Legal provisions of COM(2019)4 - Conditions for accessing other EU information systems for ETIAS purposes

Please note

This page contains a limited version of this dossier in the EU Monitor.

dossier COM(2019)4 - Conditions for accessing other EU information systems for ETIAS purposes.
document COM(2019)4 EN
date July  7, 2021

Contents

CHAPTER - I


AMENDMENTS TO REGULATION (EU) 2018/1240

Article 1

Amendments to Regulation (EU) 2018/1240

Regulation (EU) 2018/1240 is amended as follows:

(1)in Article 3(1), the following point is added:

‘(28)‘other EU information systems’ means the Entry/Exit System (‘EES’), established by Regulation (EU) 2017/2226, the Visa Information System (‘VIS’), established by Regulation (EC) No 767/2008 of the European Parliament and of the Council (*1), the Schengen Information System (‘SIS’), established by Regulations (EU) 2018/1860 (*2), (EU) 2018/1861 (*3) and (EU) 2018/1862 (*4) of the European Parliament and of the Council, Eurodac, established by Regulation (EU) No 603/2013 of the European Parliament and of the Council (*5) and the European Criminal Record Information System – Third-Country Nationals (‘ECRIS-TCN’), established by Regulation (EU) 2019/816 of the European Parliament and of the Council (*6)

(*1)  Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of information between Member States on short-stay visas, long-stay visas and residence permits (VIS Regulation) (OJ L 218, 13.8.2008, p. 60)."

(*2)  Regulation (EU) 2018/1860 of the European Parliament and of the Council of 28 November 2018 on the use of the Schengen Information System for the return of illegally staying third-country nationals (OJ L 312, 7.12.2018, p. 1)."

(*3)  Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and amending the Convention implementing the Schengen Agreement, and amending and repealing Regulation (EC) No 1987/2006 (OJ L 312, 7.12.2018, p. 14)."

(*4)  Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU (OJ L 312, 7.12.2018, p. 56)."

(*5)  Regulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (OJ L 180, 29.6.2013, p. 1)."

(*6)  Regulation (EU) 2019/816 of the European Parliament and of the Council of 17 April 2019 establishing a centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN) to supplement the European Criminal Records Information System and amending Regulation (EU) 2018/1726 (OJ L 135, 22.5.2019, p. 1).’;"

(2)Article 4 is amended as follows:

(a)point (e) is replaced by the following:

‘(e)support the objectives of SIS related to alerts on third-country nationals subject to a refusal of entry and stay, alerts on persons wanted for arrest for surrender purposes or extradition purposes, alerts on missing persons, alerts on persons sought to assist with a judicial procedure, alerts on persons for discreet checks or specific checks and alerts on third-country nationals subject to a return decision;’;

(b)the following point is inserted:

‘(ea)support the objectives of the EES;’;

(3)in Article 6(2), the following point is inserted:

‘(da)a secure communication channel between the ETIAS Central System and the EES Central System;’;

(4)Article 7 is amended as follows:

(a)in paragraph 2, point (a) is replaced by the following:

‘(a)in cases where the automated application process has reported a hit, verifying in accordance with Article 22 whether the applicant’s personal data correspond to the personal data of the person having triggered that hit in the ETIAS Central System, any of the EU information systems that are consulted, Europol data, any of the Interpol databases referred to in Article 12, or the specific risk indicators referred to in Article 33, and where a correspondence is confirmed or where after such verification doubts remain, launching the manual processing of the application as referred to in Article 26;’;

(b)the following paragraph is added:

‘4.   The ETIAS Central Unit shall provide periodical reports to the Commission and eu-LISA concerning false hits as referred to in Article 22(4) which are generated during the automated verifications pursuant to Article 20(2).’;

(5)Article 11 is replaced by the following:

‘Article 11

Interoperability with other EU information systems and Europol data

1. Interoperability between the ETIAS Information System, on the one hand, and other EU information systems and Europol data, on the other hand, shall be established to enable the automated verifications pursuant to Article 20, Article 23, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) of this Regulation and shall rely on the European Search Portal (‘ESP’), established by Article 6 of Regulation (EU) 2019/817 and Article 6 of Regulation (EU) 2019/818 of the European Parliament and of the Council (*7), from the date referred to in Article 72(1b) of Regulation (EU) 2019/817 and Article 68(1b) of Regulation (EU) 2019/818.

2. For the purpose of proceeding with the verifications referred to in point (i) of Article 20(2), the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6) and point (b) of Article 54(1) shall enable the ETIAS Central System to query VIS with the following data provided by applicants under points (a), (aa), (c) and (d) of Article 17(2):

(a)surname (family name);

(b)surname at birth;

(c)first name(s) (given name(s));

(d)date of birth;

(e)place of birth;

(f)country of birth;

(g)sex;

(h)current nationality;

(i)other nationalities (if any);

(j)type, number, the country of issue of the travel document.

3. For the purpose of proceeding with the verifications referred to in points (g) and (h) of Article 20(2), the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) shall enable the ETIAS Central System to query the EES with the following data provided by applicants under points (a) to (d) of Article 17(2):

(a)surname (family name);

(b)surname at birth;

(c)first name(s) (given name(s));

(d)date of birth;

(e)sex;

(f)current nationality;

(g)other names (alias(es));

(h)artistic name(s);

(i)usual name(s);

(j)other nationalities (if any);

(k)type, number, the country of issue of the travel document.

4. For the purpose of proceeding with the verifications referred to in points (c), (m)(ii) and (o) of Article 20(2) and in Article 23 of this Regulation, the automated verifications pursuant to Article 20, Article 23, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) of this Regulation shall enable the ETIAS Central System to query SIS, as established by Regulations (EU) 2018/1860 and (EU) 2018/1861, with the following data provided by applicants under points (a) to (d) and (k) of Article 17(2) of this Regulation:

(a)surname (family name);

(b)surname at birth;

(c)first name(s) (given name(s));

(d)date of birth;

(e)place of birth;

(f)sex;

(g)current nationality;

(h)other names (alias(es));

(i)artistic name(s);

(j)usual name(s);

(k)other nationalities (if any);

(l)type, number, the country of issue of the travel document;

(m)for minors, surname and first name(s) of the person exercising parental authority or of the applicant’s legal guardian.

5. For the purpose of proceeding with the verifications referred to in points (a), (d) and (m)(i) of Article 20(2) and in Article 23(1) of this Regulation, the automated verifications pursuant to Article 20, Article 23, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) of this Regulation shall enable the ETIAS Central System to query SIS, as established by Regulation (EU) 2018/1862, with the following data provided by applicants under points (a) to (d) and (k) of Article 17(2) of this Regulation:

(a)surname (family name);

(b)surname at birth;

(c)first name(s) (given name(s));

(d)date of birth;

(e)place of birth;

(f)sex;

(g)current nationality;

(h)other names (alias(es));

(i)artistic name(s);

(j)usual name(s);

(k)other nationalities (if any);

(l)type, number, the country of issue of the travel document;

(m)for minors, surname and first name(s) of the person exercising parental authority or of the applicant’s legal guardian.

6. For the purpose of proceeding with the verifications referred to in point (n) of Article 20(2), the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6), and point (b) of Article 54(1) shall enable the ETIAS Central System to query ECRIS-TCN with the following data provided by applicants under points (a) to (d) of Article 17(2):

(a)surname (family name);

(b)surname at birth;

(c)first name(s) (given name(s));

(d)date of birth;

(e)place of birth;

(ea)country of birth;

(f)sex;

(g)current nationality;

(h)other names (alias(es));

(i)artistic name(s);

(j)usual name(s);

(k)other nationalities (if any);

(l)type, number, the country of issue of the travel document.

7. For the purpose of proceeding with the verifications referred to in point (j) of Article 20(2), the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6) and point (b) of Article 54(1) shall enable the ETIAS Central System to query Europol data with the data referred to in points (a), (aa), (b), (c), (d), (f), (g), (j), (k) and (m) of Article 17(2) and in Article 17(8).

8. Where the automated verifications pursuant to Articles 20 and 23 report a hit, the ESP shall provide the ETIAS Central Unit with temporary read-only access to the results of those automated verifications. In the case of the automated verifications pursuant to Article 20, that access shall be provided in the application file until the end of the manual processing pursuant to Article 22(2). Where the data made available correspond to those of the applicant or where, after the automated verifications pursuant to Articles 20 and 23, doubts remain, the unique reference number of the record in the queried EU information systems of the data having triggered the hit shall be kept in the application file.

Where the automated verifications pursuant to Article 20 report a hit, those automated verifications shall receive the appropriate notification in accordance with Article 21(1a) of Regulation (EU) 2016/794.

9. A hit shall be triggered where all or some of the data from the application file used for the query correspond fully or partially to the data present in a record, alert or file of the other EU information systems consulted. The Commission shall adopt delegated acts in accordance with Article 89 in order to specify the conditions for the correspondence between the data present in a record, alert or file of the other EU information systems consulted and an application file.

10. For the purpose of paragraph 1 of this Article, the Commission, shall, by means of an implementing act, establish the technical arrangements for the implementation of point (c)(ii) of Article 24(6) and point (b) of Article 54(1) related to data retention. That implementing act shall be adopted in accordance with the examination procedure referred to in Article 90(2).

11. For the purpose of Articles 25(2), 28(8) and 29(9), when registering the data related to hits in the application file, the origin of the data shall be indicated by the following data:

(a)the type of the alert, with the exception of alerts as referred to in Article 23(1);

(b)the source of the data, namely the other EU information system from which the data originated or Europol data, as appropriate;

(c)the reference number in the queried EU information system of the record having triggered the hit and the Member State that entered or supplied the data having triggered the hit; and

(d)where available, the date and time when the data was entered in the other EU information system or Europol data.

The data referred to in points (a) to (d) of the first subparagraph shall only be accessible and visible by the ETIAS Central Unit where the ETIAS Central System is not able to identify the Member State responsible.

(*7)  Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (OJ L 135, 22.5.2019, p. 85).’;"

(6)the following articles are inserted:

‘Article 11b

Support of the objectives of the EES

For the purpose of Articles 6, 14, 17 and 18 of Regulation (EU) 2017/2226, an automated process, using the secure communication channel referred to in point (da) of Article 6(2) of this Regulation, shall query and import from the ETIAS Central System the information referred to in Article 47(2) of this Regulation, as well as the application number and the expiry date of the ETIAS travel authorisation, and shall create or update the entry/exit record or the refusal of entry record in the EES accordingly.

Article 11c

Interoperability between ETIAS and the EES for the purpose of the revocation of an ETIAS travel authorisation at the request of an applicant

1. For the purpose of implementing Article 41(8), an automated process, using the secure communication channel referred to in point (da) of Article 6(2), shall query the EES Central System to verify that applicants requesting the revocation of their travel authorisations are not present on the territory of the Member States.

2. Where the outcome of the verification in the EES Central System under paragraph 1 indicates that the applicant is not present on the territory of the Member States, the revocation shall be effective immediately.

3. Where the outcome of the verification under paragraph 1 of this Article indicates that the applicant is present on the territory of the Member States, Article 41(8) shall apply. The EES Central System shall record the fact that a notification is to be sent to the ETIAS Central System as soon as an entry/exit record indicating that the applicant having requested revocation of the travel authorisation has left the territory of the Member States has been created.’;

(7)Article 12 is replaced by the following:

‘Article 12

Querying the Interpol databases

1. The ETIAS Central System shall query the Interpol Stolen and Lost Travel Document database (SLTD) and the Interpol Travel Documents Associated with Notices database (TDAWN).

2. Any queries and verification shall be performed in such a way that no information is revealed to the owner of the Interpol alert.

3. If the implementation of paragraph 2 is not ensured, the ETIAS Central System shall not query the Interpol databases.’;

(8)in Article 17(4), point (a) is replaced by the following:

‘(a)whether he or she has been convicted in the previous 25 years of a terrorist offence or in the previous 15 years of any other criminal offence listed in the Annex, and if so when and in which country;’;

(9)Article 20(2) is replaced by the following:

‘2.   The ETIAS Central System shall launch a query by using the ESP to compare the relevant data referred to in points (a), (aa), (b), (c), (d), (f), (g), (j), (k) and (m) of Article 17(2) and in Article 17(8) to the data present in a record, file or alert registered in an application file stored in the ETIAS Central System, SIS, the EES, the VIS, Eurodac, ECRIS-TCN, Europol data and in the Interpol SLTD and TDAWN databases. In particular, the ETIAS Central System shall verify:

(a)whether the travel document used for the application corresponds to a travel document reported lost, stolen, misappropriated or invalidated in SIS;

(b)whether the travel document used for the application corresponds to a travel document reported lost, stolen or invalidated in the SLTD;

(c)whether the applicant is subject to a refusal of entry and stay alert entered in SIS;

(d)whether the applicant is subject to an alert in respect of persons wanted for arrest for surrender purposes on the basis of a European Arrest Warrant or wanted for arrest for extradition purposes in SIS;

(e)whether the applicant and the travel document correspond to a refused, revoked or annulled travel authorisation in the ETIAS Central System;

(f)whether the data provided in the application concerning the travel document correspond to another application for travel authorisation associated with different identity data referred to in point (a) of Article 17(2) in the ETIAS Central System;

(g)whether the applicant is currently reported as an overstayer or whether he or she has been reported as an overstayer in the past in the EES;

(h)whether the applicant is recorded as having been refused entry in the EES;

(i)whether the applicant has been subject to a decision to refuse, annul or revoke a short stay visa recorded in VIS;

(j)whether the data provided in the application correspond to data recorded in Europol data;

(k)whether the applicant is registered in Eurodac;

(l)whether the travel document used for the application corresponds to a travel document recorded in a file in TDAWN;

(m)in cases where the applicant is a minor, whether the applicant’s parental authority or legal guardian:

(i)is subject to an alert in respect of persons wanted for arrest for surrender purposes on the basis of a European Arrest Warrant or wanted for arrest for extradition purposes in SIS;

(ii)is subject to a refusal of entry and stay alert entered in SIS;

(n)whether the applicant corresponds to a person whose data has been recorded in ECRIS-TCN and flagged in accordance with point (c) of Article 5(1) of Regulation (EU) 2019/816; those data shall be used only for the purpose of the verification by the ETIAS Central Unit pursuant to Article 22 of this Regulation and for the purpose of the consultation of the national criminal records by the ETIAS National Units pursuant to Article 25a(2) of this Regulation; ETIAS National Units shall consult national criminal records prior to the assessments and decisions referred to in Article 26 of this Regulation and, where applicable, prior to the assessments and opinions pursuant to Article 28 of this Regulation;

(o)whether the applicant is subject to an alert on return entered in SIS.’;

(10)Article 22 is amended as follows:

(a)paragraph 2 is replaced by the following:

‘2.   When consulted, the ETIAS Central Unit shall have access to the application file and any linked application files, as well as to all the hits triggered during automated verifications pursuant to Article 20(2), (3) and (5) and to the information identified by the ETIAS Central System under Article 20(7) and (8).’;

(b)in paragraph 3, point (b) is replaced by the following:

‘(b)the data present in the ETIAS Central System;’;

(c)paragraph 5 is replaced by the following:

‘5.   Where the data correspond to those of the applicant, where doubts remain concerning the identity of the applicant or where the automated verifications pursuant to Article 20(4) have reported a hit, the application shall be processed manually in accordance with the procedure laid down in Article 26.’;

(d)the following paragraph is added:

‘7.   The ETIAS Information System shall keep records of all data processing operations carried out by the ETIAS Central Unit for the purpose of verification under paragraphs 2 to 6. Those records shall be created and entered automatically in the application file. They shall show the date and time of each operation, the data linked to the hit reported, the staff member having performed the manual processing under paragraphs 2 to 6 and the outcome of the verification and the corresponding justification.’;

(11)Article 23 is amended as follows:

(a)in paragraph 1, point (c) is replaced by the following:

‘(c)an alert on persons for discreet checks, inquiry checks or specific checks.’;

(b)paragraph 2 is amended as follows:

(i)the first subparagraph is replaced by the following:

‘2.   Where the comparison referred to in paragraph 1 reports one or several hits, the ETIAS Central System shall send an automated notification to the ETIAS Central Unit. When notified, the ETIAS Central Unit shall have access in accordance with Article 11(8) to the application file and any linked application files in order to verify whether the applicant’s personal data correspond to the personal data contained in the alert having triggered that hit and if a correspondence is confirmed, the ETIAS Central System shall send an automated notification to the SIRENE Bureau of the Member State that entered the alert. The SIRENE Bureau concerned shall further verify whether the applicant’s personal data correspond to the personal data contained in the alert having triggered the hit and take any appropriate follow-up action.’;

(ii)the following subparagraph is added:

‘When the hit concerns an alert on return, the SIRENE Bureau of the issuing Member State shall verify, in cooperation with its ETIAS National Unit, whether the deletion of the alert on return in accordance with Article 14(1) of Regulation (EU) 2018/1860 and the entry of an alert for refusal of entry and stay in accordance with Article 24(3) of Regulation (EU) 2018/1861 is required.’;

(c)paragraph 4 is replaced by the following:

‘4.   The ETIAS Central System shall add a reference to any hit reported pursuant to paragraph 1 to the application file. That reference shall only be visible to and accessible by the ETIAS Central Unit and the SIRENE Bureau notified in accordance with paragraph 3, unless other limitations are provided for in this Regulation.’;

(12)the following article is inserted:

‘Article 25a

Use of other EU information systems for the manual processing of applications by the ETIAS National Units

1. Without prejudice to Article 13(1), the duly authorised staff of the ETIAS National Units shall have direct access to and may consult, in a read-only format, the other EU information systems for the purposes of examining applications for travel authorisation and adopting decisions relating to those applications in accordance with Article 26. The ETIAS National Units may consult:

(a)the data referred to in Articles 16, 17 and 18 of Regulation (EU) 2017/2226;

(b)the data referred to in Articles 9 to 14 of Regulation (EC) No 767/2008;

(c)the data referred to in Article 20 of Regulation (EU) 2018/1861 processed for the purposes of Articles 24, 25 and 26 of that Regulation;

(d)the data referred to in Article 20 of Regulation (EU) 2018/1862 processed for the purposes of Article 26 and points (k) and (l) of Article 38(2) of that Regulation;

(e)the data referred to in Article 4 of Regulation (EU) 2018/1860 processed for the purposes of Article 3 of that Regulation.

2. Insofar as a hit results from the verification pursuant to point (n) of Article 20(2), the duly authorised staff of the ETIAS National Units shall also have access, directly or indirectly, in accordance with national law, to the relevant data from the national criminal records of their own Member State in order to obtain information on third-country nationals, as defined in Regulation (EU) 2019/816, convicted of a terrorist offence or any other criminal offence listed in the Annex to this Regulation, for the purposes referred to in paragraph 1 of this Article.’;

(13)Article 26 is amended as follows:

(a)in paragraph 3, point (b) is replaced by the following:

‘(b)assess the security or illegal immigration risk and decide whether to issue or refuse a travel authorisation where the hit corresponds to any of the verifications referred to in points (b) and (d) to (o) of Article 20(2).’;

(b)the following paragraph is inserted:

‘3a.   Where the automated processing under point (o) of Article 20(2) has reported a hit, the ETIAS National Unit of the Member State responsible shall:

(a)refuse the applicant’s travel authorisation where the verification under the third subparagraph of Article 23(2) led to the deletion of the alert on return and the entry of an alert for refusal of entry and stay;

(b)assess the security or illegal immigration risk and decide whether to issue or refuse a travel authorisation in all other cases.

The ETIAS National Unit of the Member State having entered the data shall consult its SIRENE Bureau to verify whether the deletion of the alert on return in accordance with Article 14(1) of Regulation (EU) 2018/1860 and, where applicable, the entry of an alert for refusal of entry and stay in accordance with Article 24(3) of Regulation (EU) 2018/1861 is required.’;

(c)in paragraph 4, the following subparagraph is added:

‘Where the automated processing under point (n) of Article 20(2) has reported a hit, but has not reported a hit under point (c) of that paragraph, the ETIAS National Unit of the Member State responsible shall give particular consideration to the absence of such a hit in its assessment of the security risk in order to decide whether to issue or refuse a travel authorisation.’;

(14)in Article 28(3), the following subparagraph is added:

‘For the purpose of the manual processing pursuant to Article 26, the reasoned positive or negative opinion shall only be visible by the ETIAS National Unit of the Member State consulted and by the ETIAS National Unit of the Member State responsible.’;

(15)Article 37(3) is replaced by the following:

‘3.   Applicants who have been refused a travel authorisation shall have the right to appeal. Appeals shall be conducted in the Member State that has taken the decision on the application and in accordance with the national law of that Member State. During the appeal procedure, the appellant shall be given access to the information in the application file in accordance with the data protection rules referred to in Article 56 of this Regulation. The ETIAS National Unit of the Member State responsible shall provide applicants with information regarding the appeal procedure. That information shall be provided in one of the official languages of the countries listed in Annex II to Regulation (EC) No 539/2001 of which the applicant is a national.’;

(16)Article 41(3) is replaced by the following:

‘3.   Without prejudice to paragraph 2, where a new alert is entered in SIS concerning a refusal of entry and stay or concerning a travel document reported as lost, stolen, misappropriated or invalidated, SIS shall inform the ETIAS Central System. The ETIAS Central System shall verify whether that new alert corresponds to a valid travel authorisation. Where this is the case, the ETIAS Central System shall transfer the application file to the ETIAS National Unit of the Member State having entered the alert. Where a new alert for refusal of entry and stay has been entered, the ETIAS National Unit shall revoke the travel authorisation. Where the travel authorisation is linked to a travel document reported as lost, stolen, misappropriated or invalidated in SIS or the Interpol SLTD database, the ETIAS National Unit shall manually process the application file.’;

(17)Article 46 is amended as follows:

(a)paragraph 1 is replaced by the following:

‘1.   Where it is technically impossible to proceed with the query referred to in Article 45(1), because of a failure of any part of the ETIAS Information System, the carriers shall be exempt from the obligation to verify the possession of a valid travel authorisation. Where such a failure is detected by eu-LISA, the ETIAS Central Unit shall notify the carriers and the Member States. It shall also notify the carriers and the Member States when the failure is remedied. Where such a failure is detected by the carriers, they may notify the ETIAS Central Unit. The ETIAS Central Unit shall inform the Member States without delay about the notification of the carrier.’;

(b)paragraph 3 is replaced by the following:

‘3.   Where, for other reasons than a failure of any part of the ETIAS Information System, it is technically impossible for a carrier to proceed with the query referred to in Article 45(1) for a prolonged period of time, the carrier shall notify the ETIAS Central Unit. The ETIAS Central Unit shall inform the Member States without delay about the notification of that carrier.’;

(c)the following paragraph is added:

‘5.   The ETIAS Central Unit shall provide operational support to carriers in relation to paragraphs 1 and 3. The ETIAS Central Unit shall establish standard operational procedures setting out how such support is to be provided. The Commission shall, by means of implementing acts, adopt further detailed rules relating to the support to be provided and to the means to provide such support. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 90(2).’;

(18)in Article 47(2), point (a) is replaced by the following:

‘(a)whether or not the person has a valid travel authorisation, including whether the person’s status corresponds to the status referred to in point (c) of Article 2(1) and, in the case of a travel authorisation with limited territorial validity issued under Article 44, the Member State or Member States for which it is valid;’;

(19)in Article 64, the following paragraph is added:

‘7.   The right of access to personal data under this Article is without prejudice to Article 53 of Regulation (EU) 2018/1861 and Article 67 of Regulation (EU) 2018/1862.’;

(20)in Article 73(3), the third subparagraph is replaced by the following:

‘eu-LISA shall develop and implement the ETIAS Central System, including the ETIAS watchlist, the NUIs, the communication infrastructure, and the secure communication channel between the ETIAS Central System and the EES Central System, as soon as possible after the entry into force of this Regulation and the adoption by the Commission of:

(a)the measures provided for in Articles 6(4), 16(10), 17(9), Article 31 and Articles 35(7), 45(2), 54(2), 74(5), 84(2) and 92(8); and

(b)the measures adopted in accordance with the examination procedure referred to in Article 90(2) necessary for the development and technical implementation of the ETIAS Central System, the NUIs, the communication infrastructure, the secure communication channel between the ETIAS Central System and the EES Central System and the carrier gateway, in particular implementing acts for:

(i)accessing the data in accordance with Articles 22 to 29 and Articles 33 to 53;

(ii)amending, erasing and advance erasure of data in accordance with Article 55;

(iii)keeping and accessing the logs in accordance with Articles 45 and 69;

(iv)performance requirements;

(v)specifications for technical solutions to connect central access points in accordance with Articles 51, 52 and 53.’;

(21)Article 88 is amended as follows:

(a)paragraph 1 is amended as follows:

(i)point (a) is replaced by the following:

‘(a)the necessary amendments to the legal acts establishing the other EU information systems with which interoperability, within the meaning of Article 11 of this Regulation, is to be established with the ETIAS Information System have entered into force, with the exception of the recast of Regulation (EU) No 603/2013;’;

(ii)point (d) is replaced by the following:

‘(d)the measures referred to in Article 11(9) and (10), Article 15(5), Article 17(3), (5) and (6), Article 18(4), Article 27(3) and (5), Article 33(2) and (3), Article 36(3), Article 38(3), Article 39(2), Article 45(3), Article 46(4), Article 48(4), Article 59(4), point (b) of Article 73(3), Article 83(1), (3), and (4) and Article 85(3) have been adopted;’;

(b)the following paragraphs are added:

‘6.   Interoperability, as referred to in Article 11, with ECRIS-TCN shall start when the CIR starts operations. ETIAS shall start operations regardless of whether that interoperability with ECRIS-TCN has been established.

7. ETIAS shall start operations regardless of whether it is possible to query the Interpol databases referred to in Article 12.’;

(22)Article 89 is amended as follows:

(a)paragraph 2 is replaced by the following:

‘2.   The power to adopt delegated acts referred to in Article 6(4), Article 11(9), Article 17(3), (5) and (6), Articles 18(4), 27(3), Article 31, Articles 33(2), 36(4), 39(2), 54(2), Article 83(1) and (3) and Article 85(3) shall be conferred on the Commission for a period of five years from 9 October 2018. The Commission shall draw up a report in respect of the delegation of power not later than nine months before the end of the five-year period. The delegation of power shall be tacitly extended for periods of an identical duration, unless the European Parliament or the Council opposes such extension not later than three months before the end of each period.’;

(b)paragraph 3 is replaced by the following:

‘3.   The delegation of power referred to in Article 6(4), Article 11(9), Article 17(3), (5) and (6), Articles 18(4), 27(3), Article 31, Articles 33(2), 36(4), 39(2), 54(2), Article 83(1) and (3) and Article 85(3) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.’;

(c)paragraph 6 is replaced by the following:

‘6.   A delegated act adopted pursuant to Article 6(4), Article 11(9), Article 17(3), (5) or (6), Article 18(4), 27(3), Article 31, Article 33(2), 36(4), 39(2), 54(2), Article 83(1) or (3) or Article 85(3) shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of two months of notification of that act to the European Parliament and to the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by two months at the initiative of the European Parliament or of the Council.’;

(23)Article 90(1) is replaced by the following:

‘1.   The Commission shall be assisted by the committee established by Article 68 of Regulation (EU) 2017/2226. That committee shall be a committee within the meaning of Regulation (EU) No 182/2011.’;

(24)in Article 92, the following paragraph is inserted:

‘5a.   One year after the end of the transition period referred to in Article 83(1), and every four years thereafter, the Commission shall evaluate the querying of ECRIS-TCN through the ETIAS Central System. The Commission shall transmit those evaluations, together with the opinion of the ETIAS Fundamental Rights Guidance Board and any necessary recommendations, to the European Parliament and to the Council.

In order to assess the extent to which the querying of ECRIS-TCN through the ETIAS Central System has contributed to the achievement of the objective of ETIAS, the evaluations referred to in the first subparagraph shall include the following:

(a)a comparison of the number of simultaneous hits, for the same application, in ECRIS-TCN relating to convictions for terrorist offences as listed in the Annex to this Regulation and in SIS relating to alerts for refusal of entry and stay;

(b)a comparison of the number of simultaneous hits, for the same application, in ECRIS-TCN relating to any other criminal offences as listed in the Annex to this Regulation and in SIS relating to alerts for refusal of entry and stay;

(c)for applications where the only hit is in ECRIS-TCN, a comparison of the number of refusals of travel authorisations with the total number of hits reported by the query of ECRIS-TCN.

The ETIAS Fundamental Rights Guidance Board shall provide opinions as regards the evaluations referred to in this paragraph.

The evaluations may be accompanied, where necessary, by legislative proposals.’;

(25)in Article 96, the following paragraph is inserted after the second paragraph:

‘Article 11b shall apply from 3 August 2021.’.

CHAPTER II - AMENDMENT TO OTHER UNION INSTRUMENTS


Article 2

Amendments to Regulation (EC) No 767/2008

Regulation (EC) No 767/2008 is amended as follows:

(1)Article 6(2) is replaced by the following:

‘2.   Access to the VIS for consulting the data shall be reserved exclusively for the duly authorised staff of:

(a)the national authorities of each Member State and of the Union bodies which are competent for the purposes of Articles 15 to 22, Articles 22g to 22m and Article 45e of this Regulation;

(b)the ETIAS Central Unit and the ETIAS National Units, designated pursuant to Articles 7 and 8 of Regulation (EU) 2018/1240, for the purposes of Articles 18c and 18d of this Regulation and for the purposes of Regulation (EU) 2018/1240; and

(c)the national authorities of each Member State and of the Union bodies which are competent for the purposes of Articles 20 and 21 of Regulation (EU) 2019/817.

Such access shall be limited to the extent to which the data are required for the performance of the tasks of those authorities and Union bodies in accordance with those purposes and proportionate to the objectives pursued.’;

(2)the following articles are inserted:

‘Article 18b

Interoperability with ETIAS

1. From the date of the start of operations of ETIAS, as determined in accordance with Article 88(1) of Regulation (EU) 2018/1240, the VIS shall be connected to the ESP to enable the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6), and point (b) of Article 54(1) of that Regulation.

2. The automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6), and point (b) of Article 54(1) of Regulation (EU) 2018/1240 shall enable the verifications provided for in Article 20 of that Regulation and the subsequent verifications provided for in Articles 22 and 26 of that Regulation.

For the purpose of proceeding with the verifications referred to in point (i) of Article 20(2) of Regulation (EU) 2018/1240, the ETIAS Central System shall use the ESP to compare the data stored in ETIAS with the data stored in the VIS, in accordance with Article 11(8) of that Regulation, using the data listed in the correspondence table set out in Annex II to this Regulation.

Article 18c

Access to VIS data by the ETIAS Central Unit

1. For the purpose of performing the tasks conferred on it by Regulation (EU) 2018/1240, the ETIAS Central Unit shall have the right to access and search relevant VIS data in accordance with Article 11(8) of that Regulation.

2. Where a verification by the ETIAS Central Unit in accordance with Article 22 of Regulation (EU) 2018/1240 confirms a correspondence between data recorded in the ETIAS application file and VIS data or where after such verification doubts remain, the procedure set out in Article 26 of that Regulation shall apply.

Article 18d

Use of the VIS for the manual processing of applications by the ETIAS National Units

1. ETIAS National Units, as referred to in Article 8(1) of Regulation (EU) 2018/1240, shall consult the VIS using the same alphanumerical data as those used for the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6) and point (b) of Article 54(1) of that Regulation.

2. The ETIAS National Units shall have temporary access to consult the VIS, in a read-only format, for the purpose of examining applications for travel authorisation pursuant to Article 8(2) of Regulation (EU) 2018/1240. The ETIAS National Units may consult the data referred to in Articles 9 to 14 of this Regulation.

3. Following consultation of the VIS by ETIAS National Units, as referred to in Article 8(1) of Regulation (EU) 2018/1240, duly authorised staff of the ETIAS National Units shall record the result of the consultation only in the ETIAS application files.’;

(3)the following article is inserted:

‘Article 34a

Keeping of logs for the purposes of interoperability with ETIAS

Logs of each data processing operation carried out within the VIS and ETIAS pursuant to Article 20, point (c)(ii) of Article 24(6), and point (b) of Article 54(1) of Regulation (EU) 2018/1240 shall be kept in accordance with Article 34 of this Regulation and Article 69 of Regulation (EU) 2018/1240.’;

(4)the Annex is numbered as Annex I and the following annex is added:

‘ANNEX II

Correspondence table

Data as referred to in Article 17(2) of Regulation (EU) 2018/1240 sent by the ETIAS Central SystemThe corresponding VIS data referred to in Article 9(4) of this Regulation with which data in ETIAS are to be compared
surname (family name)surnames
surname at birthsurname at birth (former family name(s))
first name(s) (given name(s))first name(s)
date of birthdate of birth
place of birthplace of birth
country of birthcountry of birth
sexsex
current nationalitycurrent nationality or nationalities and nationality at birth
other nationalities (if any)current nationality or nationalities and nationality at birth
type of the travel documenttype of the travel document
number of the travel documentnumber of the travel document
country of issue of the travel documentthe country which issued the travel document

Article 3

Amendments to Regulation (EU) 2017/2226

Regulation (EU) 2017/2226 is amended as follows:

(1)in Article 6(1), the following point is added:

‘(k)support the objectives of the European Travel Information and Authorisation System (ETIAS) established by Regulation (EU) 2018/1240 of the European Parliament and of the Council (*8).

(*8)  Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).’;"

(2)the following articles are inserted:

‘Article 8a

Automated process with ETIAS

1. An automated process, using the secure communication channel referred to in point (da) of Article 6(2) of Regulation (EU) 2018/1240, shall enable the EES to create or update the entry/exit record or the refusal of entry record of a visa exempt third-country national in the EES in accordance with Articles 14, 17 and 18 of this Regulation.

Where an entry/exit record or a refusal of entry record of a visa exempt third-country national is created, the automated process referred to in the first subparagraph shall enable the EES Central System:

(a)to query and to import from the ETIAS Central System the information referred to in Article 47(2) of Regulation (EU) 2018/1240, the application number and the expiry date of the ETIAS travel authorisation;

(b)to update the entry/exit record in the EES in accordance with Article 17(2) of this Regulation; and

(c)to update the refusal of entry record in the EES in accordance with point (b) of Article 18(1) of this Regulation.

2. An automated process, using the secure communication channel referred to in point (da) of Article 6(2) of Regulation (EU) 2018/1240, shall enable the EES to process queries received from the ETIAS Central System and to send the corresponding answers in accordance with Article 11c and Article 41(8) of that Regulation. Where necessary, the EES Central System shall record the fact that a notification is to be sent to the ETIAS Central System as soon as an entry/exit record indicating that the applicant having requested revocation of the travel authorisation has left the territory of the Member States has been created.

Article 8b

Interoperability with ETIAS

1. From the date of the start of operations of ETIAS, as determined in accordance with Article 88(1) of Regulation (EU) 2018/1240, the EES Central System shall be connected to the ESP to enable the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) of that Regulation.

2. Without prejudice to Article 24 of Regulation (EU) 2018/1240, the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) of that Regulation shall enable the verifications provided for in Article 20 of that Regulation and the subsequent verifications provided for in Articles 22 and 26 of that Regulation.

For the purpose of proceeding with the verifications referred to in points (g) and (h) of Article 20(2) of Regulation (EU) 2018/1240, the ETIAS Central System shall use the ESP to compare the data stored in ETIAS with EES data, in accordance with Article 11(8) of that Regulation, using the data listed in the correspondence table set out in Annex III to this Regulation.

The verifications referred to in points (g) and (h) of Article 20(2) of Regulation (EU) 2018/1240 shall be without prejudice to the specific rules provided for in Article 24(3) of that Regulation.’;

(3)in Article 9, the following paragraph is inserted:

‘2a.   The duly authorised staff of the ETIAS National Units, designated pursuant to Article 8 of Regulation (EU) 2018/1240, shall have access to the EES to consult EES data in a read-only format.’;

(4)the following article is inserted:

‘Article 13a

Fall-back procedures in the case of technical impossibility to access data by carriers

1. Where it is technically impossible to proceed with the verification referred to in Article 13(3), because of a failure of any part of the EES, the carriers shall be exempt from the obligation to verify whether the third-country national holding a short-stay visa issued for one or two entries has already used the number of entries authorised by their visa. Where such a failure is detected by eu-LISA, the ETIAS Central Unit shall notify the carriers and the Member States. It shall also notify the carriers and the Member States when the failure is remedied. Where such a failure is detected by the carriers, they may notify the ETIAS Central Unit. The ETIAS Central Unit shall inform the Member States without delay about the notification of the carriers.

2. Where, for other reasons than a failure of any part of the EES, it is technically impossible for a carrier to proceed with the verification referred to in Article 13(3) for a prolonged period of time, the carrier shall notify the ETIAS Central Unit. The ETIAS Central Unit shall inform the Member States without delay about the notification of that carrier.

3. The Commission shall, by means of an implementing act, lay down the details of the fall-back procedures referred to in this Article. That implementing act shall be adopted in accordance with the examination procedure referred to in Article 68(2).

4. The ETIAS Central Unit shall provide operational support to carriers in relation to paragraphs 1 and 2. The ETIAS Central Unit shall establish standard operational procedures setting out how such support is to be provided. The Commission shall, by means of implementing acts, adopt further detailed rules relating to the support to be provided and to the means to provide such support. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 68(2).’;

(5)in Article 17(2), the following subparagraph is added:

‘The following data shall also be entered in the entry/exit record:

(a)the ETIAS application number;

(b)the expiry date of the ETIAS travel authorisation;

(c)in the case of an ETIAS travel authorisation with limited territorial validity, the Member State or Member States for which it is valid.’;

(6)in Article 18(1), point (b) is replaced by the following:

‘(b)for visa-exempt third-country nationals, the alphanumeric data required pursuant to Article 17(1) and (2) of this Regulation;’;

(7)the following articles are inserted:

‘Article 25a

Access to EES data by the ETIAS Central Unit

1. For the purpose of performing the tasks conferred on it by Regulation (EU) 2018/1240, the ETIAS Central Unit shall have the right to access and search EES data in accordance with Article 11(8) of that Regulation.

2. Where a verification by the ETIAS Central Unit in accordance with Article 22 of Regulation (EU) 2018/1240 confirms a correspondence between data recorded in the ETIAS application file and EES data or where after such verification doubts remain, the procedure set out in Article 26 of that Regulation shall apply.

Article 25b

Use of the EES for the manual processing of applications by the ETIAS National Units

1. ETIAS National Units, as referred to in Article 8(1) of Regulation (EU) 2018/1240, shall consult the EES using the same alphanumerical data as those used for the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) of that Regulation.

2. The ETIAS National Units shall have access to and may consult the EES, in a read-only format, for the purpose of examining applications for travel authorisation, pursuant to Article 8(2) of Regulation (EU) 2018/1240. The ETIAS National Units may consult the data referred to in Articles 16 to 18 of this Regulation, without prejudice to Article 24 of Regulation (EU) 2018/1240.

3. Following consultation of the EES by ETIAS National Units, as referred to in Article 8(1) of Regulation (EU) 2018/1240, duly authorised staff of the ETIAS National Units shall record the result of the consultation only in the ETIAS application files.’;

(8)Article 28 is replaced by the following:

‘Article 28

Keeping of data retrieved from the EES

Data retrieved from the EES pursuant to Articles 24, 25, 26 and 27 may be kept in national files and data retrieved from the EES pursuant to Articles 25a and 25b may be kept in the ETIAS application files only where necessary in an individual case in accordance with the purpose for which they were retrieved and in accordance with relevant Union law, in particular on data protection, and for no longer than strictly necessary in that individual case.’;

(9)in Article 46(2), the following subparagraph is added:

‘Logs of each data processing operation carried out within the EES and ETIAS pursuant to Articles 8a, 8b and 25a of this Regulation shall be kept in accordance with this Article and Article 69 of Regulation (EU) 2018/1240.’;

(10)The following annex is added:

ANNEX III

Correspondence table

Data as referred to in Article 17(2) of Regulation (EU) 2018/1240 sent by the ETIAS Central SystemThe corresponding EES data referred to in point (a) of Article 17(1) of this Regulation with which the data in ETIAS are to be compared
surname (family name)surnames
surname at birthsurnames
first name(s) (given name(s))first name or names (given names)
other names (alias(es), artistic name(s), usual name(s))first name or names (given names)
date of birthdate of birth
sexsex
current nationalitynationality or nationalities
other nationalities (if any)nationality or nationalities
type of the travel documenttype of the travel document
number of the travel documentnumber of the travel document
country of issue of the travel documentthe three letter code of the issuing country of the travel document

Article 4

Amendment to Regulation (EU) 2018/1860

In Regulation (EU) 2018/1860, Article 19 is replaced by the following:

‘Article 19

Applicability of Regulation (EU) 2018/1861

Insofar as not established in this Regulation, the entry, processing and updating of alerts, the provisions on responsibilities of the Member States and eu-LISA, the conditions concerning access and the review period for alerts, data processing, data protection, liability and monitoring and statistics, as laid down in Articles 6 to 19, Article 20(3) and (4), Articles 21, 23, 32 and 33, Article 34(5) and Articles 36a, 36b, 36c and 38 to 60 of Regulation (EU) 2018/1861, shall apply to data entered and processed in SIS in accordance with this Regulation.’.

Article 5

Amendments to Regulation (EU) 2018/1861

Regulation (EU) 2018/1861 is amended as follows:

(1)the following article is inserted:

‘Article 18b

Keeping of logs for the purposes of interoperability with ETIAS

Logs of each data processing operation carried out within SIS and ETIAS pursuant to Articles 36a and 36b of this Regulation shall be kept in accordance with Article 18 of this Regulation and Article 69 of Regulation (EU) 2018/1240 of the European Parliament and of the Council (*9).

(*9)  Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).’;"

(2)in Article 34(1), the following point is added:

‘(h)the manual processing of ETIAS applications by the ETIAS National Unit, pursuant to Article 8 of Regulation (EU) 2018/1240.’;

(3)the following articles are inserted:

‘Article 36b

Access to SIS data by the ETIAS Central Unit

1. For the purpose of performing the tasks conferred on it by Regulation (EU) 2018/1240, the ETIAS Central Unit, established within the European Border and Coast Guard Agency in accordance with Article 7 of that Regulation, shall have the right to access and search relevant data entered in SIS in accordance with Article 11(8) of that Regulation. Article 36(4) to (8) of this Regulation shall apply to that access and search.

2. Without prejudice to Article 24 of Regulation (EU) 2018/1240, where a verification by the ETIAS Central Unit in accordance with Article 22 of that Regulation confirms a correspondence between data recorded in the ETIAS application file and an alert in SIS or where after such verification doubts remain, the procedure set out in Article 26 of that Regulation shall apply.

Article 36c

Interoperability with ETIAS

1. From the date of the start of operations of ETIAS, as determined in accordance with Article 88(1) of Regulation (EU) 2018/1240, the Central SIS shall be connected to the ESP to enable the automated verifications pursuant to Article 20, Article 23, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) of that Regulation and the subsequent verifications provided for in Articles 22 and 26 of that Regulation.

2. For the purpose of proceeding with the verifications referred to in points (c), (m)(ii) and (o) of Article 20(2) of Regulation (EU) 2018/1240, the ETIAS Central System shall use the ESP to compare the data referred to in Article 11(4) of that Regulation to data in SIS in accordance with Article 11(8) of that Regulation.

3. For the purpose of proceeding with the verifications referred to in point (c)(ii) of Article 24(6) and point (b) of Article 54(1) of Regulation (EU) 2018/1240, the ETIAS Central System shall use the ESP to regularly verify whether an alert for refusal of entry and stay entered in SIS which gave rise to the refusal, annulment or revocation of a travel authorisation has been deleted.

4. Pursuant to Article 41(3) of Regulation (EU) 2018/1240, where a new alert for refusal of entry and stay is entered in SIS, Central SIS shall transmit the data referred to in points (a) to (d), (f) to (i) and (s) to (v) of Article 20(2) of this Regulation to the ETIAS Central System, using the ESP, in order to verify whether that new alert corresponds to a valid travel authorisation.’.

Article 6

Amendment to Regulation (EU) 2019/817

In Article 72 of Regulation (EU) 2019/817, the following paragraph is inserted:

‘1b.   Without prejudice to paragraph 1 of this Article, the ESP shall start operations, for the purposes of the automated verifications pursuant to Article 20, Article 23, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) of Regulation (EU) 2018/1240 only, once the conditions laid down in Article 88 of that Regulation have been met.’.

CHAPTER III - FINAL PROVISIONS


Article 7

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.