nationals of third countries listed in Annex II to Council Regulation (EC) No 539/2001 ( 2 ) who are exempt from the visa requirement for intended stays in the territory of the Member States of a duration of no more than 90 days in any 180-day period;

persons who, pursuant to Article 4(2) of Regulation (EC) No 539/2001, are exempt from the visa requirement for intended stays in the territory of the Member States of a duration of no more than 90 days in any 180-day period;

third-country nationals who are exempt from the visa requirement and who fulfil the following conditions:

refugees or stateless persons or other persons who do not hold the nationality of any country who reside in a Member State and who are holders of a travel document issued by that Member State;

third-country nationals who are family members of a Union citizen to whom Directive 2004/38/EC applies and who hold a residence card pursuant to that Directive;

third-country nationals who are family members of a third-country national enjoying a right of free movement equivalent to that of Union citizens, under an agreement between the Union and its Member States on the one hand and a third country on the other, and who hold a residence card pursuant to Directive 2004/38/EC or a residence permit pursuant to Regulation (EC) No 1030/2002;

holders of residence permits referred to in point 16 of Article 2 of Regulation (EU) 2016/399;

holders of uniform visas;

holders of national long-stay visas;

nationals of Andorra, Monaco and San Marino and holders of a passport issued by the Vatican City State or the Holy See;

nationals of third countries who are holders of a local border traffic permit issued by the Member States pursuant to Regulation (EC) No 1931/2006 of the European Parliament and of the Council ( 3 ) when such holders exercise their right within the context of the Local Border Traffic regime;

persons or categories of persons referred to in points (a) to (f) of Article 4(1) of Regulation (EC) No 539/2001;

third-country nationals holding diplomatic or service passports who have been exempted from the visa requirement pursuant to an international agreement concluded by the Union and a third country;

persons who are subject to a visa requirement pursuant to Article 4(3) of Regulation (EC) No 539/2001;

third-country nationals exercising their right to mobility in accordance with Directive 2014/66/EU ( 4 ) or (EU) 2016/801 ( 5 ) of the European Parliament and of the Council.

‘external borders’ means the external borders as defined in point 2 of Article 2 of Regulation (EU) 2016/399;

‘law enforcement’ means the prevention, detection or investigation of terrorist offences or other serious criminal offences;

‘second line check’ means a second line check as defined in point 13 of Article 2 of Regulation (EU) 2016/399;

‘border authority’ means the border guard assigned in accordance with national law to carry out border checks as defined in point 11 of Article 2 of Regulation (EU) 2016/399;

‘travel authorisation’ means a decision issued in accordance with this Regulation which is required for third-country nationals referred to in Article 2(1) of this Regulation to fulfil the entry condition laid down in point (b) of Article 6(1) of Regulation (EU) 2016/399 and which indicates:

‘security risk’ means the risk of a threat to public policy, internal security or international relations for any of the Member States;

‘illegal immigration risk’ means the risk of a third-country national not fulfilling the conditions of entry and stay as set out in Article 6 of Regulation (EU) 2016/399;

‘high epidemic risk’ means any disease with epidemic potential as defined by the International Health Regulations of the World Health Organization (WHO) or the European Centre for Disease Prevention and Control (ECDC) and other infectious diseases or contagious parasitic diseases if they are the subject of protection provisions applying to nationals of the Member States;

‘applicant’ means any third-country national referred to in Article 2 who has submitted an application for a travel authorisation;

‘travel document’ means a passport or other equivalent document entitling the holder to cross the external borders and to which a visa may be affixed;

‘short stay’ means stays in the territory of the Member States within the meaning of Article 6(1) of Regulation (EU) 2016/399;

‘overstayer’ means a third-country national who does not fulfil, or no longer fulfils the conditions relating to the duration of a short stay on the territory of the Member States;

‘app for mobile devices’ means a software application designed to run on mobile devices such as smartphones and tablet computers;

‘hit’ means the existence of a correspondence established by comparing the personal data recorded in an application file of the ETIAS Central System with the specific risk indicators referred to in Article 33 or with the personal data present in a record, file or alert registered in the ETIAS Central System, in another EU information system or database listed in Article 20(2) (‘EU information systems’), in Europol data or in an Interpol database queried by the ETIAS Central System;

‘terrorist offence’ means an offence which corresponds or is equivalent to one of the offences referred to in Directive (EU) 2017/541;

‘serious criminal offence’ means an offence which corresponds or is equivalent to one of the offences referred to in Article 2(2) of Framework Decision 2002/584/JHA, if it is punishable under national law by a custodial sentence or a detention order for a maximum period of at least three years;

‘Europol data’ means personal data processed by Europol for the purpose referred to in point (a) of Article 18(2) of Regulation (EU) 2016/794;

‘electronically signed’ means the confirmation of agreement through the ticking of an appropriate box in the application form or the request for consent;

‘minor’ means a third-country national or a stateless person below the age of 18 years;

‘consulate’ means a Member State’s diplomatic mission or a Member State’s consular post as defined by the Vienna Convention on Consular Relations of 24 April 1963;

‘designated authority’ means an authority designated by a Member State pursuant to Article 50 as responsible for the prevention, detection or investigation of terrorist offences or of other serious criminal offences;

‘immigration authority’ means the competent authority responsible, in accordance with national law, for one or more of the following:

‘CIR’ means the common identity repository established by Article 17(1) of Regulation (EU) 2019/817;

‘ESP’ means the European search portal established by Article 6(1) of Regulation (EU) 2019/817;

‘ETIAS Central System’ means the Central System referred to in point (a) of Article 6(2) together with the CIR to the extent that the CIR contains the data referred to in Article 6(2a);

‘identity data’ means the data referred to in points (a), (b) and (c) of Article 17(2);

‘travel document data’ means the data referred to in points (d) and (e) of Article 17(2) and the three letter code of the country issuing the travel document as referred to in point (c) of Article 19(3) ►M2  ; ◄

‘other EU information systems’ means the Entry/Exit System (‘EES’), established by Regulation (EU) 2017/2226, the Visa Information System (‘VIS’), established by Regulation (EC) No 767/2008 of the European Parliament and of the Council ( 8 ), the Schengen Information System (‘SIS’), established by Regulations (EU) 2018/1860 ( 9 ), (EU) 2018/1861 ( 10 ) and (EU) 2018/1862 ( 11 ) of the European Parliament and of the Council, Eurodac, established by Regulation (EU) No 603/2013 of the European Parliament and of the Council ( 12 ) and the European Criminal Record Information System – Third-Country Nationals (‘ECRIS-TCN’), established by Regulation (EU) 2019/816 of the European Parliament and of the Council ( 13 )

a Central System, including the ETIAS watchlist referred to in Article 34;

the CIR;

a national uniform interface (NUI) in each Member State based on common technical specifications and identical for all Member States enabling the ETIAS Central System to connect to the national border infrastructures and to the central access points in Member States referred to in Article 50(2) in a secure manner;

a communication infrastructure between the ETIAS Central System and the NUIs which shall be secure and encrypted;

a secure communication infrastructure between the Central System and the central infrastructures of the ESP and the CIR;

a secure communication channel between the ETIAS Central System and the EES Central System;

a public website and an app for mobile devices;

an email service;

a secure account service enabling applicants to provide any additional information or documentation required;

a verification tool for applicants;

a tool enabling applicants to give or withdraw their consent for an additional retention period of their application file;

a tool enabling Europol and Member States to assess the potential impact of entering new data into the ETIAS watchlist on the proportion of applications that are manually processed;

a carrier gateway;

a secure web service enabling the ETIAS Central System to communicate with the public website, the app for mobile devices, the email service, the secured account service, the carrier gateway, the verification tool for applicants, the consent tool for applicants, the payment intermediary and the Interpol databases;

software enabling the ETIAS Central Unit and the ETIAS National Units to process applications and to manage consultations with other ETIAS National Units as referred to in Article 28 and with Europol as referred to in Article 29;

a central repository of data for the purposes of reporting and statistics.

in cases where the automated application process has reported a hit, verifying in accordance with Article 22 whether the applicant’s personal data correspond to the personal data of the person having triggered that hit in the ETIAS Central System, any of the EU information systems that are consulted, Europol data, any of the Interpol databases referred to in Article 12, or the specific risk indicators referred to in Article 33, and where a correspondence is confirmed or where after such verification doubts remain, launching the manual processing of the application as referred to in Article 26;

ensuring that the data it enters in the applications files are up to date in accordance with the relevant provisions of Articles 55 and 64;

defining, establishing, assessing ex ante, implementing, evaluating ex post, revising and deleting the specific risk indicators as referred to in Article 33 after consultation of the ETIAS Screening Board;

ensuring that the verifications performed in accordance with Article 22 and the corresponding results are recorded in the application files;

carrying out regular audits of the processing of applications and of the implementation of Article 33, including by regularly assessing their impact on fundamental rights, in particular with regard to privacy and personal data protection;

indicating, where necessary, the Member State responsible for the manual processing of applications as referred to in Article 25(2);

in cases of technical problems or unforeseen circumstances, facilitating where necessary the consultations between Member States referred to in Article 28 and between the Member State responsible and Europol referred to in Article 29;

notifying carriers in cases of a failure of the ETIAS Information System as referred to in Article 46(1);

notifying the ETIAS National Units of the Member States of a failure of the ETIAS Information System as referred to in Article 48(1);

processing requests for consultation of data in the ETIAS Central System by Europol as referred to in Article 53;

providing the general public with all relevant information in relation to the application for a travel authorisation as referred to in Article 71;

cooperating with the Commission as regards the information campaign referred to in Article 72;

providing support in writing to travellers who have encountered problems when filling in the application form and have requested assistance through a standard contact form; maintaining a list of frequent questions and answers available online;

ensuring follow-up and regularly reporting to the Commission on reported abuses by commercial intermediaries as referred to in Article 15(5).

statistics on:

general information on the functioning of the ETIAS Central Unit, its activities as set out in this Article and information on current trends and challenges affecting the conduct of its tasks.

examining and deciding on applications for travel authorisation where the automated application process has reported a hit and the manual processing of the application has been initiated by the ETIAS Central Unit;

ensuring that the tasks performed under point (a) and the corresponding results are recorded in the application files;

ensuring that the data they enter in the application files are up to date in accordance with the relevant provisions of Articles 55 and 64;

deciding to issue travel authorisations with limited territorial validity as referred to in Article 44;

ensuring coordination with other ETIAS National Units and Europol concerning the consultation requests referred to in Articles 28 and 29;

providing applicants with information regarding the procedure to be followed in the event of an appeal under Article 37(3);

annulling and revoking a travel authorisation as referred to in Articles 40 and 41.

by the ETIAS Central Unit on the definition, establishment, assessment ex ante, implementation, evaluation ex post, revision and deletion of the specific risk indicators referred to in Article 33;

by Member States on the implementation of the ETIAS watchlist referred to in Article 34;

by Europol on the implementation of the ETIAS watchlist referred to in Article 34.

surname (family name);

surname at birth;

first name(s) (given name(s));

date of birth;

place of birth;

country of birth;

sex;

current nationality;

other nationalities (if any);

type, number, the country of issue of the travel document.

surname (family name);

surname at birth;

first name(s) (given name(s));

date of birth;

sex;

current nationality;

other names (alias(es));

artistic name(s);

usual name(s);

other nationalities (if any);

type, number, the country of issue of the travel document.

surname (family name);

surname at birth;

first name(s) (given name(s));

date of birth;

place of birth;

sex;

current nationality;

other names (alias(es));

artistic name(s);

usual name(s);

other nationalities (if any);

type, number, the country of issue of the travel document;

for minors, surname and first name(s) of the person exercising parental authority or of the applicant’s legal guardian.

surname (family name);

surname at birth;

first name(s) (given name(s));

date of birth;

place of birth;

sex;

current nationality;

other names (alias(es));

artistic name(s);

usual name(s);

other nationalities (if any);

type, number, the country of issue of the travel document;

for minors, surname and first name(s) of the person exercising parental authority or of the applicant’s legal guardian.

surname (family name);

surname at birth;

first name(s) (given name(s));

date of birth;

place of birth;

country of birth;

sex;

current nationality;

other names (alias(es));

artistic name(s);

usual name(s);

other nationalities (if any);

type, number, the country of issue of the travel document.

the type of the alert, with the exception of alerts as referred to in Article 23(1);

the source of the data, namely the other EU information system from which the data originated or Europol data, as appropriate;

the reference number in the queried EU information system of the record having triggered the hit and the Member State that entered or supplied the data having triggered the hit; and

where available, the date and time when the data was entered in the other EU information system or Europol data.

surname (family name), first name(s) (given name(s)), surname at birth; date of birth, place of birth, sex, current nationality;

country of birth, first name(s) of the parents of the applicant;

other names (alias(es), artistic name(s), usual name(s)), if any;

other nationalities, if any;

type, number and country of issue of the travel document;

the date of issue and the date of expiry of the validity of the travel document;

the applicant’s home address or, if not available, his or her city and country of residence;

email address and, if available, phone numbers;

education (primary, secondary, higher or none);

current occupation (job group); where the application is subject to the manual processing in accordance with the procedure laid down in Article 26, the Member State responsible may in accordance with Article 27 request that the applicant provide additional information concerning his or her exact job title and employer or, for students, the name of their educational establishment;

Member State of first intended stay, and optionally, the address of first intended stay;

for minors, surname and first name(s), home address, email address and, if available, phone number of the person exercising parental authority or of the applicant’s legal guardian;

where he or she claims the status of family member referred to in point (c) of Article 2(1):

in the case of applications filled in by a person other than the applicant, the surname, first name(s), name of firm, organisation if applicable, email address, mailing address and phone number if available of that person; relationship to the applicant and a signed representation declaration.

whether he or she has been convicted in the previous 25 years of a terrorist offence or in the previous 15 years of any other criminal offence listed in the Annex, and if so when and in which country;

whether he or she has stayed in a specific war or conflict zone over the previous 10 years and the reasons for the stay;

whether he or she has been the subject of any decision requiring him or her to leave the territory of a Member State or of any third countries listed in Annex II to Regulation (EC) No 539/2001 or whether he or she was subject to any return decision issued over the previous 10 years.

all the fields of the application form are filled in and contain all the items referred to in Article 17(2) and (4);

the travel authorisation fee has been collected.

the application number;

status information, indicating that a travel authorisation has been requested;

the personal data referred to in Article 17(2) and, where applicable, Article 17(4) and (6), including the three-letter code of the country issuing the travel document;

the data referred to in Article 17(8);

the date and the time the application form was submitted as well as a reference to the successful payment of the travel authorisation fee and the unique reference number of the payment.

status information, acknowledging the submission of an application for travel authorisation; and

the application number.

whether the travel document used for the application corresponds to a travel document reported lost, stolen, misappropriated or invalidated in SIS;

whether the travel document used for the application corresponds to a travel document reported lost, stolen or invalidated in the SLTD;

whether the applicant is subject to a refusal of entry and stay alert entered in SIS;

whether the applicant is subject to an alert in respect of persons wanted for arrest for surrender purposes on the basis of a European Arrest Warrant or wanted for arrest for extradition purposes in SIS;

whether the applicant and the travel document correspond to a refused, revoked or annulled travel authorisation in the ETIAS Central System;

whether the data provided in the application concerning the travel document correspond to another application for travel authorisation associated with different identity data referred to in point (a) of Article 17(2) in the ETIAS Central System;

whether the applicant is currently reported as an overstayer or whether he or she has been reported as an overstayer in the past in the EES;

whether the applicant is recorded as having been refused entry in the EES;

whether the applicant has been subject to a decision to refuse, annul or revoke a short stay visa recorded in VIS;

whether the data provided in the application correspond to data recorded in Europol data;

whether the applicant is registered in Eurodac;

whether the travel document used for the application corresponds to a travel document recorded in a file in TDAWN;

in cases where the applicant is a minor, whether the applicant’s parental authority or legal guardian:

whether the applicant corresponds to a person whose data has been recorded in ECRIS-TCN and flagged in accordance with point (c) of Article 5(1) of Regulation (EU) 2019/816; those data shall be used only for the purpose of the verification by the ETIAS Central Unit pursuant to Article 22 of this Regulation and for the purpose of the consultation of the national criminal records by the ETIAS National Units pursuant to Article 25a(2) of this Regulation; ETIAS National Units shall consult national criminal records prior to the assessments and decisions referred to in Article 26 of this Regulation and, where applicable, prior to the assessments and opinions pursuant to Article 28 of this Regulation;

whether the applicant is subject to an alert on return entered in SIS.

the specific risk indicators referred to in Article 33;

the data present in the ETIAS Central System;

the data present in one of the EU information systems that are consulted;

Europol data;

the data present in the Interpol SLTD or TDAWN databases.

an alert on missing persons;

an alert on persons sought to assist with a judicial procedure;

an alert on persons for discreet checks, inquiry checks or specific checks.

surname(s), first name(s) and, if any, alias(es);

place and date of birth;

sex;

nationality and, if any, other nationalities;

Member State of first intended stay, and if available, the address of first intended stay;

the applicant’s home address or, if not available, his or her city and country of residence;

travel authorisation status information, indicating whether a travel authorisation has been issued, refused or whether the application is subject to manual processing pursuant to Article 26;

a reference to any hits obtained in accordance with paragraphs 1 and 2, including the date and time of the hit.

the applicant shall not reply to the question referred to in point (c) of Article 17(4);

the fee referred to in Article 18 shall be waived.

the applicant is currently reported as an overstayer or whether he or she has been reported as an overstayer in the past through consultation of the EES as referred to in point (g) of Article 20(2);

the applicant corresponds to a person whose data is recorded in Eurodac as referred to in point (k) of Article 20(2).

in the notification laid down in Article 38(1) the applicant shall receive information regarding the fact that, when crossing the external border, he or she needs to be able to prove his or her status as family member referred to in point (c) of Article 2(1); such information shall also include a reminder that the family member of a citizen exercising the right of free movement who is in possession of a travel authorisation only has a right to enter if that family member is accompanied by or joining the Union citizen or other third-country national exercising his or her right of free movement;

an appeal as referred to in Article 37(3) shall be lodged in accordance with Directive 2004/38/EC;

the retention period of the application file referred to in Article 54(1) shall be:

where only one Member State is identified as having entered or supplied the data that triggered the hit pursuant to Article 20, that Member State shall be the Member State responsible;

where several Member States are identified as having entered or supplied the data that triggered the hits pursuant to Article 20, the Member State responsible shall be:

where several Member States are identified as having entered or supplied the data that triggered the hits pursuant to Article 20, but none of those data correspond to alerts referred to in point (a), (c) or (d) of Article 20(2), the Member State responsible shall be the one that entered or supplied the most recent data.

the data referred to in Articles 16, 17 and 18 of Regulation (EU) 2017/2226;

the data referred to in Articles 9 to 14 of Regulation (EC) No 767/2008;

the data referred to in Article 20 of Regulation (EU) 2018/1861 processed for the purposes of Articles 24, 25 and 26 of that Regulation;

the data referred to in Article 20 of Regulation (EU) 2018/1862 processed for the purposes of Article 26 and points (k) and (l) of Article 38(2) of that Regulation;

the data referred to in Article 4 of Regulation (EU) 2018/1860 processed for the purposes of Article 3 of that Regulation.

issue a travel authorisation; or

refuse a travel authorisation.

refuse a travel authorisation where the hit corresponds to one or several of the verifications referred to in points (a) and (c) of Article 20(2);

assess the security or illegal immigration risk and decide whether to issue or refuse a travel authorisation where the hit corresponds to any of the verifications referred to in points (b) and (d) to (o) of Article 20(2).

refuse the applicant’s travel authorisation where the verification under the third subparagraph of Article 23(2) led to the deletion of the alert on return and the entry of an alert for refusal of entry and stay;

assess the security or illegal immigration risk and decide whether to issue or refuse a travel authorisation in all other cases.

provide a reasoned positive opinion on the application; or

provide a reasoned negative opinion on the application.

issue a travel authorisation in accordance with Article 36; or

refuse a travel authorisation in accordance with Article 37.

statistics generated by the EES indicating abnormal rates of overstaying and refusals of entry for a specific group of travellers;

statistics generated by ETIAS in accordance with Article 84 indicating abnormal rates of refusals of travel authorisations due to a security, illegal immigration or high epidemic risk associated with a specific group of travellers;

statistics generated by ETIAS in accordance with Article 84 and the EES indicating correlations between information collected through the application form and overstaying by travellers or refusals of entry;

information substantiated by factual and evidence-based elements provided by Member States concerning specific security risk indicators or threats identified by that Member State;

information substantiated by factual and evidence-based elements provided by Member States concerning abnormal rates of overstaying and refusals of entry for a specific group of travellers for that Member State;

information concerning specific high epidemic risks provided by Member States as well as epidemiological surveillance information and risk assessments provided by the ECDC and disease outbreaks reported by the WHO.

age range, sex, nationality;

country and city of residence;

level of education (primary, secondary, higher or none);

current occupation (job group).

surname;

surname at birth;

date of birth;

other names (alias(es), artistic name(s), usual name(s));

travel document(s) (type, number and country of issuance of the travel document(s));

home address;

email address:

phone number;

the name, email address, mailing address, phone number of a firm or organisation;

IP address.

determine whether the information is adequate, accurate and important enough to be included in the ETIAS watchlist;

assess the potential impact of the data on the proportion of applications manually processed;

verify whether the data correspond to an alert entered in SIS.

used a travel document which is reported as lost, stolen, misappropriated or invalidated in SIS;

poses a security risk;

poses an illegal immigration risk;

poses a high epidemic risk;

is a person for whom an alert has been entered in SIS for the purpose of refusing entry and stay;

fails to reply to a request for additional information or documentation within the deadlines referred to in Article 27;

fails to attend an interview as referred to in Article 27(4).

a clear statement that the travel authorisation has been issued and the travel authorisation application number;

the commencement and expiry dates of the travel authorisation;

a clear statement that upon entry the applicant will have to present the same travel document as that indicated in the application form and that any change of travel document will require a new application for a travel authorisation;

a reminder of the entry conditions laid down in Article 6 of Regulation (EU) 2016/399 and the fact that a short stay is only possible for a duration of no more than 90 days in any 180-day period;

a reminder that the mere possession of a travel authorisation does not confer an automatic right of entry;

a reminder that the border authorities may request supporting documents at external borders in order to verify fulfilment of the conditions of entry and stay;

a reminder that the possession of a valid travel authorisation is a condition for stay that has to be fulfilled during the entire duration of a short stay on the territory of Member States;

a link to the web service referred to in Article 13 of Regulation (EU) 2017/2226 enabling third-country nationals to verify at any moment their remaining authorised stay;

where applicable, the Member States to which the applicant is authorised to travel;

a link to the ETIAS public website containing information on the possibility for the applicant to request the revocation of the travel authorisation, the possibility for the travel authorisation to be revoked if the conditions for issuing it are no longer met and the possibility for its annulment where it becomes evident that the conditions for issuing it were not met at the time it was issued;

information on the procedures for exercising the rights under Articles 13 to 16 of Regulation (EC) No 45/2001 and Articles 15 to 18 of Regulation (EU) 2016/679; the contact details of the data protection officer of the European Border and Coast Guard Agency, of the European Data Protection Supervisor and of the national supervisory authority of the Member State of first intended stay where the travel authorisation has been issued by the ETIAS Central System, or of the Member State responsible where the travel authorisation has been issued by an ETIAS National Unit.

a clear statement that the travel authorisation has been refused and the travel authorisation application number;

a reference to the ETIAS National Unit of the Member State responsible that refused the travel authorisation and its address;

a statement of the grounds for refusal of the travel authorisation indicating the applicable grounds from those listed in Article 37(1) and (2) enabling the applicant to lodge an appeal;

information on the right to lodge an appeal and the time limit for doing so; a link to the information referred to in Article 16(7) on the website;

information on the procedures for exercising the rights under Articles 13 to 16 of Regulation (EC) No 45/2001 and Articles 15 to 18 of Regulation (EU) 2016/679; the contact details of the data protection officer of the European Border and Coast Guard Agency, of the European Data Protection Supervisor and of the national supervisory authority of the Member State responsible.

status information indicating that the travel authorisation has been issued;

a reference as to whether the travel authorisation was issued by the ETIAS Central System or following manual processing; in the latter case a reference to the ETIAS National Unit of the Member State responsible which took the decision and its address;

the date of the decision to issue the travel authorisation;

the commencement and expiry dates of the travel authorisation;

any flags attached to the travel authorisation as laid down in Article 36(2) and (3), together with an indication of the reasons for such flag(s), and additional information relevant to second line checks in the case of Article 36(2), and additional information relevant to border authorities in the case of Article 36(3).

status information indicating that the travel authorisation has been refused;

a reference to the ETIAS National Unit of the Member State responsible that refused the travel authorisation and its address;

date of the decision to refuse the travel authorisation;

the grounds for refusal of the travel authorisation, by indicating the grounds from those listed in Article 37(1) and (2).

status information indicating that the travel authorisation has been annulled or revoked;

a reference to the ETIAS National Unit of the Member State responsible that revoked or annulled the travel authorisation and its address; and

date of the decision to annul or revoke the travel authorisation.

the manual processing pursuant to Article 26 is not yet completed; or

a travel authorisation has been refused, annulled or revoked.

status information indicating that a travel authorisation with limited territorial validity has been issued;

the Member State(s) to which the travel authorisation holder is entitled to travel and the validity period of that travel authorisation;

the ETIAS National Unit of the Member State that issued the travel authorisation with limited territorial validity and its address;

date of the decision to issue the travel authorisation with limited territorial validity;

a reference to the humanitarian grounds, reasons of national interest or international obligations invoked;

any flags attached to the travel authorisation, as laid down in Article 36(2) and (3), together with an indication of the reasons for such flag(s) and additional information relevant to second line checks in the case of Article 36(2), and additional information relevant to border authorities in the case of Article 36(3).

a clear statement that a travel authorisation with limited territorial validity has been issued and the travel authorisation application number;

the commencement and expiry dates of the travel authorisation with limited territorial validity;

a clear statement of the Member States to which the holder of the authorisation is entitled to travel and that he or she can only travel within the territory of those Member States;

a reminder that the possession of a valid travel authorisation is a condition for stay that has to be fulfilled during the entire duration of a short stay on the territory of the Member State for which the travel authorisation with limited territorial validity has been issued;

a link to the web service referred to in Article 13 of Regulation (EU) 2017/2226 enabling third-country nationals to verify at any moment their remaining authorised stay.

whether or not the person has a valid travel authorisation, including whether the person’s status corresponds to the status referred to in point (c) of Article 2(1) and, in the case of a travel authorisation with limited territorial validity issued under Article 44, the Member State or Member States for which it is valid;

any flag attached to the travel authorisation under Article 36(2) and (3);

whether the travel authorisation will expire within the next 90 days and the remaining validity period;

the data referred to in points (k) and (l) of Article 17(2).

a prior search has been conducted in the EES under Article 26 of Regulation (EU) 2017/2226; and

the search result indicates that the EES does not contain an entry record corresponding to the presence of the third-country national on the territory of Member States.

access for consultation is necessary for the purposes of the prevention, detection or investigation of a terrorist offence or another serious criminal offence;

access for consultation is necessary and proportionate in a specific case; and

evidence or reasonable grounds exist to consider that the consultation of data stored in the ETIAS Central System will contribute to the prevention, detection or investigation of any of the criminal offences in question, in particular where there is a substantiated suspicion that the suspect, perpetrator or victim of a terrorist offence or other serious criminal offence falls under a category of traveller covered by this Regulation.

surname (family name) and, if available, first name(s) (given names);

other names (alias(es), artistic name(s), usual name(s));

number of the travel document;

home address;

email address;

phone numbers;

IP address.

nationality or nationalities;

sex;

date of birth or age range.

the consultation is necessary to support and strengthen action by Member States in preventing, detecting or investigating terrorist offences or other serious criminal offences falling under Europol’s mandate;

the consultation is necessary and proportionate in a specific case;

the consultation shall be limited to searching with data referred to in Article 52(2) in combination with the data listed under Article 52(3) where necessary;

evidence or reasonable grounds exist to consider that the consultation will contribute to the prevention, detection or investigation of any of the criminal offences in question, in particular where there is a substantiated suspicion that the suspect, perpetrator or victim of a terrorist offence or other serious criminal offence falls under a category of traveller covered by this Regulation.

the period of validity of the travel authorisation;

five years from the last decision to refuse, annul or revoke the travel authorisation in accordance with Articles 37, 40 and 41. If the data present in a record, file or alert registered in one of the EU information systems, Europol data, the Interpol SLTD or TDAWN databases, the ETIAS watchlist, or the ETIAS screening rules giving rise to such a decision are deleted before the end of that five-year period, the application file shall be deleted within seven days from the date of the deletion of the data in that record, file or alert. For that purpose, the ETIAS Central System shall regularly and automatically verify whether the conditions for the retention of application files referred to in this point are still fulfilled. Where they are no longer fulfilled, it shall delete the application file in an automated manner.

the ETIAS National Unit of the Member State that issued the travel document as referred to in point (a) of Article 2(2);

the ETIAS National Unit of the Member State the nationality of which he or she has acquired;

the ETIAS National Unit of the Member State that issued the residence card or residence permit.

physically protect data, including by making contingency plans for the protection of critical infrastructure;

deny unauthorised persons access to the secure web service, the email service, the secure account service, the carrier gateway, the verification tool for applicants and the consent tool for applicants;

deny unauthorised persons access to data processing equipment and national installations in accordance with the purposes of ETIAS;

prevent the unauthorised reading, copying, modification or removal of data media;

prevent the unauthorised input of data and the unauthorised inspection, modification or deletion of recorded personal data;

prevent the use of automated data processing systems by unauthorised persons using data communication equipment;

prevent the unauthorised processing of data in the ETIAS Central System and any unauthorised modification or deletion of data processed in the ETIAS Central System;

ensure that persons authorised to access the ETIAS Information System have access only to the data covered by their access authorisation, by means of individual and unique user identities and confidential access modes only;

ensure that all authorities with a right of access to the ETIAS Information System create profiles describing the functions and responsibilities of persons who are authorised to access the data and make their profiles available to the supervisory authorities;

ensure that it is possible to verify and establish to which bodies personal data may be transmitted using data communication equipment;

ensure that it is possible to verify and establish what data has been processed in the ETIAS Information System, when, by whom and for what purpose;

prevent the unauthorised reading, copying, modification or deletion of personal data during the transmission of personal data to or from the ETIAS Central System or during the transport of data media, in particular by means of appropriate encryption techniques;

ensure that, in the event of an interruption, installed systems can be restored to normal operation;

ensure reliability by making sure that any faults in the functioning of ETIAS are properly reported and that necessary technical measures are put in place to ensure that personal data can be restored in the event of corruption due to a malfunctioning of ETIAS;

monitor the effectiveness of the security measures referred to in this paragraph and take the necessary organisational measures related to internal monitoring to ensure compliance with this Regulation.

any person or Member State that has suffered material or non-material damage as a result of an unlawful personal data processing operation or any other act incompatible with this Regulation by a Member State shall be entitled to receive compensation from that Member State;

any person or Member State that has suffered material or non-material damage as a result of any act by eu-LISA incompatible with this Regulation shall be entitled to receive compensation from that agency. eu-LISA shall be liable for unlawful personal data processing operations in accordance with its role as processor or, where applicable, controller.

a prior search has been conducted in the EES in accordance with Article 26 of Regulation (EU) 2017/2226; and

this search indicates that the EES does not contain data concerning the third-country national to be returned.

there is an exceptional case of urgency where there is:

the transfer of data is necessary for the prevention, detection or investigation in the territory of the Member States or in the third country concerned of such a terrorist offence or serious criminal offence;

the designated authority has access to such data in accordance with the procedure and the conditions set out in Articles 51 and 52;

the transfer is carried out in accordance with the applicable conditions set out in Directive (EU) 2016/680, in particular Chapter V thereof;

a duly motivated written or electronic request from the third country has been submitted;

the reciprocal provision of any information in systems for travel authorisation held by the requesting third country to the Member States operating the ETIAS is ensured.

the purpose of the access;

the date and time of each operation;

the data used for the automated processing of the applications;

where relevant, a reference to the use of the ESP to query the ETIAS Central System as referred to in Article 7(2) of Regulation (EU) 2019/817;

the hits triggered while carrying out the automated processing laid down in Article 20;

the data used for the verification of identity stored in the ETIAS Central System or other information systems and databases;

the results of the verification process referred to in Article 22; and

the staff member having performed it.

the exact purpose of the request for consultation of or access to data stored in the ETIAS Central System, including the terrorist offence or other serious criminal offence concerned and, for Europol, the exact purpose of the request for consultation;

the decision taken with regard to the admissibility of the request;

the national file reference;

the date and exact time of the request for access made by the central access point to the ETIAS Central System;

where applicable, the use of the urgency procedure referred to in Article 51(4) and the outcome of the ex post verification;

which of the data or set of data referred to in Article 52(2) and (3) have been used for consultation; and

in accordance with national rules or with Regulation (EU) 2016/794, the identifying mark of the official who carried out the search and of the official who ordered the search or transmission of data.

chairmanship;

meeting venues;

preparation of meetings;

admission of experts to the meetings;

communication plans to ensure that non-participating members of eu-LISA’s Management Board are fully informed.

the setting up and operation of the ETIAS Central Unit and ensuring the conditions for the secure management of data stored in ETIAS;

the automated processing of applications; and

the ETIAS screening rules.

the connection to the NUI;

the organisation, management, operation and maintenance of the ETIAS National Units for the manual processing of applications for travel authorisation where the automated processing has reported a hit, as referred to in Article 26;

the organisation of central access points and their connection to the NUI for the purposes of preventing, detecting and investigating terrorist offences or other serious criminal offences;

the management and arrangements for access of duly authorised staff of the competent national authorities to the ETIAS Information System in accordance with this Regulation and to establish and regularly update a list of such staff and their profiles;

the set up and operation of the ETIAS National Units;

entering data into the ETIAS watchlist related to terrorist offences or other serious criminal offences pursuant to Article 34(2) and (3); and

ensuring that each of its authorities entitled to access the ETIAS Information System takes the measures necessary to comply with this Regulation, including those necessary to ensure the respect of fundamental rights and data security.

application status information;

nationalities, sex and year of birth of the applicant;

the country of residence;

education (primary, secondary, higher or none);

current occupation (job group);

the type of the travel document and three-letter code of the issuing country;

the type of travel authorisation and, for a travel authorisation with limited territorial validity as referred to in Article 44, a reference to the Member State(s) issuing the travel authorisation with limited territorial validity;

the validity period of the travel authorisation; and

the grounds for refusing, revoking or annulling a travel authorisation.

the necessary amendments to the legal acts establishing the other EU information systems with which interoperability, within the meaning of Article 11 of this Regulation, is to be established with the ETIAS Information System have entered into force, with the exception of the recast of Regulation (EU) No 603/2013;

the Regulation entrusting eu-LISA with the operational management of ETIAS has entered into force;

the necessary amendments to the legal acts establishing the EU information systems referred to in Article 20(2) providing for an access to these databases for the ETIAS Central Unit have entered into force;

the measures referred to in Article 11(9) and (10), Article 15(5), Article 17(3), (5) and (6), Article 18(4), Article 27(3) and (5), Article 33(2) and (3), Article 36(3), Article 38(3), Article 39(2), Article 45(3), Article 46(4), Article 48(4), Article 59(4), point (b) of Article 73(3), Article 83(1), (3), and (4) and Article 85(3) have been adopted;

eu-LISA has declared the successful completion of a comprehensive test of ETIAS;

eu-LISA and the ETIAS Central Unit have validated the technical and legal arrangements to collect and transmit the data referred to in Article 17 to the ETIAS Central System and have notified them to the Commission;

the Member States and the ETIAS Central Unit have notified to the Commission the data concerning the various authorities referred to in Article 87(1) and (3).

the querying of Interpol SLTD and TDAWN databases through ETIAS, including information on the number of hits against those Interpol databases, the number of travel authorisations refused following such hits and information on any problems encountered, as well as, if appropriate, an assessment of the need for a legislative proposal amending this Regulation;

the results achieved by ETIAS having regard to its objectives, mandate and tasks;

the impact, effectiveness and efficiency of ETIAS’ performance and its working practices in light of its objectives, mandate and tasks;

an assessment of the security of ETIAS;

the ETIAS screening rules used for the purpose of risk assessment;

the impact of the ETIAS watchlist including the number of travel authorisation applications which were refused for reasons that took into account a positive hit against the ETIAS watchlist;

the possible need to modify the mandate of the ETIAS Central Unit and the financial implications of any such modification;

the impact on fundamental rights;

the impact on diplomatic relations between the Union and the third countries involved;

the revenue generated through the travel authorisation fee, the costs incurred in connection with the development of ETIAS, the costs for the operation of ETIAS, the costs incurred by eu-LISA, Europol and the European Border and Coast Guard Agency in relation to their tasks pursuant to this Regulation, as well as any revenue allocated in accordance with Article 86;

the use of ETIAS for law enforcement purposes on the basis of the information referred to in paragraph 8 of this Article;

the number of applicants being invited for an interview and the percentage it represents of the total number of applicants, the reasons for requesting an interview, the number of remote interviews, the number of decisions where the travel authorisation has been granted, has been granted with a flag or has been refused, and the number of applicants invited to an interview who did not attend it, and if appropriate, an assessment of the need for a legislative proposal amending this Regulation.

the exact purpose of the consultation including the type of terrorist offence or other serious criminal offence;

reasonable grounds given for the substantiated suspicion that the suspect, perpetrator or victim is covered by this Regulation;

the number of requests for access to the ETIAS Central System for law enforcement purposes;

the number and type of cases which have resulted in hits;

the number and type of cases in which the urgency procedure referred to in Article 51(4) was used, including those cases where that urgency was not accepted by the ex post verification carried out by the central access point.