Regulation (EU) 2018/1240 of the European Parliament and of the Council (2) established the European Travel Information and Authorisation System (‘ETIAS’) for third-country nationals exempt from the requirement to be in possession of a visa when crossing the external borders of the Union. That Regulation laid down the conditions and procedures for issuing or refusing a travel authorisation under ETIAS.
(2)
ETIAS enables consideration of whether the presence of those third-country nationals in the territory of the Member States would pose a security, illegal immigration or high epidemic risk.
(3)
In order to enable the ETIAS Central System to process application files as referred to in Regulation (EU) 2018/1240, it is necessary to establish interoperability between the ETIAS Information System, on the one hand, and the Entry/Exit System (‘EES’), the Visa Information System (‘VIS’), the Schengen Information System (‘SIS’), Eurodac and the European Criminal Records Information System – Third-Country Nationals (‘ECRIS-TCN’) (‘other EU information systems’), and Europol data as defined in that Regulation (‘Europol data’), on the other hand.
(4)
This Regulation, together with Regulations (EU) 2021/1151 (3) and (EU) 2021/1152 (4) of the European Parliament and of the Council, lays down rules on the implementation of interoperability between the ETIAS Information System, on the one hand, and other EU information systems and Europol data, on the other hand, and the conditions for the consultation of data stored in other EU information systems and Europol data by ETIAS for the purpose of automatically identifying hits. As a result, it is necessary to amend Regulations (EU) 2018/1862 (5) and (EU) 2019/818 (6) of the European Parliament and of the Council in order to connect the ETIAS Central System to other EU information systems and to Europol data and to specify the data that will be sent between those EU information systems and Europol data.
(5)
As regards the implementation of interoperability with Eurodac, in accordance with Regulation (EU) 2018/1240, the necessary consequential amendments will be adopted once the recast of Regulation (EU) No 603/2013 of the European Parliament and of the Council (7) is adopted.
(6)
The European Search Portal (ESP), established by Regulation (EU) 2019/817 of the European Parliament and of the Council (8) and Regulation (EU) 2019/818, will enable the data stored in ETIAS and the data stored in the other EU information systems concerned to be queried in parallel.
(7)
Technical arrangements should be established to enable ETIAS to regularly and automatically verify in other EU information systems whether the conditions for the retention of application files, as laid down in Regulation (EU) 2018/1240, are still fulfilled.
(8)
It is possible to revoke ETIAS travel authorisations following the entering in SIS of new alerts on refusal of entry and stay, or new alerts concerning a travel document reported as lost, stolen, misappropriated or invalidated. In order for the ETIAS Central System to be informed automatically by SIS of such new alerts, an automated process should be established between SIS and ETIAS.
(9)
The conditions, including access rights, under which the ETIAS Central Unit and ETIAS National Units are able to consult data stored in other EU information systems for the purposes of ETIAS should be safeguarded by clear and precise rules regarding access by the ETIAS Central Unit and ETIAS National Units to the data stored in other EU information systems, the types of query and the categories of data, all of which should be limited to what is strictly necessary for the performance of their duties. In the same vein, the data stored in the ETIAS application files should be visible only to those Member States that operate the underlying information systems in accordance with the arrangements for their participation.
(10)
Pursuant to Regulation (EU) 2018/1240, the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), established by Regulation (EU) 2018/1726 of the European Parliament and of the Council (9), is to be responsible for the design and development phase of the ETIAS Information System.
(11)
This Regulation is without prejudice to Directive 2004/38/EC of the European Parliament and of the Council (10).
(12)
In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union (TEU) and to the Treaty on the Functioning of the European Union (TFEU), Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application. Given that this Regulation builds upon the Schengen acquis, Denmark shall, in accordance with Article 4 of that Protocol, decide within a period of six months after the Council has decided on this Regulation whether it will implement it in its national law.
(13)
Insofar as its provisions relate to SIS as governed by Regulation (EU) 2018/1862, Ireland is taking part in this Regulation, in accordance with Article 5(1) of Protocol No 19 on the Schengen acquis integrated into the framework of the European Union, annexed to the TEU and to the TFEU, and Article 6(2) of Council Decision 2002/192/EC (11). Furthermore, insofar as its provisions relate to Europol, Eurodac and ECRIS-TCN, in accordance with Articles 1 and 2 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the TEU and to the TFEU, and without prejudice to Article 4 of that Protocol, Ireland is not taking part in the adoption of this Regulation and is not bound by it or subject to its application.
(14)
With regard to Cyprus and Croatia, this Regulation constitutes an act building upon, or otherwise relating to, the Schengen acquis within, respectively, the meaning of Article 3(2) of the 2003 Act of Accession and Article 4(2) of the 2011 Act of Accession. With respect to Croatia, this Regulation has to be read in conjunction with Council Decision (EU) 2017/733 (12).
(15)
As regards Iceland and Norway, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latters’ association with the implementation, application and development of the Schengen acquis (13) which fall within the area referred to in Article 1, point G, of Council Decision 1999/437/EC (14).
(16)
As regards Switzerland, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (15), which fall within the area referred to in Article 1, point G, of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/149/JHA (16).
(17)
As regards Liechtenstein, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (17) which fall within the area referred to in Article 1, point G, of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/349/EU (18).
(18)
Regulations (EU) 2018/1862 and (EU) 2019/818 should therefore be amended accordingly.
(19)
Since the objectives of this Regulation, namely to amend Regulations (EU) 2018/1862 and (EU) 2019/818 in order to connect the ETIAS Central System to other EU information systems and to Europol data and to specify the data that will be sent between those EU information systems and Europol data, cannot be sufficiently achieved by the Member States but can rather, by reason of their scale and effects, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 TEU. In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives.
(20)
The European Data Protection Supervisor was consulted, in accordance with Article 41(2) of Regulation (EU) 2018/1725 of the European Parliament and the Council (19),
