The Visa Information System (VIS) was established by Council Decision 2004/512/EC (3) to serve as the technological solution for exchanging visa data between Member States. Regulation (EC) No 767/2008 of the European Parliament and of the Council (4) laid down the purpose, functionalities and responsibilities for the VIS, as well as the conditions and procedures for the exchange of short-stay visa data between Member States to facilitate the examination of applications for short-stay visas and related decisions. Regulation (EC) No 810/2009 of the European Parliament and of the Council (5) set out the rules on the registration of biometric identifiers in the VIS. The access of law enforcement authorities of the Member States and of the European Union Agency for Law Enforcement Cooperation (Europol) to the VIS was established by Council Decision 2008/633/JHA (6). That Decision should be integrated into Regulation (EC) No 767/2008, to bring it in line with the current Treaty framework.
(2)
Interoperability between certain EU information systems was established by Regulations (EU) 2019/817 (7) and (EU) 2019/818 (8) of the European Parliament and of the Council so that those systems and their data supplement each other with a view to improving the effectiveness and efficiency of border checks at the external borders of the Union, contributing to preventing and combating illegal immigration and contributing to a high level of security within the area of freedom, security and justice of the Union, including the maintenance of public security and public policy and safeguarding security in the territories of the Member States.
(3)
Interoperability between the EU information systems allows those systems to supplement each other in order to facilitate the correct identification of persons, contribute to fighting identity fraud, improve and harmonise data quality requirements of the relevant EU information systems, facilitate the technical and operational implementation by Member States of existing and future EU information systems, strengthen and simplify the data security and data protection safeguards that govern the relevant EU information systems, streamline the law enforcement access to the VIS, the Entry/Exit System (EES), the European Travel Information and Authorisation System (ETIAS) and Eurodac, and support the purposes of the VIS, Schengen Information System (SIS), the EES, the ETIAS, Eurodac and the European Criminal Records Information System for third-country nationals (ECRIS-TCN).
(4)
The interoperability components cover the VIS, the SIS, the EES, the ETIAS, Eurodac and ECRIS-TCN, as well as Europol data to enable Europol data to be queried simultaneously with those EU information systems. It is therefore appropriate to use those interoperability components for the purpose of carrying out automated queries and when accessing the VIS for law enforcement purposes. The European search portal (ESP) established by Regulation (EU) 2019/818 should be used to enable fast, seamless, efficient, systematic and controlled access by Member States’ authorities to the EU information systems, the Europol data and the Interpol databases needed to perform their tasks, in accordance with their access rights, and to support the objectives of the VIS.
(5)
The ESP will enable the data stored in the VIS and the data stored in the other EU information systems concerned to be queried in parallel.
(6)
The comparison of data stored in the VIS against data stored in other information systems and databases should be automated. If such a comparison reveals the existence of a correspondence, known as a ‘hit’, between any of the personal data or combination thereof in an application and a record, file or alert in those other information systems or databases, or with personal data in the ETIAS watchlist, the application should be verified manually by an operator from the competent authority. The assessment of hits performed by the competent authority should be taken into account for the decision whether to issue a short-stay visa, a long-stay visa or a residence permit.
(7)
This Regulation lays down the manner in which interoperability and the conditions for the consultation of the data stored in SIS, Eurodac and ECRIS-TCN as well as of the Europol data by the VIS automated process for the purpose of identifying hits are to be implemented. As a result, it is necessary to amend Regulations (EU) No 603/2013 (9), (EU) 2016/794 (10), (EU) 2018/1862 (11), (EU) 2019/816 (12) and (EU) 2019/818 of the European Parliament and of the Council in order to connect the VIS to the other EU information systems and to Europol data.
(8)
The conditions under which, on the one hand, the visa authorities are able to consult data stored in Eurodac and, on the other, the VIS designated authorities are able to consult Europol data, certain SIS data and data stored in ECRIS-TCN for the purposes of the VIS should be safeguarded by clear and precise rules regarding the access by those authorities to those data, the type of queries and categories of data, all of which should be limited to what is strictly necessary for the performance of the duties of those authorities. In the same vein, the data stored in the VIS application file should be visible only to those Member States that are operating the underlying information systems in accordance with the arrangements for their participation.
(9)
Regulation (EU) 2021/1134 of the European Parliament and of the Council (13) allocates new tasks to Europol such as the provision of opinions following consultation requests by the VIS designated authorities and the ETIAS National Units. To implement those tasks, it is therefore necessary to amend Regulation (EU) 2016/794 accordingly.
(10)
In order to support the VIS objective of assessing whether an applicant for a short-stay visa, a long-stay visa or a residence permit could pose a threat to public policy or public security, the VIS should be able to verify whether any correspondence exists between data in the VIS application files and the ECRIS-TCN data in the Common Identity Repository (CIR) established by Regulation (EU) 2019/818 in regard to which Member States hold information on third-country nationals and stateless persons concerning convictions for a terrorist offence or any other criminal offence listed in the Annex to Regulation (EU) 2018/1240 of the European Parliament and of the Council (14) if it is punishable by a custodial sentence or a detention order for a maximum period of at least three years under national law.
(11)
A hit indicated by ECRIS-TCN should not by itself be taken to mean that the third-country national concerned has been convicted in the Member States that are indicated. The existence of previous convictions should be confirmed only on the basis of information received from the criminal records of the Member States concerned.
(12)
This Regulation is without prejudice to Directive 2004/38/EC of the European Parliament and of the Council (15).
(13)
In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union (TEU) and to the Treaty on the Functioning of the European Union (TFEU), Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application. Given that this Regulation, insofar as it relates to SIS as governed by Regulation (EU) 2018/1862, builds upon the Schengen acquis, Denmark shall, in accordance with Article 4 of that Protocol, decide within a period of six months after the Council has decided on this Regulation whether it will implement it in its national law.
(14)
Insofar as it relates to SIS as governed by Regulation (EU) 2018/1862, Ireland is taking part in this Regulation, in accordance with Article 5(1) of Protocol No 19 on the Schengen acquis integrated into the framework of the European Union, annexed to the TEU and to the TFEU, and Article 6(2) of Council Decision 2002/192/EC (16). Furthermore, insofar as it relates to Europol, Eurodac and ECRIS-TCN, in accordance with Articles 1 and 2 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the TEU and to the TFEU, and without prejudice to Article 4 of that Protocol, Ireland is not taking part in the adoption of this Regulation and is not bound by it or subject to its application.
(15)
As regards Iceland and Norway, this Regulation constitutes, insofar as it relates to SIS as governed by Regulation (EU) 2018/1862, a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latters’ association with the implementation, application and development of the Schengen acquis (17) which fall within the area referred to in Article 1, point G, of Council Decision 1999/437/EC (18).
(16)
As regards Switzerland, this Regulation constitutes, insofar as it relates to SIS as governed by Regulation (EU) 2018/1862, a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (19) which fall within the area referred to in Article 1, point G, of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/149/JHA (20).
(17)
As regards Liechtenstein, this Regulation constitutes, insofar as it relates to SIS as governed by Regulation (EU) 2018/1862, a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (21) which fall within the area referred to in Article 1, point G, of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU (22).
(18)
For this Regulation to fit into the existing legal framework, Regulations (EU) No 603/2013, (EU) 2016/794, (EU) 2018/1862, (EU) 2019/816 and (EU) 2019/818 should be amended accordingly,