26.2.2019   

EN

Official Journal of the European Union

L 57/5


COMMISSION IMPLEMENTING DECISION (EU) 2019/326

of 25 February 2019

laying down measures for entering the data in the Entry/Exit System (EES)

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011 (1), and in particular point (c) of the first paragraph of Article 36 thereof,

Whereas:

(1)

Regulation (EU) 2017/2226 established the Entry/Exit System (EES) as a system which registers electronically the time and place of entry and exit of third-country nationals admitted for a short stay to the territory of the Member States and which calculates the duration of their authorised stay.

(2)

The EES aims to improve the management of external borders, to prevent irregular immigration and to facilitate the management of migration flows. The EES should, in particular, contribute to the identification of any person who does not fulfil or no longer fulfils the conditions of duration of the authorised stay on the territory of the Member States. Additionally, the EES should contribute to the prevention, detection and investigation of terrorist offences and of other serious criminal offences.

(3)

Regulation (EU) 2017/2226 specifies the objectives of the EES, the categories of data to be entered into the EES, the purposes for which the data are to be used, the criteria for their entry, the authorities authorised to access the data, further rules on data processing and the protection of personal data, as well as the technical architecture of the EES, rules concerning its operation and use, and interoperability with other information systems. It also defines responsibilities for the EES.

(4)

Prior to the development of the EES it is necessary to adopt measures for the development and technical implementation of the EES.

(5)

Based on those measures, the European agency for the operational management of large-scale information systems in the area of freedom, security and justice should then be able to define the design of the physical architecture of the EES including its Communication Infrastructure, as well as the technical specifications of the system and to develop the EES.

(6)

The measures laid down by this Decision for the development and technical implementation of the EES should be completed by the Technical Specifications and the Interface Control Document of the EES.

(7)

This Decision is without prejudice to the application of Directive 2004/38/EC of the European Parliament and of the Council (2).

(8)

In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark did not take part in the adoption of Regulation (EU) 2017/2226 and is not bound by it or subject to its application. However, given that Regulation (EU) 2017/2226 builds upon the Schengen acquis, Denmark, in accordance with Article 4 of that Protocol, notified on 30 May 2018 its decision to implement Regulation (EU) 2017/2226 in its national law. Denmark is therefore bound under international law to implement this Decision.

(9)

This Decision constitutes a development of the provisions of the Schengen acquis in which the United Kingdom does not take part, in accordance with Council Decision 2000/365/EC (3); the United Kingdom is therefore not taking part in the adoption of this Decision and is not bound by it or subject to its application.

(10)

This Decision constitutes a development of the provisions of the Schengen acquis in which Ireland does not take part, in accordance with Council Decision 2002/192/EC (4); Ireland is therefore not taking part in the adoption of this Decision and is not bound by it or subject to its application.

(11)

As regards Iceland and Norway, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latter's association with the implementation, application and development of the Schengen acquis (5), which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC (6).

(12)

As regards Switzerland, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis (7), which fall within the area referred to in Article 1, point A of Decision 1999/437/EC, read in conjunction with Article 3 of Council Decision 2008/146/EC (8).

(13)

As regards Liechtenstein, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis (9) which fall within the area referred to in Article 1, point A of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU (10).

(14)

As regards Cyprus, Bulgaria, Romania and Croatia, the operation of the EES requires the granting of passive access to the VIS and the putting into effect of all the provisions of the Schengen acquis relating to the SIS in accordance with the relevant Council Decisions. Those conditions can only be met once the verification in accordance with the applicable Schengen evaluation procedure has been successfully completed. Therefore, the EES should be operated only by those Member States which fulfil those conditions by the start of operations of the EES. Member States not operating the EES from the initial start of operations should be connected to the EES in accordance with the procedure set out in Regulation (EU) 2017/2226 as soon as all of those conditions are met.

(15)

The European Data Protection Supervisor delivered an opinion on 20 July 2018.

(16)

The measures provided for in this Decision are in accordance with the opinion of the Smart Borders Committee,

HAS ADOPTED THIS DECISION:

Article 1

The measures necessary for the technical implementation of the EES in relation to the procedures for entering data in accordance with Articles 16 to 20 of the Regulation (EU) 2017/2226 shall be as set out in the Annex to this Decision.

Article 2

This Decision shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

Done at Brussels, 25 February 2019.

For the Commission

The President

Jean-Claude JUNCKER


(1)   OJ L 327, 9.12.2017, p. 20.

(2)  Directive 2004/38/EC of the European Parliament and of the Council of 29 April 2004 on the right of citizens of the Union and their family members to move and reside freely within the territory of the Member States amending Regulation (EEC) No 1612/68 and repealing Directives 64/221/EEC, 68/360/EEC, 72/194/EEC, 73/148/EEC, 75/34/EEC, 75/35/EEC, 90/364/EEC, 90/365/EEC and 93/96/EEC (OJ L 158, 30.4.2004, p. 77).

(3)  Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis (OJ L 131, 1.6.2000, p. 43).

(4)  Council Decision 2002/192/EC of 28 February 2002 concerning Ireland's request to take part in some of the provisions of the Schengen acquis (OJ L 64, 7.3.2002, p. 20).

(5)   OJ L 176, 10.7.1999, p. 36.

(6)  Council Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis (OJ L 176, 10.7.1999, p. 31).

(7)   OJ L 53, 27.2.2008, p. 52.

(8)  Council Decision 2008/146/EC of 28 January 2008 on the conclusion, on behalf of the European Community, of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis (OJ L 53, 27.2.2008, p. 1).

(9)   OJ L 160, 18.6.2011, p. 21.

(10)  Council Decision 2011/350/EU of 7 March 2011 on the conclusion, on behalf of the European Union, of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis, relating to the abolition of checks at internal borders and movement of persons (OJ L 160, 18.6.2011, p. 19).


ANNEX

The data to be entered in the EES as provided for in Articles 16 to 20 of Regulation (EU) 2017/2226 are grouped into two categories: individual file and entry/exit/refusal records. The individual file consists of both alphanumeric and biometric data.

The technical specifications referred to in Article 37(1) of Regulation (EU) 2017/2226 shall define the business and validation rules to be applied to the data to be entered in EES.

1.1.   Alphanumeric data

Most of the content stored in EES shall be extracted either from the Machine Readable Zone of the travel document or, where technically possible, electronically extracted from the electronic Machine Readable Travel Document (e-MRTD). It is therefore important that the information transmitted to the EES is compliant with the standards used for this, especially in the cases where it cannot be retrieved electronically and/or it has to be manually encoded by a border guard on the basis of data available in the Visual Inspection Zone. This applies only to the alphanumeric information that can be retrieved from the travel document's data page.

The following fields shall comply with the ICAO DOC9303 standard:

Article

Attribute

Standard

16(1)(a)

Surname (family name); first name(s) (given names)

ICAO DOC9303

16(1)(b)

Three-letter code of the issuing country of the travel document or documents

As per: ISO/IEC 3166-1 alpha-3 (1)

16(2)(d)

Three-letter code of the issuing Member State of a short stay visa sticker number

As per: ISO/IEC 3166-1 alpha-3

19(1)(d)

Three-letter code of the issuing country of a visa sticker

As per: ISO/IEC 3166-1 alpha-3

In addition, the following rules shall be respected:

(a)

Article 16(2)(b) of Regulation (EU) 2017/2226 — border crossing point and authority that authorised the entry: the border crossing point is an authority of type Border Crossing Point. The list of authorities shall be maintained in accordance with the Article 9 of Regulation (EU) 2017/2226.

(b)

Article 16(2)(c)- A flag to identify that the entry was performed by a third-country national who:

is a member of the family of a Union citizen to whom Directive 2004/38/EC applies or of a national of a third country enjoying the right of free movement equivalent to that of Union citizens under an agreement between the Union and its Member States, on the one hand, and a third country, on the other; and

does not hold a residence card pursuant to Directive 2004/38/EC or a residence permit pursuant to Council Regulation (EC) No 1030/2002 (2);

(c)

Article 16(2)(d) of Regulation (EU) 2017/2226 — short stay visa sticker number: the information shall be retrieved from VIS. In case the short stay visa sticker number has not changed since the previous entry or exit, the information already stored in EES can be re-used for the new entry or exit.

(d)

Article 16(6) of Regulation (EU) 2017/2226 — A flag to identify if the third country national benefits from a national facilitation programme.

1.1.1.   Data Quality

In order to improve data quality at an early stage, the functionality of the EES Central System (CS) shall include checking a set of data quality rules. Furthermore there will be data quality rules at the level of the national border infrastructure. The result of checking these rules against the data that has been entered can be seen as the quality status of data recorded.

The following order of priority shall be applied to compliance with quality rules:

(a)

Blocking rules at the level of the national border infrastructure of each Member State. Upon data entry, quality rules generate an error to the user, forbidding sending the data to EES. Such a blocking rule may rely on complex checks such as dependencies between EES data sets.

(b)

Blocking wrongly formatted messages at the level of the National Uniform Interface (NUI). Technically this is achieved through XSD definitions. Violating such a check would result in the system returning an error code forbidding saving the data in EES. The technical capabilities of such checks are limited in complexity to checking data types and patterns (such as checking the type of a value or its length).

(c)

Soft rules. Upon data entry, soft quality rules generate a warning to the user if not complied with. They do not prevent saving the data and triggering subsequent processes, but in such cases also generate a warning. The soft rules shall be assessed by the Central System at the time of storing the data.

The collected information on the quality shall be conveyed to the responsible user as well as any other user accessing these data. This information shall be displayed to the end user to allow the necessary corrective measures to be taken. The related technical details will be defined in the technical specifications referred to in Article 37(1) of Regulation (EU) 2017/2226.

1.2.   Biometric data

The biometric data covers the data related to the fingerprints and the facial image. This section sets out the rules that shall be applied to entering those data. The specifications of the standard, quality and resolution requirements for the biometric data are laid down in the Commission Implementing Decision laying down the specifications for the quality, resolution and use of fingerprints and facial image for biometric verification and identification in the Entry/Exit System (EES) (3).

1.2.1.   Facial Images

The facial image is mandatory pursuant to Article 15(1) of Regulation (EU) 2017/2226 and it shall be taken live In circumstances where the facial image of the e-MRTD is used (Article 15(2) of Regulation (EU) 2017/2226), a flag shall be used to inform the end user that the facial image is coming from the e-MRTD and, therefore, it shall be replaced at the next border crossing by a new live captured image where possible.

1.2.2.   Fingerprints

In the case of a third country national exempt of visa obligation, the fingerprints shall be captured in accordance with Article 17(1)(c) of Regulation (EU) 2017/2226.

In case fingerprints are not required or cannot be provided, in accordance with Article 17(3) and (4) and Article 18(5) of Regulation (EU) 2017/2226, a field providing the reason why the fingerprints are not provided shall be implemented in the EES.

Reason

Detail

Value

Article 17(3)

Child under 12 years old

Not Applicable

[Description field: ‘Art. 17(3)’]

Article 17(4)

Physically impossible indicated per finger

Not Applicable

[Description field: ‘Art. 17(4)’]

Article 17(4)

Temporary impossibility indicated per finger

Temporary impossibility

[Description field: ‘Art 17(4)’]

Article 18(5)

Third country national is refused entry on the basis of a reason corresponding to letter J of Annex V, Part B of Regulation (EU) 2016/399 of the European Parliament and of the Council (4)

Refusal of entry

[Description field: ‘Art. 18(5)’]


(1)  Some exceptions compared to the ISO/IEC 3166-1 alpha-3 may exist and will be documented in the technical specifications referred to in article 37(1) of Regulation (EU) 2017/2226. Any evolution of the ISO/IEC 3166-1 alpha-3 standard will have to be reflected in the future.

(2)  Council Regulation (EC) No 1030/2002 of 13 June 2002 laying down a uniform format for residence permits for third-country nationals (OJ L 157, 15.6.2002, p. 1).

(3)  C(2019) 1280.

(4)  Regulation (EU) 2016/399 of the European Parliament and of the Council of 9 March 2016 on a Union Code on the rules governing the movement of persons across borders (Schengen Borders Code) (OJ L 77 23.3.2016, p. 1).