Legal provisions of COM(2021)756 - Collaboration platform to support the functioning of Joint Investigation Teams - Main contents

Please note

This page contains a limited version of this dossier in the EU Monitor.

dossier	COM(2021)756 - Collaboration platform to support the functioning of Joint Investigation Teams.
document	COM(2021)756
date	May 10, 2023

CHAPTER I - GENERAL PROVISIONS
CHAPTER II - DEVELOPMENT AND OPERATIONAL MANAGEMENT
CHAPTER III - CREATION OF AND ACCESS TO THE JIT COLLABORATION SPACES
CHAPTER IV - SECURITY AND LIABILITY
CHAPTER V - DATA PROTECTION
CHAPTER VI - FINAL PROVISIONS

CHAPTER I - GENERAL PROVISIONS

Article 1

Subject matter

This Regulation:

(a)

establishes an IT platform (the ‘JITs collaboration platform’), to be used on a voluntary basis, to facilitate the cooperation of competent authorities participating in joint investigation teams (‘JITs’) set up on the basis of Article 13 of the Convention established by the Council in accordance with Article 34 of the Treaty on European Union, on Mutual Assistance in Criminal Matters between the Member States of the European Union or of Framework Decision 2002/465/JHA;

(b)	lays down rules on the division of responsibilities between the JITs collaboration platform users and the agency responsible for the development and maintenance of the JITs collaboration platform;

(c)	sets out conditions under which the JITs collaboration platform users may be granted access to the JITs collaboration platform;

(d)	lays down specific data protection provisions needed to supplement the existing data protection arrangements and to provide for an adequate overall level of data protection, data security and protection of the fundamental rights of the persons concerned.

Article 2

Scope

1. This Regulation applies to the processing of information, including personal data, within the context of a JIT. That includes the exchange and storage of operational data, as well as of non-operational data.

2. This Regulation applies to the operational and post-operational phases of a JIT, starting from the moment the relevant JIT agreement is signed until all operational and non-operational data of that JIT have been removed from the centralised information system.

3. This Regulation does not amend or otherwise affect the existing legal provisions on the establishment, conduct or evaluation of JITs.

Article 3

Definitions

For the purposes of this Regulation, the following definitions apply:

(1)	‘centralised information system’ means a central IT system where the storage and processing of JITs-related data takes place;

(2)	‘communication software’ means software that facilitates the exchange of files and messages in text, audio, image or video formats between JITs collaboration platform users;

(3)

‘competent authorities’ means the authorities of the Member States that are competent to be part of a JIT that was set up in accordance with Article 13 of the Convention established by the Council in accordance with Article 34 of the Treaty on European Union on Mutual Assistance in Criminal Matters between the Member States of the European Union and Article 1 of Framework Decision 2002/465/JHA, the EPPO when acting pursuant to its competences as provided for in Articles 22, 23 and 25 of Regulation (EU) 2017/1939, as well as the competent authorities of a third country where they are Party to a JIT agreement under an additional legal basis;

(4)	‘JIT members’ means representatives of the competent authorities;

(5)	‘JITs collaboration platform users’ means JIT members, Eurojust, Europol, OLAF and other competent Union bodies, offices and agencies or representatives of an international judicial authority that participates in a JIT;

(6)

‘international judicial authority’ means an international body, court, tribunal, or mechanism established to investigate and prosecute serious crimes of concern to the international community as a whole, namely crimes of genocide, crimes against humanity, war crimes and related criminal offences that affect international peace and security;

(7)	‘JIT collaboration space’ means an individual isolated space for each JIT hosted on the JITs collaboration platform;

(8)	‘JIT space administrator’ means a Member State’s JIT member, or an EPPO JIT member, designated in a JIT agreement, in charge of a JIT collaboration space;

(9)	‘operational data’ means information and evidence processed by the JITs collaboration platform during the operational phase of a JIT to support cross-border investigations and to support prosecutions;

(10)	‘non-operational data’ means administrative data processed by the JITs collaboration platform, in particular to facilitate the management of a JIT and cooperation between JITs collaboration platform users.

Article 4

Technical architecture of the JITs collaboration platform

The JITs collaboration platform shall be composed of the following:

(a)	a centralised information system which allows for temporary central data storage;

(b)	communication software which allows for the secure local storage of communication data on the devices of the JITs collaboration platform users;

(c)	a connection between the centralised information system and relevant IT tools that support the functioning of JITs and that are managed by the JITs Network Secretariat.

The centralised information system shall be hosted by eu-LISA at its technical sites.

Article 5

Purpose of the JITs collaboration platform

The purpose of the JITs collaboration platform shall be to facilitate:

(a)	the coordination and management of a JIT, through a set of functionalities that support the administrative and financial processes within the JIT;

(b)	the rapid and secure exchange and temporary storage of operational data, including large files, through an upload and download functionality;

(c)	secure communications through a functionality that covers instant messaging, chats, audio-conferencing and video-conferencing;

(d)	the traceability of exchanges of evidence through an advanced logging and tracking mechanism which allows all evidence exchanged, including its access and processing, through the JITs collaboration platform to be kept track of;

(e)	the evaluation of a JIT through a dedicated collaborative evaluation process.

CHAPTER II - DEVELOPMENT AND OPERATIONAL MANAGEMENT

Article 6

Adoption of implementing acts by the Commission

The Commission shall adopt the implementing acts necessary for the technical development of the JITs collaboration platform as soon as possible after 7 June 2023, and in particular implementing acts concerning:

(a)	the list of functionalities required for the coordination and management of a JIT, including machine translation of non-operational data;

(b)	the list of functionalities required for secure communications;

(c)	business specifications of the connection referred to in Article 4, first paragraph, point (c);

(d)	security as referred to in Article 19;

(e)	technical logs as referred to in Article 25;

(f)	statistics and information as referred to in Article 26;

(g)	performance and availability requirements of the JITs collaboration platform.

The implementing acts referred to in the first paragraph of this Article shall be adopted in accordance with the examination procedure referred to in Article 29(2).

Article 7

Responsibilities of eu-LISA

1. eu-LISA shall establish the design of the physical architecture of the JITs collaboration platform, including its technical specifications and evolution, on the basis of the implementing acts referred to in Article 6. That design shall be approved by its Management Board, subject to a favourable opinion of the Commission.

2. eu-LISA shall be responsible for the development of the JITs collaboration platform in accordance with the principle of data protection by design and by default. Such development shall consist of the elaboration and implementation of the technical specifications, testing and overall project coordination.

3. eu-LISA shall make the communication software available to the JITs collaboration platform users.

4. eu-LISA shall develop and implement the JITs collaboration platform as soon as possible after 7 June 2023 and following the adoption of the implementing acts referred to in Article 6.

5. eu-LISA shall ensure that the JITs collaboration platform is operated in accordance with this Regulation and with the implementing acts referred to in Article 6 of this Regulation, as well as in accordance with Regulation (EU) 2018/1725.

6. eu-LISA shall be responsible for the operational management of the JITs collaboration platform. The operational management of the JITs collaboration platform shall consist of all the tasks necessary to keep the JITs collaboration platform operational in accordance with this Regulation, and in particular the maintenance work and technical developments necessary to ensure that the JITs collaboration platform functions at a satisfactory level in accordance with the technical specifications.

7. eu-LISA shall ensure the provision of training on the technical use of the JITs collaboration platform to the JITs Network Secretariat, including by providing training materials.

8. eu-LISA shall set up a support service for mitigating, in a timely manner, technical incidents reported to it.

9. eu-LISA shall continuously carry out improvements and add new functionalities to the JITs collaboration platform, based on the input it receives from the Advisory Group referred to in Article 12 and on the annual report of the JITs Network Secretariat referred to in Article 10, point (e).

10. eu-LISA shall not have access to operational and non-operational data stored in the JIT collaboration spaces.

11. Without prejudice to Article 17 of the Staff Regulations of Officials of the European Union and the Conditions of Employment of Other Servants of the Union, laid down in Council Regulation (EEC, Euratom, ECSC) No 259/68 (15), eu-LISA shall apply appropriate rules of professional secrecy or other equivalent duties of confidentiality to all members of its staff that are required to work with data registered in the centralised information system. That obligation shall also apply after such staff leave office or employment or after the termination of their activities.

Article 8

Responsibilities of the Member States

1. Each Member State shall make the technical arrangements necessary for access of its competent authorities to the JITs collaboration platform in accordance with this Regulation.

2. Member States shall ensure that the JITs collaboration platform users have access to the training courses provided by the JITs Network Secretariat pursuant to Article 10, point (c), or to equivalent training courses provided at the national level. Member States shall also ensure that the JITs collaboration platform users are fully aware of data protection requirements under Union law.

Article 9

Responsibilities of competent Union bodies, offices and agencies

1. Eurojust, Europol, the EPPO, OLAF and other competent Union bodies, offices and agencies shall make the necessary technical arrangements to enable them to access the JITs collaboration platform.

2. Eurojust shall be responsible for the necessary technical adaptation of its systems, required to establish the connection referred to in Article 4, first paragraph, point (c).

Article 10

Responsibilities of the JITs Network Secretariat

The JITs Network Secretariat shall support the functioning of the JITs collaboration platform by:

(a)	providing, at the request of the JIT space administrator or administrators, administrative, legal and technical support in the context of the creation and access rights management of individual JIT collaboration spaces, pursuant to Article 14(3);

(b)	providing day-to-day guidance, functional support and assistance to practitioners on the use of the JITs collaboration platform and its functionalities;

(c)	designing and providing training courses for the JITs collaboration platform users, thereby aiming to facilitate the use of the JITs collaboration platform;

(d)	enhancing a culture of cooperation within the Union in relation to cross-border cooperation in criminal matters by raising awareness and promoting the use of the JITs collaboration platform among practitioners;

(e)

keeping, after the start of operations of the JITs collaboration platform, eu-LISA informed of additional functional requirements by submitting an annual report on potential improvements and new functionalities of the JITs collaboration platform based on the feedback on the practical use of the JITs collaboration platform that it collects from the JITs collaboration platform users.

Article 11

Programme Management Board

1. Prior to the design and development phase of the JITs collaboration platform, the Management Board of eu-LISA shall establish a Programme Management Board for the duration of the design and development phase.

2. The Programme Management Board shall be composed of ten members, as follows:

(a)	eight members appointed by the Management Board of eu-LISA;

(b)	the Chair of the Advisory Group referred to in Article 12;

(c)	one member appointed by the Commission.

3. The Management Board of eu-LISA shall ensure that the members that it appoints to the Programme Management Board have the necessary experience and expertise in the development and management of IT systems which support judicial authorities.

4. eu-LISA shall participate in the work of the Programme Management Board. To that end, representatives of eu-LISA shall attend the meetings of the Programme Management Board in order to report on work regarding the design and development of the JITs collaboration platform and on any other related work and activities.

5. The Programme Management Board shall meet at least once every three months, and more often where necessary. It shall ensure the adequate management of the design and development phase of the JITs collaboration platform. The Programme Management Board shall submit written reports regularly, and where possible every month, to the Management Board of eu-LISA, on the progress of the JITs collaboration platform. The Programme Management Board shall have no decision-making power nor any mandate to represent the members of the Management Board of eu-LISA.

6. The Programme Management Board, in consultation with the Management Board of eu-LISA, shall establish its rules of procedure, which shall include in particular rules on chairmanship, meeting venues, preparation of meetings, admission of experts to meetings and communication plans that ensure that members of the Management Board of eu-LISA who are not members of the Programme Management Board are fully informed.

7. The chairmanship of the Programme Management Board shall be held by a Member State.

8. The Programme Management Board’s secretariat shall be provided by eu-LISA.

Article 12

Advisory Group

1. eu-LISA shall establish an Advisory Group in order to obtain expertise related to the JITs collaboration platform, in particular in the context of the preparation of eu-LISA`s annual work programme and annual activity report, and to identify potential improvements and new functionalities to be implemented in the JITs collaboration platform.

2. The Advisory Group shall be composed of the representatives of the Member States, the Commission and the JITs Network Secretariat. It shall be chaired by eu-LISA. It shall:

(a)	meet at least once a month until the start of operations of the JITs collaboration platform where possible, and meet regularly thereafter;

(b)	during the design and development phase of the JITs collaboration platform, report to the Programme Management Board after each meeting;

(c)	during the design and development phase of the JITs collaboration platform, provide technical expertise to support the tasks of the Programme Management Board.

CHAPTER III - CREATION OF AND ACCESS TO THE JIT COLLABORATION SPACES

Article 13

Creation of the JIT collaboration spaces

1. Where a JIT agreement provides for the use of the JITs collaboration platform in accordance with this Regulation, a JIT collaboration space shall be created within the JITs collaboration platform for each JIT.

2. The relevant JIT agreement shall provide for the competent authorities of Member States and the EPPO to be granted access to the relevant JIT collaboration space and may provide for competent Union bodies, offices and agencies, competent authorities of third countries which have signed the agreement and representatives of international judicial authorities to be granted access to that JIT collaboration space. The relevant JIT agreement shall provide for the rules for such access.

3. The relevant JIT collaboration space shall be created by the JIT space administrator or administrators, with the technical support of eu-LISA.

4. If JIT members decide not to use the JITs collaboration platform upon signing the JIT agreement, but agree to start using the JITs collaboration platform over the course of the relevant JIT, that JIT agreement, where it does not provide for that possibility, shall be amended and paragraphs 1, 2 and 3 shall apply. In the event that JIT members agree to stop using the JITs collaboration platform over the course of the JIT, the relevant JIT agreement shall be amended if that possibility was not already included in that JIT agreement.

Article 14

Designation and role of the JIT space administrator

1. If the use of the JITs collaboration platform is provided for in the JIT agreement, one or more JIT space administrators from among the Member States’ JIT members or an EPPO JIT member shall be designated in that JIT agreement.

2. The JIT space administrator or administrators shall manage the access rights of the JITs collaboration platform users to the relevant JIT collaboration space, in accordance with the relevant JIT agreement.

3. A JIT agreement may provide for the JITs Network Secretariat to have access to a JIT collaboration space for the purpose of technical and administrative support, as well as for the purpose of technical, legal and administrative support for the management of access rights. In such situations, as agreed by the JIT members, the JIT space administrator or administrators shall grant the JITs Network Secretariat access to that JIT collaboration space.

Article 15

Access to the JIT collaboration spaces by Member States’ competent authorities and the European Public Prosecutor’s Office

In accordance with the relevant JIT agreement, the JIT space administrator or administrators shall grant access to a JIT collaboration space to the Member States’ competent authorities which are designated in that JIT agreement and to the EPPO where it is designated in that JIT agreement.

Article 16

Access to the JIT collaboration spaces by competent Union bodies, offices and agencies

In accordance with the relevant JIT agreement, the JIT space administrator or administrators shall grant access, to the extent necessary, to a JIT collaboration space to:

(a)	Eurojust, for the purpose of fulfilling its tasks set out in Regulation (EU) 2018/1727;

(b)	Europol, for the purpose of fulfilling its tasks set out in Regulation (EU) 2016/794;

(c)	OLAF, for the purpose of fulfilling its tasks set out in Regulation (EU, Euratom) No 883/2013 of the European Parliament and of the Council (16); and

(d)	other competent Union bodies, offices and agencies, for the purpose of fulfilling tasks set out in the relevant legal acts establishing them.

Article 17

Access to the JIT collaboration spaces by the competent authorities of third countries

1. In accordance with the relevant JIT agreement, and for the purposes listed in Article 5, the JIT space administrator or administrators shall grant access to a JIT collaboration space to the competent authorities of third countries which have signed that JIT agreement.

2. Whenever Member States’ JIT members and the EPPO JIT member, when it participates in the relevant JIT, upload operational data to a JIT collaboration space for it to be downloaded by a third country, the relevant Member States’ JIT member or the EPPO JIT member shall verify that the data they have respectively uploaded are limited to what is required for the purposes of the relevant JIT agreement and that those data comply with the conditions laid down therein.

3. Whenever a third country uploads operational data to a JIT collaboration space, the JIT space administrator or administrators shall verify that such data are limited to what is required for the purposes of the relevant JIT agreement and that those data comply with the conditions laid down therein, before it can be downloaded by other users of the JIT collaboration space.

4. Member States’ competent authorities shall ensure that their transfers of personal data to third countries that have been granted access to a JIT collaboration space only take place where the conditions laid down in Chapter V of Directive (EU) 2016/680 are met.

5. Union bodies, offices and agencies shall ensure that their transfers of personal data to third countries that have been granted access to a JIT collaboration space take place only where the conditions laid down in Chapter IX of Regulation (EU) 2018/1725 are met, without prejudice to data protection rules applicable to such Union bodies, offices or agencies in the relevant legal acts establishing them, where such rules impose specific conditions for data transfers.

6. The EPPO, when acting in accordance with its competences as provided for in Articles 22, 23 and 25 of Regulation (EU) 2017/1939, shall ensure that its transfers of personal data to third countries that have been granted access to a JIT collaboration space take place only when the conditions laid down in Articles 80 to 84 of that Regulation are met.

Article 18

Access to the JIT collaboration spaces by representatives of international judicial authorities who participate in a JIT

1. For the purposes listed in Article 5, the JIT space administrator or administrators shall, where provided for in the JIT agreement, grant access to a JIT collaboration space to the representatives of international judicial authorities who participate in the relevant JIT.

2. The JIT space administrator or administrators shall verify and ensure that the exchanges of operational data with representatives of international judicial authorities that have been granted access to a JIT collaboration space are limited to what is required for the purposes of the relevant JIT agreement and that those data comply with the conditions laid down therein.

3. Member States shall ensure that their transfers of personal data to representatives of international judicial authorities that have been granted access to a JIT collaboration space only take place where the conditions laid down in Chapter V of Directive (EU) 2016/680 are met.

4. Union bodies, offices and agencies shall ensure that their transfers of personal data to representatives of international judicial authorities that have been granted access to a JIT collaboration space take place only where the conditions laid down in Chapter IX of Regulation (EU) 2018/1725 are met, without prejudice to data protection rules applicable to such Union bodies, offices or agencies in the relevant legal acts establishing them, where such rules impose specific conditions for data transfers.

CHAPTER IV - SECURITY AND LIABILITY

Article 19

Security

1. eu-LISA shall take the necessary technical and organisational measures to ensure a high level of cybersecurity of the JITs collaboration platform and the information security of data within the JITs collaboration platform, in particular in order to ensure the confidentiality and integrity of operational and non-operational data stored in the centralised information system.

2. eu-LISA shall prevent unauthorised access to the JITs collaboration platform and shall ensure that persons authorised to access the JITs collaboration platform have access only to the data covered by their access authorisation.

3. For the purposes of paragraphs 1 and 2 of this Article, eu-LISA shall adopt a security plan and a business continuity and disaster recovery plan, in order to ensure that the centralised information system can be restored in the event of interruption. eu-LISA shall provide for a working arrangement with the computer emergency response team for the Union’s institutions, bodies and agencies established by the Arrangement between the European Parliament, the European Council, the Council of the European Union, the European Commission, the Court of Justice of the European Union, the European Central Bank, the European Court of Auditors, the European External Action Service, the European Economic and Social Committee, the European Committee of the Regions and the European Investment Bank on the organisation and operation of a computer emergency response team for the Union’s institutions, bodies and agencies (CERT-EU) (17). When adopting that security plan, eu-LISA shall take into account the possible recommendations of the security experts present in the Advisory Group referred to in Article 12 of this Regulation.

4. eu-LISA shall monitor the effectiveness of all the measures described in this Article and shall take the necessary organisational measures related to self-monitoring and supervision to ensure compliance with this Regulation.

Article 20

Liability

1. Where a Member State, Eurojust, Europol, the EPPO, OLAF or any other competent Union body, office or agency, as a consequence of a failure on their part to comply with their obligations under this Regulation, cause damage to the JITs collaboration platform, that Member State, Eurojust, Europol, the EPPO, OLAF or other competent Union body, office or agency, respectively, shall be held liable for such damage, unless and insofar as eu-LISA fails to take reasonable measures to prevent the damage from occurring or to minimise its impact.

2. Claims for compensation against a Member State for the damage referred to in paragraph 1 shall be governed by the law of that Member State. Claims for compensation against Eurojust, Europol, the EPPO, OLAF or any other competent Union body, office or agency for such damage shall be governed by the relevant legal acts establishing them.

CHAPTER V - DATA PROTECTION

Article 21

Retention period for storage of operational data

1. Operational data pertaining to each JIT collaboration space shall be stored in the centralised information system for as long as required for all JITs collaboration platform users concerned to complete the process of its downloading. The retention period shall not exceed four weeks from the date of the upload of such data to the JITs collaboration platform.

2. As soon as the process of downloading has been completed by all intended JITs collaboration platform users or, at the latest, upon expiry of the retention period referred to in paragraph 1, the data shall be automatically and permanently erased from the centralised information system.

Article 22

Retention period for storage of non-operational data

1. Where an evaluation of a JIT is envisaged, non-operational data pertaining to each JIT collaboration space shall be stored in the centralised information system until the relevant JIT evaluation has been completed. The retention period shall not exceed five years from the date of entry of such data in the JITs collaboration platform.

2. If it is decided not to conduct an evaluation upon the closure of a JIT or, at the latest, upon expiry of the retention period referred to in paragraph 1, the data shall be automatically erased from the centralised information system.

Article 23

Data controller and data processor

1. Each competent national authority of a Member State and, where appropriate, Eurojust, Europol, the EPPO, OLAF or any other competent Union body, office or agency shall be considered to be data controllers in accordance with applicable Union data protection rules, for the processing of operational personal data under this Regulation.

2. With regard to data uploaded to the JITs collaboration platform by the competent authorities of third countries or representatives of international judicial authorities, one of the JIT space administrators shall be designated in the relevant JIT agreement as data controller as regards the personal data exchanged through, and stored in, the JITs collaboration platform.

No data from third countries or international judicial authorities shall be uploaded prior to the designation of the data controller.

3. eu-LISA shall be considered to be a data processor in accordance with Regulation (EU) 2018/1725 as regards the personal data exchanged through, and stored in, the JITs collaboration platform.

4. The JITs collaboration platform users shall be joint controllers, within the meaning of Article 28 of Regulation (EU) 2018/1725, for the processing of non-operational personal data in the JITs collaboration platform.

Article 24

Purpose of the processing of personal data

1. The data entered into the JITs collaboration platform shall only be processed for the purposes of:

(a)	the exchange of operational data between the JITs collaboration platform users for the purpose for which the relevant JIT has been set up;

(b)	the exchange of non-operational data between the JITs collaboration platform users, for the purposes of managing the relevant JIT.

2. Access to the JITs collaboration platform shall be limited to duly authorised staff of the competent authorities of Member States and of third countries, Eurojust, Europol, the EPPO, OLAF and other competent Union bodies, offices or agencies, or representatives of international judicial authorities, to the extent necessary for the performance of their tasks in accordance with the purposes referred to in paragraph 1, and to what is strictly necessary and proportionate to the objectives pursued.

Article 25

Technical logs

1. eu-LISA shall ensure that a technical log is kept of all access to the centralised information system and all data processing operations in the centralised information system, in accordance with paragraph 2.

2. The technical logs shall show:

(a)	the date, time zone and exact time of accessing the centralised information system;

(b)	the identifying mark of each individual JITs collaboration platform user who accessed the centralised information system;

(c)	the date, time zone and access time of each operation carried out by each individual JITs collaboration platform user;

(d)	the operation carried out by each individual JITs collaboration platform user.

The technical logs shall be protected by appropriate technical measures against modification and unauthorised access. The technical logs shall be kept for three years or for such longer period as required for the termination of ongoing monitoring procedures.

3. On request, eu-LISA shall make the technical logs available to the competent authorities of the Member States which participated in a particular JIT without undue delay.

4. Within the limits of their competences and for the purpose of fulfilling their duties, the national supervisory authorities responsible for monitoring the lawfulness of data processing shall have access to the technical logs upon request.

5. Within the limits of its competences and for the purpose of fulfilling its supervisory duties in accordance with Regulation (EU) 2018/1725, the European Data Protection Supervisor shall have access to the technical logs upon request.

CHAPTER VI - FINAL PROVISIONS

Article 26

Monitoring and evaluation

1. eu-LISA shall establish procedures to monitor the development of the JITs collaboration platform as regards the objectives relating to planning and costs and to monitor the functioning of the JITs collaboration platform as regards the objectives relating to the technical output, cost-effectiveness, usability, security and quality of service.

2. The procedures referred to in paragraph 1 shall provide for the possibility to produce regular technical statistics for monitoring purposes and shall contribute to the overall evaluation of the JITs collaboration platform.

3. If there is a risk of substantial delays in the development process, eu-LISA shall inform the European Parliament and the Council as soon as possible of the reasons for the delays, their impact in terms of timeframes and finances, and the steps that it intends to take in order to remedy the situation.

4. Once the development of the JITs collaboration platform is finalised, eu-LISA shall submit a report to the European Parliament and to the Council explaining how the objectives, in particular relating to planning and costs, were achieved and justifying any discrepancies.

5. In the event of a technical upgrade of the JITs collaboration platform, which could result in substantial costs, eu-LISA shall inform the European Parliament and the Council before making the upgrade.

6. Not later than two years after the start of operations of the JITs collaboration platform:

(a)	eu-LISA shall submit to the Commission a report on the technical functioning of the JITs collaboration platform, including its non-sensitive security aspects, and shall make that report publicly available;

(b)	on the basis of the report referred to in point (a), the Commission shall conduct an overall evaluation of the JITs collaboration platform and shall transmit an overall evaluation report to the European Parliament and the Council.

Every year after the submission of the report referred to in point (a) of the first subparagraph, eu-LISA shall submit to the Commission a report on the technical functioning of the JITs collaboration platform, including its non-sensitive security aspects, and shall make that report publicly available.

Every four years after the transmission of the overall evaluation report referred to in point (b) of the first subparagraph and on the basis of the reports submitted by eu-LISA in accordance with the second subparagraph, the Commission shall conduct an overall evaluation of the JITs collaboration platform and shall transmit an overall evaluation report to the European Parliament and the Council.

7. Within 18 months after the date of the start of operations of the JITs collaboration platform, the Commission, following consultation with Europol and the Advisory Group referred to in Article 12, shall submit a report to the European Parliament and to the Council assessing the necessity, feasibility, suitability and cost-effectiveness of a potential connection between the JITs collaboration platform and SIENA. That report shall also include conditions, technical specifications and procedures for ensuring a secure and efficient connection. Where appropriate, that report shall be accompanied by the necessary legislative proposals, which may include empowering the Commission to adopt the technical specifications of such a connection.

8. The Member States’ competent authorities, Eurojust, Europol, the EPPO, OLAF and other competent Union bodies, offices and agencies shall provide eu-LISA and the Commission with the information necessary to draft the report referred to in paragraph 4 of this Article and the overall evaluation report of the Commission referred to in paragraph 6 of this Article. They shall also provide the JITs Network Secretariat with the information necessary to draft the annual report referred to in Article 10, point (e). The information referred to in the first and second sentence of this paragraph shall not jeopardise working methods nor include information that reveals sources, names of staff members or investigations.

9. eu-LISA shall provide the Commission with the information necessary to conduct the overall evaluation referred to in paragraph 6.

Article 27

Costs

The costs incurred in connection with the establishment and operation of the JITs collaboration platform shall be borne by the general budget of the Union.

Article 28

Start of operations

1. The Commission shall determine the date of the start of operations of the JITs collaboration platform, once it is satisfied that the following conditions are met:

(a)	the implementing acts referred to in Article 6, points (a) to (g), have been adopted;

(b)	eu-LISA has successfully carried out a comprehensive test of the JITs collaboration platform, with the involvement of Member States, using anonymous test data.

In any event, that date shall not be later than 7 December 2025.

2. Where the Commission has determined the date of the start of operations of the JITs collaboration platform in accordance with paragraph 1, it shall communicate that date to the Member States, Eurojust, Europol, the EPPO and OLAF. It shall also inform the European Parliament.

3. The decision of the Commission in determining the date of the start of operations of the JITs collaboration platform, as referred to in paragraph 1, shall be published in the Official Journal of the European Union.

4. The JITs collaboration platform users shall commence use of the JITs collaboration platform from the date of the start of operations determined by the Commission in accordance with paragraph 1.

Article 29

Committee procedure

1. The Commission shall be assisted by a committee. That committee shall be a committee within the meaning of Regulation (EU) No 182/2011.

2. Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.

3. Where the committee delivers no opinion, the Commission shall not adopt the draft implementing act and Article 5(4), third subparagraph, of Regulation (EU) No 182/2011 shall apply.

Article 30

Amendments to Regulation (EU) 2018/1726

Regulation (EU) 2018/1726 is amended as follows:

(1)	in Article 1, the following paragraph is inserted: ‘4b. The Agency shall be responsible for the development and operational management, including technical evolutions, of the joint investigation teams collaboration platform (“JITs collaboration platform”)’;

(2)

the following Article is inserted:

‘Article 8c

Tasks related to the JITs collaboration platform

In relation to the JITs collaboration platform, the Agency shall perform:

(a)	the tasks conferred on it by Regulation (EU) 2023/969 of the European Parliament and of the Council (*1);

(b)	tasks relating to training on the technical use of the JITs collaboration platform provided to the JITs Network Secretariat, including the provision of training materials.

(*1) Regulation (EU) 2023/969 of the European Parliament and of the Council of 10 May 2023 establishing a collaboration platform to support the functioning of joint investigation teams and amending Regulation (EU) 2018/1726 (OJ L 132, 17.5.2023, p. 1).’;"

(3)

in Article 14, paragraph 1 is replaced by the following:

‘1. The Agency shall monitor developments in research relevant for the operational management of SIS II, VIS, Eurodac, the EES, ETIAS, DubliNet, ECRIS-TCN, the e-CODEX system, the JITs collaboration platform and other large-scale IT systems as referred to in Article 1(5).’

;

(4)

in Article 19(1), point (ff), the following point is added:

‘(viii)

the JITs collaboration platform pursuant to Article 26(6) of Regulation (EU) 2023/969;’;

(5)

in Article 27(1), the following point is inserted:

‘(dd)

the JITs collaboration platform Advisory Group;’.

Article 31

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.