ISSN 1977-0677
Official Journal
of the European Union
L 156
English edition
Legislation
Volume 62
13 June 2019
|
ISSN 1977-0677 |
||
|
Official Journal of the European Union |
L 156 |
|
|
|
||
|
English edition |
Legislation |
Volume 62 |
|
|
|
|
|
(1) Text with EEA relevance. |
|
EN |
Acts whose titles are printed in light type are those relating to day-to-day management of agricultural matters, and are generally valid for a limited period. The titles of all other Acts are printed in bold type and preceded by an asterisk. |
II Non-legislative acts
REGULATIONS
|
13.6.2019 |
EN |
Official Journal of the European Union |
L 156/1 |
COMMISSION REGULATION (EU) 2019/962
of 12 June 2019
amending Annex I to Regulation (EC) No 1831/2003 of the European Parliament and of the Council as regards the establishment of two new functional groups of feed additives
(Text with EEA relevance)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EC) No 1831/2003 of the European Parliament and of the Council of 22 September 2003 on additives for use in animal nutrition (1), and in particular Article 6(3) thereof,
Whereas:
|
(1) |
Regulation (EC) No 1831/2003 provides for the allocation of feed additives to categories and further to functional groups within those categories according to their functions and properties. |
|
(2) |
As a result of technological and scientific development, there are various substances that may have a technological effect on feeds which is not described in relation to any already existing functional groups. Therefore it is appropriate to create a new generic functional group within the category ‘technological additives’ to include such substances. |
|
(3) |
In addition to good farming practices ensuring the wellbeing of animals and the respect of animal welfare provisions in the EU, scientific studies show that some feed additives may help animals in good health to keep a good physiological condition, to contribute to animal welfare, to favourably affect the animal resilience to stress factors or to support their wellbeing in certain situations. Since the main function of these feed additives cannot be allocated to any of the specific functional groups provided for in Regulation (EC) No 1831/2003, it is appropriate to create a new functional group within the category ‘zootechnical additives’. This should allow to better define the intended purpose for those additives, to establish criteria for the evaluation of the efficacy and to create legal clarity for applicants. |
|
(4) |
In order to introduce those two new functional groups, Annex I to Regulation (EC) No 1831/2003 should be amended accordingly. |
|
(5) |
The measures provided for in this Regulation are in accordance with the opinion of the Standing Committee on Plants, Animals, Food and Feed, |
HAS ADOPTED THIS REGULATION:
Article 1
Amendments to Regulation (EC) No 1831/2003
Annex I to Regulation (EC) No 1831/2003 is amended as follows:
|
(1) |
in point 1 the following point is added:
|
|
(2) |
in point 4 the following point is added:
|
Article 2
Entry into force
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, 12 June 2019.
For the Commission
The President
Jean-Claude JUNCKER
DECISIONS
|
13.6.2019 |
EN |
Official Journal of the European Union |
L 156/3 |
COUNCIL DECISION (EU) 2019/963
of 6 June 2019
appointing one alternate member of the Management Board of the European Agency for Safety and Health at Work for France
THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) 2019/126 of the European Parliament and of the Council of 16 January 2019 establishing the European Agency for Safety and Health at Work (EU-OSHA), and repealing Council Regulation (EC) No 2062/94 (1), and in particular Article 4 thereof,
Having regard to the lists of candidates submitted to the Council by the Governments of the Member States and by the employees' and the employers' organisations,
Having regard to the lists of members and alternate members of the Advisory Committee on Safety and Health at Work,
Whereas:
|
(1) |
By its Decision of 9 April 2019 (2), the Council appointed the members and alternate members of the Management Board of the European Agency for Safety and Health at Work for the period from 1 April 2019 to 31 March 2023. |
|
(2) |
The employers' organisation BusinessEurope has submitted a nomination for one post to be filled for France, |
HAS ADOPTED THIS DECISION:
Article 1
The following is hereby appointed alternate member of the Management Board of the European Agency for Safety and Health at Work for the period ending on 31 March 2023:
REPRESENTATIVES OF EMPLOYERS' ORGANISATIONS
|
Country |
Member |
Alternate member |
|
France |
|
Mr Franck GAMBELLI |
Article 2
The Council shall appoint the members and alternate members not yet nominated at a later date.
Article 3
This Decision shall enter into force on the date of its adoption.
Done at Luxembourg, 6 June 2019.
For the Council
The President
A. BIRCHALL
(1) OJ L 30, 31.1.2019, p. 58.
(2) Council Decision of 9 April 2019 appointing the members and alternate members of the Management Board of the European Agency for Safety and Health at Work (EU-OSHA) (OJ C 135, 11.4.2019, p 7).
|
13.6.2019 |
EN |
Official Journal of the European Union |
L 156/4 |
COUNCIL DECISION (EU, Euratom) 2019/964
of 6 June 2019
appointing a member, proposed by the Republic of Austria, of the European Economic and Social Committee
THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 302 thereof,
Having regard to the Treaty establishing the European Atomic Energy Community, and in particular Article 106a thereof,
Having regard to the proposal of the Austrian Government,
Having regard to the opinion of the European Commission,
Whereas:
|
(1) |
On 18 September 2015 and 1 October 2015, the Council adopted Decisions (EU, Euratom) 2015/1600 (1) and (EU, Euratom) 2015/1790 (2) appointing the members of the European Economic and Social Committee for the period from 21 September 2015 to 20 September 2020. |
|
(2) |
A member's seat on the European Economic and Social Committee has become vacant following the end of the term of office of Mr Wolfgang GREIF, |
HAS ADOPTED THIS DECISION:
Article 1
Ms Sophia REISECKER, Leiterin der Abteilung Europa, Konzerne, internationale Beziehungen in der Gewerkschaft der Privatangestellten, Druck, Journalismus, Papier (GPA-djp), is hereby appointed as a member of the European Economic and Social Committee for the remainder of the current term of office, which runs until 20 September 2020.
Article 2
This Decision shall enter into force on the date of its adoption.
Done at Luxembourg, 6 June 2019.
For the Council
The President
A. BIRCHALL
(1) Council Decision (EU, Euratom) 2015/1600 of 18 September 2015 appointing the members of the European Economic and Social Committee for the period from 21 September 2015 to 20 September 2020 (OJ L 248, 24.9.2015, p. 53).
(2) Council Decision (EU, Euratom) 2015/1790 of 1 October 2015 appointing the members of the European Economic and Social Committee for the period from 21 September 2015 to 20 September 2020 (OJ L 260, 7.10.2015, p. 23).
|
13.6.2019 |
EN |
Official Journal of the European Union |
L 156/5 |
COUNCIL DECISION (EU, Euratom) 2019/965
of 6 June 2019
appointing a member, proposed by the Portuguese Republic, of the European Economic and Social Committee
THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 302 thereof,
Having regard to the Treaty establishing the European Atomic Energy Community, and in particular Article 106a thereof,
Having regard to the proposal of the Portuguese Government,
Having regard to the opinion of the European Commission,
Whereas:
|
(1) |
On 18 September 2015 and 1 October 2015, the Council adopted Decisions (EU, Euratom) 2015/1600 (1) and (EU, Euratom) 2015/1790 (2) appointing the members of the European Economic and Social Committee for the period from 21 September 2015 to 20 September 2020. |
|
(2) |
A member's seat on the European Economic and Social Committee has become vacant following the end of the term of office of Mr Mário David FERREIRINHA SOARES, |
HAS ADOPTED THIS DECISION:
Article 1
Mr Fernando Manuel MAURÍCIO DE CARVALHO, Member of the General Confederation of Portuguese Workers (CGTP-IN), is hereby appointed as a member of the European Economic and Social Committee for the remainder of the current term of office, which runs until 20 September 2020.
Article 2
This Decision shall enter into force on the date of its adoption.
Done at Luxembourg, 6 June 2019.
For the Council
The President
A. BIRCHALL
(1) Council Decision (EU, Euratom) 2015/1600 of 18 September 2015 appointing the members of the European Economic and Social Committee for the period from 21 September 2015 to 20 September 2020 (OJ L 248, 24.9.2015, p. 53).
(2) Council Decision (EU, Euratom) 2015/1790 of 1 October 2015 appointing the members of the European Economic and Social Committee for the period from 21 September 2015 to 20 September 2020 (OJ L 260, 7.10.2015, p. 23).
|
13.6.2019 |
EN |
Official Journal of the European Union |
L 156/6 |
COUNCIL DECISION (EU) 2019/966
of 6 June 2019
appointing a member and an alternate member, proposed by the Republic of Austria, of the Committee of the Regions
THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 305 thereof,
Having regard to the proposal of the Austrian Government,
Whereas:
|
(1) |
On 26 January 2015, 5 February 2015 and 23 June 2015, the Council adopted Decisions (EU) 2015/116 (1), (EU) 2015/190 (2) and (EU) 2015/994 (3) appointing the members and alternate members of the Committee of the Regions for the period from 26 January 2015 to 25 January 2020. On 18 September 2015, by Council Decision (EU) 2015/1572 (4), Mr Hans NIESSL was replaced by Mr Christian ILLEDITS as a member, and Mr Christian ILLEDITS was replaced by Mr Hans NIESSL as an alternate member. |
|
(2) |
A member's seat on the Committee of the Regions has become vacant following the end of the mandate on the basis of which Mr Christian ILLEDITS (Landtagspräsident Burgenland) was proposed. |
|
(3) |
An alternate member's seat on the Committee of the Regions has become vacant following the end of the term of office of Mr Hans NIESSL, |
HAS ADOPTED THIS DECISION:
Article 1
The following are hereby appointed to the Committee of the Regions for the remainder of the current term of office, which runs until 25 January 2020:
|
(a) |
as a member:
|
|
(b) |
as an alternate member:
|
Article 2
This Decision shall enter into force on the date of its adoption.
Done at Luxembourg, 6 June 2019.
For the Council
The President
A. BIRCHALL
(1) Council Decision (EU) 2015/116 of 26 January 2015 appointing the members and alternate members of the Committee of the Regions for the period from 26 January 2015 to 25 January 2020 (OJ L 20, 27.1.2015, p. 42).
(2) Council Decision (EU) 2015/190 of 5 February 2015 appointing the members and alternate members of the Committee of the Regions for the period from 26 January 2015 to 25 January 2020 (OJ L 31, 7.2.2015, p. 25).
(3) Council Decision (EU) 2015/994 of 23 June 2015 appointing the members and alternate members of the Committee of the Regions for the period from 26 January 2015 to 25 January 2020 (OJ L 159, 25.6.2015, p. 70).
(4) Council Decision (EU) 2015/1572 of 18 September 2015 appointing an Austrian member and an Austrian alternate member of the Committee of the Regions (OJ L 245, 22.9.2015, p. 9).
|
13.6.2019 |
EN |
Official Journal of the European Union |
L 156/7 |
COUNCIL DECISION (EU) 2019/967
of 6 June 2019
appointing two alternate members, proposed by the Grand Duchy of Luxembourg, of the Committee of the Regions
THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 305 thereof,
Having regard to the proposal of the Luxembourg Government,
Whereas:
|
(1) |
On 26 January 2015, 5 February 2015 and 23 June 2015, the Council adopted Decisions (EU) 2015/116 (1), (EU) 2015/190 (2) and (EU) 2015/994 (3) appointing the members and alternate members of the Committee of the Regions for the period from 26 January 2015 to 25 January 2020. On 13 July 2018, by Council Decision (EU) 2018/1015 (4), Mr Tom JUNGEN was replaced by Mr Jeff FELLER as an alternate member. |
|
(2) |
Two alternate members' seats on the Committee of the Regions have become vacant following the end of the terms of office of Ms Sam TANSON and Mr Jeff FELLER, |
HAS ADOPTED THIS DECISION:
Article 1
The following are hereby appointed as alternate members of the Committee of the Regions for the remainder of the current term of office, which runs until 25 January 2020:
|
— |
Ms Linda GAASCH, conseillère communale de la Ville de Luxembourg, |
|
— |
Ms Carole HARTMANN, conseillère communale de la Ville d'Echternach. |
Article 2
This Decision shall enter into force on the date of its adoption.
Done at Luxembourg, 6 June 2019.
For the Council
The President
A. BIRCHALL
(1) Council Decision (EU) 2015/116 of 26 January 2015 appointing the members and alternate members of the Committee of the Regions for the period from 26 January 2015 to 25 January 2020 (OJ L 20, 27.1.2015, p. 42).
(2) Council Decision (EU) 2015/190 of 5 February 2015 appointing the members and alternate members of the Committee of the Regions for the period from 26 January 2015 to 25 January 2020 (OJ L 31, 7.2.2015, p. 25).
(3) Council Decision (EU) 2015/994 of 23 June 2015 appointing the members and alternate members of the Committee of the Regions for the period from 26 January 2015 to 25 January 2020 (OJ L 159, 25.6.2015, p. 70).
(4) Council Decision (EU) 2018/1015 of 13 July 2018 appointing two members and three alternate members, proposed by the Grand Duchy of Luxembourg, of the Committee of the Regions (OJ L 181, 18.7.2018, p. 85).
|
13.6.2019 |
EN |
Official Journal of the European Union |
L 156/8 |
COUNCIL IMPLEMENTING DECISION (EU) 2019/968
of 6 June 2019
on the launch of automated data exchange with regard to DNA data in the United Kingdom
THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Council Decision 2008/615/JHA of 23 June 2008 on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime (1), and in particular Article 33 thereof,
Having regard to the opinion of the European Parliament (2),
Whereas:
|
(1) |
In accordance with Article 25(2) of Decision 2008/615/JHA, the supply of personal data provided for under that Decision may not take place until the general provisions on data protection set out in Chapter 6 of that Decision have been implemented in the national law of the territories of the Member States involved in such supply. |
|
(2) |
Article 20 of Council Decision 2008/616/JHA (3) provides that the verification that the condition referred to in recital 1 has been met with respect to automated data exchange in accordance with Chapter 2 of Decision 2008/615/JHA is to be done on the basis of an evaluation report based on a questionnaire, an evaluation visit and a pilot run. |
|
(3) |
The United Kingdom has informed the General Secretariat of the Council on the national DNA analysis files to which Articles 2 to 6 of Decision 2008/615/JHA apply and the conditions for the automated searching as referred to in Article 3(1) of that Decision in accordance with Article 36(2) of that Decision. |
|
(4) |
In accordance with Chapter 4, point 1.1, of the Annex to Decision 2008/616/JHA, the questionnaire drawn up by the relevant Council Working Group concerns each of the automated data exchanges and has to be answered by a Member State as soon as it believes it fulfils the prerequisites for sharing data in the relevant data category. |
|
(5) |
The United Kingdom has completed the questionnaire on data protection and the questionnaire on DNA data exchange. |
|
(6) |
A successful pilot run has been carried out by the United Kingdom with Austria and Germany. |
|
(7) |
An evaluation visit has taken place in the United Kingdom and a report on the evaluation visit has been produced by the Austrian, German and French evaluation team and forwarded to the relevant Council Working Group. |
|
(8) |
An overall evaluation report, summarising the results of the questionnaire, the evaluation visit and the pilot run concerning DNA data exchange has been presented to the Council. |
|
(9) |
On 11 October 2018, the Council, having noted the agreement of all Member States bound by Decision 2008/615/JHA, concluded that the United Kingdom has fully implemented the general provisions on data protection set out in Chapter 6 of Decision 2008/615/JHA. Furthermore, the Council requested that the United Kingdom review, within 12 months of the launching of the automated data exchange, its policy of excluding suspects' profiles from automated DNA data exchange, in the light of operational experience with Prüm DNA data exchange and of the explanations in the evaluation visit report. |
|
(10) |
Therefore, for the purposes of automated searching of DNA data, the United Kingdom should be entitled to receive and supply personal data pursuant to Articles 3 and 4 of Decision 2008/615/JHA. However, given the practical and operational significance of the inclusion of suspects' profiles in automated DNA data exchange for public security, in particular for combating terrorism and cross-border crime, the United Kingdom should review its policy on the exchange of suspects' profiles. If the operational experience acquired with Prüm DNA data exchange within the first 12 months has not led the United Kingdom to notify the Council that it has reviewed its policy, the Council should re-evaluate the situation with a view to the continuation or termination of DNA Prüm automated exchange with the United Kingdom. |
|
(11) |
Article 33 of Decision 2008/615/JHA confers implementing powers upon the Council with a view to adopting measures necessary to implement that Decision, in particular as regards the receiving and supply of personal data provided for under that Decision. |
|
(12) |
As the conditions for triggering the exercise of such implementing powers have been met and the procedure in this regard has been followed, an Implementing Decision on the launch of automated data exchange with regard to DNA data in the United Kingdom should be adopted in order to allow that Member State to receive and supply personal data pursuant to Articles 3 and 4 of Decision 2008/615/JHA. |
|
(13) |
Denmark, Ireland and the United Kingdom are bound by Decision 2008/615/JHA and are therefore taking part in the adoption and application of this Decision which implements Decision 2008/615/JHA, |
HAS ADOPTED THIS DECISION:
Article 1
For the purposes of automated searching and comparison of DNA data, the United Kingdom is entitled to receive and supply personal data pursuant to Articles 3 and 4 of Decision 2008/615/JHA as from 14 June 2019.
Article 2
By 15 June 2020, the United Kingdom shall complete a review of its policy of excluding suspects' profiles from automated DNA data exchange.
If, by the date referred to in the first subparagraph, the United Kingdom has not notified the Council that it makes available the DNA of suspects in conformity with Decision 2008/615/JHA, the Council shall, within three months, re-evaluate the situation with regard to the continuation or termination of DNA data exchange with the United Kingdom.
Article 3
This Decision shall enter into force on the day following that of its publication in the Official Journal of the European Union.
This Decision shall apply in accordance with the Treaties.
Done at Luxembourg, 6 June 2019.
For the Council
The President
A. BIRCHALL
(2) Opinion of 12 March 2019 (not yet published in the Official Journal).
(3) Council Decision 2008/616/JHA of 23 June 2008 on the implementation of Decision 2008/615/JHA on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime (OJ L 210, 6.8.2008, p. 12).
|
13.6.2019 |
EN |
Official Journal of the European Union |
L 156/10 |
COMMISSION DELEGATED DECISION (EU) 2019/969
of 22 February 2019
on the tool enabling applicants to give or withdraw their consent for an additional retention period of their application file pursuant to Article 54(2) of Regulation (EU) 2018/1240 of the European Parliament and of the Council
(Text with EEA relevance)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (1), and in particular the fifth subparagraph of Article 54(2) thereof,
Whereas:
|
(1) |
Regulation (EU) 2018/1240 established a European Travel Information and Authorisation System (ETIAS) as a system for third-country nationals exempt from the requirement to be in possession of a visa when crossing the external borders. It laid down the conditions and procedures to issue or refuse a travel authorisation. |
|
(2) |
Each application file is to be erased after the period of validity of the travel authorisation. To facilitate a new application after that period expired, applicants may consent to prolong the period for storing the application file by three years. This Decision should set out conditions on how the applicants can give and withdraw their consent using a dedicated tool. |
|
(3) |
The consent tool should be accessible through the dedicated public website, the app for mobile devices and through a secure link after the ETIAS authorisation is granted. |
|
(4) |
The consent tool should enable confirming the identity of the applicant. It is therefore necessary to set out the authentication requirements for accessing the consent tool and to ensure secure access, including through providing applicants with a unique code. The consent tool should also enable applicants to consult data retained prior to providing or withdrawing their consent as well as set out how consent should be provided or withdrawn. |
|
(5) |
The communication channels of the consent tool with the ETIAS Central System should be set out. Furthermore, the message format, standards and protocols as well as the security requirements should be established. |
|
(6) |
In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark did not take part in the adoption of Regulation (EU) 2017/2226 of the European Parliament and of the Council (2) and is not bound by it or subject to its application. However, given that Regulation (EU) 2018/1240 builds upon the Schengen acquis, Denmark notified on 21 December 2018, in accordance with Article 4 of that Protocol, its decision to implement Regulation (EU) 2018/1240 in its national law. |
|
(7) |
This Decision constitutes a development of the provisions of the Schengen acquis in which the United Kingdom does not take part, in accordance with Council Decision 2000/365/EC (3); the United Kingdom is therefore not taking part in the adoption of this Decision and is not bound by it or subject to its application. |
|
(8) |
This Decision constitutes a development of the provisions of the Schengen acquis in which Ireland does not take part, in accordance with Council Decision 2002/192/EC (4); Ireland is therefore not taking part in the adoption of this Decision and is not bound by it or subject to its application. |
|
(9) |
As regards Iceland and Norway, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latter's association with the implementation, application and development of the Schengen acquis (5), which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC (6). |
|
(10) |
As regards Switzerland, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis (7), which fall within the area referred to in Article 1, point A of Decision 1999/437/EC, read in conjunction with Article 3 of Council Decision 2008/146/EC (8). |
|
(11) |
As regards Liechtenstein, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis (9) which fall within the area referred to in Article 1, point A of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU (10). |
|
(12) |
The European Data Protection Supervisor was consulted on 28 January 2019 and delivered an opinion on 8 February 2019, |
HAS ADOPTED THIS DECISION:
Article 1
Access to the consent tool
The consent tool shall be accessible via:
|
(a) |
the dedicated public website referred to in Article 16 of Regulation (EU) 2018/1240; |
|
(b) |
the app for mobile devices referred to in Article 16 of Regulation (EU) 2018/1240; |
|
(c) |
a link provided through the ETIAS email service referred to in point (f) of Article 6(2) of Regulation (EU) 2018/1240. |
Article 2
Two-factor authentication for access to the consent tool
1. In order to connect to the consent tool, two-factor authentication shall be used.
2. The first authentication shall consist of entering the following data:
|
(a) |
application number; |
|
(b) |
travel document number. |
3. Where the applicant does not provide his or her application number, the first authentication shall consist of entering following data:
|
(a) |
travel document number; |
|
(b) |
country of issue of the travel document to be selected from a predetermined list; |
|
(c) |
date of issue and of expiry of the travel document; |
|
(d) |
first names of both parents. |
4. The application number shall be the same as the one provided to applicants via the ETIAS email service on submission of their application. The other data, referred to in paragraph 2 or paragraph 3, submitted by the applicant shall be the same as those provided by them in their application form.
5. The second authentication shall consist of a unique code to be entered into the consent tool.
6. Upon submission of the information in paragraph 2 or paragraph 3, the unique code referred to in paragraph 4 shall be automatically generated and sent to the applicant through the email service referred to in point (f) of Article 6(2) of Regulation (EU) 2018/1240.
7. The unique code shall expire after a short period of time. Sending a new unique code shall invalidate unique codes previously sent to the same applicant.
8. The unique code shall be sent to the same email address provided in the submitted application.
9. The unique code shall be usable only once.
Article 3
Consultation of the data via the tool
1. For the purposes of giving or withdrawing consent to prolong the storing of the application file, the tool shall inform the applicant on the data that would be retained or erased.
2. Prior to giving the consent, the applicant shall have access to:
|
(a) |
a read-only version of the application form and the personal data submitted; |
|
(b) |
a read-only version of additional submitted documentation or information; |
|
(c) |
a read-only version of data added to the application file under Article 39(1), points (a) and (c) to (d) of Regulation (EU) 2018/1240, following the decision to issue the travel authorisation. |
3. Prior to giving the consent, the applicant shall be informed:
|
(a) |
about the fact if consent is provided, the application file is retained for an additional period of three years from the end of the validity period of the travel authorisation; |
|
(b) |
about the fact that consent may be withdrawn at any time until the end of the additional retention period; |
|
(c) |
about the fact that the data shall be retained for the purpose of facilitating a new application; |
|
(d) |
about the fact that the data may be used in accordance with Article 71(o) of Regulation (EU) 2018/1240; |
|
(e) |
about the procedures for exercising the rights under Articles 17 to 24 of Regulation (EU) 2018/1725; the contact details of the data protection officer of the European Border and Coast Guard Agency, of the European Data Protection Supervisor and of the national supervisory authority of the Member State of first intended stay where the travel authorisation has been issued by the ETIAS Central System, or of the Member State responsible where the travel authorisation has been issued by an ETIAS National Unit. |
Article 4
Provision of consent
1. The consent shall be given by means of an electronically signed declaration through the ticking of an appropriate box in the consent tool.
2. Following the provision of consent the applicant shall receive an email containing:
|
(a) |
confirmation that the applicant's application file is retained for an additional period of three years from the end of the validity of the travel authorisation; |
|
(b) |
a link to the consent tool; |
|
(c) |
notification that the data is retained for the purpose of facilitating a new application and that those data may be used for the purposes referred to in Article 71(o) of Regulation (EU) 2018/1240; |
|
(d) |
notification that consent may be withdrawn at any time until the end of the additional retention period; |
|
(e) |
notification that the applicant is advised to retain their current application number to reuse the retained application file for the purpose of submitting a new application. |
Article 5
Withdrawal of consent
1. The withdrawal of the consent for the retention of the application file shall be indicated by ticking an appropriate box in consent tool.
2. Where consent is withdrawn during the validity period of the current travel authorisation, an email shall be sent to the applicant confirming that the application file will be erased after the validity period of their current travel authorisation.
3. Where consent is withdrawn during the additional period, an email shall be sent to the applicant confirming that the application file will be erased.
Article 6
Communication of the tool with the Central System
1. Following a provision of consent for the retention of an application file in accordance with Article 54 of Regulation (EU) 2018/1240:
|
(a) |
the consent tool shall inform the ETIAS Central System of such consent via the secure web service, referred to in point (l) of Article 6(2) of Regulation (EU) 2018/1240; |
|
(b) |
the ETIAS Central System shall retain the application file for a period of three years from the end of the validity period of the current travel authorisation. |
2. Following a withdrawal of consent for the retention of an application file in accordance with Article 54 of Regulation (EU) 2018/1240:
|
(a) |
the consent tool shall inform the ETIAS Central System of such withdrawal; |
|
(b) |
the ETIAS Central System shall automatically erase the application file after the validity period of their current travel authorisation or during the additional retention period of three years, if the consent is withdrawn during that period. |
3. Upon expiry of its retention period, the application file shall automatically be erased from the ETIAS Central System as referred to in Article 54(3) of Regulation (EU) 2018/1240.
Article 7
Message format, standards and protocols
The message format and the protocols to be implemented shall be included in the technical specifications referred to in Article 73(3) of Regulation (EU) 2018/1240.
Article 8
Specific security considerations
1. The consent tool shall be designed and implemented to ensure the confidentiality, integrity and availability of processed data and to ensure non-repudiation of transactions. The technical and organisational implementation of it shall meet the requirements of the ETIAS security plan referred in Article 59(3) of Regulation (EU) 2018/1240 and of the rules on data protection and security applicable to the public website and the app for mobile devices referred to in Article 16(10) of Regulation (EU) 2018/1240.
2. The consent tool shall be designed and implemented in a way that precludes unlawful access to it. For this purpose, the consent tool shall limit the number of attempts to access the tool with the same travel document number, the same application number or the same unique code. The tool shall also include measures to protect against non-human behaviour.
3. The consent tool shall include time-out measures after some minutes of inactivity.
4. Additional details concerning the confidentiality, integrity and availability of processed data shall be subject of the technical specifications referred to in Article 73(3) of Regulation (EU) 2018/1240.
Article 9
Logs
1. The consent tool shall keep activity logs, containing:
|
(a) |
authentication data, including whether the authentication was successful or not; |
|
(b) |
date and time of access; |
|
(c) |
value of tick box giving or withdrawing consent. |
2. Activity logs of the tool shall be copied to the Central System. They shall be stored for no longer than one year after the end of the extended retention period of the application file, unless they are required for monitoring procedures which have already begun. After that period, they shall be automatically erased.
Such logs can only be used for the purpose of Article 69(4) of Regulation (EU) 2018/1240.
Article 10
This Decision shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
Done at Brussels, 22 February 2019.
For the Commission
The President
Jean-Claude JUNCKER
(1) OJ L 236, 19.9.2018, p. 1.
(2) Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011 (OJ L 327, 9.12.2017, p. 20).
(3) Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis (OJ L 131, 1.6.2000, p. 43).
(4) Council Decision 2002/192/EC of 28 February 2002 concerning Ireland's request to take part in some of the provisions of the Schengen acquis (OJ L 64, 7.3.2002, p. 20).
(5) OJ L 176, 10.7.1999, p. 36.
(6) Council Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis (OJ L 176, 10.7.1999, p. 31).
(7) OJ L 53, 27.2.2008, p. 52.
(8) Council Decision 2008/146/EC of 28 January 2008 on the conclusion, on behalf of the European Community, of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis (OJ L 53, 27.2.2008, p. 1).
(9) OJ L 160, 18.6.2011, p. 21.
(10) Council Decision 2011/350/EU of 7 March 2011 on the conclusion, on behalf of the European Union, of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis, relating to the abolition of checks at internal borders and movement of persons (OJ L 160, 18.6.2011, p. 19).
|
13.6.2019 |
EN |
Official Journal of the European Union |
L 156/15 |
COMMISSION DELEGATED DECISION (EU) 2019/970
of 22 February 2019
on the tool for applicants to check the status of their applications and to check the period of validity and status of their travel authorisations pursuant to Article 31 of Regulation (EU) 2018/1240 of the European Parliament and of the Council
(Text with EEA relevance)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (1), and in particular, Article 31 thereof,
Whereas:
|
(1) |
Regulation (EU) 2018/1240 established a European Travel Information and Authorisation System (ETIAS) as a system for third-country nationals exempt from the requirement to be in possession of a visa when crossing the external borders. It laid down the conditions and procedures to issue or refuse a travel authorisation. |
|
(2) |
Applicants for an ETIAS travel authorisation, travel authorisation holders, persons whose ETIAS travel authorisation was refused, revoked or annulled or persons whose ETIAS travel authorisation has expired and have given their consent to retain their data in accordance with Article 54(2) of Regulation (EU) 2018/1240 (further referred to as ‘applicant’) should be able to verify the status of their application and to check the period of validity and status of their travel authorisation. |
|
(3) |
This Decision should set out conditions on how applicants can verify the status of their applications and to check the period of validity and status of their travel authorisation using a dedicated tool. |
|
(4) |
The verification tool should be accessible through the dedicated public website, the app for mobile devices and through a secure link. This link to the verification tool should be sent to the applicant's email address when the applicant is notified of acknowledgment of the submission of an application or of the issue, revocation or annulment of a travel authorisation, in accordance with Articles 19(5), 38(1)(a), 42(a) and 44(6)(a) of Regulation (EU) 2018/1240. |
|
(5) |
The verification tool should enable confirming the identity of the applicant. It is therefore necessary to set out authentication requirements for accessing the verification tool. Applicants should submit data in order to authenticate themselves. It is also necessary to set out outputs of the verification tool enabling the applicant to verify the status of their application and to check the period of validity and status of their travel authorisation. |
|
(6) |
The communication channels of the verification tool with the ETIAS Central System should be set out. Furthermore, the message format, standards and protocols as well as the security requirements should be established. |
|
(7) |
In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark did not take part in the adoption of Regulation (EU) 2017/2226 of the European Parliament and of the Council (2) and is not bound by it or subject to its application. However, given that Regulation (EU) 2018/1240 builds upon the Schengen acquis, Denmark notified on 21 December 2018, in accordance with Article 4 of that Protocol, its decision to implement Regulation (EU) 2018/1240 in its national law. |
|
(8) |
This Decision constitutes a development of the provisions of the Schengen acquis in which the United Kingdom does not take part, in accordance with Council Decision 2000/365/EC (3); the United Kingdom is therefore not taking part in the adoption of this Decision and is not bound by it or subject to its application. |
|
(9) |
This Decision constitutes a development of the provisions of the Schengen acquis in which Ireland does not take part, in accordance with Council Decision 2002/192/EC (4); Ireland is therefore not taking part in the adoption of this Decision and is not bound by it or subject to its application. |
|
(10) |
As regards Iceland and Norway, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latter's association with the implementation, application and development of the Schengen acquis (5), which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC (6). |
|
(11) |
As regards Switzerland, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis (7), which fall within the area referred to in Article 1, point A of Decision 1999/437/EC, read in conjunction with Article 3 of Council Decision 2008/146/EC (8). |
|
(12) |
As regards Liechtenstein, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis (9) which fall within the area referred to in Article 1, point A of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU (10). |
|
(13) |
The European Data Protection Supervisor was consulted on 28 January 2019 and delivered an opinion on 8 February 2019, |
HAS ADOPTED THIS DECISION:
Article 1
Access to the verification tool
1. Applicants for an ETIAS travel authorisation, travel authorisation holders, persons whose ETIAS travel authorisation was refused, revoked or annulled or persons whose ETIAS travel authorisation has expired and have given their consent to retain their data in accordance with Article 54(2) of Regulation (EU) 2018/1240 (further referred to as ‘applicant’) shall have access to the verification tool.
2. The verification tool shall be accessible via:
|
(a) |
the dedicated public website; |
|
(b) |
the app for mobile devices referred to in Article 16 of Regulation (EU) 2018/1240; |
|
(c) |
a link provided through the ETIAS email service referred to in point (f) of Article 6(2) of Regulation (EU) 2018/1240. This link shall be sent when the applicant is notified of acknowledgment of the submission of an application or of the issue, revocation or annulment of a travel authorisation, in accordance with Articles 19(5), 38(1)(a), 42(a) and 44(6)(a) of Regulation (EU) 2018/1240. |
Article 2
The two-factor authentication required for access to the verification tool
1. In order to connect to the verification tool, two-factor authentication shall be used.
2. The first authentication shall consist of entering the following data:
|
(a) |
travel document number; |
|
(b) |
country of issue of the travel document to be selected from a predetermined list; |
|
(c) |
email address. |
3. The data submitted by the applicant shall be the same as the one provided by them in their application form.
4. The second authentication shall consist of a unique code to be entered into the verification tool to confirm authentication.
5. Upon submission of the information in paragraph 2, the unique code shall be automatically generated and sent to the applicant through the email service referred to in point (f) of Article 6(2) of Regulation (EU) 2018/1240.
6. The unique code shall expire after a short period of time. Sending a new unique code shall invalidate unique codes previously sent to the same applicant.
7. The unique code shall be sent to the same email address provided in the submitted application.
8. The unique code shall be usable only once.
Article 3
Output of the verification tool
1. Upon authentication for access to the tool, applicants shall view the status of the applications or travel authorisations linked to their travel document number.
2. The verification tool shall provide one of the following status categories per each application or travel authorisation linked to the travel document number:
|
(a) |
‘submitted’; |
|
(b) |
‘valid’; |
|
(c) |
‘refused’; |
|
(d) |
‘annulled’; |
|
(e) |
‘revoked’; |
|
(f) |
‘expired’. |
3. For all valid travel authorisations, the verification tool shall provide the end date of the travel authorisation validity period.
4. In case of limited territorial validity, the applicant shall be informed about the Member State(s) for which the travel authorisation is valid. This information shall be displayed in a prominent place in the verification tool.
5. A disclaimer shall be shown in the verification tool indicating that a valid travel authorisation shall not confer an automatic right of entry or stay as specified in Article 36(6) of Regulation (EU) 2018/1240. This disclaimer shall also invite applicants to consult the Entry/Exit System (EES) web service referred to in Article 13 of Regulation (EU) 2017/2226, which shall be clearly indicated, in order to gain further information on the remaining period of authorised stay.
Article 4
Data extraction requirements
1. The verification tool shall make use of a separate read-only database updated within a few minutes via a one-way extraction of the minimum subset of data stored in ETIAS necessary to implement the provisions of Articles 2 and 3 of this Decision.
2. eu-LISA shall be responsible for the security of the verification tool, for the security of the personal data it contains and for the process of extracting the personal data into the separate read-only database.
Article 5
Message format, standards and protocols
The message format and the protocols to be implemented shall be included in the technical specifications referred to in Article 73(3) of Regulation (EU) 2018/1240.
Article 6
Specific security considerations
1. The verification tool shall be designed and implemented to ensure the confidentiality, integrity and availability of processed data and to ensure non-repudiation of transactions. The technical and organisational implementation of it shall meet the requirements of the ETIAS security plan referred in Article 59(3) of Regulation (EU) 2018/1240 and of the rules on data protection and security applicable to the public website and the app for mobile devices referred to in Article 16(10) of Regulation (EU) 2018/1240.
2. The verification tool shall be designed in a way that precludes unlawful access to the verification tool. For this purpose, the verification tool shall limit the number of attempts to access the tool with the same travel document and unique code. The tool shall also include measures to protect against non-human behaviour.
3. The verification tool shall also include time-out measures after some minutes of inactivity.
4. Additional details concerning the confidentiality, integrity and availability of processed data shall be subject of the technical specifications referred to in Article 73(3) of Regulation (EU) 2018/1240.
Article 7
Logs
1. The verification tool shall keep activity logs, including:
|
(a) |
authentication data, including whether the authentication was successful or not; |
|
(b) |
date and time of access. |
2. Activity logs of the tool shall be copied to the Central System. They shall be stored for no longer than one year after the end of the retention period of the application file, unless they are required for monitoring procedures which have already begun. After that period, they shall be automatically erased.
Such logs can only be used for the purpose of Article 69(4) of Regulation (EU) 2018/1240.
Article 8
This Decision shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
Done at Brussels, 22 February 2019.
For the Commission
The President
Jean-Claude JUNCKER
(1) OJ L 236, 19.9.2018, p. 1.
(2) Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011 (OJ L 327, 9.12.2017, p. 20).
(3) Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis (OJ L 131, 1.6.2000, p. 43).
(4) Council Decision 2002/192/EC of 28 February 2002 concerning Ireland's request to take part in some of the provisions of the Schengen acquis (OJ L 64, 7.3.2002, p. 20).
(5) OJ L 176, 10.7.1999, p. 36.
(6) Council Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis (OJ L 176, 10.7.1999, p. 31).
(7) OJ L 53, 27.2.2008, p. 52.
(8) Council Decision 2008/146/EC of 28 January 2008 on the conclusion, on behalf of the European Community, of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis (OJ L 53, 27.2.2008, p. 1).
(9) OJ L 160, 18.6.2011, p. 21.
(10) Council Decision 2011/350/EU of 7 March 2011 on the conclusion, on behalf of the European Union, of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis, relating to the abolition of checks at internal borders and movement of persons (OJ L 160, 18.6.2011, p. 19).
|
13.6.2019 |
EN |
Official Journal of the European Union |
L 156/20 |
COMMISSION DELEGATED DECISION (EU) 2019/971
of 26 February 2019
on the definition of the requirements of the secure account service pursuant to Article 6(4) of Regulation (EU) 2018/1240 of the European Parliament and of the Council, enabling applicants to provide any additional information or documentation required
(Text with EEA relevance)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (1), and in particular Article 6(4) thereof,
Whereas:
|
(1) |
Regulation (EU) 2018/1240 established a European Travel Information and Authorisation System (ETIAS) as a system for third-country nationals exempt from the requirement to be in possession of a visa when crossing the external borders. It laid down the conditions and procedures to issue or refuse a travel authorisation. |
|
(2) |
ETIAS National Units manually processing of ETIAS applications may request applicants to provide additional documentation or information. This Decision should set out conditions on how the applicants can provide those additional documents or information using a dedicated tool. |
|
(3) |
The secure account service should be accessible through the dedicated public website and the app for mobile devices and through a secure link. |
|
(4) |
The secure account service should enable confirming the identity of the applicant and ensure secure access to the tool. It is therefore necessary to set out the authentication requirements, including the provision of a unique code to the applicant. |
|
(5) |
It is also necessary to set out the procedure for the submission of additional information or documentation as well as outputs of the secure account service. |
|
(6) |
Applicants should be able to submit additional information or documentation at any time, within the time allocated according to Article 27(2) or Article 44(3) from the receipt of the request for additional information or documentation. Applicants should be able to save and resume their progress within that time limit. After those deadlines have passed, applicants should no longer have access to the secure account service. |
|
(7) |
The communication channels of the secure account service with the ETIAS Central System should be set out. Furthermore, the message format, standards and protocols as well as the security requirements should be established. |
|
(8) |
In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark did not take part in the adoption of Regulation (EU) 2017/2226 and is not bound by it or subject to its application. However, given that Regulation (EU) 2018/1240 builds upon the Schengen acquis, Denmark notified on 21 December 2018, in accordance with Article 4 of that Protocol, its decision to implement Regulation (EU) 2018/1240 in its national law. |
|
(9) |
This Decision constitutes a development of the provisions of the Schengen acquis in which the United Kingdom does not take part, in accordance with Council Decision 2000/365/EC (2); the United Kingdom is therefore not taking part in the adoption of this Decision and is not bound by it or subject to its application. |
|
(10) |
This Decision constitutes a development of the provisions of the Schengen acquis in which Ireland does not take part, in accordance with Council Decision 2002/192/EC (3); Ireland is therefore not taking part in the adoption of this Decision and is not bound by it or subject to its application. |
|
(11) |
As regards Iceland and Norway, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latter's association with the implementation, application and development of the Schengen acquis (4), which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC (5). |
|
(12) |
As regards Switzerland, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis (6), which fall within the area referred to in Article 1, point A of Decision 1999/437/EC, read in conjunction with Article 3 of Council Decision 2008/146/EC (7). |
|
(13) |
As regards Liechtenstein, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis (8) which fall within the area referred to in Article 1, point A of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU (9). |
|
(14) |
The European Data Protection Supervisor was consulted on 28 January 2019 and delivered an opinion on 8 February 2019, |
HAS ADOPTED THIS DECISION:
Article 1
Access to the secure account service
1. The secure account service shall be accessible via:
|
(a) |
the dedicated public website referred to in Article 16 of Regulation (EU) 2018/1240; |
|
(b) |
the app for mobile devices referred to in Article 16 of Regulation (EU) 2018/1240; |
|
(c) |
a link provided through the ETIAS email service referred to in point (f) of Article 6(2) of Regulation (EU) 2018/1240. |
2. The secure account service shall be accessible until:
|
(a) |
final submission of additional information or documentation confirmed by the ETIAS applicant; or |
|
(b) |
until expiry of the time limit, referred to in Article 27(2) of Regulation (EU) 2018/1240; or |
|
(c) |
until expiry of the duration set by the ETIAS National Unit pursuant to Article 44 of Regulation (EU) 2018/1240. |
Article 2
Two-factor authentication for access to the secure account service
1. In order to connect to the secure account service, two-factor authentication shall be used.
2. The first authentication shall consist of entering the following data:
|
(a) |
application number; |
|
(b) |
travel document number. |
3. Where the applicant does not provide his or her application number, the first authentication shall consist of entering following data:
|
(a) |
travel document number; |
|
(b) |
country of issue of the travel document to be selected from a predetermined list; |
|
(c) |
date of issue and of expiry of the travel document; and |
|
(d) |
first names of both parents. |
4. The application number shall be the same as the one provided to applicants via the ETIAS email service on submission of their application. The other data, referred to in paragraph 2 or paragraph 3, submitted by the applicant shall also be the same as those provided by applicants at the time of the submission of their application.
5. The second authentication shall consist of a unique code to be entered into the secure account service to confirm authentication.
6. Upon submission of the information in paragraph 2 or paragraph 3, the unique code referred to in paragraph 4 shall be automatically generated and sent to the applicant through the email service referred to in point (f) of Article 6(2) of Regulation (EU) 2018/1240.
7. The unique code shall be sent to the same email address provided in the submitted application.
8. The unique code shall expire after a short period of time. Sending a new unique code shall invalidate unique codes previously sent to the same applicant.
9. The unique code shall be usable only once.
Article 3
Submission of additional information or documentation to the secure account service
1. For the purpose of Article 27 of Regulation (EU) 2018/1240, ETIAS applicants shall submit additional information or documentation, in one of the following formats:
|
(a) |
Portable Document Format (PDF); |
|
(b) |
Joint Photographic Experts Group (JPEG); or |
|
(c) |
Portable Network Graphics (PNG). |
2. The secure account service shall accept a final upload of a maximum of 20 files and a final size of submission not exceeding 50 MB.
3. ETIAS applicants shall be able to save their progress and resume their submission of additional information or documentation in the secure account service within the time limit referred to in Article 27(2) of Regulation (EU) 2018/1240 or the time limit allocated by the ETIAS National Unit where the provisions of Article 44 of that Regulation are applied. The secure account service shall allow applicants to clearly indicate whether the submission is final or not. The secure account service shall allow applicants to verify that the documents are uploaded correctly before confirming submission.
4. Applicants shall be allowed to delete documents uploaded before the final submission within the allocated time, referred to in Article 27(2) of Regulation (EU) 2018/1240 or the time allocated by the ETIAS National Unit where the provisions of Article 44 of that Regulation are applied.
5. Applicants shall be asked to confirm their submission through the ticking of an appropriate box in the secure account service.
Article 4
Output of the secure account service
1. Upon final submission of the additional information and/or documentation:
|
(a) |
a read-only version of the submitted additional information and/or documentation shall be available accompanied by the reference ‘submitted’; |
|
(b) |
the applicant shall, via the ETIAS email service, receive an email confirming submission of additional information and/or documentation, including the names and formats of the uploaded documents, the time stamp of final submission and an alphanumeric value of a fixed length that uniquely identifies data (‘hash values’) for the submitted files. |
2. After submission of the additional information and/or documentation, applicants shall no longer have access to the secure account service.
3. The secure account service shall have a built-in technical solution to help guarantee that every document stored in the application file is the same as the one uploaded by the applicant in the secure account service.
Article 5
Communication of the secure account service with the ETIAS Central System
1. Following a request for additional information or documentation by an ETIAS National Unit, pursuant to Articles 27 or 44 of Regulation (EU) 2018/1240, the ETIAS Central System shall immediately inform the secure account service of such request via the secure web service, referred to in point (l) of Article 6(2) of Regulation (EU) 2018/1240.
2. Upon submission of additional information or documentation by the applicant, the secure account service shall:
|
(a) |
calculate hash values of the submitted files; and |
|
(b) |
transmit the additional information or documentation to the ETIAS Central System through the secure web service. |
3. The secure web service shall conduct the necessary verification processes to ensure that the documents are safe and secure prior to transmitting them to the ETIAS Central System.
4. The ETIAS Central System shall record and store the additional information and/or documentation on the application file in accordance with Articles 27(9) and 44(3) of Regulation (EU) 2018/1240.
Article 6
Message format, standards and protocols
The message format and the protocols to be implemented shall be included in the technical specifications referred to in Article 73(3) of Regulation (EU) 2018/1240.
Article 7
Specific security considerations
1. The secure account service shall be designed and implemented in a way that precludes unlawful access to it. For this purpose, the secure account service shall limit the number of attempts to access the secure account service with the same travel document, application number or unique code. The secure account service shall also include measures to protect against non-human behaviour.
2. The secure account service shall include time-out measures after some minutes of inactivity.
3. Additional details concerning the confidentiality, integrity and availability of processed data shall be subject of the technical specifications referred to in Article 73(3) of Regulation (EU) 2018/1240.
Article 8
Logs
1. The secure account service shall keep activity logs containing:
|
(a) |
authentication data including whether the authentication was successful or not; |
|
(b) |
the date and time the unique code was sent; |
|
(c) |
date and time of access; |
|
(d) |
number of documents uploaded; |
|
(e) |
verification of safety and security of the documents. |
2. In addition, for each document, the following logs shall be kept:
|
(a) |
date and time of uploaded document(s); |
|
(b) |
document name(s); |
|
(c) |
size of document(s); |
|
(d) |
hash values of the documents uploaded. |
3. Activity and document logs of the secure account service shall be copied to the Central System. They shall be stored for no longer than one year after the end of the retention period of the application file, unless they are required for monitoring procedures which have already begun. After that period, they shall be automatically erased.
Such logs can only be used for the purpose of Article 69(4) of Regulation (EU) 2018/1240.
Article 9
This Decision shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
Done at Brussels, 26 February 2019.
For the Commission
The President
Jean-Claude JUNCKER
(1) OJ L 236, 19.9.2018, p. 1.
(2) Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis (OJ L 131, 1.6.2000, p. 43).
(3) Council Decision 2002/192/EC of 28 February 2002 concerning Ireland's request to take part in some of the provisions of the Schengen acquis (OJ L 64, 7.3.2002, p. 20).
(4) OJ L 176, 10.7.1999, p. 36.
(5) Council Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis (OJ L 176, 10.7.1999, p. 31).
(6) OJ L 53, 27.2.2008, p. 52.
(7) Council Decision 2008/146/EC of 28 January 2008 on the conclusion, on behalf of the European Community, of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis (OJ L 53, 27.2.2008, p. 1).
(8) OJ L 160, 18.6.2011, p. 21.
(9) Council Decision 2011/350/EU of 7 March 2011 on the conclusion, on behalf of the European Union, of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis, relating to the abolition of checks at internal borders and movement of persons (OJ L 160, 18.6.2011, p. 19).