EXPLANATORY MEMORANDUM

1.CONTEXT OF THE PROPOSAL

•Context and reasons for the proposal

In July 2019, European Commission President Ursula von der Leyen’s political guidelines announced a New Pact on Migration and Asylum, based on a comprehensive approach to external borders, asylum and return systems, the Schengen area of free movement, the external dimension of migration, legal migration and integration, to promote mutual trust among Member States.

The Communication on a New Pact on Migration and Asylum, presented together with a set of legislative proposals, including this proposal amending the 2016 proposal for a recast Eurodac Regulation, represents a fresh start on migration. Based on the overarching principles of solidarity and a fair sharing of responsibility, the new Pact advocates integrated policy-making, bringing together policies in the areas of asylum, migration, returns, external border protection and relations with key third countries.

The challenges of migration management, including those related to irregular arrivals and return, should not have to be dealt with by individual Member States alone, but by the EU as a whole. A European framework that can manage the interdependence between Member States’ policies and decisions is required. This framework must take into account the ever-changing realities of migration, which have meant increased complexity and an intensified need for coordination. Although the number of irregular arrivals to the Union has dropped by 92% since 2015, there are still a number of structural challenges that put Member States' asylum, reception and return systems under strain.

Whilst the number or irregular arrivals has decreased over time, the share of migrants arriving from countries with recognition rates lower than 25% has risen from 14% in 2015 to 57% in 2018. In addition, there has been an increasing share of complex cases, as the arrival of third-country nationals with clear international protection needs in 2015-2016 has been partly replaced by arrivals of persons with more divergent recognition rates. Furthermore, notwithstanding the EU-wide decrease in irregular arrivals since 2015, the number of applications for international protection has continued to climb, reaching a fourfold difference compared to the number of arrivals. These trends point towards a persistent onward movement and multiple applications for international protection within the EU. Finally, the nature of arrivals following search and rescue operations calls for a specific response as part of the overall migration management system, acknowledging that Member States dealing with the consequences of arrivals following search and rescue face specific challenges.

The increasing proportion of asylum applicants unlikely to receive international protection in the EU results in an increased burden to process not only asylum applications but also the return of irregular migrants whose applications have been rejected, including as inadmissible. The return of irregular migrants who never apply for international protection adds to this. A seamless link between asylum and return procedures is therefore more important than ever. It is equally important to work towards a more European return system. Irregular migrants who have no intention to apply for international protection should be immediately channelled into the return procedure and not by default find themselves in the asylum procedure.

Likewise, the strain on Member States' asylum systems continues to put a heavy burden on Member States of first arrival as well as on the asylum systems of other Member States through unauthorised movements. The current system is insufficient in addressing these realities. In particular, there is currently no effective solidarity mechanism in place.

The New Pact builds on the Commission proposals to reform the Common European Asylum System from 2016 and on the proposal to recast the Return Directive from 2018 as well as adding additional new elements to ensure the balance needed for a common framework bringing together all aspects of asylum and migration policy. The proposal amending the 2016 proposal for a recast Eurodac Regulation 1 puts in place a clear and consistent link between specific individuals and the procedures they are subjected to in order to better assist with the control of irregular migration and the detection of unauthorised movements. It also supports the implementation of the new solidarity mechanism and contains consequential amendments that will allow Eurodac to function within the interoperability framework between EU information systems.

Together with this proposal, the Commission is presenting a proposal for a new Regulation on Asylum and Migration Management 2 putting in place a common framework for asylum and migration management at EU level as part of a comprehensive approach.

In addition, the proposal amending the 2016 proposal for an Asylum Procedure Regulation 3 and the proposal for a Regulation establishing a Screening 4 , ensure a seamless link between all stages of the migration procedure, from a new pre-entry procedure to the return of third-country nationals and stateless persons without a right to remain in the Union. This screening would consist of identity, health and security checks on arrival, in view of fast channelling of the person concerned towards the applicable procedure, i.e. return, refusal of entry or the examination of an application for international protection .

•Objectives of the proposal

The 2016 Commission proposal already enlarged the scope of Eurodac, adding new categories of persons for whom data should be stored, allowing its use to identify irregular migrants, lowering the age for fingerprinting, allowing the collection of identity information together with the biometric data, and extending the data storage period.

The proposal amending the 2016 proposal builds on the provisional agreement between co-legislators, complements these changes and aims at transforming Eurodac into a common European database to support EU policies on asylum, resettlement and irregular migration. It should therefore support the application of the various measures and rules foreseen in the proposal for a new Regulation on Asylum and Migration Management (e.g. relocation, shift of responsibility) and ensure consistency with the proposal for a Screening Regulation. Moreover, it aims at gathering more accurate and complete data to inform policy making and thus at better assisting with the control of irregular migration and the detection of unauthorised movements by counting individual applicants in addition to applications. It also aims to support the identification of appropriate policy solutions in this area by allowing statistics to be drawn up combining data from several databases. Another objective is to provide additional support to national authorities dealing with asylum applicants whose application has already been rejected in another Member State by marking rejected applications. Finally, the Regulations establishing a framework on interoperability between EU information systems, in particular Regulation 2019/818 includes Eurodac in its scope. Amendments stemming from the interoperability framework and relating to the access to Eurodac data, could not yet be made at the time of adoption of the Interoperability Regulations, as the current Eurodac database does not contain alphanumeric identity data. As a consequence, this proposal includes a number of amendments that seek to ensure that Eurodac will function properly within the new interoperability framework and with the same objective presents further necessary amendments to two other legal instruments, namely the VIS and ETIAS Regulations.

•Consistency with existing policy provisions in the policy area

This proposal is fully consistent with the Communication on the New Pact on Migration and Asylum and the Roadmap of initiatives accompanying it, including the proposal for a Regulation on Asylum and Migration Management, the proposal for a Screening Regulation and the amended proposal for an Asylum Procedure Regulation.

This proposal establishes time limits provided for the taking and transmission of biometric data of applicants for international protection. The moment from when these time limits start to run has been set taking into account the pre-entry stages foreseen in the proposal for a Screening Regulation. As concerns the proposal for a Regulation on Asylum and Migration Management, this proposal ensures that all the necessary information is available for, where applicable, relocation or transfer under the mechanism for determining the Member State responsible for examining an application for international protection. This proposal also ensures consistency with the special regime proposed for the treatment of persons disembarked following a search and rescue operation in the Regulation on Asylum and Migration Management.

As concerns the proposal for a recast Return Directive, this proposal adds the necessary information in Eurodac to facilitate the return of persons whose application for international protection has been rejected.

Regulations (EU) 2019/817 5 and (EU) 2019/818 6 on Interoperability explicitly include Eurodac among the databases communicating to each other through interoperability. This is apparent from the fact that Eurodac is included in the scope of interoperability as set out in both Interoperability Regulations, from its repeated references in the recitals as participating into the interoperability platform, and in the operational articles as subject to querying the common identity repository for the purposes of preventing, detecting or investigating terrorist offences or other serious criminal offences. In particular, Article 69 of Regulation 2019/817 sets out that Eurodac will be among the four EU systems whose data is to be linked during the multiple-identity detection (MID) transition period and prior to the start of operations of the MID. It is, however, equally clear from the text of both Interoperability Regulations that most of the processes they put in place will not apply in relation to Eurodac before the date when the recast of the current Eurodac Regulation (EU) No 603/2013 becomes applicable. 7 For the full application of interoperability to become effective, however, a number of amendments to Regulation (EU) 2019/818 and to the Eurodac regulation itself are necessary. Those amendments, which notably relate to the access to Eurodac data, could not yet be made at the time of adoption of the Interoperability Regulations, as the Eurodac database in its current form does not contain alphanumeric identity data. The amendments brought to Eurodac by this proposal, notably all the categories of personal data that will be recorded on that occasion, render meaningful and operational the full participation of Eurodac in the interoperability platform.

Finally, consistency is also ensured with the provisional political agreements already reached on the Qualification Regulation, the Reception Conditions Directive, the EU Resettlement Framework Regulation, and the EU Agency for Asylum Regulation because the elements of the 2016 Eurodac proposal that concern these proposals have not been modified by the amended proposal.

•Consistency with other Union policies

This proposal is closely linked to and complements other Union policies, namely:

(a)Interoperability insofar as this proposal must ensure the functioning of Eurodac in the framework for interoperability between EU information systems.

(b)Data Protection insofar as this proposal must ensure the protection of fundamental rights to respect for the private life of individuals whose personal data are processed in Eurodac.

(c)Security insofar as it takes into account the pre-entry stage foreseen in the proposal for a Screening Regulation which provides for a security check

2.LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY

•Legal basis

The present proposal uses Article 78(2)(d) of the Treaty on the Functioning of the European Union (TFEU) as a legal basis for making the taking of biometric data a mandatory step in the framework of the international protection procedure. It uses Article 78(2)(e) as a legal basis concerning criteria and mechanisms for determining which Member State is responsible for considering an application for asylum or subsidiary protection. It also uses Article 78(2)(g) as a legal basis for the resettlement related provisions. In addition, it uses Article 79(2)(c) as the legal basis concerning the elements for identifying an irregular third-country national or stateless person as regards irregular immigration and unauthorised residence, including removal and repatriation of persons residing without authorisation, Article 87(2)(a) as the legal basis concerning the elements related to the collection, storage, processing, analysis and exchange of relevant information for law enforcement purposes; and Article 88(2)(a) as the legal basis concerning Europol's field of action and tasks including the collection, storage, processing, analysis and exchange of information.

•Variable Geometry

Ireland is bound by Regulation (EU) No. 603/2013 following its notification of its wish to take part in the adoption and application of that Regulation based on the above-mentioned Protocol.

In accordance with Protocol 21 on the position of Ireland, this Member States may decide to take part in the adoption of this proposal. It also has this option after adoption of the proposal.

Under the Protocol on the position of Denmark, annexed to the TEU and the TFEU, Denmark does not take part in the adoption by the Council of the measures pursuant to Title V of the TFEU (with the exception of "measures determining the third countries whose nationals must be in possession of a visa when crossing the external borders of the Member States, or measures relating to a uniform format for visas"). Therefore, Denmark does not take part in the adoption of this Regulation and is not bound by it nor subject to its application. However, given that Denmark applies the current Eurodac Regulation, following an international agreement that it concluded with the EU in 2006, it shall, in accordance with Article 3 of that agreement 8 , notify the Commission of its decision whether or not to implement the content of the amended Regulation.

•Impact of the proposal on Denmark and on non-EU Member States associated to the (former) Dublin system

In parallel to the association of several non-EU Member States to the Schengen acquis, the Community concluded several agreements associating these countries also to the (former) Dublin/Eurodac acquis:

–the agreement associating Iceland and Norway, concluded in 2001 9 ;

–the agreement associating Switzerland, concluded on 28 February 2008 10 ;

–the protocol associating Liechtenstein, concluded on 18 June 2011 11 .

In order to create rights and obligations between Denmark – which as explained above has been associated to the (former) Dublin/Eurodac acquis via an international agreement – and the associated countries mentioned above, two other instruments have been concluded between the Community and the associated countries 12 .

In accordance with the three above-cited agreements, the associated countries shall accept the (former) Dublin/Eurodac acquis and its development without exception. They do not take part in the adoption of any acts amending or building upon the (former) Dublin acquis (including therefore this proposal) but have to notify to the Commission within a given time-frame of their decision whether or not to accept the content of that act, once approved by the Council and the European Parliament. In case Norway, Iceland, Switzerland or Liechtenstein do not accept an act amending or building upon the (former) Dublin/Eurodac acquis, the "guillotine" clause is applied and the respective agreements will be terminated, unless the Joint/Mixed Committee established by the agreements decides otherwise by unanimity.

The scope of the above-cited association agreements with Iceland, Norway, Switzerland and Liechtenstein as well as the parallel agreement with Denmark does not cover law enforcement access to Eurodac. To this effect, complementary agreements with those Associated States are in the process of ratification.

•Subsidiarity

The current proposal stipulates that the comparison of fingerprint data using Eurodac may only be made after national fingerprint databases and the Automated Fingerprint Databases of other Member States under Council Decision 2008/615/JHA (the Prüm Agreements) return negative results. This rule means that if any Member State has not implemented the above Council Decision and cannot perform a Prüm check, it also may not make a Eurodac check for law enforcement purposes. Similarly, any associated States that have not implemented or do not participate in the Prüm Agreements may not conduct such a Eurodac check.

The proposed initiative constitutes a further development of the Regulation on Asylum and Migration Management and EU migration policy and in order to ensure that common rules on the taking of fingerprints and facial image data for third-country nationals for the purposes of Eurodac are applied in the same way in all the Member States. It creates an instrument providing to the European Union information on how many third country nationals enter the EU irregularly or following search and rescue (SAR) operations and apply for international protection, which is indispensable for sustainable and evidence based policy making in the field of migration and visa policy.

This proposal will also assist Member States to identify illegally staying third-country nationals and those who have entered the European Union irregularly at the external borders, with a view to using this information to assist a Member State to re-document a third-country national for return purposes.

Due to the transnational nature of the problems related to asylum and refugee protection, the EU is well placed to propose solutions in the framework of the Common European Asylum System (CEAS) to the issues described above as problems regarding the Eurodac Regulation.

An amendment of the Eurodac Regulation is also required in order to add an additional purpose thereto, namely to control irregular migration to and unauthorised movements of irregular migrants within the EU and in relation to this an amendment that would allow the counting of applicants in addition to applications. This objective cannot be sufficiently achieved by the Member States alone. Similarly, the efficient application of exclusion grounds under Regulation (EU) XXX/XXX [Resettlement Regulation] cannot be done by Member States acting alone. Finally, the modifications necessary for the effective implementation of the interoperability framework can only be proposed by the Commission and put into application at EU level not by Member States acting alone.

•Proportionality

Article 5 of the Treaty on the European Union states that action by the Union shall not go beyond what is necessary to achieve the objectives of the Treaty. The form chosen for this EU action must enable the proposal to achieve its objective and be implemented as effectively as possible.

The proposal is driven by the privacy by default and by design principles requiring that the Eurodac business processes be designed from the start to adhere to data protection principles and is proportionate in terms of the right to protection of personal data in that it does not require the collection and storage of more data for a longer period than is absolutely necessary to allow the system to function and meet its objectives. In addition, all the safeguards and mechanisms required for the effective protection of the fundamental rights of third-country nationals and stateless persons covered by the scope of Eurodac particularly the protection of their private life and personal data will be foreseen and implemented.

No further processes or harmonisation will be necessary at EU level to make the system work. The envisaged measure is proportionate in that it does not go beyond what is necessary in terms of action at EU level to meet the defined objectives.

•Choice of the instrument and legislative technique

This proposal amends the 2016 proposal for a recast of the Eurodac Regulation. While the Commission supports all the elements of the provisional agreement between co-legislators on the 2016 proposal for a recast Eurodac Regulation, this amended proposal includes from that provisional agreement only the articles that are proposed to be significantly modified. Therefore, certain articles provisionally agreed between co-legislators (e.g. the articles on persons in an admission procedure and on resettled persons) are not included. Consequently, for three of the articles in this amended proposal (Article 9 on Statistics, Article 19 on Marking and blocking of data and Article 40a introducing amendments to Regulation (EU) 2019/818) some of the elements of the provisional agreement (namely, the parts referring to persons in an admission procedure and to resettled persons) could not be included as it was not possible to cross-refer to the respective articles. Moreover, some further technical adjustments will need to be made to other articles covered by the provisional agreement to reflect the changes introduced by this amended proposal.

3.RESULTS OF EX-POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS

•Ex-post evaluations/fitness checks of existing legislation

This proposal amends an existing proposal and therefore there is no available ex-post evaluation/fitness check of existing legislation. However, evidence is available through other sources that point out the necessity of these amendments. Thus, in relation to data collected in the field of asylum, discussions that have taken place with Member states (eg in the Council preparatory bodies) since 2016 have highlighted a range of elements that affect the efficiency of the policy-making response. In this sense, positions expressed during the negotiations of the 2016 CEAS package, discussions that took place in various other fora, be it at technical or political level and contributions to the new Pact made by different Member States flagged the pressure that unauthorised movements put on Member States’ asylum systems. These also pointed out the limitations of current analysis 13 in this area that do not provide an accurate picture of the phenomenon. This is related to the fact that the data available for such purposes refer to administrative procedures instead of individuals. As there are currently no precise numbers with respect to how many (first-time) applicants there are in the EU and how many move from one Member State to another, any further attempts at analysing the phenomenon (e.g. motives behind such moves, profiles, preferred destinations) are by default speculative in their nature. Consequently, the identification of the appropriate policy responses for tackling such movements lacks both focus and efficiency.

In a similar vein, discussions highlighted the need to strengthen the link between asylum and return including by making the necessary information immediately available to the relevant authorities.

•Stakeholder consultations

Ahead of the launch of the New Pact on Migration and Asylum, the Commission consulted Member States, the European Parliament and stakeholders on a number of occasions to gather their views on the future Pact on Migration and Asylum between December 2019 and July 2020. In parallel, the Romanian, Finnish and Croatian Presidencies held both strategic and technical exchanges on the future of various aspects of migration policy, including asylum, return, relations with third countries on readmission and reintegration. These consultations and exchanges showed support for a fresh start on European asylum and migration policy to urgently address the flaws in the Common European Asylum System, to improve the effectiveness of the return system, better structure and equip our relations with third countries on readmission and aim at the sustainable reintegration of returning migrants.

A number of workshops and discussions were organised during the Finnish Presidency in various Council fora, including the Tampere 2.0 conference held on 24-25 October 2019 in Helsinki and the Salzburg Forum held in Vienna on 6-7 November 2019, where Member States welcomed the intention of the European Commission to relaunch the Dublin reform in order to find new forms of solidarity to which all Member States would be obliged to contribute. Member States underlined that solidarity measures should go hand in hand with measures of responsibility. Furthermore, they underlined the urgent need to combat unauthorised movements within the EU as well as to enforce returns for those who are not in need for international protection.

Commissioner Johansson and the Commission services held on several occasions targeted consultations with civil society organisations (CSOs), representatives of the Initiative for Children in Migration, and relevant local non-governmental organisations in the Member States. In this consultation process, specific recommendations focused on a common approach to child-specific standards following to the Communication of 2017 on Children in Migration 14 . Civil society has also been consulted in the process of the Consultative Forum set up by EASO, on topics such as the initial steps in the asylum procedure (2019).

The Commission took into consideration many recommendations of national and local authorities 15 non-governmental and international organisations, such as UNHCR, 16 IOM 17 , as well as think-tanks and academia, on how to make a fresh start and address current migration challenges in accordance with human rights standards. In their view, a fresh start on the reform should revise certain rules for the determination of responsibility and provide for a mechanism of mandatory solidarity including for persons disembarked further to a SAR operation. Non-governmental organisations also advocate for a common understanding of responsibility among Member States and called for the revised Dublin rules to include a more permanent relocation mechanism 18 . In the framework of the MEDAM project, for instance, the Migration Policy Centre recommended to embed a migration policy scoreboard aimed at monitoring progress on the asylum and migration at EU level 19 .

The Commission also took into account the contributions and studies of the European Migration Network 20 , which have been launched at its initiative and which over the last years have produced several specialised studies and ad hoc queries.

•Evidence-based policy-making

The Commission favours an evidence-based policy-making and refers to the separate document (XXX) which details the data and elements supporting the proposed approach for the various challenges identified since 2016 for the finalisation of the CEAS reform.

In relation to Eurodac, these refer mainly to the current limited possibilities for analysing unauthorised movements due to the limitations entailed by the available data (data referring to applications instead of individuals), to the necessity of reflecting the new rules introduced in the proposal for a Regulation on Asylum and Migration Management and to the necessity of introducing in the Eurodac Regulation amendments that would allow the functioning of the system in the interoperability framework.

•Fundamental rights

The fundamental rights explanations linked to the recast Regulation proposed in 2016 remain valid.

Among the new elements introduced by the amended proposal, the linking of all data sets belonging to one person in one sequence to allow the counting of applicants in addition to applications will not modify the way biometric data are collected and processed. No new file will be created. Member States will keep ownership of the transmitted data set and all safeguards, data storage and data security rules foreseen by the original 2016 proposal will apply. Moreover, appropriate safeguards would also be foreseen regarding the linking procedure as datasets would be linked in the sequence only when the hit is confirmed by Member States (with verification by a fingerprint expert if necessary). As regards the new category of persons disembarked following a search and rescue operations, such persons are already registered in Eurodac under the category of persons apprehended in connection with an irregular crossing of the external border. The new separate category would give a more accurate picture of the migratory flows and would facilitate the application of the relevant provisions of the Regulation on Asylum and Migration Management. Such rules would ultimately benefit those persons brought ashore following search and rescue operations as they would allow for a more correct reflection of their status as they would not be registered as persons crossing the border irregularly. The same data would be collected as for the other categories with the same rules and safeguards for transmission, processing and storage.

4.BUDGETARY IMPLICATIONS

The present proposal entails a technical amendment to the Eurodac central system in order to provide for the possibility to carry out comparisons for all categories of data and for storage of all three categories of data. Further functionalities such as the storage of biographical data alongside a facial image will require more amendments to the Central System.

The cost estimate of EUR 29.872 million includes costs for the technical upgrade and increased storage and throughput of the Central System. It also consists of IT-related services, software and hardware and would cover the upgrade and customisation to allow searches for all categories of data covering both asylum and irregular migration purposes. It also reflects the additional staffing costs required by eu-LISA.

The financial statement attached to this proposal reflects these elements. It also reflects the costs related to the changes introduced by co-legislators (creation of two new categories namely persons registered for the purpose of conducting an admission procedure and persons resettled in accordance with a national resettlement scheme, the storage of colour copies of identity or travel documents and the possibility for law enforcement authorities to search Eurodac using alphanumeric data) as well as the study on facial recognition foreseen by the 2016 recast proposal (EUR 7 million).

The interoperability-related amendments introduced by this amended proposal are covered by the interoperability framework’s financial statement (EUR 15 million).

5.OTHER ELEMENTS

•Monitoring, evaluation and reporting arrangements

The text of the 2016 proposal as provisionally agreed by co-legislators foresees in its Article 42 three types of reporting obligations as follows:

–Once a year, eu-LISA shall submit to the European Parliament, the Council the Commission and the EDPS a report on the activities of the Central System (on the basis of information provided by Member States);

–Seven years after adoption and every four years thereafter, the Commission shall produce an overall evaluation of Eurodac, examining the results achieved against objectives and the impact on fundamental rights (on the basis of information provided by eu-LISA, Member States and Europol);

–Every two years, each Member State and Europol shall prepare reports on the effectiveness of the comparison of biometric data with Eurodac data for law enforcement purposes. These reports shall be transmitted to the Commission by 30 June of the subsequent year. Every two years, the Commission shall compile these reports in a report on law enforcement access to Eurodac which will be transmitted to the European Parliament, the Council and the EDPS. This report is different for the report described under the previous point.

The yearly report that eu-LISA will have to prepare on the activities of the Central System, will include information on the management and performance of Eurodac against pre-defined quantitative indicators (e.g. total number of data sets and per category, number of hits, the way Member States implement the deadlines for transmitting biometric data to Eurodac, including delays etc).

The report containing the overall evaluation of Eurodac that the Commission will need to prepare will monitor the results achieved against the objectives set by the regulation and will measure the impact on fundamental rights, in particular data protection and privacy rights, including whether law enforcement access has led to indirect discrimination against persons covered by the Eurodac Regulation.

The reports on the effectiveness of the comparison of biometric data with Eurodac data prepared by Europol and each Member State will assess, among others, the exact purpose of the comparison, the grounds given for reasonable suspicion, the number and type of cases which ended with a successful identification.

•Detailed explanation of the specific provisions of the proposal

This amended proposal needs to be considered in the context of the inter-institutional negotiations on the Commission’s 2016 proposal for a recast Eurodac Regulation and should be seen as complementing those discussions. Those negotiations led to a provisional agreement between co-legislators, which the Commission supports and considers it would significantly improve the functioning of Eurodac.

For ease of reference, the text negotiated by co-legislators included in this proposal, compared to the Commission’s 2016 proposal, is marked in bold. The new targeted amendments are marked in bold underline.

1.Counting applicants in addition to applications

Recent discussions in various fora (Council preparatory bodies, Advisory Groups) and contributions to the new Pact coming from Member States during consultation clearly pointed out a set of gaps in information gathering and analysis at EU level in the field of asylum and migration. This becomes particularly relevant when analysing unauthorised movements in this field: currently there is no possibility of knowing how many applicants there are in the EU because the numbers refer to applications and therefore several applications may belong to the same person. Considering this, it is necessary to transform the Eurodac system from a database counting applications to a database counting applicants. This can be done by linking all data sets in Eurodac belonging to one person, regardless of their category, in one sequence, which would allow the counting of persons. Furthermore, a specific provision would allow eu-LISA to produce statistics on the number of asylum applicants and first-time applicants, providing an accurate picture of how many third-country nationals and stateless persons request asylum in the EU. Aggregating these data with other type of data such as those regarding transfers under the Regulation on Asylum and Migration Management will supply the appropriate input for the right type of policy response in relation to unauthorised movements.

2.Cross-system statistics

A new provision building upon the relevant provisions of the Interoperability Regulations 21 (Article 39), will allow eu-LISA to draw up cross-system statistics using data from Eurodac, Entry/Exit System (EES), ETIAS and the Visa Information System (VIS). One aim would be to know for example how many of the third country nationals were issued a short-stay visa by a given Member State or in a given third country, proceeded to enter legally (and where) and then proceeded to apply for international protection (and where). This would offer the necessary background information for assessing such phenomena and for the appropriate policy response. The provision would also foresee that in addition to the Commission and the Member States, the future European Union Agency for Asylum and Frontex would also get access to such statistics as both agencies, in the framework of their respective mandate, produce valuable analysis in the area of migration and asylum.

3.Creating a new category for persons disembarked following a search and rescue (SAR) operation

The new proposal for a Regulation on Asylum and Migration Management provides a responsibility criterion for examining an application for international protection where the application was registered after the person concerned was disembarked following a search and rescue operation (under current rules such persons are covered by the irregular entry criterion). This better reflects in the asylum acquis the obligations stemming from the International Convention on Maritime Search and Rescue 22 . While the responsibility rules for this new category are the same as the rules for persons who enter irregularly, the distinction is relevant in relation to the fact that Member States of disembarkation face specific challenges as they cannot apply to SAR disembarkations the same tools as for irregular crossings by land or air. For instance, there are no official border checks for SAR arrivals, which not only means that points of entry are more difficult to define, but also that third country nationals have no points where to officially seek entry. Therefore, there is a need to have a separate category for these persons in Eurodac instead of registering them as persons who cross the border irregularly (as is currently the case). Moreover, this will also lead to a more accurate picture of the composition of migratory flows in the EU.

4.Ensuring full consistency with the proposal for a Regulation on Asylum and Migration

In addition to creating the new category for persons disembarked following a search and rescue operation, this amended proposal also adds a set of provisions reflecting all the relevant aspects regarding the responsibility of a Member State (the various criteria to establish responsibility, the shift of responsibility and the cessation of responsibility). These provisions add to those that were already included in the original 2016 proposal. Finally, this amended proposal contains provisions regarding the relocation of beneficiaries of international protection, thus fully mirroring the various scenarios contained in the proposal for a Regulation on Asylum and Migration.

5.Ensuring consistency with screening

A limited number of changes were needed to ensure consistency with the proposal for a Screening Regulation. In this sense, the moment from which the time-limit for taking and transmission of biometric data for applicants starts running needed to be adapted to cater for the various possible scenarios foreseen by that proposal in order to ensure a smooth flow of the asylum procedure.

6.Indicating rejected applications

A new field would be created where Member States would indicate when an application has been rejected and the applicant has no right to remain and has not been allowed to remain in accordance with the Asylum Procedures Regulation. This would change nothing in terms of rules applicable and rights of the individual, but it would reinforce the link with return procedures and provide additional support to national authorities dealing with an applicant for international protection whose application has been rejected in another Member State as it would allow them to choose the right type of applicable procedure (e.g. subsequent application) therefore streamlining the whole process.

7.Indicating whether voluntary return and reintegration assistance has been granted

A new field would be created to indicate whether voluntary return and reintegration assistance (AVRR) has ever been granted. This is necessary as it would improve Member States monitoring capacities in this field and would prevent “AVRR shopping”.

8.Indicating whether following screening it appears that the person could pose a threat to internal security

A new field would be created to mark whether following screening it appears that the person could pose a threat to internal security. This is necessary as it would facilitate the implementation of relocation because such persons would be excluded from relocation in conformity with the rules in the Regulation on Asylum and Migration Management. Furthermore, this would speed up the processing of applications for international protection. In this sense, for the applicants for whom a security problem has been flagged and marked in Eurodac, the assessment of the application could focus first on whether this is serious enough to amount to an exclusion/rejection ground.

9.Indicating whether a visa has been issued

A field would be created to indicate the Member State that has issued or extended a visa to the applicant or on behalf of which the visa has been issued and the visa application number. This is necessary as it would facilitate the application of the responsibility criteria for those Member States or Associated Countries that are not bound by the VIS Regulation 23 but are nevertheless affected by the issuance of a visa.

10.Interoperability consequential amendments and amendments related to the Interoperability Regulation, ETIAS 24 and VIS Regulations

It is necessary to introduce a set of technical consequential amendments stemming from the Interoperability Regulation (e.g. references to and definition of the common identity repository and of identity data or clarifications regarding the way the stored data will be split between the common identity repository and the Central System). The need to introduce these changes in the Eurodac Regulation were stated already when the two proposals for the Interoperability Regulations were presented. These amendments will ensure the proper legal basis for the functioning of Eurodac within the new interoperability framework. Likewise, it is necessary to introduce amendments to the Interoperability Regulation in order to include the various relevant references to Eurodac. Finally, it is also necessary to introduce a set of consequential amendments stemming from the ETIAS Regulation and from the VIS Regulation regulating the access to Eurodac of the ETIAS National Units and of the competent visa authorities respectively, as the issue of access rights to the various databases remains an aspect to be dealt with in the legislative act governing the respective databases.

2016/0132 (COD)

Amended proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

on the establishment of 'Eurodac' for the comparison of biometric data for the effective application of Regulation (EU) XXX/XXX [Regulation on Asylum and Migration Management] and of Regulation (EU) XXX/XXX [Resettlement Regulation], for identifying an illegally staying third-country national or stateless person and on requests for the comparison with Eurodac data by Member States' law enforcement authorities and Europol for law enforcement purposes and amending Regulations (EU) 2018/1240 and (EU) 2019/818

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Articles 78(2)(d), (e) and (g), 79(2)(c), 87(2)(c) and 88(2)(a) thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Acting in accordance with the ordinary legislative procedure,

Whereas:

(1)the following recitals are inserted after recital 4:

‘(4a) Moreover, for the purposes of effectively applying Regulation (EU) XXX/XXX [Regulation on Asylum and Migration Management] and in accordance with the rules thereof, it is necessary to clearly mark in Eurodac the fact that there has been a shift of responsibility between Member States, including in cases of relocation. Furthermore, in order to reflect accurately the obligations Member States have to conduct search and rescue operations and to help these Member States with the specific challenges they face as they cannot apply to persons disembarked following such operations the same tools as for irregular crossings by land or air, it is also necessary to register third-country nationals or stateless persons disembarked following search and rescue operations as a separate category in Eurodac.

(4b) Furthermore, for the purposes of applying Regulation (EU) XXX/XXX [Regulation on Asylum and Migration Management] it is necessary to flag whether, following security checks during screening, it appears that a person could pose a threat to internal security.’;

(2)the following recitals are inserted after recital 5:

‘(5a) It is also necessary to introduce provisions that would ensure the functioning of that system within the interoperability framework established by Regulations (EU) 2019/817 25 and 2019/818 26 of the European Parliament and of the Council.

(5b) Furthermore, it is necessary to introduce the provisions that would frame the access of European Travel Information and Authorization System (ETIAS) national units and of competent visa authorities to Eurodac in accordance with Regulation (EU) 2018/1240 27 and (EC) 767/2008 28 of the European Parliament and of the Council.

(5c) Likewise, for the purpose of managing irregular migration, it is necessary to allow eu-LISA to produce cross-system statistics using data from Eurodac, the Visa Information System, ETIAS and the Entry/Exit System. In order to specify the content of these cross-system statistics, implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by the Member States of the Commission's exercise of implementing powers.’;

(3)recital 6 is replaced by the following:

‘(6) To those ends, it is necessary to set up a system known as 'Eurodac', consisting of a Central System and of the Common Identity Repository established by Regulation (EU) 2019/818, which will operate a computerised central database of biometric fingerprint and facial image data, as well as of the electronic means of transmission between those [the Central System and the Common Identity Repository] and the Member States, hereinafter the "Communication Infrastructure".’;

(4)the following recital is inserted after recital 11:

‘(11a) For that purpose, it also necessary to clearly mark in Eurodac the fact that an application for international protection has been rejected where the third-country national or stateless person has no right to remain and has not been allowed to remain in accordance with Regulation (EU) XXX/XXX [Asylum Procedure Regulation].’;

(5)recital 14 is replaced by the following:

‘(14) Moreover, in order for Eurodac to effectively assist with the control of irregular migration and with the detection of secondary movements within the EU, it is necessary to allow the system to count applicants in addition to applications by linking all sets of data corresponding to one person, regardless of their category, in one sequence.’;

(6)the following recital is inserted after recital 24:

‘(24a) For the purposes of this Regulation, it is recalled that a person should be considered to be illegally staying on the territory of the Member State of relocation if that person does not apply for international protection following relocation or does otherwise not fulfil or no longer fulfils the conditions of entry as set out in Article 6 of Regulation (EU) 2016/399 or other conditions for entry, stay or residence in the Member State of relocation.’;

(7)the following recital is inserted after recital 60:

‘(60a) This Regulation should be without prejudice to the application of Directive 2004/38/EC of the European Parliament and of the Council 29 .’;

(8)recital 63 is deleted.

HAVE ADOPTED THIS REGULATION:

(9) Article 1 is replaced by the following:

Article 1

Purpose of "Eurodac”

1. A system known as "Eurodac" is hereby established, the purpose of which shall be to:

(a)assist in determining which Member State is to be responsible pursuant to Regulation (EU) No XXX/XXX [Regulation on Asylum and Migration Management] for examining an application for international protection lodged registered in a Member State by a third-country national or a stateless person, and otherwise to facilitate the application of Regulation (EU) No XXX/XXX [Regulation on Asylum and Migration Management] under the conditions set out in this Regulation;

(b)assist with the application of Regulation (EU) XXX/XXX [Resettlement Regulation] under the conditions set out in this Regulation;

(c)assist with the control of illegal irregular immigration to the Union and with the detection of secondary movements within the Union and with the identification of illegally staying third-country nationals and stateless persons for determining the appropriate measures to be taken by Member States including removal and repatriation of persons residing without authorisation;

(d)lay down the conditions under which Member States' designated authorities and the European Police Office (Europol) may request the comparison of fingerprint and facial image biometric or alphanumeric data with those stored in the Central System for law enforcement purposes for the prevention, detection or investigation of terrorist offences or of other serious criminal offences;

(e)assist in the correct identification of persons registered in Eurodac under the conditions and for the objectives referred to in Article 20 of Regulation (EU) 2019/818 by storing identity data, travel document data and biometric data in the common identity repository (CIR) established by that Regulation;

(f)support the objectives of the European Travel Information and Authorisation System (‘ETIAS’) established by Regulation (EU) 2018/1240;

(g)support the objectives of the Visa Information System (VIS) referred to in Regulation (EC) No 767/2008.

2. Without prejudice to the processing of data intended for Eurodac by the Member State of origin in databases set up under the latter's national law, fingerprint biometric data and other personal data may be processed in Eurodac only for the purposes set out in this Regulation, and in Regulation (EU) No XXX/XXX [Regulation on Asylum and Migration Management] and in Regulation (EU) XXX/XXX [Resettlement Regulation] [Article 34(1) of Regulation (EU) No 604/2013].’;

(10) Article 3 is amended as follows:

(a) in point (b) of paragraph 1, the following point (iv) is added:

‘(iv) in relation to a person covered by Article 14a(1), the Member State which transmits the personal data to the Central System and to the Common Identity Repository and receives the results of the comparison;’;

(b) in paragraph 1, the following points (p), (q) and (r) are added:

‘(p)“CIR” means the common identity repository as defined in Article 17 of Regulation (EU) 2019/818;

(q)“identity data” means the data referred to in Article 12(c) to (f) and (h), Article 13(2) (c) to (f) and (h), Article 14(2) (c) to (f) and (h) and Article 14a(c) to (f) and (h);

(r) “dataset” means the set of information recorded in Eurodac on the basis of Articles 12, 13, 14 or 14a, corresponding to one set of fingerprints of a data subject and composed of biometric data, alphanumeric data and, where available, a scanned colour copy of an identity or travel document.’;

(11) Article 4 is replaced by the following:

‘Article 4

System architecture and basic principles

1. Eurodac shall consist of:

(a)a Central System composed of:

(i)a Central Unit,

(ii)a Business Continuity Plan and System;

(b)a communication infrastructure between the Central System and Member States that provides a secure and encrypted communication channel for Eurodac data ("Communication Infrastructure");

(c)the common identity repository (CIR) as referred to in Article 17(2) of Regulation 2019/818;

(d)a secure communication infrastructure between the Central System and the central infrastructures of the European search portal, the shared biometric matching service, the CIR and the multiple-identity detector established by Regulation 2019/818.

2. The CIR shall contain the data referred to in Article 12, points (a) to (f), (h) and (i), Article 13(2) (a) to (f), (h), and (i), Article 14(2) (a) to (f), (h) and (i) and Article 14a(a) to (f), (h) and (i). The remaining Eurodac data shall be stored in the Central System.

23. The Eurodac Communication Infrastructure will be using the existing 'Secure Trans European Services for Telematics between Administrations' (TESTA) network. A separate virtual private network dedicated to the EURODAC shall be established on the existing TESTA private virtual network to ensure the logical separation of EURODAC data from other data. In order to ensure confidentiality, personal data transmitted to or from Eurodac shall be encrypted.

34. Each Member State shall have a single National Access Point. Europol shall have a single Europol access point.

45. Data on persons covered by Articles 10(1), 13(1), 14(1) and 14a(1) which are processed in the Central System shall be processed on behalf of the Member State of origin under the conditions set out in this Regulation and separated by appropriate technical means.

6. All datasets registered in Eurodac corresponding to the same third country national or stateless person shall be linked in a sequence. Where a search is launched with the fingerprints in the dataset of a third-country national or stateless person and a hit is obtained against at least one other set of fingerprints in another dataset corresponding to that same third country national or stateless person, Eurodac shall automatically link those datasets on the basis of the fingerprints comparison. If necessary, the comparison of fingerprints shall be checked and confirmed by a fingerprint expert in accordance with Article 26. When the receiving Member State confirms the hit, it shall send a notification to eu-LISA that will confirm the linking.

57. The rules governing Eurodac shall also apply to operations carried out by the Member States as from the transmission of data to the Central System until use is made of the results of the comparison.’;

(12) the following Articles 8a, 8b, 8c and 8d are inserted:

‘Article 8a

Interoperability with ETIAS

1. From [the date of application of this Regulation], the Central System of Eurodac shall be connected to the European search portal referred to in Article 6 of Regulation (EU) 2019/818 in order to enable the automated processing referred to in Article 11 of Regulation (EU) 2018/1240.

2. The automated processing referred to in Article 11 of Regulation (EU) 2018/1240 shall enable the verifications provided for in Article 20 and the subsequent verifications of Articles 22 and 26 of that Regulation.

For the purpose of carrying out the verifications referred to in Article 20(2)(k) of Regulation (EU) 2018/1240, the ETIAS Central System shall use the European search portal, to compare the data in ETIAS with the data in Eurodac collected on the basis of Articles 12, 13, 14 and 14a of this Regulation corresponding to individuals having left or having been removed from the territory of the Member States in compliance with a return decision or removal order and using the correspondences listed in the table in Annex II of this Regulation.

The verifications shall be without prejudice to the specific rules provided for in Article 24(3) of Regulation (EU) 2018/1240.

Article 8b

Conditions for access to Eurodac for the manual processing by ETIAS National Units

1. Consultation of Eurodac by ETIAS National Units shall be carried out by means of the same alphanumerical data as those used for the automated processing referred to in Article 8a.

2. For the purposes of Article 1(1)(f), the ETIAS National Units, shall have access to and may consult the Eurodac, in a read-only format, for the purpose of examining applications for travel authorisation. In particular, the ETIAS National Units may consult the data referred to in Articles 12, 13, 14 and 14a.

3. Following consultation and access pursuant to paragraphs 1 and 2 of this Article the result of the assessment shall be recorded only in the ETIAS application files.

Article 8c

Access to Eurodac by the competent visa authorities

For the purpose of manually verifying hits triggered by the automated queries carried out by the Visa Information System in accordance with Articles [9a and 9c] of Regulation (EC) No 767/2008 and examining and deciding on visa applications in accordance with Article 21 of Regulation (EC) No 810/2009 of the European Parliament and of the Council 30 , the competent visa authorities shall have access to Eurodac to consult data in a read-only format.

Article 8d

Interoperability with the Visa Information System

From the [date of application of the Regulation (EU) XXX/XXX amending the VIS Regulation], as provided for in Article [9] of that Regulation, Eurodac shall be connected to the European search portal referred to in Article 6 of Regulation (EU) 2019/817 in order to enable the automated processing referred to in Article [9a] of Regulation (EC) No 767/2008 in order to query Eurodac and compare the relevant data in the Visa Information System with the relevant data in Eurodac. The verifications shall be without prejudice to the specific rules provided for in Article 9(b) of Regulation 767/2008.’;

(13) Article 9 is replaced by the following:

‘Article 9

Statistics

1. eu-LISA shall draw up statistics on the work of the Central System every month indicating in particular:

(a)the number of applicants and the number of first-time applicants resulting from the linking process referred to in Article 4(6);

(b)the number of rejected applicants resulting from the linking process referred to in Article 4(6) and pursuant to Article 12(za);

(ac)the number of data sets transmitted on persons referred to in Articles 10(1), 13(1), and 14(1) and 14a(1);

(bd)the number of hits for persons referred to in Article 10(1):

(i)for whom an application for international protection was registered who have subsequently lodged an application for international protection in another Member State,

(ii)who were apprehended in connection with the irregular crossing of an external border, and

(iii)who were found illegally staying in a Member State,

(iv)who were disembarked following a search and rescue operation;

(ce)the number of hits for persons referred to in Article 13(1):

(i)for whom an application for international protection was registered who have subsequently lodged an application for international protection,

(ii)who were apprehended in connection with the irregular crossing of an external border, and

(iii)who were found illegally staying in a Member State;

(iv)who were disembarked following a search and rescue operation;

(df)the number of hits for persons referred to in Article 14(1):

(i)for whom an application for international protection was registered who have subsequently lodged an application for international protection in another Member State,

(ii)who were apprehended in connection with the irregular crossing of an external border, and

(iii)who were found illegally staying in a Member State,

(iv)who were disembarked following a search and rescue operation;

(g) the number of hits for persons referred to in Article 14a(1):

(i)for whom an application for international protection was registered,

(ii)who were apprehended in connection with the irregular crossing of an external border,

(iii)who were illegally staying in a Member State,

(iv)who were disembarked following a search and rescue operation;

(eh)the number of fingerprint biometric data which the Central System had to request more than once from the Member States of origin because the fingerprint biometric data originally transmitted did not lend themselves to comparison using the computerised fingerprint and facial image recognition systems;

(fi)the number of data sets marked and unmarked blocked and unblocked in accordance with Article 19(1), and 17 (2), (3) and (4);

(gj)the number of hits for persons referred to in Article 19(1) and (4) for whom hits have been recorded under points (b), (c) and (d) to (g) of this Article;

(hk)the number of requests and hits referred to in Article 21(1);

(il)the number of requests and hits referred to in Article 22(1);

(jm)the number of requests made for persons referred to in Article 31;

(hn) the number of hits received from the Central System as referred to in Article 26(6).

2. The monthly statistical data for persons referred to in paragraph 1(a) to (h) (n) shall be published each month. At the end of each year, the yearly statistical data for persons referred to in paragraph 1(a) to (h) (n) shall be published by eu-LISA. The statistical data shall contain a breakdown of data for each Member State be broken down by Member State. The statistical data for persons referred to in paragraph 1 (c) shall, where possible, be broken down by year of birth and sex.

3. For the purpose of supporting the objective referred to in Article 1(c), eu-LISA shall produce monthly cross-system statistics. Those statistics shall not allow for the identification of individuals and will use data from Eurodac, the Visa Information System, ETIAS and the Entry/Exit System.

These statistics shall be made available to the Commission, to the [European Union Agency for Asylum], to the European Border and Coast Guard Agency and to the Member States. The Commission shall, by means of implementing acts, specify the content of the monthly cross-system statistics. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 41a(2).

34. At the request of the Commission, eu-LISA shall provide it with statistics on specific aspects for research and analysis purposes without allowing for individual identification as well as the possibility to produce regular statistics pursuant to paragraph 1. These statistics shall be shared with other Justice and Home Affairs Agencies if they are relevant for the implementation of their tasks related to the application of this Regulation as well as the statistics pursuant to paragraph 1 and shall, upon request, make them available to a Member State and to the [European Union Agency for Asylum].

5. eu-LISA shall store the data referred to in paragraphs 1 to 4 of this Article, which shall not allow for the identification of individuals, for research and analysis purposes, thus enabling the authorities referred to in paragraph 3 of this Article to obtain customisable reports and statistics in the central repository for reporting and statistics referred to in Article 39 of Regulation (EU) 2019/818.

6. Access to the central repository for reporting and statistics referred to in Article 39 of Regulation (EU) 2019/818 shall be granted to eu-LISA, to the Commission, to the [European Union Agency for Asylum] and to the authorities designated by each Member State in accordance with Article 28(2). Access may also be granted to authorised users of other Justice and Home Affairs Agencies if such access is relevant for the implementation of their tasks.’;

(14) Article 10 is replaced by the following:

‘Article 10

Collection and transmission of biometric data

1. Each Member State shall promptly take the fingerprints of all fingers and capture a facial image biometric data of every applicant for international protection of at least six years of age during the screening as referred to in Regulation (EU) XXX/XXX [Screening Regulation] or, where the biometric data could not be taken during the screening or where the applicant was not subject to screening, upon the registration of the application for international protection referred to in Article 27 of Regulation (EU) No XXX/XXX [Asylum Procedure Regulation] and shall, as soon as possible and no later than 72 hours after the biometric data have been taken after the lodging of his or her application for international protection, as defined by Article [21(2)] of Regulation (EU) No, transmit them together with the data referred to in Article 12 (c) to (p) of this Regulation to the Central System and to the CIR as appropriate in accordance with Article 4(2).

Where Article 3(1) of Regulation (EU) XXX/XXX [Screening Regulation] applies and the person applies for international protection during screening, for every applicant for international protection of at least six years of age, each Member State shall use the biometric data taken during screening and transmit them together with the data referred to in Article 12 (c) to (p) of this Regulation to the Central System and to the CIR as appropriate in accordance with Article 4(2), no later than 72 hours from the registration of the application referred to in Article 27 of Regulation (EU) XXX/XXX [Asylum Procedure Regulation].

Non-compliance with the 72-hour time-limit shall not relieve Member States of the obligation to take and transmit the fingerprints biometric data to the Central System CIR. Where the condition of the fingertips does not allow the taking of the fingerprints of a quality ensuring appropriate comparison under Article 26, the Member State of origin shall retake the fingerprints of the applicant and resend them as soon as possible and no later than 48 hours after they have been successfully retaken.

2. By way of derogation from paragraph 1, where it is not possible to take the fingerprints and facial image biometric data of an applicant for international protection on account of measures taken to ensure his or her health or the protection of public health, Member States shall take and send such fingerprints and facial image biometric data as soon as possible and no later than 48 hours after those health grounds no longer prevail.

In the event of serious technical problems, Member States may extend the 72-hour time-limit in paragraph 1 by a maximum of a further 48 hours in order to carry out their national continuity plans.

3. Fingerprint Where requested by the Member State concerned, the biometric data may also be taken and transmitted on behalf of that Member State by members of the European Border and Coast Guard Teams or by Member State asylum experts of the asylum support teams when exercising powers and performing their tasks in accordance with Regulation on the European Border [and Coast] Guard and repealing Regulation (EC) No 2007/2004, Regulation (EC) No 863/2007 and Council Decision 2005/267/EC] and [Regulation (EU) No. 439/2010] (EU) 2019/1896 and Regulation (EU) XXX/XXX [EU Agency for Asylum Regulation].

4. Each data set collected and transmitted in accordance with paragraph 1 shall be linked with other sets of data corresponding to the same third country national or stateless person in a sequence as set out in Article 4(6).’;

(15) Article 11 is replaced by the following:

‘Article 11

Information on the status of the data subject

1. As soon as the Member State responsible has been determined in accordance with Regulation (EU) XXX/XXX [Regulation on Asylum and Migration Management] the Member State that conducts the procedures for determining the Member State responsible shall update its data set recorded pursuant to Article 12 of this Regulation regarding the person concerned by adding the Member State responsible.

Where a Member State becomes responsible because there are reasonable grounds to consider the applicant a danger to national security or public order of that Member State in accordance with Article 8(4) of Regulation (EU) XXX/XXX [Regulation on Asylum and Migration Management] it shall update its data set recorded pursuant to Article 12 of this Regulation regarding the person concerned by adding the Member State responsible.

12. The following information shall be sent to the Central System in order to be stored in accordance with Article 17 (1) for the purpose of transmission under Articles 15 and 16:

(a)when an applicant for international protection or another person as referred to in Article 21(1) 26 (1), points (b), (c) or (d) or (e) of Regulation (EU) No XXX/XXX [Regulation on Asylum and Migration Management] arrives in the Member State responsible following a transfer pursuant to a take back notification as referred to in Article 26 31 thereof of that Regulation, the Member State responsible shall update its data set recorded in conformity with Article 12 of this Regulation relating to the person concerned by adding his or her date of arrival;

(b)when an applicant for international protection arrives in the Member State responsible following a transfer pursuant to a decision acceding to a take charge request according to Article 24 30 of Regulation (EU) No XXX/XXX [Regulation on Asylum and Migration Management], the Member State responsible shall send a data set recorded in conformity with Article 12 of this Regulation relating to the person concerned and shall include his or her date of arrival;

(c)when an applicant for international protection arrives in the Member State of allocation pursuant to Article 34 of Regulation (EU) No. […/…], that Member State shall send a data set recorded in conformity with Article 12 of this Regulation relating to the person concerned and shall include his or her date of arrival and record that it is the Member State of allocation;

(dc)as soon as the Member State of origin ensures that the person concerned whose data was recorded in Eurodac in accordance with Article 12 of this Regulation has left the territory of the Member States in compliance with a return decision or removal order issued following the withdrawal or rejection of the application for international protection, it shall update its data set recorded in conformity with Article 12 of this Regulation relating to the person concerned by adding the date of his or her removal or when he or she left the territory;

(e)the Member State which becomes responsible in accordance with Article 19(1) of Regulation (EU) No […/…] shall update its data set recorded in conformity with Article 12 of this Regulation relating to the applicant for international protection by indicating that it has become the Member State responsible and by adding the date when the decision to examine the application was taken.

3. Where responsibility shifts to another Member State, pursuant to Articles 27(1) and Article 58(3) of Regulation (EU) XXX/XXX [Regulation on Asylum and Migration Management], the Member State that establishes that responsibility has shifted, or the Member State of relocation, shall indicate the Member State responsible.

4. Where paragraphs 1 or 3 of this Article or Article 19(6) apply, the Central System shall, as soon as possible and no later than within 72 hours, inform all Member States of origin of the transmission of such data by another Member State of origin having produced a hit with data which they transmitted relating to persons referred to in Article 10(1), 13(1), 14(1) or 14a(1). Those Member States of origin shall also update the Member State responsible in their corresponding data sets.’;

(16) Article 12 is replaced by the following:

‘Article 12

Recording of data

Only the following data shall be recorded in the Central System and in the CIR as appropriate:

(a)fingerprint data;

(b) a facial image;

(c)surname(s) and forename(s), name(s) at birth and previously used names and any aliases, which may be entered separately;

(d)nationality(ies)

(e)place and date of birth;

(f)place of birth;

(fg)Member State of origin, place and date of the application for international protection; in the cases referred to in Article 112(b), the date of application shall be the one entered by the Member State who transferred the applicant;

(gh)sex;

(hi)where available, the type and number of identity or travel document; the three letter code of the issuing country and validity expiry date;

(j)where available, a scanned colour copy of an identity or travel document along with an indication of its authenticity or, where unavailable, another document which facilitates the identification of the third-country national or stateless person along with an indication of its authenticity;

(ik)reference number used by the Member State of origin;

(j)unique application number of the application for international protection pursuant to Article 22(2) of Regulation (EU) No. […/…];

(l)the Member State responsible in the cases referred to in Article 11(1), (2) or (3);

(km)the Member State of allocation relocation in accordance with Article 14b(1) 11(c);

(ln)date on which the fingerprints and/or facial image biometric data were taken;

(mo)date on which the data were transmitted to the Central System and to the CIR as appropriate;

(np)operator user ID;

(oq)where applicable in accordance with the cases referred to in Article 11(2)(a), the date of the arrival of the person concerned after a successful transfer;

(pr)where applicable in accordance with the cases referred to in Article 11(2)(b), the date of the arrival of the person concerned after a successful transfer;

(q)where applicable, in accordance with Article 11(c), the date of arrival of the person concerned after a successful transfer;

(rs)where applicable in accordance with the cases referred to in Article 11(2)(dc) , the date when the person concerned left or was removed from the territory of the Member States;

(t) where applicable, in accordance with the cases referred to in Article 14b(2), the date of arrival of the person concerned after a successful transfer;

(s)where applicable in accordance with Article 11(e), the date when the decision to examine the application was taken;

(u)where there are indications that a visa was issued to the applicant, the Member State which issued or extended the visa or on behalf of which the visa has been issued and the visa application number;

(v)the fact that the person could pose a threat to internal security following the screening referred to in Regulation (EU) No XXX/XXX [Screening Regulation] or following an examination pursuant Article 8(4) of Regulation (EU) No XXX/XXX [Regulation on Asylum and Migration Management];

(x)where applicable, the fact that the application for international protection has been rejected where the applicant has no right to remain and has not been allowed to remain in a Member State pursuant to Regulation (EU) XXX/XXX [Asylum Procedure Regulation];

(z)where applicable, the fact that assistance for voluntary return and reintegration (AVRR) has been granted.

2. A data set pursuant to paragraph 1 is considered created for the purpose of Article 27(1) of Regulation (EU) 818/2019 when all the data in points (a) to (f) and (h) are recorded.’;

(17) Article 13 is replaced by the following:

‘Article 13

Collection and transmission of biometric data

1. Each Member State shall promptly take the fingerprints of all fingers and capture a facial image biometric data of every third-country national or stateless person of at least six years of age who is apprehended by the competent control authorities in connection with the irregular crossing by land, sea or air of the border of that Member State having come from a third country and who is not turned back or who remains physically on the territory of the Member States and who is not kept in custody, confinement or detention during the entirety of the period between apprehension and removal on the basis of the decision to turn him or her back.

2. The Member State concerned shall, as soon as possible and no later than 72 hours after the date of apprehension, transmit to the Central System and to the CIR as appropriate the following data in relation to any third-country national or stateless person, as referred to in paragraph 1, who is not turned back:

(a)fingerprint data;

(b)a facial image;

(c)surname(s) and forename(s), name(s) at birth and previously used names and any aliases, which may be entered separately;

(d)nationality(ies);

(e)place and date of birth;

(f)place of birth;

(fg)Member State of origin, place and date of the apprehension;

(gh)sex;

(hi)where available, type and number of identity or travel document; three letter code of the issuing country and validity expiry date;

(ik)reference number used by the Member State of origin;

(jl)date on which the fingerprints and/or facial image biometric data were taken;

(km)date on which the data were transmitted to the Central System and to the CIR as appropriate;

(ln)operator user ID;

(mo)where applicable in accordance with paragraph 6, the date when the person concerned left or was removed from the territory of the Member States;

(p)the Member State of relocation in accordance with Article 14b(1);

(q)where applicable, the fact that assistance for voluntary return and reintegration (AVRR) has been granted,

(r)the fact that the person could pose a threat to internal security following the screening referred to in Regulation (EU) XXX/XXX [Screening Regulation].

3. By way of derogation from paragraph 2, the data specified in paragraph 2 relating to persons apprehended as described in paragraph 1 who remain physically on the territory of the Member States but are kept in custody, confinement or detention upon their apprehension for a period exceeding 72 hours shall be transmitted before their release from custody, confinement or detention.

4. Non-compliance with the 72 hour time-limit referred to in paragraph 2 of this Article shall not relieve Member States of the obligation to take and transmit the fingerprints biometric data to the Central System CIR. Where the condition of the fingertips does not allow the taking of fingerprints of a quality ensuring appropriate comparison under Article 26, the Member State of origin shall retake the fingerprints of persons apprehended as described in paragraph 1 of this Article, and resend them as soon as possible and no later than 48 hours after they have been successfully retaken.

5. By way of derogation from paragraph 1, where it is not possible to take the fingerprints and facial image biometric data of the apprehended person on account of measures taken to ensure his or her health or the protection of public health, the Member State concerned shall take and send such fingerprints and facial image biometric data as soon as possible and no later than 48 hours after those health grounds no longer prevail.

In the event of serious technical problems, Member States may extend the 72-hour time-limit in paragraph 2 by a maximum of a further 48 hours in order to carry out their national continuity plans.

6. As soon as the Member State of origin ensures that the person concerned whose data was recorded in Eurodac in accordance with paragraph 1 has left the territory of the Member States in compliance with a return decision or removal order, it shall update its data set recorded in conformity with paragraph 2 relating to the person concerned by adding the date of his or her removal or when he or she left the territory.

7. Fingerprints Where requested by the Member State concerned, the biometric data may also be taken and transmitted on behalf of that Member State by members of the European Border and Coast Guard Teams or experts of the asylum support teams when exercising powers and performing their tasks in accordance with Regulation on the European Border [and Coast] Guard and repealing Regulation (EC) No 2007/2004, Regulation (EC) No 863/2007 and Council Decision 2005/267/EC (EU) 2019/1896 and Regulation (EU) XXX/XXX [EU Agency for Asylum Regulation].

8. Each data set collected and transmitted in accordance with paragraph 1 shall be linked with other sets of data corresponding to the same third country national or stateless person in a sequence as set out in Article 4(6).

9. A data set pursuant to paragraph 2 is considered created for the purpose of Article 27(1) of Regulation (EU) 818/2019 when all the data in points (a) to (f) and (h) are recorded.’;

(18) Article 14 is replaced by the following:

‘Article 14

Collection and transmission of biometric data

2. The Member State concerned shall, as soon as possible and no later than 72-hours after the date of apprehension the third-country national or the stateless person has been found to be illegally staying, transmit to the Central System and to the CIR as appropriate the following data in relation to any third-country national or stateless person, as referred to in paragraph 1:

(a)fingerprint data;

(b)a facial image;

(c)surname(s) and forename(s), name(s) at birth and previously used names and any aliases, which may be entered separately;

(d)nationality(ies);

(e)place and date of birth;

(f)place of birth;

(fg)Member State of origin, place and date of the apprehension;

(gh)sex;

(hi)where available, type and number of identity or travel document; three letter code of the issuing country and validity expiry date;

(ik)reference number used by the Member State of origin;

(jl)date on which the fingerprints and/or facial image biometric data were taken;

(km)date on which the data were transmitted to the Central System and to the CIR as appropriate;

(ln)operator user ID;

(mo) where applicable in accordance with paragraph 6 5, the date when the person concerned left or was removed from the territory of the Member States;

(p)the Member State of relocation in accordance with Article 14b(1);

(q)where applicable, in accordance with the cases referred to in Article 14b(2), the date of arrival of the person concerned after a successful transfer;

(r)where applicable, the fact that assistance for voluntary return and reintegration (AVRR) has been granted;

(s)where applicable, the fact that the person could pose a threat to internal security following the screening referred to in Regulation (EU) XXX/XXX [Screening Regulation].

3. The fingerprint data of a third-country national or a stateless person as referred to in paragraph 1 shall be transmitted to the Central System solely for the purpose of comparison and compared with the fingerprint data of persons fingerprinted for the purposes of Article10(1), 13(1) and 14(1) transmitted by other Member States and already recorded in the Central System.

43. Non-compliance with the 72 hour time-limit referred to in paragraph 3 2 of this Article shall not relieve Member States of the obligation to take and transmit the fingerprints biometric data to the Central System CIR. Where the condition of the fingertips does not allow the taking of fingerprints of a quality ensuring appropriate comparison under Article 26, the Member State of origin shall retake the fingerprints of persons apprehended as described in paragraph 1 of this Article, and resend them as soon as possible and no later than 48 hours after they have been successfully retaken.

54. By way of derogation from paragraph 1, where it is not possible to take the fingerprints and facial image biometric data of the apprehended person on account of measures taken to ensure his or her health or the protection of public health, the Member State concerned shall take and send such fingerprints and facial image biometric data as soon as possible and no later than 48 hours after those health grounds no longer prevail.

In the event of serious technical problems, Member States may extend the 72-hour time-limit in paragraph 2 by a maximum of a further 48 hours in order to carry out their national continuity plans.

65. As soon as the Member State of origin ensures that the person concerned whose data was recorded in Eurodac in accordance with Article 13(1) of this Regulation paragraph 1 has left the territory of the Member States in compliance with a return decision or removal order, it shall update its data set recorded in conformity with paragraph 2 of this Article relating to the person concerned by adding the date of his or her removal or when he or she left the territory.

6. Each data set collected and transmitted in accordance with paragraph 1 shall be linked with other sets of data corresponding to the same third country national or stateless person in a sequence as set out in Article 4(6).

7. A data set pursuant to paragraph 2 is considered created for the purpose of Article 27(1) of Regulation (EU) 818/2019 when all the data in points (a) to (f) and (h) are recorded.’;

(19) the following Chapter is inserted after Article 14:

‘chapter iv a

third-country nationals or stateless persons disembarked following a search and rescue operation

Article 14a

Collection and transmission of biometric data

1. Each Member State shall promptly take the biometric data of every third-country national or stateless person of at least six years of age who is disembarked following a search and rescue operation as defined in Regulation (EU) XXX/XXX [Regulation on Asylum and Migration Management].

2. The Member State concerned shall, as soon as possible and no later than 72 hours after the date of disembarkation, transmit to the Central System and to the CIR, as appropriate, the following data in relation to any third-country national or stateless person, as referred to in paragraph 1:

(a)fingerprint data;

(b)a facial image;

(c)surname(s) and forename(s), name(s) at birth and previously used names and any aliases, which may be entered separately;

(d)nationality(ies);

(e)date of birth;

(f)place of birth;

(g)Member State of origin, place and date of disembarkation;

(h)sex;

(i)where available, type and number of identity or travel document; three letter code of the issuing country and expiry date;

(k)reference number used by the Member State of origin;

(l)date on which the biometric data were taken;

(m)date on which the data were transmitted to the Central System and to the CIR as appropriate;

(n)operator user ID;

(o)where applicable in accordance with paragraph 6, the date when the person concerned left or was removed from the territory of the Member States;

(p)the Member State of relocation in accordance with Article 14b(1);

(q)where applicable, the fact that assistance for voluntary return and reintegration (AVRR) has been granted,

(r)the fact that the person could pose a threat to internal security following the screening referred to in Regulation (EU) XXX/XXX [Screening Regulation].

4. Non-compliance with the 72 hour time-limit referred to in paragraph 2 of this Article shall not relieve Member States of the obligation to take and transmit the biometric data to the to the CIR. Where the condition of the fingertips does not allow the taking of fingerprints of a quality ensuring appropriate comparison under Article 26, the Member State of origin shall retake the fingerprints of persons disembarked as described in paragraph 1 of this Article, and resend them as soon as possible and no later than 48 hours after they have been successfully retaken.

5. By way of derogation from paragraph 1, where it is not possible to take the biometric data of the disembarked person on account of measures taken to ensure his or her health or the protection of public health, the Member State concerned shall take and send such biometric data as soon as possible and no later than 48 hours after those health grounds no longer prevail.

In the event of serious technical problems, Member States may extend the 72-hour time-limit in paragraph 2 by a maximum of a further 48 hours in order to carry out their national continuity plans.

7. Where requested by the Member State concerned, the biometric data may also be taken and transmitted on behalf of that Member State by members of the European Border and Coast Guard Teams or experts of the asylum support teams when exercising powers and performing their tasks in accordance with Regulation(EU) 2019/1896 and Regulation (EU) XXX/XXX [EU Agency for Asylum Regulation].

9. A data set pursuant to paragraph 1 is considered created for the purpose of Article 27(1) of Regulation (EU) 818/2019 when all the data in points (a) to (f) and (h) are recorded.’;

(20) the following Chapter is inserted after Article 14a:

‘chapter iv b

information on relocation

Article 14b

Information on the status of relocation of the data subject

1. As soon as the Member State of relocation is obliged to relocate the person concerned pursuant to Article 57(7) of Regulation (EU) XXX/XXX [Regulation on Asylum and Migration Management], the benefiting Member State shall update its data set recorded pursuant to Articles 12, 13, 14 or 14a of this Regulation relating to the person concerned by adding the Member State of relocation.

2. When a person arrives in the Member State of relocation following the confirmation by the Member State of relocation to relocate the person concerned pursuant to Article 57(7) of Regulation (EU) XXX/XXX [Regulation on Asylum and Migration Management], that Member State shall send a data set recorded in conformity with Articles 12 or 14 of this Regulation relating to the person concerned and shall include his or her date of arrival. The data set shall be stored in accordance with Article 17 (1) for the purpose of transmission under Articles 15 and 16.’;

(21) Article 17 is amended as follows:

(a) the following paragraph 3a is inserted:

‘3a. For the purposes laid down in Article 14a(1), each set of data relating to a third-country national or stateless person as referred to in Article 14a(2) shall be stored in the Central System and in the CIR as appropriate for five years from the date on which his or her biometric data were taken.’;

(b) paragraph 4 is replaced by the following:

‘(4). Upon expiry of the data storage periods referred to in paragraphs (1) to (3a) of this Article, the Central System shall automatically erase the data of the data-subjects shall be deleted from the Central System and from the CIR as appropriate.’;

(22) Article 19 is replaced by the following:

‘Article 19

Marking and blocking of data

1. For the purposes laid down in Article 1(1)(a), the Member State of origin which granted international protection to an applicant for international protection to a person whose data were previously recorded in the Central System and in the CIR as appropriate pursuant to Article 12 shall mark the relevant data in conformity with the requirements for electronic communication with the Central System established by eu-LISA. That mark shall be stored in the Central System in accordance with Article 17(1) for the purpose of transmission under Article 15 and 16. The Central System shall, as soon as possible and no later than 72 hours, inform all Member States of origin of the marking of data by another Member State of origin having produced a hit with data which they transmitted relating to persons referred to in Article 10(1), 13(1), or 14(1), or 14a(1). Those Member States of origin shall also mark the corresponding data sets.

2. The data of beneficiaries of international protection stored in the Central System and in the CIR as appropriate and marked pursuant to paragraph 1 of this Article shall be made available for comparison for the purposes laid down in Article 1(1)(d) for a period of three years after the date on which the data subject was granted international protection until such data is automatically erased from the Central System and from the CIR as appropriate in accordance with Article 17(4).

Where there is a hit, the Central System shall transmit the data referred to in Article 12(b) to (s) for all the data sets corresponding to the hit. The Central System shall not transmit the mark referred to in paragraph 1 of this Article. Upon the expiry of the period of three years, the Central System shall automatically block such data from being transmitted in the event of a request for comparison for the purposes laid down in Article 1(1)(c), whilst leaving those data available for comparison for the purposes laid down in Article 1(1)(a) until the point of their erasure. Blocked data shall not be transmitted, and the Central System shall return a negative result to the requesting Member State in the event of a hit.

3. The Member State of origin shall unmark or unblock data concerning a third-country national or stateless person whose data were previously marked or blocked in accordance with paragraphs 1 or 2 of this Article if his or her status is revoked or ended or the renewal of his or her status is refused under [Articles 14 or 19 of Directive 2011/95/EU] withdrawn under Articles 14 or 20 of Regulation No (EU) XXX/XXX [Qualification Regulation].

4. For the purposes laid down in Article 1(1)(a) and (c), the Member State of origin which issued granted a residence document to an illegally staying third-country national or stateless person whose data were previously recorded in the Central System and in the CIR as appropriate pursuant to Article 13 (2) and 14(2) or to a third-country national or stateless person disembarked following a search and rescue operation whose data were previously recorded in the Central System and in the CIR as appropriate pursuant to Article 14a(2) shall mark the relevant data in conformity with the requirements for electronic communication with the Central System established by eu-LISA. That mark shall be stored in the Central System in accordance with Article 17(2), and (3) and (3a) for the purpose of transmission under Article 15 and 16. The Central System shall, as soon as possible and no later than 72-hours, inform all Member States of origin of the marking of data by another Member State of origin having produced a hit with data which they transmitted relating to persons referred to in Articles 10(1), 13(1), or 14(1), or 14a(1). Those Member States of origin shall also mark the corresponding data sets.

5. The data of illegally staying third-country nationals or stateless persons stored in the Central System and in the CIR and marked pursuant to paragraph 4 of this Article shall be made available for comparison for the purposes laid down in Article 1(1)(d) until such data is automatically erased from the Central System and from the CIR in accordance with Article 17 (4).

6. For the purposes of Article 58(4) of Regulation (EU) XXX/XXX [Regulation on Asylum and Migration Management], the Member State of relocation shall, following the registration of the data pursuant to Article 14b(2), register itself as the Member State responsible and mark that data with the marking introduced by the Member State who granted protection.”;

(23) in Article 21, the following paragraph is inserted:

‘1a. Where the designated authorities consulted the CIR in accordance with Article 22(1) of Regulation 2019/818, they may access Eurodac for consultation under the conditions foreseen in this Article where the reply received pursuant to Article 22(2) of Regulation (EU) 2019/818 indicates that data is stored in Eurodac.’;

(24) in Article 22, the following paragraph 1a is inserted:

‘1a. Where Europol consulted the CIR in accordance with Article 22(1) of Regulation (EU) 2019/818, they may access Eurodac for consultation under the conditions foreseen in this Article where the reply received pursuant to Article 22(2) of Regulation (EU) 2019/818 indicates that data is stored in Eurodac.’;

(25) in Article 28, the following paragraph is inserted:

‘3a. Access for the purposes of consulting the Eurodac data stored in the CIR shall be granted to the duly authorised staff of the national authorities of each Member State and to the duly authorised staff of the Union bodies competent for the purposes laid down in Articles 20 and 21 of Regulation (EU) 2019/818. That access shall be limited to the extent necessary for the performance of the tasks of those national authorities and Union bodies in accordance with those purposes and shall be proportionate to the objectives pursued.’;

(26) Article 29, is amended as follows:

(a) the following paragraphs 1a and 1b are inserted:

‘1a. For the purposes of Article 8a, eu-LISA shall keep records of each data processing operation carried out within Eurodac. Records of such type of operations shall include the elements provided for in the first paragraph and the hits triggered while carrying out the automated processing laid down in Article 20 of Regulation (EU) 2018/1240.

1b. For the purpose of Article 8c, Member States and eu-LISA shall keep records of each data processing operation carried out within Eurodac and the Visa Information System in accordance with this Article and Article 34 of Regulation (EC) 767/2008.’;

(b) paragraph 3 is replaced by the following:

‘3. For the purposes laid down in Article (1)(1)(a), and (b), (bc), (f) and (g), each Member State shall take the necessary measures in order to achieve the objectives set out in paragraphs 1, 1a, 1b and 2 of this Article in relation to its national system. In addition each Member State shall keep record of the staff duly authorised to enter or retrieve the data.’;

(27) in Article 39(2), the following point (i) is inserted:

‘(i)where relevant, a reference to the use of the European search portal to query Eurodac as referred to in Article 7(2) of the Regulation (EU) 2019/818.’;

(28) the following Chapter VIIIa is inserted after Article 40:

‘CHAPTER VIIIa

AMENDMENTS TO REGULATIONS (EU) 2018/1240 AND (EU) 2019/818

Article 40a

Amendments to Regulation (EU) 2018/1240

Regulation (EU) 2018/1240 is amended as follows:

(1) in Article 11 the following paragraph 6a is inserted:

‘6a. For the purpose of proceeding to the verifications referred to in point (k) of Article 20(2), the automated processing referred to in paragraph 1 of this Article, shall enable the ETIAS Central System to query Eurodac established by [Regulation (EU) XXX/XXX], with the data referred to in Article 17(2), points (a) to (d):

(a) surname (family name), surname at birth, first name(s) (given name(s)), date of birth, place of birth, sex, current nationality;

(b) other names (alias(es), artistic name(s), usual name(s)), if any;

(d) type, number, the country of issue of the travel document.’;

(2) in Article 25a(1), the following point (e) is inserted:

‘(e) Articles 12, 13, 14 and 14a of Regulation (EU) XXX/XXX [Eurodac Regulation].’;

(3) in Article 88, paragraph 6 is replaced by the following:

‘6. ETIAS’ operations shall start irrespective of whether interoperability with Eurodac or ECRIS-TCN is put in place.’;

Article 40b

Amendments to Regulation (EU) 2019/818

Regulation (EU 2019/818 is amended as follows:

(1) in Article 4, point (20) is replaced by the following:

‘(20). ‘designated authorities’ means the Member State designated authorities as defined in Article 6 of the Regulation (EU) XXX/XXX [Eurodac Regulation], in point (26) of Article 3(1) of Regulation (EU) 2017/2226 of the European Parliament and the Council, in point (3a) of Article 4 of Regulation (EC) 767/2008, and point (21) of Article 3(1) of Regulation (EU) 2018/1240 of the European Parliament and of the Council;’;

(2) in paragraph 1 of Article 10, the introductory wording is replaced by the following:

‘Without prejudice to Article 39 of Regulation (EU) XXX/XXX [Eurodac Regulation], Articles 12 and 18 of Regulation (EU) 2018/1862, Article 29 of Regulation (EU) 2019/816 and Article 40 of Regulation (EU) 2016/794, eu-LISA shall keep logs of all data processing operations within the ESP. Those logs shall include, in particular, the following:’;

(3) paragraph 1 of Article 13 is amended as follows:

(a) point (b) is replaced by the following:

‘(b) the data referred to in Article 5(1), point (b), and (2) of Regulation (EU) 2019/816;’;

(b) the following point (c) is added:

’(c) the data referred to in Articles 12, points (a) and (b), 13(2), points (a) and (b), 14(2), points (a) and (b) and 14a(2), points (a) and (b) of Regulation (EU) XXX/XXX [Eurodac Regulation].’;

(4). Article 14 is replaced by the following:

‘Article 14

Searching biometric data with the shared biometric matching service

In order to search the biometric data stored within the CIR and SIS, the CIR and SIS shall use the biometric templates stored in the shared BMS. Queries with biometric data shall take place in accordance with the purposes provided for in this Regulation and in Regulations (EC) No 767/2008, (EU) 2017/2226, Regulation (EU) XXX/XXX [Eurodac Regulation], Regulations (EU) 2018/1860, (EU) 2018/1861, (EU) 2018/1862 and (EU) 2019/816.’;

(5) In Article 16, the introductory wording of paragraph 1 is replaced by the following:

‘Without prejudice to Article 39 of Regulation (EU) XXX/XXX [Eurodac Regulation], Article 12 and 18 of Regulation (EU) 2018/1862 and to Article 29 of Regulation (EU) 2019/816, eu-LISA shall keep logs of all data processing operations within the shared BMS.’;

(6) In Article 18, paragraph 1 is replaced by the following:

‘1. The CIR shall store the following data, logically separated according to the information system from which the data have originated:

a) the data referred to in Article 12, points (a) to (f), (h) and (i), Article 13(2), points (a) to (f), (h) and (i), Article 14(2), points (a) to (f), (h) and (i) and Article 14a, points (a) to (f), (h) and (i) of Regulation (EU) XXX/XXX [Eurodac Regulation];

b) the data referred to in Article 5(1), point (b), and (2) and the following data listed in Article 5(1), point (a) of Regulation (EU) 2019/816: surname (family name), first names (given names), date of birth, place of birth (town and country), nationality or nationalities, gender, previous names, if applicable, where available pseudonyms or aliases, as well as, where available, information on travel documents.’;

(7) In Article 23, paragraph 1 is replaced by the following:

‘1. The data referred to in Article 18(1), (2) and (2a) shall be deleted from the CIR in an automated manner in accordance with the data retention provisions of Regulation (EU) XXX/XXX [Eurodac Regulation] and of Regulation (EU) 2019/816.’;

(8) Article 24, is replaced by the following:

‘Article 24

Keeping of logs

Without prejudice to Article 39 of Regulation (EU) XXX/XXX [Eurodac Regulation] and Article 29 of Regulation (EU) 2019/816, eu-LISA shall keep logs of all data processing operations within the CIR in accordance with paragraphs 2, 3 and 4 of this Article.’;

(9) In Article 26(1), points (aa), (ab), (ac) and (ad) are inserted:

‘(aa)the authorities competent to assess a request for international protection when assessing a new request for international protection;

(ab)the authorities competent to collect the data provided for in Chapter III of Regulation (EU) XXX/XXX [Eurodac Regulation] when transmitting data to Eurodac;

(ac)the authorities competent to collect the data provided for in Chapter IV of Regulation (EU) XXX/XXX [Eurodac Regulation] when transmitting data to Eurodac;

(ad)the authorities competent to collect the data provided for in Chapter IVA of Regulation (EU) XXX/XXX [Eurodac Regulation] when transmitting data to Eurodac;’;

(10) Article 27 is amended as follows:

(a) the following point (aa) is inserted in paragraph 1:

‘(aa) a data set is transmitted to Eurodac in accordance with Articles 10, 13, 14 and 14a of Regulation (EU) XXX/XXX [Eurodac Regulation];’;

(b) the following point (aa) is inserted in paragraph 3:

‘(aa) surname(s); forename(s); name(s) at birth, previously used names and aliases; date of birth, place of birth, nationality(ies) and sex as referred to in Article 12 to 14a of Regulation (EU) XXX/XXX [Eurodac Regulation];’;

(11) in Article 29(1), the following point (aa) is inserted:

‘(aa) the authority assessing a request for international protection as provided for in Regulation (EU) XXX/XXX [Eurodac Regulation] for hits that occurred when assessing such request;’;

(12) in Article 39, paragraph 2 is replaced by the following:

‘2. eu-LISA shall establish, implement and host in its technical sites the CRRS containing the data and statistics referred to in Article 42(8) of Regulation (EU) XXX/XXX [Eurodac Regulation], Article 74 of Regulation (EU) 2018/1862 and Article 32 of Regulation (EU) 2019/816 logically separated by EU information system. Access to the repository CRRS shall be granted by means of controlled, secured access and specific user profiles, solely for the purpose of reporting and statistics, to the authorities referred to in Article 42(8) of Regulation (EU) XXX/XXX [Eurodac Regulation], Article 74 of Regulation (EU) 2018/1862 and Article 32 of Regulation (EU) 2019/816.’;

(13) in Article 47, the following new indent is inserted in paragraph 3:

‘Persons whose data are recorded in the Eurodac shall be informed about the processing of personal data for the purposes of this Regulation in accordance with paragraph 1 when a new data set is transmitted to Eurodac in accordance with Articles 10, 12, 13, 14 and 14a of Regulation (EU) XXX/XXX [Eurodac Regulation].’;

(14) Article 50 is replaced by the following:

‘Article 50

Communication of personal data to third countries, international organisations and

private parties

Without prejudice to Article 31 of Regulation (EC) No 767/2008, Articles 25 and 26 of Regulation (EU) 2016/794, Articles 37 and 38 of Regulation (EU) XXX/XXX [Eurodac Regulation], Article 41 of Regulation (EU) 2017/2226, Article 65 of Regulation (EU) 2018/1240 and the querying of Interpol databases through the ESP in accordance with Article 9(5) of this Regulation which comply with the provisions of Chapter V of Regulation (EU) 2018/1725 and Chapter V of Regulation (EU) 2016/679, personal data stored in, processed or accessed by the interoperability components shall not be transferred or made available to any third country, to any international organisation or to any private party.’;

(29) the following Article 41a is inserted:

Article 41a

Committee Procedure

1. The Commission shall be assisted by a committee. That committee shall be a committee within the meaning of Regulation (EU) 182/2011.

2. Where reference is made to this paragraph, Article 5 of Regulation (EU) 182/2011 shall apply.

3. Where the Committee delivers no opinion, the Commission shall not adopt the draft implementing act and the third subparagraph of Article 5(4) of Regulation (EU) 182/2011 shall apply.

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.

Done at Brussels,

For the European Parliament For the Council

The President The President

LEGISLATIVE FINANCIAL STATEMENT

1.FRAMEWORK OF THE PROPOSAL/INITIATIVE

1.1.Title of the proposal/initiative

Amended proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the establishment of 'Eurodac' for the comparison of biometric data for the effective application of Regulation (EU) XXX/XXX [Regulation on Asylum and Migration Management] and of Regulation (EU) XXX/XXX [Resettlement Regulation], for identifying an illegally staying third-country national or stateless person and on requests for the comparison with Eurodac data by Member States' law enforcement authorities and Europol for law enforcement purposes and amending Regulations (EU) 2018/1240 and (EU) 2019/818

1.2.Policy area(s) concerned (Programme cluster)

11 – Border Management

1.3.The proposal/initiative relates to:

◻ a new action

◻ a new action following a pilot project/preparatory action 31

⌧ the extension of an existing action

◻ a merger or redirection of one or more actions towards another/a new action

1.4.Objective(s)

1.4.1.The Commission's multiannual strategic objective(s) targeted by the proposal/initiative

As announced in President von der Leyen’s political guidelines, the Communication on a New Pact for Migration and Asylum (COM(2020)XXX final) presents a fresh start on migration to achieve a fair balance between the responsibility for applicants for international protection in Europe and the solidarity among Member States to deal with migration management and asylum. In this context, the Commission also proposes to further enhance Eurodac.

Accompanying its Communication on a New Pact for Migration and Asylum (COM(2020) XXX final), the Commission presents an amended proposal for a Regulation on the establishment of 'Eurodac' for the comparison of biometric data for the effective application of Regulation (EU) XXX/XXX [Regulation on Asylum and Migration Management] and of Regulation (EU) XXX/XXX [Resettlement Regulation], for identifying an illegally staying third-country national or stateless person and on requests for the comparison with Eurodac data by Member States' law enforcement authorities and Europol for law enforcement purposes and amending Regulations (EU) 2018/1240 and (EU) 2019/818. This proposal is based on the text of the provisional agreement reached by co-legislators on the 2016 proposal to recast the Eurodac Regulation and adds a new set of functionalities to the database.

These new functionalities would allow the counting of applicants in addition to applications for international protection, the correct implementation of the interoperability framework as established in particular by Regulation (EU) No 2019/818, the appropriate support for the new proposal for a Regulation on Asylum and Migration Management (reforming the former Dublin system), a smoother link with return and a seamless articulation with the proposal for a Screening Regulation.

1.4.2.Specific objective(s) and ABM/ABB activity(ies) concerned

DG HOME AMP Specific objective No 1: To strengthen and develop all aspects of the Common European Asylum System, including its external dimension.

ABM/ABB activity(ies) concerned: Activity 11: Border Management.

Specific objective No 1: Eurodac functional system evolution

Specific objective No 2: Eurodac database capacity upgrade

1.4.3.Expected result(s) and impact

Specify the effects which the proposal/initiative should have on the beneficiaries/groups targeted.

The proposal will build on the provisional agreement reached by the co-legislators on the 2016 Commission proposal to recast the Eurodac Regulation.

The proposal presented in 2016 aimed at assisting Member States to ensure that an applicant for international protection will have his/her application examined by a single Member State and at reducing the scope of abuse of the asylum system by deterring “asylum shopping” within the EU. It also aimed at allowing Member States to identify irregular third-country nationals illegally staying in the EU by storing their data. This would assist Member States in re-documenting third-country nationals with a view to returning them to their country of origin. By lowering the age for taking fingerprints to six years old, the proposal aimed at supporting the identification of minors and, if necessary, at contributing to family tracing in cases where they are separated from their families by allowing a Member State to follow up a line of inquiry where a fingerprint match indicates that they were present in another Member State. It also aimed at strengthening the protection of unaccompanied minors who do not always formally seek international protection and who abscond from care institutions or child social services to which their care has been assigned. Registering minors from third countries in Eurodac would therefore contribute to keeping track of them and preventing them from ending up in scenarios of exploitation.

During negotiations, several modifications have been introduced by co-legislators. Thus, two new categories of persons have been added in Eurodac, namely persons registered for the purpose of conducting an admission procedure under Regulation (EU) XXX/XXX [Resettlement Regulation] and persons admitted in accordance with a national resettlement scheme. The objective of these additions is to assist Member States with the correct implementation of the Resettlement Regulation. In conformity with Article 6 of Regulation (EU) XXX/XXX [Resettlement Regulation] these are two of the exclusion grounds for admission under this regulation; if such data were not recorded in Eurodac, a Member State conducting an admission procedure for resettlement would need to check bilaterally with all the other Member States if the person in question has been in one of those two situations. Co-legislators also introduced changes facilitating law enforcement authorities’ access to Eurodac by allowing them the possibility to make searches on the basis of alphanumeric data. They also introduced the necessary provisions to store in Eurodac the scanned colour copies of identity or travel documents. The aim of these provisions was to facilitate return.

Taking all the above into account and building on this basis, the present proposal will transform the system to allow the counting of (first-time) applicants for international protection. Member States and the EU will benefit from this as a first step to map unauthorised movements and ensure the appropriate policy response to tackle this phenomenon. Furthermore, new provisions will ensure coherence with the proposal for a Regulation on Asylum and Migration Management (reforming the former Dublin system). This proposal provides a responsibility criterion for examining an application for international protection where the application was registered after the person concerned was disembarked following a search and rescue operation (under current rules such persons are covered by the irregular entry criterion). While the responsibility rules for this new category are the same as the rules for persons who enter irregularly, the distinction is relevant in relation to the fact that Member States of disembarkation face specific challenges as they cannot apply to SAR disembarkations the same tools as for irregular crossings by land or air. Therefore, there is a need to have a separate category for these persons in Eurodac instead of registering them as persons who cross the border irregularly (as is currently the case). The shift of responsibility between Member States will also be clearly reflected in Eurodac thus speeding up the asylum procedures. Marking the security alert following the new screening procedure will also facilitate the application of relocation rules as persons who represent a threat for security are excluded from relocation. Likewise, introducing a field to indicate the Member State that issued or extended a visa to the applicant or on behalf of which the visa has been issued and the visa application number would facilitate the application of the responsibility criteria for those Member States/Associated Countries which are not bound by the VIS Regulation but are nevertheless affected by the issuance of a visa. Therefore, by clearly marking all these elements in Eurodac, Member States will benefit from a speedier asylum process in the wider sense. Finally, the new proposal will ensure a seamless articulation with the screening by an adaptation of deadlines and a smoother link with return by marking if an application has been rejected and the person has no right to remain and by marking if voluntary return and reintegration assistance (AVVR) has been granted.

The present proposal will also introduce a set of consequential amendments linked to the interoperability framework, including amendments to the Interoperability Regulation. The necessary legal and financial justifications for these are provided for in the Interoperability legal and financial statement (LFS) and will not be covered by this document.

1.4.4.Indicators of results and impact

Specify the indicators for monitoring implementation of the proposal/initiative.

During the upgrading of the Central System, including in view of implementing the interoperability framework

After the approval of the draft proposal and the adoption of the technical specifications the Eurodac Central System will be upgraded in terms of capacity and throughput for transmission from the Member States’ National Access Points. eu-LISA will coordinate the project management of upgrading the Central System and the national systems at EU level and the integration of the National Uniform Interface (NUI) carried out by Member States at national level.

Specific Objective: Ready for operations when the new Regulation for Asylum and Migration Management (reforming the former Dublin system) will enter into force.

Indicator: In order to go live, eu-LISA has notified the successful completion of a comprehensive test of the Eurodac Central System which shall be conducted by the Agency together with the Member States.

Once the new Central System is operational (Article 42 of the original 2016 proposal as provisionally agreed by co-legislators)

Once the Eurodac system is operational, eu-LISA shall ensure that systems are in place to monitor the functioning of the system against objectives. At the end of each year eu-LISA should submit to the European Parliament, the Council and the Commission a report on the activities of the Central System, including on its technical functioning and security. The annual report shall include information on the management and performance of Eurodac against pre-defined quantitative indicators for its objectives.

Within three years of adoption, eu-LISA should conduct a study on the technical feasibility of adding facial recognition software to the Central System that ensures reliable and accurate results following a comparison of facial image data.

Within seven years of adoption and every four years thereafter, the Commission shall produce an overall evaluation of Eurodac, examining the results achieved against objectives and the impact on fundamental rights, including whether law enforcement access has led to indirect discrimination against persons covered by this Regulation, and assessing the continuing validity of the underlying rationale and any implications for future operations, and shall make any necessary recommendations. The Commission shall transmit the evaluation to the European Parliament and the Council.

Each Member State and Europol shall prepare annual reports on the effectiveness of the comparison of fingerprint data with Eurodac data for law enforcement purposes, containing statistics on the number of requests made and hits received.

1.5.Grounds for the proposal/initiative

1.5.1.Requirement(s) to be met in the short or long term including a detailed timeline for roll-out of the implementation of the initiative

(1) Determining the Member State responsible for examining an application for international protection under the new proposal for a Regulation on Asylum and Migration Management.

(2) Control the identity of irregular third-country nationals to and within the EU for the purposes of re-documentation and return.

(3) Help identifying vulnerable third-country nationals such as minors who often fall victim to smuggling.

(4) Strengthen the fight against international criminality, terrorism and other security threats.

(4) Assist in the application of Regulation (EU) XXX/XXX [Resettlement Regulation] by facilitating the application of the exclusion grounds (as explained under point 1.4.3).

(5) Assist in mapping unauthorised movements by counting (first time) applicants.

(6) Support the effective implementation on the interoperability framework (including amendments to the Interoperability Regulation) and, in this context, support the objectives of the Visa Information System (VIS) and the European Travel Information and Authorisation System (ETIAS). Regarding VIS, the competent visa authorities shall have access to Eurodac to consult data in a read-only format; this will provide input in the process of examining and deciding on visa applications. For ETIAS, specific provisions in the Eurodac Regulation will allow the comparison between the data in ETIAS with the data in Eurodac so that the verifications foreseen by Article 20 of the ETIAS Regulation can be performed. Moreover, ETIAS national units shall have access to and may consult the Eurodac database, in a read-only format, for the purpose of examining applications for travel authorisation.

1.5.2.Added value of Union involvement (it may result from different factors, e.g. coordination gains, legal certainty, greater effectiveness or complementarities). For the purposes of this point 'added value of Union involvement' is the value resulting from Union intervention which is additional to the value that would have been otherwise created by Member States alone.

Reasons for action at European level (ex-ante)

No Member State alone can cope on its own with irregular immigration, unauthorised movements or deal with all the asylum applications made within the EU. As has been witnessed in the EU for many years, a person may enter the EU via the external borders, but not declare him/herself at a designated border crossing point. This was the case in particular in 2014-2015 when over one million irregular migrants arrived to the EU via the Central and Southern Mediterranean routes. Similarly, since 2015, we have witnessed onward movements from countries with external borders to other Member States. The monitoring of compliance with EU rules and procedures such as the procedure for establishing the Member State responsible for examining an asylum application therefore cannot be done by Member States acting alone. In an area without internal borders, action against irregular immigration should be undertaken in common. Considering all this, the EU is better placed than Member States to take the appropriate measures.

Similarly, the efficient application of exclusion grounds under Regulation (EU) XXX/XXX [Resettlement Regulation] cannot be done my Member States acting alone.

The use of the three existing EU large-scale IT systems (SIS, VIS and Eurodac) brings benefits to border management. Better information on cross border movements of third country nationals at EU level would help establish a factual basis to develop and adapt the EU migration policy. Therefore, an amendment of the Eurodac Regulation was also required in order to add an additional purpose thereto, namely allow access for the purpose of controlling irregular migration to and unauthorised movements of irregular migrants within the EU (2016 proposal). This objective cannot be sufficiently achieved by the Member States on their own, since such amendment can only be proposed by the Commission. In the same sense, the modifications necessary for the effective implementation of the interoperability framework can only be proposed by the Commission.

Expected generated Union added value (ex-post)

It is expected that the Eurodac Regulation will have an added value on several levels. First, it is expected to ensure the efficient and speedy application of the rules foreseen by the proposal for a Regulation on Asylum and Migration Management (former Dublin system) by clearly marking the necessary information, such as the shift of responsibility from one Member State to the other, the data for relocation or data relevant for establishing responsibility. Secondly, it is expected to better assist with the control of irregular immigration and the detection of unauthorised movements among others by counting applicants for international protection in addition to applications. Thirdly, it is expected to ensure an efficient application of the Resettlement Regulation by providing information necessary for the assessment undertaken in the stage of the admission procedure. If such information is not in Eurodac, it would have to be obtained by the Member State conducting that admission procedure by contacting bilaterally all the other Member States. Fourthly, it is expected to ensure the functioning of Eurodac in the interoperability framework as the some of the provisions in the Interoperability Regulations need to have the appropriate counterparts in the legal acts governing the databases covered by interoperability. Finally it is expected to facilitate returns and to ensure a seamless link with screening.

1.5.3.Lessons learned from similar experiences in the past

The main lessons learnt from upgrading the Central System following the adoption of the recast Eurodac Regulation 32 was the importance of early project management by Member States and ensuring that the project of upgrading the national connection was managed against milestones. Even though a rigid project management schedule was set by eu-LISA for both upgrading the Central System and Member States national connections, a number of Member States failed or risked not connecting to the Central System by 20 July 2015 (two years after adoption of the Regulation).

In the Lessons Learnt workshop following the upgrading of the Central System in 2015, Member States also flagged that a roll-out phase was needed for the next upgrade of the Central System to ensure that all Member States could manage to connect to the Central System on time.

Alternative solutions were found for those Member States that were late to connect to the Central System in 2015. These included eu-LISA lending a National Access Point/ Fingerprint Image Transmission (NAP/FIT) solution to one Member State that was used for testing simulations by the Agency, because the Member State in question had failed to secure the necessary funding to begin their procurement procedure shortly after the adoption of the Eurodac Regulation. Two other Member States had to resort to using an ‘in-house’ solution for their connection before installing their procured NAP/FIT solutions.

eu-LISA signed a Framework Contract with a service provider for the development of functionalities and maintenance services for the Eurodac. Many Member States used this framework contract to procure a standardised NAP/FIT solution, saving time and funds by not having to run national procurement procedures. A similar framework contract should be considered again for the future upgrade.

1.5.4.Compatibility and possible synergy with other appropriate instruments

This proposal should be seen as part of the continuous development of the Dublin Regulation 33 that is proposed to be replaced by a Regulation on Asylum and Migration Management, the Commission’s Communication on a New Pact for Asylum and Migration (COM(2020) XXX final), and the Commission’s Communication on Stronger and Smarter Information Systems for Borders and Security 34 , as well as in conjunction with the ISF borders 35 , as part of the MFF and the establishing Regulation of eu-LISA 36 .

Within the Commission DG HOME is the Directorate General responsible for the establishment of Eurodac.

1.6.Duration and financial impact

◻ limited duration

–◻ in effect from [DD/MM]YYYY to [DD/MM]YYYY

–◻ Financial impact from YYYY to YYYY for commitment appropriations and from YYYY to YYYY for payment appropriations.

⌧ unlimited duration

–Implementation with a development phase during the first three years after adoption,

–followed by entry into operation and maintenance.

1.7.Management mode(s) planned

◻ Direct management by the Commission

–◻ by its departments, including by its staff in the Union delegations;

–◻ by the executive agencies

◻ Shared management with the Member States

⌧ Indirect management by entrusting budget implementation tasks to:

–◻ third countries or the bodies they have designated;

–◻ international organisations and their agencies (to be specified);

–◻the EIB and the European Investment Fund;

–⌧ bodies referred to in Articles 70 and 71 of the Financial Regulation;

–◻ public law bodies;

–◻ bodies governed by private law with a public service mission to the extent that they provide adequate financial guarantees;

–◻ bodies governed by the private law of a Member State that are entrusted with the implementation of a public-private partnership and that provide adequate financial guarantees;

–◻ persons entrusted with the implementation of specific actions in the CFSP pursuant to Title V of the TEU, and identified in the relevant basic act.

–If more than one management mode is indicated, please provide details in the ‘Comments’ section.

Comments

The Commission will be responsible for the overall management of the action and eu-LISA will be responsible for the development, operation and maintenance of the system.

2.MANAGEMENT MEASURES

2.1.Monitoring and reporting rules

Specify frequency and conditions.

The rules on monitoring and evaluation of the Eurodac system are foreseen in Article 42 of the original 2016 proposal:

Annual report: monitoring and evaluation

1. eu-LISA shall submit to the European Parliament, the Council, the Commission and the European Data Protection Supervisor an annual report on the activities of the Central System, including on its technical functioning and security. The annual report shall include information on the management and performance of Eurodac against pre-defined quantitative indicators for the objectives referred to in paragraph 2.

2. eu-LISA shall ensure that procedures are in place to monitor the functioning of the Central System against objectives relating to output, cost-effectiveness and quality of service.

3. For the purposes of technical maintenance, reporting and statistics, eu-LISA shall have access to the necessary information relating to the processing operations performed in the Central System.

3a. Within three years of adoption, eu-LISA shall conduct a study on the technical feasibility of adding facial recognition software to the Central System for the purposes of comparing facial images. The study shall evaluate the reliability and accuracy of the results produced from facial recognition software for the purposes of EURODAC and shall make any necessary recommendations prior to the introduction of the facial recognition technology to the Central System.

4. Within seven years of adoption and every four years thereafter, the Commission shall produce an overall evaluation of Eurodac, examining the results achieved against objectives and the impact on fundamental rights, including whether law enforcement access has led to indirect discrimination against persons covered by this Regulation, and assessing the continuing validity of the underlying rationale and any implications for future operations, and shall make any necessary recommendations. The Commission shall transmit the evaluation to the European Parliament and the Council.

5. Member States shall provide eu-LISA and the Commission with the information necessary to draft the annual report referred to in paragraph 1.

6. eu-LISA, Member States and Europol shall provide the Commission with the information necessary to draft the overall evaluation provided for in paragraph 4. This information shall not jeopardise working methods or include information that reveals sources, staff members or investigations of the designated authorities.

7. While respecting the provisions of national law on the publication of sensitive information, each Member State and Europol shall prepare annual reports on the effectiveness of the comparison of fingerprint data with Eurodac data for law enforcement purposes, containing information and statistics on:

— the exact purpose of the comparison, including the type of terrorist offence or serious criminal offence,

— grounds given for reasonable suspicion,

— the reasonable grounds given not to conduct comparison with other Member States under Decision 2008/615/JHA, in accordance with Article 32(1) of this Regulation,

— number of requests for comparison,

— the number and type of cases which have ended in successful identifications, and

— the need and use made of the exceptional case of urgency, including those cases where that urgency was not accepted by the ex post verification carried out by the verifying authority.

The Member States and Europol shall transmit their annual reports to the Commission by 30 June of the subsequent year.

8. On the basis of Member States and Europol annual reports provided for in paragraph 7 and in addition to the overall evaluation provided for in paragraph 4, the Commission shall compile an annual report on law enforcement access to Eurodac and shall transmit it to the European Parliament, the Council and the European Data Protection Supervisor.

2.2.Management and control system(s)

2.2.1.Justification of the management mode(s), the funding implementation mechanism(s), the payment modalities and the control strategy proposed

eu-LISA is meant to be a centre of excellence in the field of development and management of large-scale IT systems. It shall execute the activities linked to the development/upgrade and the operations of the Eurodac Central System.

Legal adoption and development

After the adoption of the draft proposal / Implementing Acts and the adoption of the technical specifications the Eurodac Central System will be upgraded. During the development phase, all development activities will be executed by eu-LISA. eu-LISA will coordinate the project management of upgrading the Central System and the national systems at EU level and the integration of the National Uniform Interface carried out by Member States at national level.

Go live

In order to go live, eu-LISA has to notify the successful completion of a comprehensive test of the Eurodac Central System which shall be conducted by the Agency together with the Member States.

Operations

During the operational phase eu-LISA shall technically maintain the system and shall monitor the functioning of the system against objectives. At the end of each year eu-LISA should submit to the European Parliament, the Council and the Commission a report on the activities of the Central Ssytem that ensures reliable and accurate results.

2.2.2.Information concerning the risks identified and the internal control system(s) set up to mitigate them

The following risks are identified:

1) Difficulties for eu-LISA to manage the development and integration of this system in parallel to development related to other more complicated systems (Entry-Exit system, AFIS for SIS II, VIS, …) taking place within the same time period.

2) The upgraded Eurodac needs to be integrated with the national IT systems which need to be fully aligned with central requirements. The discussions with Member States to ensure uniformity in the usage of the system may introduce delays in the development.

The risks described above present typical project risks:

1. The risk of not completing the project on time;

2. The risk of not completing the project within budget;

3. The risk of not delivering the full scope of the project.

The first risk is the most important one as an overrun in time leads to higher costs as most costs have a relationship to duration: staff costs, licence costs paid per year, etc.

These risks can be mitigated by applying project management techniques, including contingency in development projects and staffing sufficiently in order to be able to absorb peaks of work. Estimation of effort is indeed usually done by assuming an even workload spread over time while the reality of projects is of uneven workloads that are absorbed by higher resource allocations.

There are several risks related to the use of an external contractor for this development work:

1. in particular, the risk that the contractor fails to allocate sufficient resources to the project or that it designs and develops a system that is not state of the art;

2. the risk that administrative techniques and methods to handle large-scale IT projects are not fully respected as a way of reducing costs by the contractor;

3. finally, the risk of the contractor facing financial difficulties for reasons external to this project cannot be entirely excluded.

These risks are mitigated by awarding contracts on the basis of strong quality criteria, checking references of contractors and maintaining a strong relationship with them. Finally, as a last resort, strong penalty and termination clauses can be included and applied when required

2.2.3.Estimation and justification of the cost-effectiveness of the controls (ratio of "control costs ÷ value of the related funds managed"), and assessment of the expected levels of risk of error (at payment & at closure)

The Agency’s accounts will be submitted for the approval of the Court of Auditors, and subject to the discharge procedure. The Commission’s Internal Audit Service will carry out audits in cooperation with the Agency's internal auditor.

The ratio of “control costs/value of the related funds maanged)” is reported on by the Commission. The 2018 AAR of DG HOME reports 0.31% for this ratio in relation to Indirect Management Entrusted Entities and Decentralized Agencies, including eu-LISA. The Agency does not report on this indicator separately. Eu-LISA received a clean audit opinion on its annual accounts 2017, which implies an error rate below 2%. There are no indications that the error rate will worsen in the coming years.

2.3.Measures to prevent fraud and irregularities

Specify existing or envisaged prevention and protection measures, e.g. from the Anti-Fraud Strategy.

The measures foreseen to combat fraud are laid down in Article 50 of Regulation (EU) 2018/1726 which provides as follows:

1. In order to combat fraud, corruption and other unlawful activities, Regulation (EU, Euratom) No 883/2013 and Regulation (EU) 2017/1939 shall apply.

2. The Agency shall accede to the Interinstitutional Agreement of 25 May 1999 concerning internal investigations by OLAF and shall adopt, without delay, the appropriate provisions applicable to all the employees of the Agency using the template set out in the Annex to that Agreement.

3. The Court of Auditors shall have the power of audit, on the basis of documents and of on-the-spot inspections, over all grant beneficiaries, contractors and subcontractors who have received Union funds from the Agency.

4. OLAF may carry out investigations, including on-the-spot checks and inspections, in accordance with the provisions and procedures laid down in Regulation (EU, Euratom) No 883/2013 and Council Regulation (Euratom, EC) No 2185/96 (49), with a view to establishing whether there has been fraud, corruption or any other illegal activity affecting the financial interests of the Union in connection with a grant or a contract funded by the Agency.

5. Without prejudice to paragraphs 1, 2, 3 and 4, contracts, grant agreements and grant decisions of the Agency shall contain provisions expressly empowering the Court of Auditors, OLAF and the EPPO to conduct audits and investigations, in accordance with their respective competences.

DG HOME's fraud prevention and detection strategy will apply.

3.ESTIMATED FINANCIAL IMPACT OF THE PROPOSAL/INITIATIVE

3.1.Heading of the multiannual financial framework and new expenditure budget line(s) proposed

Heading of multiannual financial framework

Budget line

Type of
expenditure

Contribution

Heading 4: Migration and Border Management

Chapter 11: Border Management

Diff./Non-diff. 37

from EFTA countries 38

from candidate countries 39

from third countries

within the meaning of Article [21(2)(b)] of the Financial Regulation

11.1002 - European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (‘eu-LISA’)

Diff.

YES*

* eu-LISA receives contributions from the countries associated with the Schengen Agreement (NO, IS, CH, LI)

3.2.Estimated impact on expenditure

3.2.1.Summary of estimated impact on expenditure

EUR million (to three decimal places)

Heading of multiannual financial
framework

Border Management

EU LISA

2021

2022

2023

2024

2025

2026

2027

TOTAL

Title 1: Staff expenditure

Commitments

(1a)

0.300

0.300

0.300

0.300

0.300

0.300

0.300

2.100

Payments

(1b)

0.300

0.300

0.300

0.300

0.300

0.300

0.300

2.100

Title 2: Infrastructure and operating expenditure

Commitments

(2a)

Payments

(2b)

Title 3: Operational expenditure*

Commitments

(3a)

13.700

21.030

14.870

5.500

5.500

5.500

5.500

71.600

Payments

(3b)

13.700

21.030

14.870

5.500

5.500

5.500

5.500

71.600

TOTAL appropriations
for eu-LISA

Commitments

=1a+2a+3a

14.000

21.330

15.170

5.800

5.800

5.800

5.800

73.700

Payments

=1b+2b+3b

14.000

21.330

15.170

5.800

5.800

5.800

5.800

73.700

Heading of multiannual financial
framework

7

European Public Administration

This section should be filled in using the 'budget data of an administrative nature' to be firstly introduced in the Annex to the Legislative Financial Statement , which is uploaded to DECIDE for interservice consultation purposes.

EUR million (to three decimal places)

DG HOME		2021	2022	2023	2024	2025	2026	2027	TOTAL
Human resources		0.450	0.450	0.450	0.450	0.450	0.450	0.450	3.150
Other administrative expenditure
TOTAL appropriations under HEADING 7 of the multiannual financial framework	(Total commitments = Total payments)	0.450	0.450	0.450	0.450	0.450	0.450	0.450	3.150

EUR million (to three decimal places)

		2021	2022	2023	2024	2025	2026	2027	TOTAL
TOTAL appropriations across HEADINGS of the multiannual financial framework	Commitments	14.450	21.780	15.620	6.250	6.250	6.250	6.250	76.850
	Payments	14.450	21.780	15.620	6.250	6.250	6.250	6.250	76.850

There is no Europol related costs since the costs related to the Europol Access Point shall be borne by Europol.

3.2.2.Estimated impact on eu-LISA's appropriations - outputs table

–◻ The proposal/initiative does not require the use of operational appropriations

–⌧ The proposal/initiative requires the use of operational appropriations, as explained below:

Commitment appropriations in EUR million (to three decimal places)

Indicate objectives and outputs			Year		Year		Year		Year		Year		Year		Year		TOTAL
			2021		2022		2023		2024		2025		2026		2027
	Type	Average cost	Number	Cost	Number	Cost	Number	Cost	Number	Cost	Number	Cost	Number	Cost	Number	Cost	Number	Cost

SPECIFIC OBJECTIVE NO 1: Eurodac functional system evolution
- Output	Contractor 40			0.130		0.670											-	0.800
Subtotal for specific objective No1			-	0.130	-	0.670	-	-	-	-	-	-	-	-	-	-	-	0.800
SPECIFIC OBJECTIVE NO 2: Eurodac database capacity upgrade
- Output	Hardware, software 41			7.870		11.260		8.870									-	28.000
- Output	Maintenance			3.400		3.500		2.700		2.400		2.400		2.400		2.400	-	19.200
- Output	Projects+evolutions			0.800		0.800		0.800		1.000		1.000		1.000		1.000	-	6.400
- Output	Resettlements			0.400		0.500		0.100									-	1.000
- Output	Alphanumeric searches			1.000		1.000		0.500									-	2.500
- Output	Passport Copies			0.100		0.300		0.100									-	0.500
- Output	EURODAC facial recognition					3.000											-	3.000
- Output	EURODAC additional maintenance (HW/SW/active.active)							1.800		2.100		2.100		2.100		2.100	-	10.200
Subtotal for specific objective No 2						20.360		14.870		5.500		5.500		5.500		5.500	-	70.800
TOTAL for objectives 1 to 2						21.030		14.870		5.500		5.500		5.500		5.500	-	71.600

3.2.3.Summary of estimated impact on appropriations of an administrative nature

(1)The proposal/initiative does not require the use of appropriations of an administrative nature

(2)The proposal/initiative requires the use of appropriations of an administrative nature, as explained below:

EUR million (to three decimal places)

Years

2021

2022

2023

2024

2025

2026

2027

TOTAL

HEADING 7
of the multiannual financial framework

Human resources

0.450

0.450

0.450

0.450

0.450

0.450

0.450

3.150

Other administrative expenditure

Subtotal HEADING 7
of the multiannual financial framework

0.450

0.450

0.450

0.450

0.450

0.450

0.450

3.150

Outside HEADING 7 42
of the multiannual financial framework

Human resources

Other expenditure
of an administrative nature

Subtotal
outside HEADING 7
of the multiannual financial framework

TOTAL DG HOME

0.450

0.450

0.450

0.450

0.450

0.450

0.450

3.150

The appropriations required for human resources and other expenditure of an administrative nature will be met by appropriations from the DG that are already assigned to management of the action and/or have been redeployed within the DG, together if necessary with any additional allocation which may be granted to the managing DG under the annual allocation procedure and in the light of budgetary constraints.

3.2.3.1.Estimated requirements of human resources

(1)The proposal/initiative does not require the use of human resources.

(2)The proposal/initiative requires the use of human resources, as explained below:

Estimate to be expressed in full time equivalent units

Years		2021	2022	2023	2024	2025	2026	2027
• Establishment plan posts (officials and temporary staff)
Headquarters and Commission’s Representation Offices		3	3	3	3	3	3	3
Delegations
Research
• External staff (in Full Time Equivalent unit: FTE) - AC, AL, END, INT and JED 43 Heading 7
Financed from HEADING 7 of the multiannual financial framework	- at Headquarters
	- in Delegations
Financed from the envelope of the programme 44	- at Headquarters
	- in Delegations
Research
Other (specify)
TOTAL DG HOME		3	3	3	3	3	3	3

The human resources required will be met by staff from the DG who are already assigned to management of the action and/or have been redeployed within the DG, together if necessary with any additional allocation which may be granted to the managing DG under the annual allocation procedure and in the light of budgetary constraints.

Description of tasks to be carried out:

Officials and temporary staff	Various tasks in relation to Eurodac, e.g. in the context of Commission opinion on the annual work programme and monitoring of its implementation, supervision of the preparation of the Agency's budget and monitoring of its implementation, assisting the Agency in developing its activities in line with EU policies including by participating in experts meetings, etc.
External staff

Estimated impact on the staff (additional FTE) – establishment plan of eu-LISA

Posts (establishment plan)	2021	2022	2023	2024	2025	2026	2027
Additional posts	2	2	2	2	2	2	2

Recruitment is planned for January 2021. All staff must be available as of early 2021 to start the development in due time and ensure the entry into operations of Eurodac in 2021. The 2 new Temporary Agents (TAs) are needed to cover needs both for the project implementation as well as for operational support and maintenance after deployment to production. These resources will be used:

·To support the project implementation as project team members, including activities as: the definition of requirements and technical specifications, cooperation and support to MS during the implementation, updates of the Interface Control Document (ICD), the follow-up of the contractual deliveries, project testing activities (including MS test coordination), documentation delivery and updates etc.

·To support transition activities for putting the system into operations in cooperation with the contractor (releases follow-up, operational process updates, trainings (including MS training activities) etc.

·To support the longer term activities, definition of specifications, contractual preparations in case there is reengineering of the system (e.g. due to Image recognition) or in case the new Eurodac Maintenance in Working Order (MWO) contract will need to be amended to cover additional changes (from technical and budgetary perspective)

·To enforce the second level support following Entry into Operation (EiO), during continuous maintenance and operations.

The two new resources (FTE TA) will act on top of the internal team capabilities which will be as well utilised for the project/contractual and financial follow-up/ operational activities. The use of TAs will provide adequate duration and continuity of the contracts to ensure business continuity and use of the same specialized people for operational support activities after the project conclusion. On top the operational support activities require access to Production environment that cannot be assigned to contractors or external staff.

3.2.4.Third-party contributions

The proposal/initiative:

(1)does not provide for co-financing by third parties

(2)provides for the co-financing by third parties estimated below:

Appropriations in EUR million (to three decimal places)

Years	2021	2022	2023	2024	2025	2026	2027	TOTAL
Specify the co-financing body
TOTAL appropriations co-financed

3.3.Estimated impact on revenue

(1)The proposal/initiative has no financial impact on revenue.

(2)The proposal/initiative has the following financial impact:

◻ on own resources

⌧ on other revenue

please indicate, if the revenue is assigned to expenditure lines

⌧ Respective expenditure line in eu-LISA budget

EUR million (to three decimal places)

Budget revenue line:	Impact of the proposal/initiative 45
	2021	2022	2023	2024	2025	2026	2027
Respective income line in eu-LISA budget	p.m.	p.m.	p.m.	p.m.	p.m.	p.m.	p.m.

For assigned revenue, specify the budget expenditure line(s) affected.

[…]

Other remarks (e.g. method/formula used for calculating the impact on revenue or any other information).

Eu-LISA shall receive contributions from countries associated with the Eurodac related measures as laid down in the respective agreements *.

The calculation shall be based on calculations for revenues for the implementation of the Eurodac system from the States that currently contribute to the general budget of the European Union (consumed payments) an annual sum for the relevant financial year, calculated in accordance with its gross domestic product as a percentage of the gross domestic product of all the participating States. Since the consumed payments are known only a posteriori, amounts for relevant years will be known only a posteriori, hence we put p.m. instead of actual amounts. Actual amounts should be based on EUROSTAT data and may vary according to the economic situation of the participating States.

* Agreement between the European Community and the Republic of Iceland and the Kingdom of Norway concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Iceland or Norway (OJ L 93, 3.4.2001, p. 40).

Agreement between the European Community and the Swiss Confederation concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Switzerland (OJ L 53, 27.2.2008, p. 5).

Protocol between the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Community and the Swiss Confederation concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Switzerland (OJ L 160 18.6.2011 p. 39)

Protocol between the European Community, the Swiss Confederation and the Principality of Liechtenstein to the Agreement between the European Community and the Swiss Confederation concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Switzerland (2006/0257 CNS, concluded on 24.10.2008, publication in OJ pending) and Protocol to the Agreement between the Community, Republic of Iceland and the Kingdom of Norway concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State, Iceland and Norway (OJ L 93, 3.4.2001).

(1) OJ L […], […], p. […].

(2) OJ L […], […], p. […].

(3) OJ L […], […], p. […].

(4) OJ L […], […], p. […].

(5) Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA, OJ L 135, 22.5.2019, p. 27-84

(6) Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816, OJ L 135, 22.5.2019, p. 85–135

(7) Last subparagraph of Art. 79 of Regulation (EU) 2019/817, last subparagraph of Art. 75 of Regulation (EU) 2019/818.

(8) Agreement between the European Community and the Kingdom of Denmark on the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in Denmark or any other Member State of the European Union and “Eurodac” for the comparison of fingerprints for the effective application of the Dublin Convention, OJ L 66, 8.3.2006, p.37

(9) Agreement between the European Community and the Republic of Iceland and the Kingdom of Norway concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Iceland or Norway, OJ L 93, 3.4.2001, p. 40.

(10) Agreement between the European Community and the Swiss Confederation concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Switzerland, OJ L 53, 27.2.2008, p. 5.

(11) Protocol between the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Community and the Swiss Confederation concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Switzerland, OJ L 160 18.6.2011 p. 39.

(12) Protocol between the European Community, the Swiss Confederation and the Principality of Liechtenstein to the Agreement between the European Community and the Swiss Confederation concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Switzerland (2006/0257 CNS, concluded on 24.10.2008, OJ L 161, 24.6.2009, p. 8) and Protocol to the Agreement between the Community, Republic of Iceland and the Kingdom of Norway concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State, Iceland and Norway (OJ L 93, 3.4.2001).

(13) See for example the EASO’s report on secondary movements (not public).

(14) The Initiative for Children in Migration called for a common approach to address the issue of missing (unaccompanied and separated) children, to establish effective mechanisms to tackle the risks of trafficking, and the adoption of child-specific standards for asylum procedures.

(15) For example, Berlin Action Plan on a new European Asylum Policy, 25 November 2019, signed by 33 organisations and municipalities.

(16) UNHCR Recommendations for the European Commission’s proposed Pact on Migration and Asylum, January 2020.

(17) IOM Recommendations for the new European Union Pact on Migration and Asylum, February 2020.

(18) CEPS Project Report, Search and rescue, disembarkation and relocation arrangements in the Mediterranean. Sailing Away from Responsibility?, June 2019.

(19) EUI Policy Brief, Migration policy scoreboard: A Monitoring Mechanism for EU Asylum and Migration policy, March 2020

(20) All studies and reports of the European Migration Network are available at: https://ec.europa.eu/home-affairs/what-we-do/networks/european_migration_network_en.

(21) Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (OJ L 135, 22.5.2019, p. 27) and Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (OJ L 135, 22.5.2019, p.85).

(22) Adopted in Hamburg, Germany on 27 April 1979.

(23) Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation), OJ L 218, 13.8.2008, p. 60–81.

(24) Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226, OJ L 236, 19.9.2018, p. 1–71.

(25) Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA, OJ L 135, 22.5.2019, p. 27-84

(26) Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816, OJ L 135, 22.5.2019, p. 85–135

(27) Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226, OJ L 236, 19.9.2018, p. 1–71

(28) Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation), OJ L 218, 13.8.2008, p. 60–81

(29) Directive 2004/38/EC of the European Parliament and of the Council of 29 April 2004 on the right of citizens of the Union and their family members to move and reside freely within the territory of the Member States amending Regulation (EEC) No 1612/68 and repealing Directives 64/221/EEC, 68/360/EEC, 72/194/EEC, 73/148/EEC, 75/34/EEC, 75/35/EEC, 90/364/EEC, 90/365/EEC and 93/96/EEC, OJ L 158, 30.4.2004, p. 77

(30) Regulation (EC) No 810/2009 of the European Parliament and of the Council of 13 July 2009 establishing a Community Code on Visas (Visa Code), OJ L 243, 15.9.2009, p. 1–58

(31) As referred to in Article 58(2)(a) or (b) of the Financial Regulation.

(32) OJ L 180, 29.6.2013, p.1

(33) Regulation (EU) No. 604/2013 of the European Parliament and of the Council of 26 June 2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person (recast). OJ L 180, 29.6.2013, p31.

(34) COM(2016) 205 final.

(35) Regulation (EU) No 515/2014 of the European Parliament and of the Council of 16 April 2014 establishing, as part of the Internal Security Fund, the instrument for financial support for external borders and visa and repealing Decision No 574/2007/EC, OJ L150, 20.5.2014, p.143.

(36)

Regulation (EU) 2018/1726 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), and amending Regulation (EC) No 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) No 1077/2011. Article 1.3 "The Agency shall be responsible for the operational management of the Schengen Information System (SIS II), the Visa Information System (VIS) and Eurodac. ", OJ L 295, 21.11.2018, p. 99–137.

(37) Diff. = Differentiated appropriations / Non-diff. = Non-differentiated appropriations.

(38) EFTA: European Free Trade Association.

(39) Candidate countries and, where applicable, potential candidates from the Western Balkans.

(40) All contractual costs for the functional updates are split between the first 2 years with the biggest part of the budget in the 2nd year (following acceptance).

(41) Capacity payments is split within the 3 years as 40%, 40%, 20%

(42) Technical and/or administrative assistance and expenditure in support of the implementation of EU programmes and/or actions (former ‘BA’ lines), indirect research, direct research.

(43) AC= Contract Staff; AL = Local Staff; END = Seconded National Expert; INT = agency staff; JPD= Junior Professionals in Delegations.

(44) Sub-ceiling for external staff covered by operational appropriations (former ‘BA’ lines).

(45) As regards traditional own resources (customs duties, sugar levies), the amounts indicated must be net amounts, i.e. gross amounts after deduction of 20 % for collection costs.

EU LISA			2021	2022	2023	2024	2025	2026	2027	TOTAL
Title 1: Staff expenditure	Commitments	(1a)	0.300	0.300	0.300	0.300	0.300	0.300	0.300	2.100
	Payments	(1b)	0.300	0.300	0.300	0.300	0.300	0.300	0.300	2.100
Title 2: Infrastructure and operating expenditure	Commitments	(2a)
	Payments	(2b)
Title 3: Operational expenditure*	Commitments	(3a)	13.700	21.030	14.870	5.500	5.500	5.500	5.500	71.600
	Payments	(3b)	13.700	21.030	14.870	5.500	5.500	5.500	5.500	71.600
TOTAL appropriations for eu-LISA	Commitments	=1a+2a+3a	14.000	21.330	15.170	5.800	5.800	5.800	5.800	73.700
	Payments	=1b+2b+3b	14.000	21.330	15.170	5.800	5.800	5.800	5.800	73.700

Outside HEADING 7 42 of the multiannual financial framework
Human resources
Other expenditure of an administrative nature
Subtotal outside HEADING 7 of the multiannual financial framework

Data provided pursuant to Article 17(2) of Regulation (EU) 2018/1240 of the European Parliament and of the Council 1 recorded and stored by ETIAS Central System	The corresponding data in Eurodac pursuant to Articles 12, 13, 14 and 14a of this Regulation against which the ETIAS data should be checked
surname (family name)	surname(s)
surname at birth	name(s) at birth
first name(s) (given name(s))	forename(s)
other names (alias(es), artistic name(s), usual name(s))	previously used names and any aliases
date of birth	date of birth
place of birth	place of birth
sex	sex
current nationality	nationality(ies)
other nationalities (if any)	nationality(ies)
type of the travel document	type of travel document
number of the travel document	number of travel document
country of issue of the travel document	three letter code of the issuing country