VIS Regulation

The VIS Regulation defines the purpose and functionalities of, as well as the responsibilities for, the Visa Information System (VIS). It provides the conditions and procedures for the exchange of visa data between the European Union (EU) countries and associated countries applying the common visa policy. Thus, the examination of applications for short stay visas and decisions on extending, revoking and annulling visas, as well as the checks on visas and the verifications and identifications of visa applicants and holders are facilitated.


Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation)


The purpose of the Visa Information System (VIS) is to improve the implementation of the common visa policy, consular cooperation and consultations between the central visa authorities by:

In specific cases, the national authorities and Europol may request access to data entered into the VIS for the purpose of preventing, detecting and investigating terrorist and criminal offences. The procedures for consultations under such circumstances are laid down in Council Decision 2008/633/JHA. These consultations are carried out via central access points in the participating countries and by Europol, who verify the requests and ensure conformity with the above decision.

Only the following categories of data are recorded in the VIS:

Access to the VIS:

The authorities with access to VIS must ensure that its use is limited to that which is necessary, appropriate and proportionate for carrying out their tasks. Furthermore, they must ensure that in using VIS, the visa applicants and holders are not discriminated against and that their human dignity and integrity are respected.

Entering of data by the visa authorities

Once an application is found admissible as set out in the Visa Code, the visa authority creates the application file by entering into the VIS a set of data listed in this regulation, such as the applicant’s personal and travel details provided in the application form, photograph and fingerprints.

Where a decision has been taken to issue a visa, the visa authority adds other relevant data, including the type of visa, the territory in which the visa holder is entitled to travel, the period of validity, the number of entries allowed in the territory and the duration of the authorised stay.

Additional data must also be entered if the visa authority representing another EU country discontinues the examination of an application as well as when a decision has been taken to refuse, annul or revoke a visa, or to extend the validity period of a visa.

Use of the data by the visa and other competent authorities

The competent visa authority may consult the VIS for the purpose of examining applications and decisions to issue, refuse, extend, annul or revoke a visa, or to shorten a visa’s validity period. It is authorised to carry out searches with some of the data included in the application form and the application file. If the search indicates that data on the applicant is recorded in the VIS, the visa authority will be given access to the application file and linked application files.

For prior consultation, the country responsible for examining the application must transmit any consultation requests with the application number to the VIS, indicating the country or countries to be consulted. The VIS will forward the request to the country concerned, which will, in turn, send the response to the VIS, which will then forward the response to the requesting country.

For statistical and reporting purposes, the visa authorities are authorised to consult data that does not allow for the identification of the applicant.

The authorities responsible for carrying out checks at external borders and within the national territories have access to search the VIS with the number of the visa sticker together with fingerprints. They may search the VIS for the purpose of verifying the identity of the person and/or the authenticity of the visa and/or whether the person meets the requirements for entering, staying in or residing within the national territories. If, based on this search, data on the visa holder is found in the VIS, the relevant authorities may consult certain data in the application file.

For identifying a person who may not or may no longer fulfil the required conditions, the competent authorities have access to search with fingerprint data. If that person’s fingerprints cannot be used or the search with the fingerprints fails, the relevant authorities may search the VIS with the name, sex, date and place of birth and/or information taken from the travel document. These may be used in combination with the nationality of the person.

Asylum authorities have access to search the VIS with fingerprint data, but solely for the purposes of determining the EU country responsible for the examination of an asylum application and of examining an asylum application. However, if the fingerprints of the asylum seeker cannot be used or the search fails, the authorities may carry out the search with the data set out above.

Each application file is stored in the VIS for a maximum of five years. Only the country responsible has the right to amend or delete data it has transmitted to the VIS.

Operation and responsibilities

After a transitional period, when the Commission was in charge, the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (euLISA) has been responsible, since 1 December 2012, for the operational management of the Central VIS and the national interfaces. In addition, ensuring a communication infrastructure between these two, euLISA is in charge of the supervision, security and the coordination of relations between the participating countries and the service provider. euLISA also ensures that the VIS is operated in accordance with the VIS Regulation and that only duly authorised staff has access to data processed in the VIS.

The VIS is connected to the national system of each country via the country’s national interface. Participating countries designate a national authority that is connected to the national interfaces and that provides access to VIS by the relevant authorities.

Each country is responsible for:

Data in the VIS is not to be communicated to third countries or international organisations unless indispensable for attesting a third-country national’s identity in individual cases. The communication may be made when a set of conditions are met, with due respect to the rights of refugees and persons requesting international protection.

Data protection

The responsible country provides the persons concerned with information on the identity and contact details of the controller responsible for the processing of the data, the purposes for which the data is processed within the VIS, the categories of the recipients of the data, the period of retention of the data and the right to access, correct and delete the data. In addition, the country must inform the persons concerned of its obligation to collect the data. Any person is entitled to receive information on how to bring an action or a complaint before the competent authorities or courts of the country concerned if he/she is refused the right of access to, or the right of correction or deletion of, data relating to him/her.

Each EU country must require a National Supervisory Authority, established in accordance with Directive 95/46/EC, to monitor the lawfulness of the processing of personal data by that country. The European Data Protection Supervisor monitors the activities of euLISA.

Start of operations

The VIS became operational since the technical implementation of the Central VIS, the national interfaces and the communication infrastructure were completed and a comprehensive test of the VIS was carried out. The countries also had to take certain required steps for the collection and transmission of data in a first region, followed by a gradual roll-out in other regions.

As a Schengen instrument, this regulation applies to EU countries with the exception of the United Kingdom and Ireland. Denmark has decided to implement the regulation which also applies to Iceland, Norway and Switzerland.



Entry into force

Deadline for transposition in the Member States

Official Journal

Regulation (EC) No 767/2008



OJ L 218 of 13.8.2008

Amending act(s)

Entry into force

Deadline for transposition in the Member States

Official Journal

Regulation (EC) No 810/2009



OJ L 243 of 15.9.2009


Commission Implementing Decision 2013/642/EU determining the date from which the Visa Information System (VIS) is to start operations in a ninth, a tenth and an eleventh region (Official Journal L 299 of 9.11.2013).

Commission Decision 2010/260/EU of 4 May 2010 on the Security Plan for the operation of the Visa Information System (Official Journal L 112 of 5.5.2010).

Commission Decision 2010/49/EC of 30 November 2009 determining the first regions for the start of operations of the Visa Information System (VIS) (Official Journal L 23 of 27.1.2010).

Commission Decision 2009/876/EC of 30 November 2009 adopting technical implementing measures for entering the data and linking applications, for accessing the data, for amending, deleting and advance deleting of data and for keeping and accessing the records of data processing operation in the Visa Information System (Official Journal L 315 of 2.12.2009).

Commission Decision 2009/756/EC of 9 October 2009 laying down specifications for the resolution and use of fingerprints for biometric identification and verification in the Visa Information System (Official Journal L 270 of 15.10.2009).

Commission Decision 2009/377/EC of 5 May 2009 adopting implementing measures for the consultation mechanism and the other procedures referred to in Article 16 of Regulation (EC) No 767/2008 of the European Parliament and the Council concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) (Official Journal L 117 of 12.5.2009).

The implementing measures for consultations and requests for documents via the VIS are set out in the annex to this decision. Currently, the Schengen Consultation Network (VISION) is used as the communication network for consultations on visas. Once the VIS becomes operational, the VIS Mail mechanism may be used in parallel to transmit messages:

Once all Schengen visa issuing posts are connected to the VIS, the VIS Mail mechanism shall be the sole communication network for exchanging messages via the VIS.

1077/2011 of the European Parliament and of the Council of 25 October 2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (Official Journal L 286 of 1.11.2011).

last update 20.05.2014