Legal provisions of COM(2021)782 - Information exchange between law enforcement authorities of Member States

Please note

This page contains a limited version of this dossier in the EU Monitor.

dossier COM(2021)782 - Information exchange between law enforcement authorities of Member States.
document COM(2021)782 EN
date May 10, 2023


Chapter I

General provisions

Contents

Article 1 - Subject matter and scope

1. This Directive establishes rules for the exchange of information between the law enforcement authorities of the Member States where necessary for the purpose of preventing, detecting or investigating criminal offences.

In particular, this Directive establishes rules on:

(a)requests for information submitted to the Single Points of Contact established or designated by the Member States, in particular on the content of such requests, mandatory time limits for providing the requested information, reasons for refusals of such requests and the channel of communication to be used in connection to such requests;

(b)the own-initiative provision of relevant information to Single Points of Contact or to the law enforcement authorities of other Member States, in particular the situations and the manner in which such information is to be provided;

(c)the channel of communication to be used for all exchanges of information and the information to be provided to the Single Points of Contact in relation to exchanges of information directly between the law enforcement authorities of the Member States;

(d)the establishment, tasks, composition and capabilities of the Single Point of Contact, including on the deployment of a single electronic Case Management System for the fulfilment of its tasks.  

2. This Directive shall not apply to exchanges of information between the law enforcement authorities of the Member States for the purpose of preventing, detecting or investigating criminal offences that are specifically regulated by other acts of Union law.

3. This Directive does not impose any obligation on Member States to:

(a)    obtain information by means of coercive measures, taken in accordance with national law, for the purpose of providing it to the law enforcement authorities of other Member States;

(b)    store information for the purpose referred to in point (a);

(c)     provide information to the law enforcement authorities of other Member States to be used as evidence in judicial proceedings

4. This Directive does not establish any right to use the information provided in accordance with this Directive as evidence in judicial proceedings.

Article 2 - Definitions

For the purpose of this Directive:

(1) law enforcement authority means any authority of the Member States competent under national law for the purpose of preventing, detecting or investigating criminal offences; 

(2) criminal offences means any of the following: 

(a)offences referred to in Article 2(2) of Council Framework Decision 2002/584/JHA 72 ;

(b)offences referred to in Article 3(1) and (2) of Regulation (EU) 2016/794;

(c)tax crimes relating to direct and indirect taxes, as laid down in national law;

(3) information means any content concerning one or more natural persons, facts or circumstances relevant to law enforcement authorities in connection to the exercise of their tasks under national law of preventing, detecting or investigating criminal offences;

(4) available information means information that is either held by the Single Point of Contact or the law enforcement authorities of the requested Member State, or information that those Single Points of Contact or those law enforcement authorities can obtain from other public authorities or from private parties established in that Member State without coercive measures;

(5) ‘SIENA’ means the secure information exchange network application, managed by Europol, aimed at facilitating the exchange of information between Member States and Europol;

(6) ‘personal data’ means personal data as defined in Article 4, point (1) of Regulation (EU) 2016/679.

Article 3 - Principles of information exchange

Member States shall, in connection to all exchanges of information under this Directive, ensure that:

(a)any relevant information available to the Single Point of Contact or the law enforcement authorities of Member States is provided to the Single Point of Contact or the law enforcement authorities of other Member States (‘principle of availability’);

(b)the conditions for requesting information from the Single Point of Contact or the law enforcement authorities of other Member States, and those for providing information to the Single Points of Contact and the law enforcement authorities of other Member States, are equivalent to those applicable for requesting and providing similar information from and to their own law enforcement authorities (‘principle of equivalent access’);

(c)information provided to the Single Point of Contact or the law enforcement authorities of another Member State that is marked as confidential is protected by those law enforcement authorities in accordance with the requirements set out in the national law of that Member State offering a similar level of confidentiality (‘principle of confidentiality’).

Chapter II

Exchanges of information through Single Points of Contact

Article 4 - Requests for information to the Single Point of Contact

1. Member States shall ensure that their Single Point of Contact and, where they have so decided, their law enforcement authorities submit requests for information to the Single Points of Contact of other Member States in accordance with the conditions set out in paragraphs 2 to 5.

Where a Member State has decided that, in addition to its Single Point of Contact, its law enforcement authorities may also submit requests for information to the Single Points of Contact of other Member States, it shall ensure that those authorities send, at the same time as submitting such requests, a copy of those requests, and of any other communication relating thereto, to the Single Point of Contact of that Member State.

2. Requests for information to the Single Point of Contact of another Member State shall be submitted only where there are objective reasons to believe that:

(a)the requested information is necessary and proportionate to achieve the purpose referred to in Article 1(1); 

(b)the requested information is available to the law enforcement authorities of the requested Member State. 

3. Any request for information to the Single Point of Contact of another Member State shall specify whether or not it is urgent.

Those requests for information shall be considered urgent if, having regard to all relevant facts and circumstances of the case at hand, there are objective reasons to believe that the requested information is one or more of the following:

(a)essential for the prevention of an immediate and serious threat to the public security of a Member State;

(b)necessary in order to protect a person’s vital interests which are at imminent risk;

(c)necessary to adopt a decision that may involve the maintenance of restrictive measures amounting to a deprivation of liberty; 

(d)at imminent risk of losing relevance if not provided urgently. 

4. Requests for information to the Single Point of Contact of another Member State shall contain all necessary explanations to allow for their adequate and rapid processing in accordance with this Directive, including at least the following: 

(a)a specification of the requested information that is as detailed as reasonably possible under the given circumstances; 

(b)a description of the purpose for which the information is requested;

(c)the objective reasons according to which it is believed that the requested information is available to the law enforcement authorities of the requested Member State;

(d)an explanation of the connection between the purpose and the person or persons to whom the information relates, where applicable; 

(e)the reasons for which the request is considered urgent, where applicable.

5. Requests for information to the Single Point of Contact of another Member State shall be submitted in one of the languages included in the list established by the requested Member State and published in accordance with Article 11.

Article 5 - Provision of information pursuant to requests to the Single Point of Contact

1. Subject to paragraph 2 of this Article and to Article 6(3), Member States shall ensure that their Single Point of Contact provides the information requested in accordance with Article 4 as soon as possible and in any event within the following time limits, as applicable:

(a)eight hours, for urgent requests relating to information that is available to the law enforcement authorities of the requested Member State without having to obtain a judicial authorisation; 

(b)three calendar days, for urgent requests relating to information that is available to the law enforcement authorities of the requested Member State subject to a requirement to obtain a judicial authorisation; 

(c)seven calendar days, for all requests that are not urgent.

The time periods laid down in the first subparagraph shall commence at the moment of the reception of the request for information.

2. Where under its national law in accordance with Article 9 the requested information is available only after having obtained a judicial authorisation, the requested Member State may deviate from the time limits referred to paragraph 1 insofar as necessary for obtaining such authorisation.

In such cases, Member States shall ensure that their Single Point of Contact does both of the following:

(i) immediately inform the Single Point of Contact or, where applicable, the law enforcement authority of the requesting Member State of the expected delay, specifying the length of the expected delay and the reasons therefore; 

(ii) subsequently keep it updated and provide the requested information as soon as possible after obtaining the judicial authorisation. 

3. Member States shall ensure that their Single Point of Contact provides the information requested in accordance with Article 4 to the Single Point of Contact or, where applicable, the law enforcement authority of the requesting Member State, in the language in which that request for information was submitted in accordance with Article 4(5).

Member States shall ensure that, where their Single Point of Contact provides the requested information to the law enforcement authority of the requesting Member State, it also sends, at the same time, a copy of the information to the Single Point of Contact of that Member State.

Article 6 - Refusals of requests for information

1. Member States shall ensure that their Single Point of Contact only refuses to provide the information requested in accordance with Article 4 insofar as any of the following reasons applies:

(a)the requested information is not available to the Single Point of Contact and the law enforcement authorities of the requested Member State;

(b)the request for information does not meet the requirements set out in Article 4;

(c)the judicial authorisation required under the national law of the requested Member State in accordance with Article 9 was refused; 

(d)the requested information constitutes personal data other than that falling within the categories of personal data referred to in Article 10, point (i);

(e)there are objective reasons to believe that the provision of the requested information would:

(i)be contrary to the essential interests of the security of the requested Member State;

(ii) jeopardise the success of an ongoing investigation of a criminal offence; or; 

(iii) unduly harm the vital interests of a natural or legal person.

Any refusal shall only affect the part of the requested information to which the reasons set out in the first subparagraph relate and shall, where applicable, leave the obligation to provide the other parts of the information in accordance with this Directive unaffected.

2. Member States shall ensure that their Single Point of Contact informs the Single Point of Contact or, where applicable, the law enforcement authority of the requesting Member State of the refusal, specifying the reasons for the refusal, within the time limits provided for in Article 5(1). 

3. Member States shall ensure that their Single Point of Contact immediately requests additional clarifications needed to process a request for information that otherwise would have to be refused from the Single Point of Contact or, where applicable, the law enforcement authority of the requesting Member State. 

The time limits referred to in Article 5(1) shall be suspended from the moment that the Single Point of Contact or, where applicable, the law enforcement authority of the requesting Member State receives the request for clarifications, until the moment that the Single Point of Contact of the requested Member State receives the clarifications.

4. The refusals, reasons for the refusals, requests for clarifications and clarifications referred to in paragraphs 3 and 4, as well as any other communications relating to the requests for information to the Single Point of Contact of another Member State, shall be transmitted in the language in which that request was submitted in accordance with Article 4(5). 

Chapter III

Other exchanges of information

Article 7 - Own-initiative provision of information

1. Member States shall ensure that their Single Point of Contact or their law enforcement authorities provide, on their own initiative, any information available to them to the Single Points of Contact or to the law enforcement authorities of other Member States, where there are objective reasons to believe that such information could be relevant to that Member State for the purpose referred to in Article 1(1). However, no such obligation shall exist insofar as the reasons referred to in points (c), (d) or (e) of Article 6(1) apply in respect of such information.

2. Member States shall ensure that, where their Single Point of Contact or their law enforcement authorities provide information on their own-initiative in accordance with paragraph 1, they do so in one of the languages included in the list established by the requested Member State and published in accordance with Article 11. 

Member States shall ensure that, where their Single Point of Contact or their law enforcement authorities provide such information to the law enforcement authority of another Member State, they also send, at the same time, a copy of that information to the Single Point of Contact of that other Member State.

Article 8 - Exchanges of information upon requests submitted directly to law enforcement authorities

Member States shall ensure that, where Single Points of Contact or law enforcement authorities submit requests for information directly to the law enforcement authorities of another Member State, their Single Points of Contact or their law enforcement authorities send, at the same time as they send such requests, provide information pursuant to such requests or send any other communications relating thereto, a copy thereof to the Single Point of Contact of that other Member State and, where the sender is a law enforcement authority, also to the Single Point of Contact of its own Member State.

Chapter IV

Additional rules on the provision of information under Chapters II and III

Article 9 - Judicial authorisation

1. Member States shall not require any judicial authorisation for the provision of information to the Single Points of Contact or law enforcement authority of another Member State under Chapters II and III, where no such requirement applies in respect of similar provision of information to their own Single Point of Contact or their own law enforcement authorities. 

2. Member States shall ensure that, where their national law requires a judicial authorisation for the provision of information to the Single Points of Contact or the law enforcement authority of another Member State in accordance with paragraph 1, their Single Points of Contact or their law enforcement authorities immediately take all necessary steps, in accordance with their national law, to obtain such judicial authorisation as soon as possible.

3. The requests for judicial authorisation referred to in paragraph 1 shall be assessed and decided upon in accordance with the national law of the Member State of the competent judicial authority.

Article 10 - Additional rules for information constituting personal data

Member States shall ensure that, where their Single Point of Contact or their law enforcement authorities provide information under Chapters II and III that constitutes personal data:

(i)the categories of personal data provided remain limited to those listed in Section B, point 2, of Annex II to Regulation (EU) 2016/794; 

(ii)their Single Point of Contact or their law enforcement authorities also provide, at the same time and insofar as possible, the necessary elements enabling the Single Point of Contact or the law enforcement authority of the other Member State to assess the degree of accuracy, completeness and reliability of the personal data, as well as the extent to which the personal data are up to date.

Article 11 - List of languages

1. Member States shall establish and keep up to date a list with one or more of the official languages of the Union in which their Single Point of Contact is able to provide information upon a request for information or on its own initiative. That list shall include English.  

2. Member States shall provide those lists, as well as any updates thereof, to the Commission. The Commission shall publish those lists, as well as any updates thereof, in the Official Journal of the European Union.

Article 12 - Provision of information to Europol

Member States shall ensure that, where their Single Point of Contact or their law enforcement authorities send requests for information, provide information pursuant to such requests, provide information on their own initiative or send other communications relating thereto under Chapters II and III, they also send, at the same time, a copy thereof to Europol, insofar as the information to which the communication relates concerns offences falling within the scope of the objectives of Europol in accordance with Regulation (EU) 2016/794.

Article 13 - Use of SIENA

1. Member States shall ensure that, where their Single Point of Contact or their law enforcement authorities send requests for information, provide information pursuant to such requests, provide information on their own initiative or send other communications relating thereto under Chapters II and III or under Article 12, they do so through SIENA.

2. Member States shall ensure that their Single Point of Contact, as well as all their law enforcement authorities that may be involved in the exchange of information under this Directive, are directly connected to SIENA.

Chapter V

Single Point of Contact for information exchange between Member States

Article 14 - Establishment, tasks and capabilities

1. Each Member State shall establish or designate one national Single Point of Contact, which shall be the central entity responsible for coordinating exchanges of information under this Directive.

2. Member States shall ensure that their Single Point of Contact is empowered to carry out at least all of the following tasks:

(a)receive and evaluate requests for information;

(b)channel requests for information to the appropriate national law enforcement authority or authorities and, where necessary, coordinate among them the processing of such requests and the provision of information upon such requests;

(c)analyse and structure information with a view to providing it to the Single Points of Contact and, where applicable, to the law enforcement authorities of other Member States; 

(d)provide, upon request or upon its own initiative, information to the Single Points of Contact and, where applicable, to the law enforcement authorities of other Member States in accordance with Articles 5 and 7;

(e)refuse to provide information in accordance with Article 6 and, where necessary, request clarifications in accordance with Article 6(3);

(f)send requests for information to the Single Points of Contact of other Member States in accordance with Article 4 and, where necessary, provide clarifications in accordance with Article 6(3). 

3. Member States shall ensure that: 

(a)their Single Point of Contact has access to all information available to their law enforcement authorities, insofar as necessary to carry out its tasks under this Directive; 

(b)their Single Point of Contact carries out its tasks 24 hours a day, 7 days a week; 

(c)their Single Point of Contact is provided with the staff, resources and capabilities, including for translation, necessary to carry out its tasks in an adequate and rapid manner in accordance with this Directive and in particular the time limits set out in Article 5(1); 

(d)the judicial authorities competent to grant the judicial authorisations required under national law in accordance with Article 9 are available to the Single Point of Contact 24 hours a day, 7 days a week.

4. Within one month of the establishment or designation of their Single Point of Contact, Member States shall notify the Commission thereof. They shall update that information where necessary.

The Commission shall publish those notifications, as well as any updates thereof, in the Official Journal of the European Union.

Article 15 - Composition

1. Member States shall determine the organisation and the composition of its Single Point of Contact in such a manner that it can carry out its tasks under this Directive in an efficient and effective manner. 

2. Member States shall ensure that their Single Point of Contact is composed of representatives of national law enforcement authorities whose involvement is necessary for the adequate and rapid exchange of information under this Directive, including at least the following insofar as the Member State concerned is bound by the relevant legislation to establish or designate such units or bureaux:

(a)    the Europol national unit established by Article 7 of Regulation (EU) 2016/794;

(b)    the SIRENE Bureau established by Article 7(2) of Regulation (EU) 2018/1862 of the European Parliament and of the Council 73 ;

(c)    the passenger information unit established under Article 4 of Directive (EU) 2016/681;

(d)    the INTERPOL National Central Bureau (NCB) established by Article 32 of Constitution of the International Criminal Police Organisation – INTERPOL.

Article 16 - Case Management System

1. Member States shall ensure that their Single Point of Contact deploys and operates an electronic single Case Management System as the repository that allows the Single Point of Contact to carry out its tasks under this Directive. The Case Management System shall have at least all of the following functions and capabilities:

(a)    recording incoming and outgoing requests for information referred to in Articles 5 and 8, as well as any other communications with Single Points of Contact and, where applicable, law enforcement authorities of other Member States relating to such requests, including the information about refusals and the requests for and provision of clarifications referred to in Article 6(2) and (3) respectively;

(b)     recording communications between the Single Point of Contact and national law enforcement authorities, pursuant to Article 15(2), point (b);

(c)     recording provisions of information to the Single Point of Contact and, where applicable, to the law enforcement authorities of other Member States in accordance with Articles 5, 7 and 8;

(d)      cross-checking incoming requests for information referred to in Articles 5 and 8, against information available to the Single Point of Contact, including information provided in accordance with the second subparagraph of Article 5(3) and the second subparagraph of Article 7(2) and other relevant information recorded in the Case Management System; 

(e)ensuring adequate and rapid follow-up to incoming requests for information referred to in Article 4, in particular with a view to respecting the time limits for the provision of the requested information set out in Article 5;

(f)be interoperable with SIENA, ensuring in particular that incoming communications through SIENA can be directly recorded in, and that outgoing communications through SIENA can be directly sent from, the Case Management System;

(g)generating statistics in respect of exchanges of information under this Directive for evaluation and monitoring purposes, in particular for the purpose of Article 17;

(h)logging of access and of other processing activities in relation to the information contained in the Case Management System, for accountability and cybersecurity purposes.

2. Member States shall take the necessary measures to ensure that all cybersecurity risks relating to the Case Management System, in particular as regards its architecture, governance and control, are managed and addressed in a prudent and effective manner and that adequate safeguards against unauthorised access and abuse are provided for.

3. Member States shall ensure that any personal data processed by their Single Point of Contact are contained in the Case Management System only for as long as is necessary and proportionate for the purposes for which the personal data are processed and are subsequently irrevocably deleted.  

Chapter VI

Final provisions

Article 17 - Statistics

1. Member States shall provide the Commission with statistics on the exchanges of information with other Member States under this Directive, by 1 March of each year.

2. The statistics shall cover, as a minimum:

(a)    the number of requests for information submitted by their Single Point of Contact and by their law enforcement authorities;

(b)    the number of requests for information received and replied to by the Single Point of Contact and by their law enforcement authorities, broken down by urgent and non-urgent, and broken down by the other Member States receiving the information; 

(c)    the number of requests for information refused pursuant to Article 6, broken down per requesting Member States and per grounds of refusal;

(d)    the number of cases where the time limits referred to in Article 5(1) were deviated from due to having to obtain a judicial authorisation in accordance with Article 5(2), broken down by the Member States having submitted the requests for information concerned. 

Article 18 - Reporting

1. The Commission shall, by [date of entry into force + 3 years], submit a report to the European Parliament and to the Council, assessing the implementation of this Directive.

2. The Commission shall, by [date of entry into force + 5 years], submit a report to the European Parliament and to the Council assessing the effectivity and effectiveness of this Directive. The Commission shall take into account the information provided by Member States and any other relevant information related to the transposition and implementation of this Directive. On the basis of this evaluation, the Commission shall decide on appropriate follow-up actions, including, if necessary, a legislative proposal.

Article 19 - Amendments to the Convention Implementing the Schengen Agreement

From [the date referred to in Article 21(1), the first subparagraph], the Convention Implementing the Schengen Agreement is amended as follows:

(i)Article 39 is replaced by this Directive insofar as that article relates to the exchange of information for the purpose referred to in Article 1(1) of this Directive;

(ii)Article 46 is deleted. 

Article 20 - Repeal

Framework Decision 2006/960/JHA is repealed from [the date referred to in Article 21(1), the first subparagraph].

References to that Framework Decision shall be construed as references to the corresponding provisions of this Directive.

Article 21 - Transposition

1. Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with this Directive by [date of entry into force + 2 years]. They shall forthwith communicate to the Commission the text of those provisions.

They shall apply those provisions from that date. However, they shall apply Article 13 from [date of entry into force + 4 years].

When Member States adopt those provisions, they shall contain a reference to this Directive or be accompanied by such a reference on the occasion of their official publication. Member States shall determine how such reference is to be made.

2. Member States shall communicate to the Commission the text of the main provisions of national law which they adopt in the field covered by this Directive.

Article 22 - Entry into force

This Directive shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

Article 23 - Addressees

This Directive is addressed to the Member States in accordance with the Treaties.