Building upon the conclusions of the Council of 20 September 2001, and the conclusions of the European Council in Laeken in December 2001, in Seville in June 2002, in Thessaloniki in June 2003 and in Brussels in March 2004, the establishment of the Visa Information System (VIS) represents one of the key initiatives within the policies of the European Union aimed at establishing an area of freedom, security and justice.
(2)
Council Decision 2004/512/EC of 8 June 2004 establishing the Visa Information System (VIS) (2) established the VIS as a system for the exchange of visa data between Member States.
(3)
It is now necessary to define the purpose, the functionalities and responsibilities for the VIS, and to establish the conditions and procedures for the exchange of visa data between Member States to facilitate the examination of visa applications and related decisions, taking into account the orientations for the development of the VIS adopted by the Council on 19 February 2004 and to give the Commission the mandate to set up the VIS.
(4)
For a transitional period, the Commission should be responsible for the operational management of the central VIS, of the national interfaces and of certain aspects of the communication infrastructure between the central VIS and the national interfaces.
In the long term, and following an impact assessment containing a substantive analysis of alternatives from a financial, operational and organisational perspective, and legislative proposals from the Commission, a permanent Management Authority with responsibility for these tasks should be established. The transitional period should last for no more than five years from the date of entry into force of this Regulation.
(5)
The VIS should have the purpose of improving the implementation of the common visa policy, consular cooperation and consultation between central visa authorities by facilitating the exchange of data between Member States on applications and on the decisions relating thereto, in order to facilitate the visa application procedure, to prevent ‘visa shopping’, to facilitate the fight against fraud and to facilitate checks at external border crossing points and within the territory of the Member States. The VIS should also assist in the identification of any person who may not, or may no longer, fulfil the conditions for entry to, stay or residence on the territory of the Member States, and facilitate the application of Council Regulation (EC) No 343/2003 of 18 February 2003 establishing the criteria and mechanism for determining the Member State responsible for examining an asylum application lodged in one of the Member States by a third-country national (3), and contribute to the prevention of threats to the internal security of any of the Member States.
(6)
This Regulation is based on the acquis of the common visa policy. The data to be processed by the VIS should be determined on the basis of the data provided by the common form for visa applications as introduced by Council Decision 2002/354/EC of 25 April 2002 on the adaptation of Part III of, and the creation of an Annex 16 to, the Common Consular Instructions (4), and the information on the visa sticker provided for in Council Regulation (EC) No 1683/95 of 29 May 1995 laying down a uniform format for visas (5).
(7)
The VIS should be connected to the national systems of the Member States to enable the competent authorities of the Member States to process data on visa applications and on visas issued, refused, annulled, revoked or extended.
(8)
The conditions and procedures for entering, amending, deleting and consulting the data in the VIS should take into account the procedures laid down in the Common Consular Instructions on visas for the diplomatic missions and consular posts (6) (the Common Consular Instructions).
(9)
The technical functionalities of the network for consulting the central visa authorities as laid down in Article 17(2) of the Convention implementing the Schengen Agreement of 14 June 1985 between the Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and the French Republic on the gradual abolition of checks at their common borders (7) (the Schengen Convention) should be integrated into the VIS.
(10)
To ensure reliable verification and identification of visa applicants, it is necessary to process biometric data in the VIS.
(11)
It is necessary to define the competent authorities of the Member States, the duly authorised staff of which are to have access to enter, amend, delete or consult data for the specific purposes of the VIS in accordance with this Regulation to the extent necessary for the performance of their tasks.
(12)
Any processing of VIS data should be proportionate to the objectives pursued and necessary for the performance of the tasks of the competent authorities. When using the VIS, the competent authorities should ensure that the human dignity and integrity of the persons whose data are requested are respected and should not discriminate against persons on grounds of sex, racial or ethnic origin, religion or belief, disability, age or sexual orientation.
(13)
This Regulation should be complemented by a separate legal instrument adopted under Title VI of the Treaty on European Union concerning access for the consultation of the VIS by authorities responsible for internal security.
(14)
The personal data stored in the VIS should be kept for no longer than is necessary for the purposes of the VIS. It is appropriate to keep the data for a maximum period of five years, in order to enable data on previous applications to be taken into account for the assessment of visa applications, including the applicants' good faith, and for the documentation of illegal immigrants who may, at some stage, have applied for a visa. A shorter period would not be sufficient for those purposes. The data should be deleted after a period of five years, unless there are grounds to delete them earlier.
(15)
Precise rules should be laid down as regards the responsibilities for the establishment and operation of the VIS, and the responsibilities of the Member States for the national systems and the access to data by the national authorities.
(16)
Rules on the liability of the Member States in respect of damage arising from any breach of this Regulation should be laid down. The liability of the Commission in respect of such damage is governed by the second paragraph of Article 288 of the Treaty.
(17)
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (8) applies to the processing of personal data by the Member States in application of this Regulation. However, certain points should be clarified in respect of the responsibility for the processing of data, of safeguarding the rights of the data subjects and of the supervision on data protection.
(18)
Regulation (EC) No 45/2001 of the European Parliament and the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (9) applies to the activities of the Community institutions or bodies when carrying out their tasks as responsible for the operational management of the VIS. However, certain points should be clarified in respect of the responsibility for the processing of data and of the supervision of data protection.
(19)
The National Supervisory Authorities established in accordance with Article 28 of Directive 95/46/EC should monitor the lawfulness of the processing of personal data by the Member States, while the European Data Protection Supervisor as established by Regulation (EC) No 45/2001 should monitor the activities of the Community institutions and bodies in relation to the processing of personal data, taking into account the limited tasks of the Community institutions and bodies with regard to the data themselves.
(20)
The European Data Protection Supervisor and the National Supervisory Authorities should cooperate actively with each other.
(21)
The effective monitoring of the application of this Regulation requires evaluation at regular intervals.
(22)
The Member States should lay down rules on penalties applicable to infringements of the provisions of this Regulation and ensure that they are implemented.
(23)
The measures necessary for the implementation of this Regulation should be adopted in accordance with Council Decision 1999/468/EC of 28 June 1999 laying down the procedures for the exercise of implementing powers conferred on the Commission (10).
(24)
This Regulation respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union.
(25)
Since the objectives of this Regulation, namely the establishment of a common Visa Information System and the creation of common obligations, conditions and procedures for the exchange of visa data between Member States, cannot be sufficiently achieved by the Member States and can therefore, by reason of the scale and impact of the action, be better achieved at Community level, the Community may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty. In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives.
(26)
In accordance with Articles 1 and 2 of the Protocol on the position of Denmark, annexed to the Treaty on European Union and the Treaty establishing the European Community, Denmark does not take part in the adoption of this Regulation and is therefore not bound by it or subject to its application. Given that this Regulation builds upon the Schengen acquis under the provisions of Title IV of Part Three of the Treaty establishing the European Community, Denmark should, in accordance with Article 5 of that Protocol, decide within a period of six months after the adoption of this Regulation whether it will implement it in its national law.
(27)
As regards Iceland and Norway, this Regulation constitutes a development of provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis (11), which falls within the area referred to in Article 1, point B of Council Decision 1999/437/EC (12) of 17 May 1999 on certain arrangements for the application of that Agreement.
(28)
An arrangement should be made to allow representatives of Iceland and Norway to be associated with the work of committees assisting the Commission in the exercise of its implementing powers. Such an arrangement has been contemplated in the Agreement in the form of Exchange of Letters between the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning committees which assist the European Commission in the exercise of its executive powers (13), annexed to the Agreement referred to in Recital 27.
(29)
This Regulation constitutes a development of provisions of the Schengen acquis in which the United Kingdom does not take part, in accordance with Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis (14), and subsequent Council Decision 2004/926/EC of 22 December 2004 on the putting into effect of parts of the Schengen acquis by the United Kingdom of Great Britain and Northern Ireland (15). The United Kingdom is therefore not taking part in its adoption and is not bound by it or subject to its application.
(30)
This Regulation constitutes a development of provisions of the Schengen acquis in which Ireland does not take part, in accordance with Council Decision 2002/192/EC of 28 February 2002 concerning Ireland's request to take part in some of the provisions of the Schengen acquis (16). Ireland is therefore not taking part in its adoption and is not bound by it or subject to its application.
(31)
As regards Switzerland, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement signed by the European Union, the European Community and the Swiss Confederation on the association of the Swiss Confederation with the implementation, application and development of the Schengen acquis which falls within the area referred to in Article 1, point B of Decision 1999/437/EC read in conjunction with Article 4(1) of Council Decision 2004/860/EC (17).
(32)
An arrangement should be made to allow representatives of Switzerland to be associated with the work of committees assisting the Commission in the exercise of its implementing powers. Such an arrangement has been contemplated in the Exchange of Letters between the Community and Switzerland, annexed to the Agreement referred to in Recital 31.
(33)
This Regulation constitutes an act building on the Schengen acquis or otherwise related to it within the meaning of Article 3(2) of the 2003 Act of Accession and Article 4(2) of the 2005 Act of Accession,
