigating terrorist offences or other serious criminal offences in a specific case and in order to obtain information on whether data on a specific person is present in Eurodac, the Member State designated authorities and Europol may consult the CIR.

2.Member State designated authorities and Europol shall not be entitled to consult data belonging to [the ECRIS-TCN] when consulting the CIR for the purposes listed in paragraph 1.

3.Where, in reply to a query the CIR indicates data on that person is present in Eurodac the CIR shall provide to Member States' designated authorities and Europol a reply in the form of a reference indicating which of the information systems contains matching data referred to in Article 18(2). The CIR shall reply in such a way that the security of the data is not compromised.

4.Full access to the data contained in the EU information systems for the purposes of preventing, detecting and investigating terrorist offences or other serious criminal offences remains subject to the conditions and procedures laid down in the respective legislative instruments governing such access.

Article 23

Data retention in the common identity repository

1.The data referred to in Article 18(1) and (2) shall be deleted from the CIR in accordance with the data retention provisions of [the Eurodac Regulation] and [the ECRIS-TCN Regulation] respectively.

2.The individual file shall be stored in the CIR for as long as the corresponding data is stored in at least one of the information systems whose data is contained in the CIR. The creation of a link shall not affect the retention period of each item of the linked data.

Article 24

Keeping of logs

1.Without prejudice to [Article 39 of the Eurodac Regulation] and [Article 29 of the ECRIS-TCN Regulation], eu-LISA shall keep logs of all data processing operations within the CIR in accordance with paragraphs 2, 3 and 4.

2.Concerning any access to the CIR pursuant to Article 20, eu-LISA shall keep logs of all data processing operations within the CIR. Those logs shall include, in particular, the following:

(a)the purpose of access of the user querying via the CIR;

(b)the date and time of the query;

(c)the type of data used to launch the query;

(d)the results of the query;

(e)in accordance with national rules or with Regulation (EU) 2016/794 or, when applicable, Regulation (EU) 45/2001, the identifying mark of the person who carried out the query.

3.Concerning any access to the CIR pursuant to Article 21, eu-LISA shall keep logs of all data processing operations within the CIR. Those logs shall include, in particular, the following:

(a)the purpose of access of the user querying via the CIR;

(b)the date and time of the query;

(c)where relevant, the data used to launch the query;

(d)where relevant, the results of the query;

(e)in accordance with national rules or with Regulation (EU) 2016/794 or, when applicable, Regulation (EU) 45/2001, the identifying mark of the person who carried out the query.

4.Concerning any access to the CIR pursuant to Article 22, eu-LISA shall keep logs of all data processing operations within the CIR. Those logs shall include, in particular, the following:

(a)the national file reference;

(b)the date and time of the query;

(c)the type of data used to launch the query;

(d)the results of the query;

(e)the name of the authority consulting the CIR;

(f)in accordance with national rules or with Regulation (EU) 2016/794 or, when applicable, Regulation (EU) 45/2001, the identifying mark of the official who carried out the query and of the official who ordered the query.

The logs of such access shall be regularly verified by the competent supervisory authority established in accordance with Article 51 of Regulation (EU) 2016/679 or in accordance with Article 41 of Directive 2016/680, at intervals not exceeding six months, to verify whether the procedures and conditions set out in Article 22(1) to (3) are fulfilled.

5.Each Member State shall keep logs of queries of the staff duly authorised to use the CIR pursuant to Articles 20, 21 and 22.

6.The logs referred to in paragraphs 1 and 5 may be used only for data protection monitoring, including checking the admissibility of a request and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. They shall be protected by appropriate measures against unauthorised access and erased one year after their creation, unless they are required for monitoring procedures that have already begun.

7.eu-LISA shall keep the logs related to the history of the data stored in individual file, for purposes defined in paragraph 6. The logs related to the history of the data stored shall be erased once the data is erased.

CHAPTER V
Multiple-identity Detector

Article 25

Multiple-identity detector

1.A multiple-identity detector (MID) creating and storing links between data in the EU information systems included in the common identity repository (CIR) and the SIS and as a consequence detecting multiple identities, with the dual purpose of facilitating identity checks and combating identity fraud, is established for the purpose of supporting the functioning of the CIR and the objectives of the EES, the VIS, the ETIAS], Eurodac, the SIS and [the ECRIS-TCN system].

2.The MID shall be composed of:

(a)a central infrastructure, storing links and references to information systems;

(b)a secure communication infrastructure to connect the MID with the SIS and the central infrastructures of the European search portal and the CIR.

3.eu-LISA shall develop the MID and ensure its technical management.

Article 26

Access to the multiple-identity detector

1.For the purposes of the manual identity verification referred to in Article 29, access to the data referred to in Article 34 stored in the MID shall be granted to:

(a)– (not applicable);

(b)– (not applicable);

(c)– (not applicable);

(d)the authorities competent to assess a request for international protection provided for in the Eurodac Regulation when assessing a new request for international protection;

(e)the SIRENE Bureaux of the Member State creating a [Regulation on SIS in the field of law enforcement or Regulation on SIS in the field of illegal return];

(f)[the central authorities of the convicting Member State when recording or updating data in the ECRIS-TCN system in accordance with Article 5 of the ECRIS-TCN Regulation.]

2.Member State authorities and EU bodies having access to at least one EU information system included in the common identity repository or to the SIS shall have access to the data referred to in Article 34(a) and (b) regarding any red links as referred to in Article 32.

Article 27

Multiple-identity detection

1.A multiple-identity detection in the common identity repository and the SIS shall be launched where:

(a)– (not applicable);

(b)– (not applicable);

(c)– (not applicable);

(d)[an application for international protection is created or updated in Eurodac in accordance with Article 10 of the Eurodac Regulation];

(e)[an alert on a person is created or updated in the SIS in accordance with Chapters VI, VII, VIII and IX of the Regulation on SIS in the field of law enforcement and Article 3 of the Regulation on SIS in the field of illegal return];

(f)[a data record is created or updated in the ECRIS-TCN system in accordance with Article 5 of the ECRIS-TCN Regulation.]

2.Where the data contained within an information system as referred to in paragraph 1 contains biometric data, the common identity repository (CIR) and the Central-SIS shall use the shared biometric matching service (shared BMS) in order to perform the multiple-identity detection. The shared BMS shall compare the biometric templates obtained from any new biometric data to the biometric templates already contained in the shared BMS in order to verify whether or not data belonging to the same third-country national is already stored in the CIR or in the Central SIS.

3.In addition to the process referred to in paragraph 2, the CIR and the Central-SIS shall use the European search portal to search the data stored in the CIR and the Central-SIS using the following data:

(a)– (not applicable);

(b)– (not applicable);

(c)– (not applicable);

(d)[surname(s); forename(s); name(s) at birth, previously used names and aliases; date of birth, place of birth, nationality(ies) and sex as referred to in Article 12 of the Eurodac Regulation];

(e)– (not applicable);

(f)[surname(s); forename(s); name(s) at birth, previously used names and aliases; date of birth, place of birth, nationality(ies) and sex as referred to in Article 20(3) of the Regulation on SIS in the field of law enforcement;]

(g)[surname(s); forename(s); name(s) at birth, previously used names and aliases; date of birth, place of birth, nationality(ies) and sex as referred to in Article 4 of the Regulation on SIS in the field of illegal return;]

(h)[surname (family name); first name(s) (given names); date of birth, place of birth, nationality(ies) and gender as referred to in Article 5(1)(a) of the ECRIS-TCN Regulation.]

4.The multiple-identity detection shall only be launched in order to compare data available in one information system with data available in other information systems.

Article 28
Results of the multiple-identity detection

1.Where the queries referred to in Article 27(2) and (3) do not report any hit, the procedures referred to in Article 27(1) shall continue in accordance with the respective Regulations governing them.

2.Where the query laid down in Article 27(2) and (3) reports one or several hit(s), the common identity repository and, where relevant, the SIS shall create a link between the data used to launch the query and the data triggering the hit.

Where several hits are reported, a link shall be created between all data triggering the hit. Where data was already linked, the existing link shall be extended to the data used to launch the query.

3.Where the query referred to in Article 27(2) or (3) reports one or several hit(s) and the identity data of the linked files is identical or similar, a white link shall be created in accordance with Article 33.

4.Where the query referred to in Article 27(2) or (3) reports one or several hit(s) and the identity data of the linked files cannot be considered as similar, a yellow link shall be created in accordance with Article 30 and the procedure referred to in Article 29 shall apply.

5.The Commission shall lay down the procedures to determine the cases where identity data can be considered as identical or similar in implementing acts. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 64(2).

6.The links shall be stored in the identity confirmation file referred to in Article 34.

The Commission shall lay down the technical rules for linking data from different information systems by implementing acts. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 64(2).

Article 29
Manual verification of different identities

1.Without prejudice to paragraph 2, the authority responsible for verification of different identities shall be:

(a)– (not applicable);

(b)– (not applicable);

(c)– (not applicable);

(d)the authority assessing a request for international protection as provided for in the Eurodac Regulation for hits that occurred when assessing such request;

(e)the SIRENE Bureaux of the Member State for hits that occurred when creating a SIS alert in accordance with the [Regulations on SIS in the field of law enforcement and on SIS in the field of illegal return];

(f)the central authorities of the convicting Member State for hits that occurred when recording or updating data in the ECRIS-TCN system in accordance with Article 5 of the [ECRIS-TCN Regulation].

The multiple-identity detector shall indicate the authority responsible for the verification of different identities in the identity verification file.

2.The authority responsible for the verification of different identities in the identity confirmation file shall be the SIRENE Bureau of the Member State that created the alert where a link is created to data contained:

(a)in an alert in respect of persons wanted for arrest or for surrender or extradition purposes as referred to in Article 26 of [the Regulation on SIS in the field of law enforcement];

(b)in an alert on missing or vulnerable persons as referred to in Article 32 of [the Regulation on SIS in the field of law enforcement];

(c)in an alert on persons sought to assist with a judicial procedure as referred to in Article 34 of [the Regulation on SIS in the field of law enforcement];

(d)[in an alert on return in accordance with the Regulation on SIS in the field of illegal return];

(e)in an alert on persons for discreet checks, inquiry checks or specific checks as referred to in Article 36 of [the Regulation on SIS in the field of law enforcement];

(f)in an alert on unknown wanted persons for identification according to national law and search with biometric data as referred to in Article 40 of [the Regulation on SIS in the field of law enforcement].

3.Without prejudice to paragraph 4, the authority responsible for verification of different identities shall have access to the related data contained in the relevant identity confirmation file and to the identity data linked in the common identity repository and, where relevant, in the SIS, and shall assess the different identities and shall update the link in accordance with Articles 31, 32 and 33 and add it to the identity confirmation file without delay.

4.– (not applicable).

5.Where more than one link is obtained, the authority responsible for the verification of different identities shall assess each link separately.

6.Where data reporting a hit was already linked, the authority responsible for the verification of different identities shall take into account the existing links when assessing the creation of new links.

Article 30

Yellow link

1.A link between data from two or more information systems shall be classified as yellow in any of the following cases:

(a)the linked data shares the same biometric but different identity data and no manual verification of different identity has taken place;

(b)the linked data has different identity data and no manual verification of different identity has taken place.

2.Where a link is classified as yellow in accordance with paragraph 1, the procedure laid down in Article 29 applies.

Article 31

Green link

1.A link between data from two or more information systems shall be classified as green where the linked data do not share the same biometric but have similar identity data and the authority responsible for the verification of different identities concluded it refers to two different persons.

2.Where the common identity repository (CIR) or the SIS are queried and where a green link exists between two or more of the information systems constituting the CIR or with the SIS, the multiple-identity detector shall indicate that the identity data of the linked data does not correspond to the same person. The queried information system shall reply indicating only the data of the person whose data was used for the query, without triggering a hit against the data that is subject to the green link.

Article 32

Red link

1.A link between data from two or more information systems shall be classified as red in any of the following cases:

(a)the linked data shares the same biometric but different identity data and the authority responsible for the verification of different identities concluded it refers unlawfully to the same person;

(b)the linked data has similar identity data and the authority responsible for the verification of different identities concluded it refers unlawfully to the same person.

2.Where the CIR or the SIS are queried and where a red link exists between two or more of the information systems constituting the CIR or with the SIS, the multiple-identity detector shall reply indicating the data referred to in Article 34. Follow-up to a red link shall take place in accordance with Union and national law.

3.Where a red link is created between data from the EES, the VIS, [the ETIAS], Eurodac or [the ECRIS-TCN System], the individual file stored in the CIR shall be updated in accordance with Article 19(1).

4.Without prejudice to the provisions related to the handling of alerts in the SIS referred to in the [Regulations on SIS in the field of border checks, on SIS in the field of law enforcement and on SIS in the field of illegal return], and without prejudice to limitations necessary to protect security and public order, prevent crime and guarantee that any national investigation will not be jeopardised, where a red link is created, the authority responsible for verification of different identities shall inform the person of the presence of multiple unlawful identities.

5.Where a red link is created, the authority responsible for verification of different identities shall provide a reference to the authorities responsible for the data linked.

Article 33

White link

1.A link between data from two or more information systems shall be classified as white in any of the following cases:

(a)the linked data shares the same biometric and the same or similar identity data;

(b)the linked data shares the same or similar identity data and at least one of the information systems does not have biometric data on the person;

(c)the linked data shares the same biometric but different identity data and the authority responsible for the verification of different identities concluded it refers to the same person legally having different identity data.

2.Where the CIR or the SIS are queried and where a white link exists between one or more of the information systems constituting the CIR or with the SIS, the multiple-identity detector shall indicate that the identity data of the linked data correspond to the same person. The queried information systems shall reply indicating, where relevant, all the linked data on the person, hence triggering a hit against the data that is subject to the white link, if the authority launching the query has access to the linked data under Union or national law.

3.Where a white link is created between data from the EES, the VIS, [the ETIAS], Eurodac or [the ECRIS-TCN system], the individual file stored in the CIR shall be updated in accordance with Article 19(1).

4.Without prejudice to the provisions related to the handling of alerts in the SIS referred to in the [Regulations on SIS in the field of border checks, on SIS in the field of law enforcement and on SIS in the field of illegal return], where a white link is created following a manual verification of multiple identities, the authority responsible for verification of different identities shall inform the person of the presence of discrepancies between his or her personal data between systems and shall provide a reference to the authorities responsible for the data linked.

Article 34

Identity confirmation file

The identity confirmation file shall contain the following data:

(a)the links, including their description in form of colours, as referred to in Articles 30 to 33;

(b)a reference to the information systems whose data is linked;

(c)a single identification number allowing to retrieve the data from the information systems of corresponding linked files;

(d)where relevant, the authority responsible for the verification of different identities.

Article 35

Data retention in the multiple-identity detector

The identity confirmation files and its data, including the links, shall be stored in the multiple-identity detector (MID) only for as long as the linked data is stored in two or more EU information systems.

Article 36

Keeping of logs

1.eu-LISA shall keep logs of all data processing operations within the MID. Those logs shall include, in particular, the following:

(a)the purpose of access of the user and his or her access rights;

(b)the date and time of the query;

(c)the type of data used to launch the query or queries;

(d)the reference to the data linked;

(e)the history of the identity confirmation file;

(f)the identifying mark of the person who carried out the query.

2.Each Member State shall keep logs of the staff duly authorised to use the MID.

3.The logs may be used only for data protection monitoring, including checking the admissibility of a request and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. The logs shall be protected by appropriate measures against unauthorised access and erased one year after their creation, unless they are required for monitoring procedures that have already begun. The logs related to the history of the identity confirmation file shall be erased once the data in the identity confirmation file is erased.

CHAPTER VI
Measures supporting interoperability

Article 37

Data quality

1.eu-LISA shall establish automated data quality control mechanisms and procedures on the data stored in the SIS, Eurodac, [the ECRIS-TCN system], the shared biometric matching service (shared BMS), the common identity repository (CIR) and the multiple-identity detector (MID).

2.eu-LISA shall establish common data quality indicators and the minimum quality standards to store data in the SIS, Eurodac, [the ECRIS-TCN system], the shared BMS, the CIR and the MID.

3.eu-LISA shall provide regular reports on the automated data quality control mechanisms and procedures and the common data quality indicators to the Member States. eu-LISA shall also provide a regular report to the Commission covering the issues encountered and the Member States concerned.

4.The details of the automated data quality control mechanisms and procedures and the common data quality indicators and the minimum quality standards to store data in the SIS, Eurodac, [the ECRIS-TCN system], the shared BMS, the CIR and the MID, in particular regarding biometric data, shall be laid down in implementing acts. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 64(2).

5.One year after the establishment of the automated data quality control mechanisms and procedures and common data quality indicators and every year thereafter, the Commission shall evaluate Member State implementation of data quality and shall make any necessary recommendations. The Member States shall provide the Commission with an action plan to remedy any deficiencies identified in the evaluation report and shall report on any progress against this action plan until it is fully implemented. The Commission shall transmit the evaluation report to the European Parliament, to the Council, to the European Data Protection Supervisor and to the European Union Agency for Fundamental Rights established by Council Regulation (EC) No 168/2007. 64

Article 38

Universal Message Format

1.The Universal Message Format (UMF) standard is hereby established. The UMF defines standards for certain content elements of cross-border information exchange between information systems, authorities and/or organisations in the field of Justice and Home affairs

2.The UMF standard shall be used in the development of the [Eurodac], the [ECRIS-TCN system], the European search portal, the CIR, the MID and, if appropriate, in the development by eu-LISA or any other EU body of new information exchange models and information systems in the area of Justice and Home Affairs.

3.The implementation of the UMF standard may be considered in the SIS and in any existing or new cross-border information exchange models and information systems in the area of Justice and Home Affairs, developed by Member States or associated countries.

4.The Commission shall adopt an implementing act to lay down and develop the UMF standard referred to in paragraph 1. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 64(2).

Article 39

Central repository for reporting and statistics

1.A central repository for reporting and statistics (CRRS) is established for the purposes of supporting the objectives of Eurodac, the SIS and [the ECRIS-TCN system] and to generate cross-system statistical data and analytical reporting for policy, operational and data quality purposes.

2.eu-LISA shall establish, implement and host the CRRS in its technical sites containing the data referred to in [Article 42(8) of the Eurodac Regulation], [Article 71 of the Regulation on SIS in the field of law enforcement] and [Article 30 of the ECRIS-TCN Regulation] logically separated. The data contained in the CRRS shall not enable the identification of individuals. Access to the repository shall be granted by means of secured access through the Trans- European Services for Telematics between Administrations (TESTA) network service with control of access and specific user profiles, solely for the purpose of reporting and statistics, to the authorities referred to in [Article 42(8) of the Eurodac Regulation], [Article 71 of the Regulation on SIS in the field of law enforcement] and [Article 30 of the ECRIS-TCN Regulation].

3.eu-LISA shall render the data anonymous and shall record such anonymous data in the CRRS. The process for rendering the data anonymous shall be automated.

4.The CRRS shall be composed of:

(a)a central infrastructure, consisting of a data repository enabling the rendering of anonymous data;

(b)a secure communication infrastructure to connect the CRRS to the SIS, Eurodac and [the ECRIS-TCN], as well as the central infrastructures of the shared BMS, the CIR and the MID.

5.The Commission shall lay down detailed rules on the operation of the CRRS, including specific safeguards for processing of personal data referred to under paragraph 2 and 3 and security rules applicable to the repository by means of implementing acts. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 64(2).

CHAPTER VII
Data protection

Article 40
Data controller

1.In relation to the processing of data in the shared biometric matching service (shared BMS), the Member State authorities that are controllers for the Eurodac, SIS and [the ECRIS-TCN system] respectively, shall also be considered as controllers in accordance with Article 4(7) of Regulation (EU) 2016/679 in relation to the biometric templates obtained from the data referred to in Article 13 that they enter into respective systems and shall have responsibility for the processing of the biometric templates in the shared BMS.

2.In relation to the processing of data in the common identity repository (CIR), the Member State authorities that are controllers for the Eurodac and [the ECRIS-TCN system] respectively, shall also be considered as controllers in accordance with Article 4(7) of Regulation (EU) 2016/679 in relation to data referred to in Article 18 that they enter into respective systems and shall have responsibility for the processing of that personal data in the CIR.

3.In relation to the processing of data in the multiple-identity detector:

(a)the European Border and Coast Guard Agency shall be considered a data controller in accordance with Article 2(b) of Regulation No 45/2001 in relation to processing of personal data by the ETIAS Central Unit;

(b)the Member State authorities adding or modifying the data in the identity confirmation file are also to be considered as controllers in accordance with Article 4(7) of Regulation (EU) 2016/679 and shall have responsibility for the processing of the personal data in the multiple-identity detector;

Article 41
Data processor

In relation to the processing of personal data in the CIR, eu-LISA is to be considered the data processor in accordance with Article 2(e) of Regulation (EC) No 45/2001.

Article 42
Security of processing

1.Both eu-LISA and the Member State authorities shall ensure the security of the processing of personal data that takes place pursuant to the application of this Regulation. eu-LISA, [the ETIAS Central Unit] and the Member State authorities shall cooperate on security-related tasks.

2.Without prejudice to Article 22 of Regulation (EC) No 45/2001, eu-LISA shall take the necessary measures to ensure the security of the interoperability components and their related communication infrastructure.

3.In particular, eu-LISA shall adopt the necessary measures, including a security plan, a business continuity plan and a disaster recovery plan, in order to:

(a)physically protect data, including by making contingency plans for the protection of critical infrastructure;

(b)prevent the unauthorised reading, copying, modification or removal of data media;

(c)prevent the unauthorised input of data and the unauthorised inspection, modification or deletion of recorded personal data;

(d)prevent the unauthorised processing of data and any unauthorised copying, modification or deletion of data;

(e)ensure that persons authorised to access the interoperability components have access only to the data covered by their access authorisation, by means of individual user identities and confidential access modes only;

(f)ensure that it is possible to verify and establish to which bodies personal data may be transmitted using data communication equipment;

(g)ensure that it is possible to verify and establish what data has been processed in the interoperability components, when, by whom and for what purpose;

(h)prevent the unauthorised reading, copying, modification or deletion of personal data during the transmission of personal data to or from the interoperability components or during the transport of data media, in particular by means of appropriate encryption techniques;

(i)monitor the effectiveness of the security measures referred to in this paragraph and take the necessary organisational measures related to internal monitoring to ensure compliance with this Regulation.

4.Member States shall take measures equivalent to those referred to in paragraph 3 as regards security in respect of the processing of personal data by the authorities having a right to access any of the interoperability components.

Article 43

Confidentiality of SIS data

1.Each Member State shall apply its rules of professional secrecy or other equivalent duties of confidentiality to all persons and bodies required to work with SIS data accessed through any of the interoperability components in accordance with its national law. That obligation shall also apply after those persons leave office or employment or after the termination of the activities of those bodies.

2.Without prejudice to Article 17 of the Staff Regulations of officials and the Conditions of Employment of other servants of the European Union, eu-LISA shall apply appropriate rules of professional secrecy or other equivalent duties of confidentiality of comparable standards to those laid down in paragraph 1 to all its staff required to work with SIS data. This obligation shall also apply after those persons leave office or employment or after the termination of their activities.

Article 44
Security incidents

1.Any event that has or may have an impact on the security of the interoperability components and may cause damage to or loss of data stored in them shall be considered to be a security incident, in particular where unauthorised access to data may have occurred or where the availability, integrity and confidentiality of data has or may have been compromised.

2.Security incidents shall be managed so as to ensure a quick, effective and proper response.

3.Without prejudice to the notification and communication of a personal data breach pursuant to Article 33 of Regulation (EU) 2016/679, Article 30 of Directive (EU) 2016/680, or both, Member States shall notify the Commission, euLISA and the European Data Protection Supervisor of security incidents. In the event of a security incident in relation to the central infrastructure of the interoperability components, euLISA shall notify the Commission and the European Data Protection Supervisor.

4.Information regarding a security incident that has or may have an impact on the operation of the interoperability components or on the availability, integrity and confidentiality of the data shall be provided to the Member States and reported in compliance with the incident management plan to be provided by euLISA.

5.The Member States concerned and euLISA shall cooperate in the event of a security incident. The Commission shall lay down the specification of this cooperation procedure by means of implementing acts. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 64(2).

Article 45
Self-monitoring

Member States and the relevant EU bodies shall ensure that each authority entitled to access the interoperability components takes the measures necessary to monitor its compliance with this Regulation and cooperates, where necessary, with the supervisory authority.

The data controllers as referred to in Article 40 shall take the necessary measures to monitor the compliance of the data processing pursuant to this Regulation, including frequent verification of logs, and cooperate, where necessary, with the supervisory authorities referred to in Articles 49 and 50.

Article 46
Right of information

1.Without prejudice to the right of information referred to in Articles 11 and 12 of Regulation (EC) 45/2001 and Articles 13 and 14 of Regulation (EU) 2016/679, persons whose data are stored in the shared biometric matching service, the common identity repository or the multiple-identity detector shall be informed by the authority collecting their data, at the time their data are collected, about the processing of personal data for the purposes of this Regulation, including about identity and contact details of the respective data controllers, and about the procedures for exercising their rights of access, rectification and erasure, as well as about the contact details of the European Data Protection Supervisor and of the national supervisory authority of the Member State responsible for the collection of the data.

2.Persons whose data is recorded in Eurodac or [the ECRIS-TCN system] shall be informed about the processing of data for the purposes of this Regulation in accordance with paragraph 1 when:

(a)– (not applicable);

(b)– (not applicable);

(c)– (not applicable);

(d)[an application for international protection is created or updated in Eurodac in accordance with Article 10 of the Eurodac Regulation];

(e)[a data record is created or updated in the ECRIS-TCN system in accordance with Article 5 of the ECRIS-TCN Regulation.]

Article 47
Right of access, correction and erasure

1.In order to exercise their rights under Articles 13, 14, 15 and 16 of Regulation (EC) 45/2001 and Articles 15, 16, 17 and 18 of Regulation (EU) 2016/679, any person shall have the right to address him or herself to the Member State responsible for the manual verification of different identities or of any Member State, who shall examine and reply to the request.

2.The Member State responsible for the manual verification of different identities as referred to in Article 29 or the Member State to which the request has been made shall reply to such requests within 45 days of receipt of the request.

3.If a request for correction or erasure of personal data is made to a Member State other than the Member State responsible, the Member State to which the request has been made shall contact the authorities of the Member State responsible within seven days and the Member State responsible shall check the accuracy of the data and the lawfulness of the data processing within 30 days of such contact.

4.Where, following an examination, it is found that the data stored in the multiple-identity detector (MID) are factually inaccurate or have been recorded unlawfully, the Member State responsible or, where applicable, the Member State to which the request has been made shall correct or delete these data.

5.Where data in the MID is amended by the responsible Member State during its validity period, the responsible Member State shall carry out the processing laid down in Article 27 and, where relevant, Article 29 to determine whether the amended data shall be linked. Where the processing does not report any hit, the responsible Member State or, where applicable, the Member State to which the request has been made shall delete the data from the identity confirmation file. Where the automated processing reports one or several hit(s), the responsible Member State shall create or update the relevant link in accordance with the relevant provisions of this Regulation.

6.Where the responsible Member State or, where applicable, the Member State to which the request has been made does not agree that data stored in the MID are factually inaccurate or have been recorded unlawfully, that Member State shall adopt an administrative decision explaining in writing to the person concerned without delay why it is not prepared to correct or delete data relating to him or her.

7.This decision shall also provide the person concerned with information explaining the possibility to challenge the decision taken in respect of the request referred in paragraph 3 and, where relevant, information on how to bring an action or a complaint before the competent authorities or courts, and any assistance, including from the competent national supervisory authorities.

8.Any request made pursuant to paragraph 3 shall contain the necessary information to identify the person concerned. That information shall be used exclusively to enable the exercise of the rights referred to in paragraph 3 and shall be erased immediately afterwards.

9.The responsible Member State or, where applicable, the Member State to which the request has been made shall keep a record in the form of a written document that a request referred to in paragraph 3 was made and how it was addressed, and shall make that document available to competent data protection national supervisory authorities without delay.

Article 48
Communication of personal data to third countries, international organisations and private parties

Personal data stored in or accessed by the interoperability components shall not be transferred or made available to any third country, to any international organisation or to any private party.

Article 49
Supervision by the national supervisory authority

1.The supervisory authority or authorities designated pursuant to Article 49 of Regulation (EU) 2016/679 shall ensure that an audit of the data processing operations by the responsible national authorities is carried out in accordance with relevant international auditing standards at least every four years.

2.Member States shall ensure that their supervisory authority has sufficient resources to fulfil the tasks entrusted to it under this Regulation.

Article 50
Supervision by the European Data Protection Supervisor

The European Data Protection Supervisor shall ensure that an audit of eu-LISA’s personal data processing activities is carried out in accordance with relevant international auditing standards at least every four years. A report of that audit shall be sent to the European Parliament, the Council, eu-LISA, the Commission and the Member States. eu-LISA shall be given an opportunity to make comments before the reports are adopted.

Article 51
Cooperation between national supervisory authorities and the European Data Protection Supervisor

1.The European Data Protection Supervisor shall act in close cooperation with national supervisory authorities with respect to specific issues requiring national involvement, in particular if the European Data Protection Supervisor or a national supervisory authority finds major discrepancies between practices of Member States or finds potentially unlawful transfers using the communication channels of the interoperability components, or in the context of questions raised by one or more national supervisory authorities on the implementation and interpretation of this Regulation.

2.In the cases referred to in paragraph 1, coordinated supervision shall be ensured in accordance with Article 62 of Regulation (EU) XXXX/2018 [revised Regulation 45/2001].

CHAPTER VIII
Responsibilities

Article 52
Responsibilities of eu-LISA during the design and development phase

1.eu-LISA shall ensure that the central infrastructures of the interoperability components are operated in accordance with this Regulation.

2.The interoperability components shall be hosted by eu-LISA in its technical sites and shall provide the functionalities laid down in this Regulation in accordance with the conditions of security, availability, quality and speed referred to in Article 53(1).

3.eu-LISA shall be responsible for the development of the interoperability components, for any adaptations required for establishing interoperability between the central systems of the EES, VIS, [ETIAS], SIS, and Eurodac, and [the ECRIS-TCN system], and the European search portal, the shared biometric matching service, the common identity repository and the multiple-identity detector.

eu-LISA shall define the design of the physical architecture of the interoperability components including their communication infrastructures and the technical specifications and their evolution as regards the central infrastructure and the secure communication infrastructure, which shall be adopted by the Management Board, subject to a favourable opinion of the Commission. eu-LISA shall also implement any necessary adaptations to the SIS, Eurodac or [ECRIS-TCN system] deriving from the establishment of interoperability and provided for by this Regulation.

eu-LISA shall develop and implement the interoperability components as soon as possible after the entry into force of this Regulation and the adoption by the Commission of the measures provided for in Articles 8(2), 9(7), 28(5) and (6), 37(4), 38(4), 39(5) and 44(5).

The development shall consist of the elaboration and implementation of the technical specifications, testing and overall project coordination.

4.During the design and development phase, a Programme Management Board composed of a maximum of 10 members shall be established. It shall be composed of seven members appointed by eu-LISA’s Management Board from among its members or its alternates, the Chair of the Interoperability Advisory Group referred to in Article 65, a member representing eu-LISA appointed by its Executive Director, and one member appointed by the Commission. The members appointed by eu-LISA’s Management Board shall be elected only from those Member States that are fully bound under Union law by the legislative instruments governing the development, establishment, operation and use of all the large-scale IT systems managed by eu-LISA and which will participate in the interoperability components.

5.The Programme Management Board shall meet regularly and at least three times per quarter. It shall ensure the adequate management of the design and development phase of the interoperability components.

The Programme Management Board shall every month submit to the Management Board written reports on progress of the project. The Programme Management Board shall have no decision-making power nor any mandate to represent the members of eu-LISA’s Management Board.

6.eu-LISA’s Management Board shall establish the rules of procedure of the Programme Management Board, which shall include in particular rules on:

(a)chairmanship;

(b)meeting venues;

(c)preparation of meetings;

(d)admission of experts to the meetings;

(e)communication plans ensuring full information to non-participating Members of the Management Board.

The chairmanship shall be held by a Member State that is fully bound under Union law by the legislative instruments governing the development, establishment, operation and use of all the largescale IT systems managed by euLISA.

All travel and subsistence expenses incurred by the members of the Programme Management Board shall be paid by the Agency, and Article 10 of the eu-LISA Rules of Procedure shall apply mutatis mutandis. euLISA shall provide the Programme Management Board with a secretariat.

The Interoperability Advisory Group referred to in Article 65 shall meet regularly until the start of operations of the interoperability components. It shall report after each meeting to the Programme Management Board. It shall provide the technical expertise to support the tasks of the Programme Management Board and shall follow up on the state of preparation of the Member States.

Article 53
Responsibilities of eu-LISA following the entry into operations

1.Following the entry into operations of each interoperability component, eu-LISA shall be responsible for the technical management of the central infrastructure and the national uniform interfaces. In cooperation with the Member States, it shall ensure at all times the best available technology, subject to a cost-benefit analysis. eu-LISA shall also be responsible for the technical management of the communication infrastructure referred to in Articles 6, 12, 17, 25 and 39.

Technical management of the interoperability components shall consist of all the tasks necessary to keep the interoperability components functioning 24 hours a day, 7 days a week in accordance with this Regulation, in particular the maintenance work and technical developments necessary to ensure that the components function at a satisfactory level of technical quality, in particular as regards the response time for interrogation of the central infrastructures in accordance with the technical specifications.

2.Without prejudice to Article 17 of the Staff Regulations of Officials of the European Union, eu-LISA shall apply appropriate rules of professional secrecy or other equivalent duties of confidentiality to its entire staff required to work with data stored in the interoperability components. This obligation shall also apply after such staff leave office or employment or after the termination of their activities.

3.eu-LISA shall develop and maintain a mechanism and procedures for carrying out quality checks on the data stored in the shared biometric matching service and the common identity repository in accordance with Article 37.

4.eu-LISA shall also perform tasks related to providing training on the technical use of the interoperability components.

Article 54
Responsibilities of Member States

1.Each Member State shall be responsible for:

(a)the connection to the communication infrastructure of the European search portal (ESP) and the common identity repository (CIR);

(b)the integration of the existing national systems and infrastructures with the ESP, shared biometric matching service, the CIR and the multiple-identity detector;

(c)the organisation, management, operation and maintenance of its existing national infrastructure and of its connection to the interoperability components;

(d)the management of, and arrangements for, access by the duly authorised staff, and by the duly empowered staff, of the competent national authorities to the ESP, the CIR and the multiple-identity detector in accordance with this Regulation and the creation and regular update of a list of those staff and their profiles;

(e)the adoption of the legislative measures referred to in Article 20(3) in order to access the CIR for identification purposes;

(f)the manual verification of different identities referred to in Article 29;

(g)the implementation of data quality requirements in the EU information systems and in the interoperability components;

(h)remedying any deficiencies identified in the Commission's evaluation report concerning data quality referred to in Article 37(5).

2.Each Member State shall connect their designated authorities referred to in Article 4(24) to the CIR.

Article 54a
Responsibilities of Europol

1.Europol shall ensure processing of the queries by the ESP to the Europol data and shall accordingly adapt its Querying Europol Systems (QUEST) interface for basic protection level (BPL) data.

2.Europol shall be responsible for the management of, and arrangements for, its duly authorised staff to use and access respectively the ESP and the CIR in accordance with this Regulation and the creation and regular update of a list of those staff and their profiles.

Article 55
Responsibilities of the ETIAS Central Unit

The ETIAS Central Unit shall be responsible for:

(a)the manual verification of different identities referred to in Article 29;

(b)carrying out a multiple-identity detection between the data stored in the VIS, Eurodac and the SIS referred to in Article 59.

CHAPTER VIIIa
Amendments to other Union instruments

[Article 55a
Amendments to Regulation (EU) 2018/XX [the Eurodac Regulation]]

Article 55b
Amendments to Regulation (EU) 2018/XX [the SIS Regulation in the field of law enforcement]

Regulation (EU) 2018/XX is amended as follows:

1.In Article 3(1), the following points are added:

“(q) ‘ESP’ means the European search portal as defined in [Article 6 of Regulation 2018/XX on interoperability].

(r) ‘shared BMS' means the shared biometric matching service as defined in [Article 12 of Regulation 2018/XX on interoperability].

(s) 'CIR' means the common identity repository as referred to in [Article 17 of Regulation 2018/XX on interoperability];

(t) ‘MID’ means the multiple-identity detector as defined in [Article 25 of Regulation 2018/XX on interoperability].”

2.Article 4 is amended as follows:

(a)    in paragraph 1, the following point (d) is added

"(d) a secure communication infrastructure between CS-SIS and the central infrastructures of the European Search Portal (ESP) established in accordance with [Article 6 of Regulation 2018/XX on interoperability], the shared biometric matching service (BMS) established in accordance with [Article 12 of Regulation 2018/XX on interoperability] and the multiple identity detector (MID) established in accordance with [Article 25 of Regulation 2018/XX on interoperability]".

(b)    the following paragraphs 6 and 7 are added:

"6. Without prejudice to paragraphs (1) to (5) of this Article, SIS data on persons and identity documents may also be searched via the ESP.”

7. Without prejudice to paragraphs (1) to (5) of this Article, SIS data on persons and identity documents may also be transmitted via the secure communication infrastructure referred to in paragraph (1) point d) of this Article. These transmissions shall be limited to the extent that the data are required for the functionalities referred to by [Regulation 2018/XX on interoperability]."

3.In Article 7 the following paragraph 2a is added:

"2a. The SIRENE Bureaux shall also ensure the verification of different identities in accordance with [Article 29 Regulation 2018/XX on interoperability]. To the extent necessary to carry out this task, the SIRENE Bureaux shall have access to consulting the data stored in the CIR for the purposes laid down in [Article 21 of Regulation 2018/XX on interoperability]."

4.In Article 8, paragraph 4 is deleted.

5.In Article 12 the following paragraph 1a is added:

“1a. Member States shall ensure that every access to personal data via the ESP are also logged for the purposes of checking whether or not the search is lawful, monitoring the lawfulness of data processing, self-monitoring, data integrity and security.”

6.In Article 43(1), the following point (g) is added:

“(g) verifying different identities and combating identity fraud in accordance with [Chapter V of Regulation 2018/XX on interoperability].”

7.In Article 71, paragraph 6, is replaced by the following:

"6. For the purpose of paragraphs 3, 4 and 5 of this Article and of Article 15(5), the Agency shall store data referred to in paragraph 3 of this Article and in Article 15(5) which shall not allow for the identification of individuals in the central repository for reporting and statistics referred to in [Article 39 of the Regulation 2018/XX on interoperability].

The Agency shall allow the Commission and the agencies referred to in paragraph 5 to obtain bespoke reports and statistics. Upon request, the Agency shall give access to Member States, the Commission, Europol, and the European Border and Coast Guard Agency to the central repository in accordance with [Article 39 of the Regulation 2018/XX on interoperability]."

Article 55c
Amendments to Regulation (EU) 2018/XX [the ECRIS-TCN Regulation]

Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] is amended as follows:

1.In Article 1, the following point is added:

“(c)    the conditions under which the ECRIS-TCN system contributes to facilitating and assisting in the correct identification of persons registered in the ECRIS-TCN system under the conditions and for the ultimate objectives referred to in [Article 20 of Regulation 2018/XX on interoperability], by storing identity, travel document and biometric data in the common identity repository (CIR) established by [Article 17 of Regulation 2018/XX on interoperability].”

2.Article 2 is replaced by the following:

"Article 2

Scope

This Regulation applies to the processing of identity information of third country nationals who have been subject to convictions in the Member States for the purpose of identifying the Member States where such convictions were handed down, as well as for contributing to facilitating and assisting in the correct identification of persons."

3.Article 3 is amended as follows:

4.(a) The following points are added to Article 3:

"(q) ‘CIR' means the common identity repository as defined in [Article 4(35) of Regulation 2018/XX on interoperability];

(r) 'ECRIS-TCN data' means all data stored in the ECRIS-TCN Central System and in the CIR in accordance with Article 5."

(b) in point (n) the words ‘Central System’ are replaced by the words ‘the ECRIS-TCN Central System and the CIR’.

5.Article 4(1) is amended as follows:

(a) point (a) is replaced by the following:

"(a)    the common identity repository (CIR) as referred to in [Article 17(2)(a) of

Regulation 2018/XX on interoperability];"

(b) the following point (ab) is inserted:

(ab)    a Central System (ECRIS-TCN Central System);"

(c) the following point (e) is added:

"(e)    a secure communication infrastructure between the ECRIS-TCN Central System and the central infrastructures of the European search portal established by [Article 6 of Regulation 2018/XX on interoperability], the shared biometric matching service established by [Article 12 of Regulation 2018/XX on interoperability], the CIR established by [Article 17 of Regulation 2018/XX on interoperability] and the multiple-identity detector established by [Article25 of Regulation 2018/XX on interoperability]."

6.In Article 5 the following paragraph 1a is inserted:

"1a.    The CIR shall contain the data referred to in Article 5(1)(b) and 5(2) and the following data of Article 5(1)(a): surname (family name); first name(s) (given name(s)); date of birth; place of birth (town and country); nationality or nationalities; gender; the type and number of the person's travel document(s), as well as the name of the issuing authority thereof; and where applicable previous names, pseudonyms(s) and/or alias name(s). The remaining ECRIS-TCN data shall be stored in the ECRIS-TCN Central System.”

7.In Article 8, paragraph 2 is replaced by the following:

"2.    Upon expiry of the retention period referred to in paragraph 1, the central authority of the convicting Member State shall erase the data record, including any fingerprints and facial images, without undue delay from the ECRIS-TCN Central System and the CIR"

8.In Article 9, in paragraphs 1, 2, 3 and 4, the words ‘Central System’ are replaced by the words ‘the ECRIS-TCN Central System and the CIR’.

9.In Article 12(2) the words ‘Central System’ are replaced by the words ‘the ECRIS-TCN Central System and the CIR’.

10.In Article 13, in paragraphs 2 and 3, the words ‘Central System’ are replaced by the words ‘the ECRIS-TCN Central System and the CIR’.

11.In Article 21(2) the words ‘Central System’ are replaced by the words ‘the ECRIS-TCN Central System and the CIR’.

12.Article 22 is amended as follows:

(a) Paragraph 1 is replaced by the following:

“1.    The data included in the Central System and the CIR shall only be processed for the purposes of the identification of the Member State(s) holding the criminal records information of third country nationals, as well as for facilitating and assisting in the correct identification of persons registered in the ECRIS-TCN.”

(b) the following paragraph 3 is added:

“3.    Access to consulting the ECRIS-TCN data stored in the CIR shall be reserved exclusively for the duly authorised staff of the national authorities of each Member State and for the duly authorised staff of the Union bodies that are competent for the purposes laid down in [Article 20 and Article 21 of Regulation 2018/XX on interoperability]. That access shall be limited to the extent necessary for the performance of the tasks of those national authorities and Union bodies in accordance with those purposes and shall be proportionate to the objectives pursued."

13.Article 30 is amended as follows:

(a)    Paragraph 2 is replaced by the following:

"2. For the purpose of paragraph 1 of this Article, euLISA shall store the data referred to in paragraph 1 in the central repository for reporting and statistics referred to in [Article 39 of the Regulation 2018/XX on interoperability]."

(b)    Paragraph 3 is deleted.

14.In Article 31(1) the words ‘Central System’ are replaced by the words ‘the ECRIS-TCN Central System and the CIR’.

15.In Article 38(2) the words ‘Central System’ are replaced by the words ‘the ECRIS-TCN Central System and the CIR’.

Article 55d
Amendments to Regulation (EU) 2018/XX [Regulation on eu-LISA]

Regulation (EU) 2018/XX (eu-LISA) is amended as follows:

1.Article 8 is replaced by the following:

" Article 8
Data quality

1. eu-LISA shall establish for all systems under the Agency's operational responsibility automated data quality control mechanisms and procedures and common data quality indicators and the minimum quality standards to store data, in accordance with the relevant provisions of the systems' instruments and of [Article 37 of Regulation 2018/XX on interoperability].

2. eu-LISA shall establish a central repository for reporting and statistics in accordance with [Article 39 of Regulation 2018/XX on interoperability]."

2.Article 9 is replaced by the following:

" Article 9
Interoperability

Where the interoperability of large-scale IT systems has been stipulated in a relevant legislative instrument the Agency shall develop the necessary actions conferred on it by those legislative instruments to enable that interoperability."

3.Article 15 is amended as follows:

(a) in paragraph 1 is amended as follows:

(i) the following point (eea) is inserted:

"(eea) Adopt the reports on the state of play of the development of the interoperability components pursuant to [Article 68(2) of Regulation 2018/XX on interoperability]."

(ii) point (ff) is replaced by the following:

"(ff) adopt the reports on the technical functioning of SIS II pursuant to Article 50(4) of Regulation (EC) No 1987/2006 and Article 66(4) of Decision 2007/533/JHA respectively [or Article 54(7) of Regulation 2018/XX of the European Parliament and of the Council on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, amending Regulation (EU) No 515/2014 and repealing Regulation (EC) No 1987/2006 and Article 71(7) of Regulation 2018/XX of the European Parliament and of the Council on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending Regulation (EU) No 515/2014 and repealing Regulation (EC) No 1986/2006, Council Decision 2007/533/JHA and Commission Decision 2010/261/EU], of VIS pursuant to Article 50(3) of Regulation (EC) No 767/2008 and Article 17(3) of Decision 2008/633/JHA, of EES pursuant to Article 72(4) of Regulation (EU) 2017/2226, of ETIAS pursuant to Article 81(4) of Regulation (EU) 2018/XX on the ECRIS-TCN system and the ECRIS reference implementation pursuant to Article 34(4) of Regulation (EU) 2018/XX] and of the interoperability components pursuant to [Article 68(4) of Regulation 2018/XX on interoperability];"

(iii) point (hh) is replaced by the following:

"(hh) adopt formal comments on the European Data Protection Supervisor's reports on the audits pursuant to Article 45(2) of Regulation (EC) No 1987/2006, Article 42(2) of Regulation (EC) No 767/2008 and Article 31(2) of Regulation (EU) No 603/2013, Article 56(2) of Regulation (EU) 2017/2226, and [Article 57 of Regulation (EU) 2018/XX (establishing the ETIAS)] and to [Article 27(2) of Regulation (EU) 2018/XX (establishing the ECRIS-TCN system)] and to [Article 50 of Regulation 2018/XX on interoperability] and ensure appropriate follow-up of those audits;"

4.In Article 19 paragraph 4 is replaced by the following:

"4. Europol and Eurojust may attend the meetings of the Management Board as observers when a question concerning SIS II, in relation to the application of Decision 2007/533/JHA, is on the agenda. [The European Border and Coast Guard Agency may attend the meetings of the Management Board as observers when a question concerning SIS in relation to the application of Regulation (EU) 2016/1624 is on the agenda]. Europol may also attend the meetings of the Management Board as observer when a question concerning VIS, in relation to the application of Decision 2008/633/JHA, or a question concerning Eurodac, in relation to the application of Regulation (EU) No 603/2013, is on the agenda. Europol may also attend the meetings of the Management Board as an observer when a question concerning EES in relation to the application of Regulation (EU) 2017/2226 is on the agenda or when a question concerning ETIAS in relation to Regulation 2018/XX (establishing ETIAS) is on the agenda. The European Border and Coast Guard Agency may also attend the meetings of the Management Board as observer when a question concerning ETIAS in relation with the application of Regulation 2018/XX (establishing ETIAS) is on the agenda.] [EASO may also attend the meetings of the Management Board as an observer when a question concerning the automated system for registration, monitoring and the allocation mechanism for applications for international protection referred to in Article 44 of Regulation (EU) establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person (recast) COM(2016) 270 final-2016/0133(COD), is on the agenda.] [Eurojust, Europol [the European Public Prosecutor's Office] may also attend the meetings of the Management Board as observers when a question concerning Regulation 2018/XX (establishing a centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (TCN) to supplement and support the European Criminal Records Information System (ECRIS), and amending Regulation (EU) No 1077/2011 (ECRIS-TCN system) is on the agenda.] Europol, Eurojust and the European Border and Coast Guard Agency may also attend the meetings of the Management Board as observers when a question concerning [Regulation 2018/XX on interoperability] is on the agenda. The Management Board may invite any other person whose opinion may be of interest, to attend its meetings as an observer."

5.In Article 21(3) point (o) is replaced by the following:

"(o) without prejudice to Article 17 of the Staff Regulations, establishing confidentiality requirements in order to comply with Article 17 of Regulation (EC) No 1987/2006, Article 17 of Decision 2007/533/JHA, Article 26(9) of Regulation (EC) No 767/2008 Article 4(4) of Regulation (EU) No 603/2013; Article 37(4) of Regulation 2017/2226, [Article 64(2) of Regulation 2018/XX (establishing the ETIAS)], [Article 11(16) of Regulation 2018/XX (establishing the ECRIS-TCN system)] and [Article 53(2) of Regulation 2018/XX on interoperability];"

6.Article 23 is amended as follows:

(a) In paragraph 1 the following point (ea) is inserted:

"(ea) Interoperability Advisory Group;"

(b) paragraph 3 is replaced by the following:

"3. Europol and Eurojust and the European Border and Coast Guard Agency may each appoint a representative to the SIS II Advisory Group. Europol may also appoint a representative to the VIS and Eurodac and EES[-ETIAS] Advisory Groups. The European Border and Coast Guard Agency may also appoint a representative to the EES[-ETIAS] Advisory Group.] [Eurojust, Europol, and the European Public Prosecutors Office] may also appoint a representative to the ECRIS-TCN system Advisory Group.] Europol, Eurojust and the European Border and Coast Guard Agency may each appoint a representative to the Interoperability Advisory Group."

CHAPTER IX
Final provisions

Article 56

Reporting and statistics

1.The duly authorised staff of the competent authorities of Member States, the Commission and eu-LISA shall have access to consult the following data related to the European search portal (ESP), solely for the purposes of reporting and statistics without enabling individual identification:

(a)number of queries per user of the ESP profile;

(b)– (not applicable).

2.The duly authorised staff of the competent authorities of Member States, the Commission and eu-LISA shall have access to consult the following data related to the common identity repository, solely for the purposes of reporting and statistics without enabling individual identification:

(a)number of queries for the purposes of Articles 20, 21 and 22;    

(b)nationality, sex and year of birth of the person;

(c)the type of the travel document and the three-letter code of the issuing country;

(d)the number of searches conducted with and without biometric data.

3.The duly authorised staff of the competent authorities of Member States, the Commission and eu-LISA shall have access to consult the following data related to the multiple-identity detector, solely for the purposes of reporting and statistics without enabling individual identification:

(a)    nationality, sex and year of birth of the person;

(a)the type of the travel document and the three-letter code of the issuing country;

(b)the number of searches conducted with and without biometric data;

(c)the number of each type of link.

4.The duly authorised staff of the European Border and Coast Guard Agency established by Regulation (EU) 2016/1624 of the European Parliament and of the Council 65 shall have access to consult the data referred to in paragraphs 1, 2 and 3 for the purpose of carrying out risk analyses and vulnerability assessments as referred to in Articles 11 and 13 of that Regulation.

5.For the purpose of paragraph 1 of this Article, eu-LISA shall store the data referred to in paragraph 1 of this Article in the central repository for reporting and statistics referred to in Chapter VII of this Regulation. The data included in the repository shall not enable the identification of individuals, but it shall allow the authorities listed in paragraph 1 of this Article to obtain customisable reports and statistics to enhance the efficiency of border checks, to help authorities processing visa applications and to support evidence-based policymaking on migration and security in the Union.

Article 57
Transitional period for the use of the European search portal

For a period of two years from the date the ESP commences operations, the obligations referred to in Article 7(2) and (4) shall not apply and the utilisation of the ESP shall be optional.

Article 58

Transitional period applicable to the provisions on access to the common identity repository for law enforcement purposes

Article 22 shall apply from the date of the start of operations referred to in Article 62(1).

Article 59
Transitional period for the multiple-identity detection

1.For a period of one year following the notification by eu-LISA of the completion of the test referred to in Article 62(1)(b) regarding the multiple-identity detector (MID) and before the start of operations of the MID, the ETIAS Central Unit as referred to in [Article 33(a) of Regulation (EU) 2016/1624] shall be responsible for carrying out a multiple-identity detection between the data stored in the VIS, Eurodac and the SIS. The multiple-identity detections shall be carried out using only biometric data in accordance with Article 27(2) of this Regulation.

2.Where the query reports one or several hit(s) and the identity data of the linked files is identical or similar, a white link shall be created in accordance with Article 33.

Where the query reports one or several hit(s) and the identity data of the linked files cannot be considered as similar, a yellow link shall be created in accordance with Article 30 and the procedure referred to in Article 29 shall apply.

Where several hits are reported, a link shall be created to each piece of data triggering the hit.

3.Where a yellow link is created in accordance with paragraph 3, the MID shall grant access to the identity data present in the different information systems to the ETIAS Central Unit.

4.Where a link is created to an alert in the SIS, other than a refusal of entry alert or an alert on a travel document reported lost, stolen or invalidated in accordance with Article 24 of the Regulation on SIS in the field of border checks and Article 38 of the Regulation on SIS in the field of law enforcement respectively, the MID shall grant access to the identity data present in the different information systems to the SIRENE Bureau of the Member State that created the alert.

5.The ETIAS Central Unit or the SIRENE Bureau of the Member State that created the alert shall have access to the data contained in the identity confirmation file and shall assess the different identities and shall update the link in accordance with Articles 31, 32 and 33 and add it to the identity confirmation file.

6.eu-LISA shall assist where necessary the ETIAS Central Unit in carrying out the multiple-identity detection referred to in this Article.

Article 60
Costs

1.The costs incurred in connection with the establishment and operation of the ESP, the shared biometric matching service, the common identity repository (CIR) and the MID shall be borne by the general budget of the Union.

2.Costs incurred in connection with the integration of the existing national infrastructures and their connection to the national uniform interfaces as well as in connection with hosting the national uniform interfaces shall be borne by the general budget of the Union.

The following costs shall be excluded:

(a)Member States’ project management office (meetings, missions, offices);

(b)hosting of national IT systems (space, implementation, electricity, cooling);

(c)operation of national IT systems (operators and support contracts);

(d)design, development, implementation, operation and maintenance of national communication networks.

3.The costs incurred by the designated authorities referred to in Article 4(24) shall be borne, respectively, by each Member State and Europol. The costs for the connection of the designated authorities to the CIR shall be borne by each Member State and Europol, respectively.

Article 61
Notifications

1.The Member States shall notify eu-LISA of the authorities referred to in Articles 7, 20, 21 and 26 that may use or have access to the ESP, the CIR and the MID respectively.

A consolidated list of those authorities shall be published in the Official Journal of the European Union within a period of three months from the date on which each interoperability component commenced operations in accordance with Article 62. Where there are amendments to the list, eu-LISA shall publish an updated consolidated list once a year.

2.eu-LISA shall notify the Commission of the successful completion of the test referred to in Article 62(1)(b).

3.The ETIAS Central Unit shall notify the Commission of the successful completion of the transitional measure laid down in Article 59.

4.The Commission shall make available to the Member States and the public, by a constantly updated public website, the information notified pursuant to paragraph 1.

Article 62
Start of operations

1.The Commission shall decide the date from which each interoperability component is to start operations, after the following conditions are met:

(a)the measures referred to in Articles 8(2), 9(7), 28(5) and (6), 37(4), 38(4), 39(5) and 44(5) have been adopted;

(b)euLISA has declared the successful completion of a comprehensive test of the relevant interoperability component, which is to be conducted by euLISA in cooperation with the Member States;

(c)eu-LISA has validated the technical and legal arrangements to collect and transmit the data referred to in Articles 8(1), 13, 19, 34 and 39 and have notified them to the Commission;

(d)the Member States have notified the Commission as referred to in Article 61(1);

(e)for the multiple-identity detector, the ETIAS Central Unit has notified the Commission as referred to in Article 61(3).

2.The Commission shall inform the European Parliament and the Council of the results of the test carried out pursuant to paragraph 1(b).

3.The Commission decision referred to in paragraph 1 shall be published in the Official Journal of the European Union.

4.The Member States and Europol shall start using the interoperability components from the date determined by the Commission in accordance with paragraph 1.

Article 63
Exercise of the delegation

1.The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.

2.The power to adopt delegated acts referred to in Articles 8(2) and 9(7) shall be conferred on the Commission for an indeterminate period of time from [the date of entry into force of this Regulation].

3.The delegation of power referred to in Articles 8(2) and 9(7) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.

4.Before adopting a delegated act, the Commission shall consult experts designated by each Member State in accordance with the principles laid down in the Interinstitutional Agreement on Better Law-Making of 13 April 2016.

5.As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.

6.A delegated act adopted pursuant to Articles 8(2) and 9(7) shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of [two months] of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by [two months] at the initiative of the European Parliament or of the Council.

Article 64
Committee procedure

1.The Commission shall be assisted by a committee. That committee shall be a committee within the meaning of Regulation (EU) No 182/2011.

2.Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.

Article 65
Advisory group

An Advisory Group shall be established by eu-LISA in order to provide it with the expertise related to interoperability, in particular in the context of the preparation of its annual work programme and its annual activity report. During the design and development phase of the interoperability instruments, Article 52(4) to (6) shall apply.

Article 66
Training

euLISA shall perform tasks related to the provision of training on the technical use of the interoperability components in accordance with Regulation (EU) No 1077/2011.

Article 67
Practical handbook

The Commission shall, in close cooperation with the Member States, euLISA and other relevant agencies, make available a practical handbook for the implementation and management of the interoperability components. The practical handbook shall provide technical and operational guidelines, recommendations and best practices. The Commission shall adopt the practical handbook in the form of a recommendation.

Article 68
Monitoring and evaluation

1.eu-LISA shall ensure that procedures are in place to monitor the development of the interoperability components in light of objectives relating to planning and costs and to monitor the functioning of the interoperability components in light of objectives relating to the technical output, cost-effectiveness, security and quality of service.

2.By [Six months after the entry into force of this Regulation — OPOCE, please replace with the actual date] and every six months thereafter during the development phase of the interoperability components, eu-LISA shall submit a report to the European Parliament and the Council on the state of play of the development of the interoperability components. Once the development is finalised, a report shall be submitted to the European Parliament and the Council explaining in detail how the objectives, in particular relating to planning and costs, were achieved as well as justifying any divergences.

3.For the purposes of technical maintenance, eu-LISA shall have access to the necessary information relating to the data processing operations performed in the interoperability components.

4.Four years after the start of operations of each interoperability component and every four years thereafter, eu-LISA shall submit to the European Parliament, the Council and the Commission a report on the technical functioning of the interoperability components, including the security thereof.

5.In addition, one year after each report from eu-LISA, the Commission shall produce an overall evaluation of the components, including:

(a)an assessment of the application of this Regulation;

(b)an examination of the results achieved against objectives and the impact on fundamental rights;

(c)an assessment of the continuing validity of the underlying rationale of the interoperability components;

(d)an assessment of the security of the interoperability components;

(e)an assessment of any implications, including any disproportionate impact on the flow of traffic at border crossing points and those with a budgetary impact on the Union budget.

The evaluations shall include any necessary recommendations. The Commission shall transmit the evaluation report to the European Parliament, to the Council, to the European Data Protection Supervisor and to the European Union Agency for Fundamental Rights established by Council Regulation (EC) No 168/2007. 66

6.The Member States and Europol shall provide eu-LISA and the Commission with the information necessary to draft the reports referred to in paragraphs 4 and 5. This information shall not jeopardise working methods or include information that reveals sources, staff members or investigations of the designated authorities.

7.eu-LISA shall provide the Commission with the information necessary to produce the evaluations referred to in paragraph 5.

8.While respecting the provisions of national law on the publication of sensitive information, each Member State and Europol shall prepare annual reports on the effectiveness of access to data stored in the common identity repository for law enforcement purposes, containing information and statistics on:

(a)the exact purpose of the consultation including the type of terrorist or serious criminal offence;

(b)reasonable grounds given for the substantiated suspicion that the suspect, perpetrator or victim is covered by the Eurodac Regulation;

(c)the number of requests for access to the common identity repository for law enforcement purposes;

(d)the number and type of cases that have ended in successful identifications;

(e)the need and use made of the exceptional case of urgency including those cases where that urgency was not accepted by the ex post verification carried out by the central access point.

Member State and Europol annual reports shall be transmitted to the Commission by 30 June of the subsequent year.

Article 69
Entry into force and applicability

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.

Done at Brussels,

LEGISLATIVE FINANCIAL STATEMENT

1.FRAMEWORK OF THE PROPOSAL/INITIATIVE

1.1.Title of the proposal/initiative 

1.2.Policy area(s) concerned

1.3.Nature of the proposal/initiative

1.4.Objective(s)

1.5.Grounds for the proposal/initiative

1.6.Duration and financial impact

1.7.Management mode(s) planned

2.MANAGEMENT MEASURES 

2.1.Monitoring and reporting rules

2.2.Management and control system

2.3.Measures to prevent fraud and irregularities

3.ESTIMATED FINANCIAL IMPACT OF THE PROPOSAL/INITIATIVE 

3.1.Heading(s) of the multiannual financial framework and expenditure budget line(s) affected

3.2.Estimated impact on expenditure 

3.2.1.Summary of estimated impact on expenditure

3.2.2.Estimated impact on operational appropriations

3.2.3.Estimated impact on appropriations of an administrative nature

3.2.4.Compatibility with the current multiannual financial framework

3.2.5.Third-party contributions

3.3.Estimated impact on revenue

LEGISLATIVE FINANCIAL STATEMENT

1.FRAMEWORK OF THE PROPOSAL/INITIATIVE 

1.1.Title of the proposal/initiative 

1.2.Policy area(s) concerned 

1.3.Nature of the proposal/initiative 

X The proposal/initiative relates to a new action 

◻ The proposal/initiative relates to a new action following a pilot project/preparatory action 67  

◻ The proposal/initiative relates to the extension of an existing action 

◻ The proposal/initiative relates to an action redirected towards a new action 

1.4.Objective(s)

1.4.1.The Commission's multiannual strategic objective(s) targeted by the proposal/initiative 

1.4.2.Specific objective(s) and Specific objective No [ ] 

(a)to improve the management of the external borders;

(b)to contribute to preventing and combating irregular migration; and

(c)to contribute to a high level of security within the area of freedom, security and justice of the Union including the maintenance of public security and public policy and safeguarding the security in the territories of the Member States.

1.4.3.Expected result(s) and impact

Specify the effects which the proposal/initiative should have on the beneficiaries/groups targeted.

1.4.4.Indicators of results and impact 

Specify the indicators for monitoring implementation of the proposal/initiative.

1.5.Grounds for the proposal/initiative 

1.5.1.Requirement(s) to be met in the short or long term 

1.5.2.Added value of Union involvement (it may result from different factors, e.g. coordination gains, legal certainty, greater effectiveness or complementarities). For the purposes of this point, 'added value of Union involvement' is the value resulting from Union intervention that is additional to the value that would have been otherwise created by Member States alone.

1.5.3.Lessons learned from similar experiences in the past

1.5.4.Compatibility and possible synergy with other appropriate instruments

1.6.Duration and financial impact 

◻ Proposal/initiative of limited duration

–◻    Proposal/initiative in effect from [DD/MM]YYYY to [DD/MM]YYYY

–◻    Financial impact from YYYY to YYYY

⌧ Proposal/initiative of unlimited duration

–Development period from 2019 to 2023 included, followed by full-scale operations.

–Duration of the financial impact is therefore provided for 2019 to 2027.

1.7.Management mode(s) planned 72  

⌧ Direct management by the Commission

–X by its departments, including by its staff in the Union delegations;

–◻    by the executive agencies

⌧ Shared management with the Member States

⌧ Indirect management by entrusting budget implementation tasks to:

–◻ third countries or the bodies they have designated;

–◻ international organisations and their agencies (to be specified);

–◻the EIB and the European Investment Fund;

–⌧ bodies referred to in Articles 208 and 209 of the Financial Regulation;

–◻ public law bodies;

–◻ bodies governed by private law with a public service mission to the extent that they provide adequate financial guarantees;

–◻ bodies governed by the private law of a Member State that are entrusted with the implementation of a public-private partnership and that provide adequate financial guarantees;

–◻ persons entrusted with the implementation of specific actions in the CFSP pursuant to Title V of the TEU, and identified in the relevant basic act.

–If more than one management mode is indicated, please provide details in the ‘Comments’ section.

Comments

(1) There are no amounts for the operations phase included in this instrument.

2.MANAGEMENT MEASURES 

2.1.Monitoring and reporting rules 

Specify frequency and conditions.

2.2.Management and control system 

2.2.1.Risk(s) identified 

2.2.2.Information concerning the internal control system set up

2.2.3.Estimate of the costs and benefits of the controls and assessment of the expected level of risk of error 

2.3.Measures to prevent fraud and irregularities 

Specify existing or envisaged prevention and protection measures.

3.ESTIMATED FINANCIAL IMPACT OF THE PROPOSAL/INITIATIVE 

This legislative financial statement of this amended legislative proposal replaces the former one. The legislative proposals COM(2017) 793 (borders and visas) and COM(2017) 794 (police and judicial cooperation, asylum and migration) contained the same legislative financial statement. As the budgeted amounts cannot be split over the two proposals, the amounts are valid for both proposals combined. All amounts have therefore only to be counted once. The same applies for the amended proposals.

The estimated impact on expenditure and staffing for the years 2021 and beyond in this legislative financial statement is covered by compatible with the Commission proposal for the next multiannual financial framework of 2 May 2018.

The legislative proposals COM(2017) 793 (borders and visas) and COM(2017) 794 (police and judicial cooperation, asylum and migration) contained the same legislative financial statement. As the budgeted amounts cannot be split over the two proposals, the amounts are valid for both proposals combined. All amounts have therefore only to be counted once. The same applies for the amended proposals.

3.1.Heading(s) of the multiannual financial framework and expenditure budget line(s) affected 

·Existing budget lines

In order of multiannual financial framework headings and budget lines.

Heading 3 under the current MFF becomes heading 4 in the new MFF (from 2021 onwards).

3.2.Estimated impact on expenditure 

[This section should be filled in using the spreadsheet on budget data of an administrative nature (second document in annex to this financial statement) and uploaded to DECIDE for interservice consultation purposes.]

3.2.1.Summary of estimated impact on expenditure 

EUR million (to three decimal places)

Heading 3 under the current MFF becomes heading 4 in the new MFF (from 2021 onwards).

The expenditures will cover costs related to:

–The cost for adapting the NUI (national uniform interface) whose development is financed under the EES proposal, a budgeted amount for the changes to the systems in the Member States in order to take into account the modifications of the central systems and a budgeted amount for end-user training.

–The budget for the EBCG covers the expenditures of a team dedicated for the validation of links generated by the MID (multiple identity detector) on the legacy data (something like 14 million records). The volume of links to be validated manually is estimated around 550.000.
The dedicated team set up for this purpose is added to the EBCG team set up for ETIAS because this is functionally close and avoids the set-up costs of a new team. The work is expected to take place in 2023. The contract agents are therefore recruited up to 3 months in advance and their contract stopped up to 2 months after the end of the migration activity. Another part of the required resources are not assumed to be recruited as contract agents and will be hired in as consultants. This explains the costs under Title 3 for 2023. They are assumed to be hired one month in advance. Further details on staff levels are provided later.

–Title 1 includes therefore the cost of 20 internal staff, and the provisions for a strengthening of the management and support staff.

–Title 2 includes the additional cost for hosting the 10 additional contractor's staff.

–Title 3 includes the fee for the additional 10 contractor's staff. There are no other types of cost included.

Europol's expenditures will cover the upgrade of Europol's ICT systems capabilities to deal with the volume of messages to be handled, and the required increased performance levels (response time).

Title 1 Staff expenditure covers the costs related to additional ICT staff to be recruited to reinforce Europol information systems for the reasons described above. Further details regarding the division of posts between temporary agents and contract agents, and their expertise are provided below.

Title 3 includes costs for the hardware and software needed to reinforce Europol information systems. At present, Europol's IT systems serve a limited designated community of Europol, Europol Liaison Officers and investigators in the Member States who use these systems for analytical and investigative purposes. With the implementation of QUEST (the system interface that will allow the ESP to query Europol data) at basic protection level (currently Europol information systems are accredited up to EU restricted and EU confidential level), Europol information systems will be made available to a much larger authorised law enforcement community. In addition to these increases, ESP will be used by ETIAS to automatically query Europol data to process travel authorisations. This will increase the volume of queries against Europol data from approximately 107 000 queries per month at present, to more than 100 000 queries per day, and will also require 24/7 availability of Europol information systems and very short response times to meet the requirements imposed by the ETIAS Regulation. The majority of the costs are limited to the period before the interoperability components become operable, but some ongoing commitments are needed to ensure high and continuous availability of Europol information systems. Also, some development works are needed to implement interoperability components by Europol as a user.

Centrally coordinated EU level training improves coherent implementation of training courses at national level and as a consequence ensures correct and successful implementation and use of interoperability components. CEPOL — as the EU Agency for Law Enforcement Training — is well-positioned to deliver central EU level training. These expenditures cover the preparation of the 'training for Member State trainers' required to use the central systems once they are made interoperable. The costs include those related to a small personnel increase for CEPOL to coordinate, manage, organise and update the courses and the cost for delivering a number of training sessions per year and preparing the online course. Details of these costs are explained below. The training effort is concentrated on the periods immediately preceding go-live. A continuous effort remains necessary beyond the go-live as the interoperable components are maintained and the trainers do not permanently remain the same persons, based on the experience of delivering existing training on Schengen information system.