Regulation (EU) No 1077/2011 of the European Parliament and of the Council of 25 October 2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice
Modified by
Regulation (EU) No 603/2013 of the European Parliament and of the Councilof 26 June 2013on the establishment of Eurodac for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States' law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (recast), 32013R0603, June 29, 2013
Regulation (EU) 2017/2226 of the European Parliament and of the Councilof 30 November 2017establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011, 32017R2226, December 9, 2017
Regulation (EU) 2018/1240 of the European Parliament and of the Councilof 12 September 2018establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226, 32018R1240, September 19, 2018
Regulation (EU) No 1077/2011 of the European Parliament and of the Councilof 25 October 2011establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justiceCHAPTER ISUBJECT MATTERArticle 1Establishment of the Agency1.A European agency for the operational management of large-scale IT systems in the area of freedom, security and justice (the Agency) is hereby established.2.The Agency shall be responsible for the operational management of the second-generation Schengen Information System (SIS II), the Visa Information System (VIS), Eurodac and the Entry/Exit System established by Regulation (EU) 2017/2226 of the European Parliament and of the CouncilRegulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011 (OJ L 327, 9.12.2017, p. 20). (EES).3.The Agency may also be made responsible for the preparation, development and operational management of large-scale IT systems in the area of freedom, security and justice other than those referred to in paragraph 2, only if so provided by relevant legislative instruments, based on Articles 67 to 89 TFEU, taking into account, where appropriate, the developments in research referred to in Article 8 of this Regulation and the results of pilot schemes referred to in Article 9 of this Regulation.4.Operational management shall consist of all the tasks necessary to keep large-scale IT systems functioning in accordance with the specific provisions applicable to each of them, including responsibility for the communication infrastructure used by them. Those large-scale IT systems shall not exchange data or enable sharing of information or knowledge, unless so provided in a specific legal basis.Article 2ObjectivesWithout prejudice to the respective responsibilities of the Commission and of the Member States under the legislative instruments governing large-scale IT systems, the Agency shall ensure:(a)effective, secure and continuous operation of large-scale IT systems;(b)the efficient and financially accountable management of large-scale IT systems;(c)an adequately high quality of service for users of large-scale IT systems;(d)continuity and uninterrupted service;(e)a high level of data protection, in accordance with the applicable rules, including specific provisions for each large-scale IT system;(f)an appropriate level of data and physical security, in accordance with the applicable rules, including specific provisions for each large-scale IT system; and(g)the use of an adequate project management structure for efficiently developing large-scale IT systems.
CHAPTER IITASKSArticle 3Tasks relating to SIS IIIn relation to SIS II, the Agency shall perform:(a)the tasks conferred on the Management Authority by Regulation (EC) No 1987/2006 and Decision 2007/533/JHA; and(b)tasks relating to training on the technical use of SIS II, in particular for SIRENE-staff (SIRENE — Supplementary Information Request at the National Entries) and training of experts on the technical aspects of SIS II in the framework of Schengen evaluation.Article 4Tasks relating to VISIn relation to VIS, the Agency shall perform:(a)the tasks conferred on the Management Authority by Regulation (EC) No 767/2008 and Decision 2008/633/JHA; and(b)tasks relating to training on the technical use of VIS.Article 5Tasks relating to EurodacIn relation to Eurodac, the Agency shall perform:(a)the tasks conferred on it by Regulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of "Eurodac" for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person), and on requests for the comparison with Eurodac data by Member States' law enforcement authorities and Europol for law enforcement purposesOJ L 180, 29.6.2013, p. 1.; and(b)tasks relating to training on the technical use of Eurodac.Article 5aTasks relating to the EESIn relation to the EES, the Agency shall perform:(a)the tasks conferred on it by Regulation (EU) 2017/2226;(b)tasks relating to training on the technical use of the EES.Article 5bTasks relating to ETIASIn relation to ETIAS, the Agency shall perform the tasks conferred on it by Article 73 of Regulation (EU) 2018/1240 of the European Parliament and of the CouncilRegulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1)..Article 6Tasks relating to the preparation, development and operational management of other large-scale IT systemsWhen entrusted with the preparation, development and operational management of other large-scale IT systems referred to in Article 1(3), the Agency shall perform tasks relating to training on the technical use of those systems, as appropriate.Article 7Tasks relating to the communication infrastructure1.The Agency shall carry out the tasks relating to the communication infrastructure conferred on the Management Authority by the legislative instruments governing the development, establishment, operation and use of large-scale IT systems referred to in Article 1(2).2.According to the legislative instruments referred to in paragraph 1, the tasks regarding the communication infrastructure (including the operational management and security) are divided between the Agency and the Commission. In order to ensure coherence between the exercise of their respective responsibilities, operational working arrangements shall be made between the Agency and the Commission and reflected in a Memorandum of Understanding.3.The communication infrastructure shall be adequately managed and controlled in order to protect it from threats, and to ensure its security and that of large-scale IT systems, including that of data exchanged through the communication infrastructure.4.Appropriate measures including security plans shall be adopted, inter alia, to prevent the unauthorised reading, copying, modification or deletion of personal data during transfers of personal data or transport of data media, in particular by means of appropriate encryption techniques. No system-related operational information shall circulate in the communication infrastructure without encryption.5.Tasks related to the operational management of the communication infrastructure may be entrusted to external private-sector entities or bodies in accordance with Regulation (EU, Euratom) No 966/2012 of the European Parliament and of the CouncilRegulation (EU, Euratom) No 966/2012 of the European Parliament and of the Council of 25 October 2012 on the financial rules applicable to the general budget of the Union and repealing Council Regulation (EC, Euratom) No 1605/2002 (OJ L 298, 26.10.2012, p. 1).. In such a case, the network provider shall be bound by the security measures referred to in paragraph 4 of this Article and shall have no access to SIS II, VIS, Eurodac or EES operational data, or to the SIS II-related SIRENE exchange, by any means.6.Without prejudice to the existing contracts on the network of SIS II, VIS, Eurodac and EES, the management of encryption keys shall remain within the competence of the Agency and shall not be outsourced to any external private-sector entity.Article 8Monitoring of research1.The Agency shall monitor the developments in research relevant for the operational management of SIS II, VIS, Eurodac, EES and other large-scale IT systems.2.The Agency shall on a regular basis keep the European Parliament, the Council, the Commission, and, where data protection issues are concerned, the European Data Protection Supervisor, informed of the developments referred to in paragraph 1.Article 9Pilot schemes1.Only upon the specific and precise request of the Commission, which shall have informed the European Parliament and the Council at least 3 months in advance, and after a decision by the Management Board, the Agency may, in accordance with Article 12(1)(l), carry out pilot schemes as referred to in Article 49(6)(a) of Regulation (EC, Euratom) No 1605/2002, for the development or the operational management of large-scale IT systems, in the application of Articles 67 to 89 TFEU.The Agency shall on a regular basis keep the European Parliament, the Council and, where data protection issues are concerned, the European Data Protection Supervisor, informed of the evolution of the pilot schemes referred to in the first subparagraph.2.Financial appropriations for pilot schemes as requested by the Commission shall be entered in the budget for no more than two successive financial years.CHAPTER IIISTRUCTURE AND ORGANISATIONArticle 10Legal status1.The Agency shall be a Union body and shall have legal personality.2.In each of the Member States, the Agency shall enjoy the most extensive legal capacity accorded to legal persons under national law. It may, in particular, acquire or dispose of movable and immovable property and may be a party to legal proceedings. It may also conclude agreements concerning the seat of the Agency and the sites set up in accordance with paragraph 4 with the Member States on whose territories the seat and the technical and backup sites are situated (host Member States).3.The Agency shall be represented by its Executive Director.4.The seat of the Agency shall be Tallinn, Estonia.The tasks relating to development and operational management referred to in Article 1(3) and Articles 3, 4, 5 and 7 shall be carried out in Strasbourg, France.A backup site capable of ensuring the operation of a large-scale IT system in the event of a failure of such a system shall be installed in Sankt Johann im Pongau, Austria, if a backup site is provided for in the legislative instrument governing its development, establishment, operation and use.Article 11Structure1.The Agency’s administrative and management structure shall comprise:(a)a Management Board;(b)an Executive Director;(c)Advisory Groups.2.The Agency’s structure shall also include:(a)a Data Protection Officer;(b)a Security Officer;(c)an Accounting Officer.Article 12Functions of the Management Board1.In order to ensure that the Agency carry out its tasks, the Management Board shall:(a)appoint, and if appropriate dismiss, the Executive Director, in accordance with Article 18;(b)exercise disciplinary authority over the Executive Director and oversee his performance including the implementation of the Management Board’s decisions;(c)establish the Agency’s organisational structure after consulting the Commission;(d)establish the rules of procedure of the Agency after consulting the Commission;(e)approve, following a proposal by the Executive Director, the Headquarters Agreement concerning the seat of the Agency and Agreements concerning the technical and backup sites set up in accordance with Article 10(4) to be signed by the Executive Director with the host Member States;(f)in agreement with the Commission, adopt the necessary implementing measures referred to in Article 110 of the Staff Regulations of Officials;(g)adopt the necessary implementing measures on the secondment of national experts to the Agency;(h)adopt a multi-annual work programme based on the tasks referred to in Chapter II on the basis of a draft submitted by the Executive Director as referred to in Article 17, after consulting the Advisory Groups referred to in Article 19, and following receipt of the Commission’s opinion. The multi-annual work programme shall, without prejudice to the annual budgetary procedure, include a multi-annual budget estimate and ex ante evaluations in order to structure the objectives and the different stages of the multi-annual planning;(i)adopt a multi-annual staff policy plan and a draft annual work programme and submit them by 31 March each year to the Commission and the budgetary authority;(j)by 30 September each year, and after receiving the opinion of the Commission, adopt by a two-thirds majority of its members with the right to vote, and in accordance with the annual budgetary procedure and the Union legislative programme in areas under Articles 67 to 89 TFEU, the Agency’s annual work programme for the following year; and ensure that the adopted work programme is transmitted to the European Parliament, the Council and the Commission and published;(k)by 31 March each year, adopt the Agency’s annual activity report for the previous year comparing, in particular, the results achieved with the objectives of the annual work programme and transmit it by 15 June of the same year to the European Parliament, the Council, the Commission and the Court of Auditors; the annual activity report shall be published;(l)carry out its functions relating to the Agency’s budget, including the implementation of pilot schemes as referred to in Article 9, pursuant to Article 32, Article 33(6) and Article 34;(m)adopt the financial rules applicable to the Agency in accordance with Article 34;(n)appoint an Accounting Officer who shall be functionally independent in the performance of his duties;(o)ensure adequate follow-up to the findings and recommendations stemming from the various internal or external audit reports and evaluations;(p)adopt the necessary security measures, including a security plan and a business continuity and disaster recovery plan, taking into account the possible recommendations of the security experts present in the Advisory Groups;(q)appoint a Security Officer;(r)appoint a Data Protection Officer in accordance with Regulation (EC) No 45/2001;(s)adopt, by 22 May 2012, the practical arrangements for implementing Regulation (EC) No 1049/2001;(t)adopt the reports on the technical functioning of SIS II pursuant to Article 50(4) of Regulation (EC) No 1987/2006 and Article 66(4) of Decision 2007/533/JHA, of VIS pursuant to Article 50(3) of Regulation (EC) No 767/2008 and Article 17(3) of Decision 2008/633/JHA and of EES pursuant to Article 72(4) of Regulation (EU) 2017/2226;(u)adopt the annual report on the activities of the Central System of Eurodac pursuant to Article 40(1) of Regulation (EU) No 603/2013;(v)make comments on the European Data Protection Supervisor’s reports on the audits pursuant to Article 45(2) of Regulation (EC) No 1987/2006, Article 42(2) of Regulation (EC) No 767/2008, Article 31(2) of Regulation (EU) No 603/2013 and Article 56(2) of Regulation (EU) 2017/2226 and ensure appropriate follow-up to those audits;(w)publish statistics related to SIS II pursuant to Article 50(3) of Regulation (EC) No 1987/2006 and Article 66(3) of Decision 2007/533/JHA respectively;(x)compile statistics on the work of the Central System of Eurodac pursuant to Article 8(2) of Regulation (EU) No 603/2013;(y)ensure annual publication of the list of competent authorities authorised to search directly the data contained in SIS II pursuant to Article 31(8) of Regulation (EC) No 1987/2006 and Article 46(8) of Decision 2007/533/JHA, together with the list of Offices of the national systems of SIS II (N.SIS II) and SIRENE Bureaux as referred to in Article 7(3) of Regulation (EC) No 1987/2006 and Article 7(3) of Decision 2007/533/JHA respectively;(z)ensure annual publication of the list of units pursuant to Article 27(2) of Regulation (EU) No 603/2013;(aa)perform any other tasks conferred on it in accordance with this Regulation;(sa)adopt the reports on the development of the EES pursuant to Article 72(2) of Regulation (EU) 2017/2226;(xa)publish statistics related to the EES pursuant to Article 63 of Regulation (EU) 2017/2226;(za)ensure annual publication of the list of competent authorities pursuant to Article 65(2) of Regulation (EU) 2017/2226.2.The Management Board may advise the Executive Director on any matter strictly related to the development or operational management of large-scale IT systems.Article 13Composition of the Management Board1.The Management Board shall be composed of one representative of each Member State and two representatives of the Commission.2.Each Member State and the Commission shall appoint the members of the Management Board as well as alternate members, by 22 January 2012. After the expiry of that period, the Commission shall convene the Management Board. In their absence, members shall be represented by their alternates.3.The members of the Management Board shall be appointed on the basis of the high level of their relevant experience and expertise in the field of large-scale IT systems in the area of freedom, security and justice, and knowledge in data protection.4.The term of office of the members shall be 4 years. It may be renewed once. Upon expiry of their term of office or in the event of their resignation, members shall remain in office until their appointments are renewed or until they are replaced.5.Countries associated with the implementation, application and development of the Schengen acquis and Eurodac-related measures shall participate in the activities of the Agency. They shall each appoint one representative and an alternate to the Management Board.Article 14Chairmanship of the Management Board1.The Management Board shall elect a Chairperson and a deputy Chairperson from among its members.2.The term of office of the Chairperson and the deputy Chairperson shall be 2 years. Their term of office may be renewed once. If, however, their membership of the Management Board ends at any time during their term of office, their term of office shall automatically expire on that date also.3.The Chairperson and the deputy Chairperson shall be elected only from among those members of the Management Board who are appointed by Member States which are fully bound under Union law by the legislative instruments governing the development, establishment, operation and use of all large-scale IT systems managed by the Agency.Article 15Meetings of the Management Board1.The meetings of the Management Board shall be convened at the request of any of the following:(a)its Chairperson;(b)at least a third of its members;(c)the Commission;(d)the Executive Director.The Management Board shall hold at least one ordinary meeting every 6 months.2.The Executive Director shall participate in the meetings of the Management Board.3.The members of the Management Board may be assisted by experts who are members of the Advisory Groups.4.Europol and Eurojust may attend the meetings of the Management Board as observers when a question concerning SIS II, in relation to the application of Decision 2007/533/JHA, is on the agenda. Europol may also attend the meetings of the Management Board as an observer when a question concerning VIS, in relation to the application of Decision 2008/633/JHA, a question concerning Eurodac, in relation to the application of Regulation (EU) No 603/2013, or a question concerning the EES, in relation to the application of Regulation (EU) 2017/2226, is on the agenda.5.The Management Board may invite any other person whose opinion may be of interest, to attend its meetings as an observer.6.The Agency shall provide the Management Board with a secretariat.Article 16Voting1.Without prejudice to paragraph 5 of this Article, and to Article 12(1)(j) and Article 18(1) and (7), decisions of the Management Board shall be taken by a majority of all its members with a right to vote.2.Without prejudice to paragraph 3, each member in the Management Board shall have one vote.3.Each member appointed by a Member State which is bound under Union law by any legislative instrument governing the development, establishment, operation and use of a large-scale IT system managed by the Agency may vote on a question which concerns that large-scale IT system.In addition, as regards Denmark, it may vote on a question which concerns such a large-scale IT system, if it decides under Article 4 of the Protocol on the position of Denmark to implement the legislative instrument governing the development, establishment, operation and use of such a large-scale IT system in its national law.4.Regarding countries associated with the implementation, application and development of the Schengen acquis and Eurodac-related measures, Article 37 shall apply.5.In the case of a disagreement among members about whether a specific large-scale IT system is affected by a vote, any decision that it is not so affected shall be taken by a two-thirds majority.6.The Executive Director shall not vote.7.More detailed voting arrangements shall be established in the rules of procedure of the Agency, in particular the conditions under which a member may act on behalf of another member as well as any quorum requirements, where appropriate.Article 17Functions and powers of the Executive Director1.The Agency shall be managed and represented by its Executive Director.2.The Executive Director shall be independent in the performance of his duties. Without prejudice to the respective competences of the Commission and the Management Board, the Executive Director shall neither seek nor take instructions from any government or other body.3.Without prejudice to Article 12, the Executive Director shall assume full responsibility for the tasks entrusted to the Agency and shall be subject to the procedure for annual discharge by the European Parliament for the implementation of the budget.4.The European Parliament or the Council may invite the Executive Director to report on the implementation of his tasks.5.The Executive Director shall:(a)ensure the Agency’s day-to-day administration;(b)ensure the Agency’s operation in accordance with this Regulation;(c)prepare and implement the procedures, decisions, strategies, programmes and activities adopted by the Management Board, within the limits specified by this Regulation, its implementing rules and the applicable law;(d)establish and implement an effective system enabling regular monitoring and evaluations of:(i)large-scale IT systems, including statistics; and(ii)the Agency, including the effective and efficient achievement of its objectives;(e)participate, without the right to vote, in the meetings of the Management Board;(f)exercise with respect to the Agency’s staff the powers laid down in Article 20(3) and manage staff matters;(g)without prejudice to Article 17 of the Staff Regulations, establish confidentiality requirements in order to comply with Article 17 of Regulation (EC) No 1987/2006, Article 17 of Decision 2007/533/JHA, Article 26(9) of Regulation (EC) No 767/2008, Article 4(4) of Regulation (EU) No 603/2013 and Article 37(4) of Regulation (EU) 2017/2226;(h)negotiate and, after approval by the Management Board, sign a Headquarters Agreement concerning the seat of the Agency and Agreements concerning technical and backup sites with the Governments of the host Member States.6.The Executive Director shall submit to the Management Board for adoption, in particular, the drafts of the following:(a)the Agency’s annual work programme and its annual activity report, after prior consultation of the Advisory Groups;(b)the financial rules applicable to the Agency;(c)the multi-annual work programme;(d)the budget for the coming year, established on the basis of activity-based budgeting;(e)the multi-annual Staff Policy Plan;(f)the terms of reference for the evaluation referred to in Article 31;(g)the practical arrangements for implementing Regulation (EC) No 1049/2001;(h)the necessary security measures including a security plan, and a business continuity and disaster recovery plan;(i)reports on the technical functioning of each large-scale IT system referred to in Article 12(1)(t) and the annual report on the activities of the Central System of Eurodac referred to in Article 12(1)(u), on the basis of the results of monitoring and evaluation;(j)the annual list, for publication, of competent authorities authorised to search directly the data contained in SIS II, including the list of N.SIS II Offices and SIRENE Bureaux, referred to in Article 12(1)(y) and the list of authorities referred to in Article 12(1)(z);(k)reports on the state of play of the development of the EES referred to in Article 72(2) of Regulation (EU) 2017/2226.7.The Executive Director shall perform any other tasks in accordance with this Regulation.Article 18Appointment of the Executive Director1.The Management Board shall appoint the Executive Director for a term of office of 5 years from a list of eligible candidates identified in an open competition organised by the Commission. The selection procedure shall provide for publication in the Official Journal of the European Union and elsewhere of a call for expressions of interest. The Management Board may require a repeated procedure if it is not satisfied with the suitability of any of the candidates retained in the list. The Management Board shall appoint the Executive Director on the basis of personal merit, experience in the field of large-scale IT systems and administrative, financial and management skills as well as knowledge in data protection. The Management Board shall take its decision to appoint the Executive Director by a two-thirds majority of all its members with a right to vote.2.Before appointment, the candidate selected by the Management Board shall be invited to make a statement before the competent committee(s) of the European Parliament and answer questions from the committee members. After such a statement, the European Parliament shall adopt an opinion setting out its view of the selected candidate. The Management Board shall inform the European Parliament of the manner in which that opinion has been taken into account. The opinion shall be treated as personal and confidential until the appointment of the candidate.3.In the course of the 9 months preceding the end of the five-year term of office, the Management Board, in close consultation with the Commission, shall undertake an evaluation in which it shall assess, in particular, the results achieved during the Executive Director’s first term of office and how they were achieved.4.The Management Board, taking into account the evaluation report, and only in those cases where it can be justified by the objectives and tasks of the Agency, may extend the term of office of the Executive Director once for up to 3 years.5.The Management Board shall inform the European Parliament about its intention to extend the Executive Director’s term of office. Within the month before any such extension, the Executive Director shall be invited to make a statement before the competent committee(s) of the European Parliament and answer questions from the committee members.6.The Executive Director shall be accountable to the Management Board.7.The Management Board may dismiss the Executive Director. The Management Board shall take such a decision by a two-thirds majority of all its members with a right to vote.Article 19Advisory Groups1.The following Advisory Groups shall provide the Management Board with expertise relating to large-scale IT systems and, in particular, in the context of the preparation of the annual work program and the annual activity report:(a)SIS II Advisory Group;(b)VIS Advisory Group;(c)Eurodac Advisory Group;(d)any other Advisory Group relating to a large-scale IT system when so provided in the relevant legislative instrument governing the development, establishment, operation and use of that large-scale IT system;(da)EES Advisory Group.2.Each Member State which is bound under Union law by any legislative instrument governing the development, establishment, operation and use of a particular large-scale IT system, as well as the Commission, shall appoint one member to the Advisory Group relating to that large-scale IT system, for a three-year term, which may be renewed.As regards Denmark, it shall also appoint a member to an Advisory Group relating to a large-scale IT system, if it decides under Article 4 of the Protocol on the position of Denmark to implement the legislative instrument governing the development, establishment, operation and use of that particular large-scale IT system in its national law.Each country associated with the implementation, application and development of the Schengen acquis, Eurodac-related measures and the measures related to other large-scale IT systems which participates in a particular large-scale IT system shall appoint a member to the Advisory Group relating to that large-scale IT system.3.Europol and Eurojust may each appoint a representative to the SIS II Advisory Group. Europol may also appoint a representative to the VIS, Eurodac and EES Advisory Groups.4.Members of the Management Board shall not be members of any of the Advisory Groups. The Executive Director or the Executive Director’s representative shall be entitled to attend all the meetings of the Advisory Groups as observers.5.The procedures for the operation and cooperation of the Advisory Groups shall be laid down in the Agency’s rules of procedure.6.When preparing an opinion, the members of each Advisory Group shall do their best to reach a consensus. If such a consensus is not reached, the opinion shall consist of the reasoned position of the majority of members. The minority reasoned position(s) shall also be recorded. Article 16(3) and (4) shall apply accordingly. The members representing the countries associated with the implementation, application and development of the Schengen acquis and Eurodac-related measures shall be allowed to express opinions on issues on which they are not entitled to vote.7.Each Member State and each country associated with the implementation, application and development of the Schengen acquis and Eurodac-related measures shall facilitate the activities of the Advisory Groups.8.For the chairmanship of the Advisory Groups, Article 14 shall apply mutatis mutandis.CHAPTER IVGENERAL PROVISIONSArticle 20Staff1.The Staff Regulations and the rules adopted jointly by the Union institutions for the purpose of applying the Staff Regulations shall apply to the staff of the Agency and to the Executive Director.2.For the purpose of implementing the Staff Regulations, the Agency shall be considered an agency within the meaning of Article 1a(2) of the Staff Regulations of Officials.3.The powers conferred on the Appointing Authority by the Staff Regulations of Officials and on the authority entitled to conclude contracts by the Conditions of Employment shall be exercised by the Agency in respect of its own staff.4.The staff of the Agency shall consist of officials, temporary staff or contract staff. The Management Board shall give its consent on an annual basis where the contracts that the Executive Director plans to renew would become indefinite pursuant to the Conditions of Employment.5.The Agency shall not recruit interim staff to perform what are deemed to be sensitive financial duties.6.The Commission and the Member States may second officials or national experts to the Agency on a temporary basis. The Management Board shall, taking into account the multi-annual staff policy plan, adopt the necessary implementing measures for that purpose.7.Without prejudice to Article 17 of the Staff Regulations of Officials, the Agency shall apply appropriate rules of professional secrecy or other equivalent duties of confidentiality.8.The Management Board shall, in agreement with the Commission, adopt the necessary implementing measures referred to in Article 110 of the Staff Regulations of Officials.Article 21Public interestThe members of the Management Board, the Executive Director and the members of the Advisory Groups shall undertake to act in the public interest. For that purpose they shall issue an annual, written, public statement of commitment.The list of members of the Management Board shall be published on the Agency’s Internet site.Article 22Headquarters Agreement and Agreements concerning the technical and backup sitesThe necessary arrangements concerning the accommodation to be provided for the Agency in the host Member States and the facilities to be made available by those Member States and the specific rules applicable in the host Member States to the Executive Director, the members of the Management Board, staff of the Agency and members of their families shall be laid down in a Headquarters Agreement concerning the seat of the Agency and in Agreements concerning the technical and backup sites, concluded between the Agency and the host Member States after obtaining the approval of the Management Board.Article 23Privileges and immunitiesThe Protocol on the Privileges and Immunities of the European Union shall apply to the Agency.Article 24Liability1.The contractual liability of the Agency shall be governed by the law applicable to the contract in question.2.The Court of Justice of the European Union shall have jurisdiction to give judgment pursuant to any arbitration clause contained in a contract concluded by the Agency.3.In the case of non-contractual liability, the Agency shall, in accordance with the general principles common to the laws of the Member States, make good any damage caused by its departments or by its servants in the performance of their duties.4.The Court of Justice of the European Union shall have jurisdiction in disputes relating to compensation for the damage referred to in paragraph 3.5.The personal liability of the Agency’s staff towards the Agency shall be governed by the provisions laid down in the Staff Regulations.Article 25Linguistic regime1.Regulation No 1 of 15 April 1958 determining the languages to be used by the European Economic CommunityOJ 17, 6.10.1958, p. 385/58. shall apply to the Agency.2.Without prejudice to decisions taken pursuant to Article 342 TFEU, the annual work programme and the annual activity report referred to in Article 12(1)(j) and (k), shall be produced in all official languages of the institutions of the Union.3.The translation services necessary for the activities of the Agency shall be provided by the Translation Centre for the Bodies of the European Union.Article 26Access to documents1.On the basis of a proposal by the Executive Director, and not later than 6 months after 1 December 2012, the Management Board shall adopt rules concerning access to the Agency’s documents, in accordance with Regulation (EC) No 1049/2001.2.Decisions taken by the Agency pursuant to Article 8 of Regulation (EC) No 1049/2001 may give rise to the lodging of a complaint to the European Ombudsman or form the subject of an action before the Court of Justice of the European Union, under the conditions laid down in Articles 228 and 263 TFEU respectively.Article 27Information and communication1.The Agency shall communicate in accordance with the legislative instruments governing the development, establishment, operation and use of large-scale IT-systems and on its own initiative in the fields within its tasks. It shall ensure in particular that in addition to the publication specified in Article 12(1)(j), (k), (w) and (y) and Article 33(8), the public and any interested party are rapidly given objective, reliable and easily understandable information with regard to its work.2.The Management Board shall lay down the practical arrangements for the application of paragraph 1.Article 28Data protection1.Without prejudice to the provisions on data protection laid down in the legislative instruments governing the development, establishment, operation and use of large-scale IT systems, the information processed by the Agency in accordance with this Regulation shall be subject to Regulation (EC) No 45/2001.2.The Management Board shall establish measures for the application of Regulation (EC) No 45/2001 by the Agency, and in particular Section 8 concerning the Data Protection Officer.Article 29Security rules on the protection of classified information and non-classified sensitive information1.The Agency shall apply the security principles laid down in Commission Decision 2001/844/EC, ECSC, Euratom of 29 November 2001 amending its internal Rules of ProcedureOJ L 317, 3.12.2001, p. 1., including the provisions for the exchange, processing and storage of classified information, and measures on physical security.2.The Agency shall also apply the security principles relating to the processing of non-classified sensitive information as adopted and implemented by the Commission.3.The Management Board shall, pursuant to Article 2 and Article 12(1)(p), decide on the Agency’s internal structure necessary to fulfil the appropriate security principles.Article 30Security of the Agency1.The Agency shall be responsible for the security and the maintenance of order within the buildings, premises and land used by it. The Agency shall apply the security principles and relevant provisions of the legislative instruments governing the development, establishment, operation and use of large-scale IT systems.2.The host Member States shall take all effective and adequate measures to maintain order and security in the immediate vicinity of the buildings, premises and land used by the Agency and shall provide to the Agency the appropriate protection, in accordance with the relevant Headquarters Agreement concerning the seat of the Agency and the Agreements concerning the technical and backup sites, whilst guaranteeing free access to these buildings, premises and land to persons authorised by the Agency.Article 31Evaluation1.Within 3 years from 1 December 2012, and every 4 years thereafter, the Commission, in close consultation with the Management Board, shall perform an evaluation of the action of the Agency. The evaluation shall examine the way and extent to which the Agency effectively contributes to the operational management of large-scale IT systems in the area of freedom, security and justice and fulfils its tasks laid down in this Regulation. The evaluation shall also assess the role of the Agency in the context of a Union strategy aimed at a coordinated, cost-effective and coherent IT environment at Union level that is to be established in the coming years.2.On the basis of the evaluation referred to in paragraph 1, the Commission, after consulting the Management Board, shall issue recommendations regarding changes to this Regulation, also in order to bring it further in line with the Union strategy referred to in paragraph 1. The Commission shall forward those recommendations, together with the opinion of the Management Board, as well as appropriate proposals to the European Parliament, the Council and the European Data Protection Supervisor.CHAPTER VFINANCIAL PROVISIONSArticle 32Budget1.The revenue of the Agency shall consist, without prejudice to other types of income, of:(a)a subsidy from the Union entered in the general budget of the European Union (Commission section);(b)a contribution from the countries associated with the implementation, application and development of the Schengen acquis and Eurodac-related measures;(c)any financial contribution from the Member States.2.The expenditure of the Agency shall include, inter alia, staff remuneration, administrative and infrastructure expenses, operating costs and expenditure relating to contracts or agreements concluded by the Agency. Each year the Executive Director shall draw up, taking into account the activities carried out by the Agency, a draft statement of estimates of the Agency’s revenue and expenditure for the following financial year, together with the establishment plan, and shall transmit it to the Management Board.3.Revenue and expenditure of the Agency shall be in balance.4.The Management Board, on the basis of a draft drawn up by the Executive Director, shall adopt a draft statement of estimates of the revenue and expenditure of the Agency for the following financial year.5.The draft statement of estimates of the Agency’s revenue and expenditure and the general guidelines underlying that estimate, shall be transmitted by the Management Board to the Commission and to the countries associated with the implementation, application and development of the Schengen acquis and Eurodac-related measures by 10 February each year and the final statement of estimates by 31 March each year.6.By 31 March each year, the Management Board shall submit to the Commission and to the budgetary authority:(a)its draft annual work programme;(b)its updated multi-annual Staff Policy Plan, established in line with the guidelines set by the Commission;(c)information on the number of officials, temporary and contract staff as defined in the Staff Regulations for the years n-1 and n as well as an estimate for the year n+1;(d)information on contributions in kind granted by the host Member States to the Agency;(e)an estimate of the balance of the outturn account for the year n-1.7.The statement of estimates shall be forwarded by the Commission to the budgetary authority together with the draft general budget of the European Union.8.On the basis of the statement of estimates, the Commission shall enter in the draft general budget of the European Union the estimates it deems necessary for the establishment plan and the amount of the subsidy to be charged to the general budget, which it shall place before the budgetary authority in accordance with Article 314 TFEU.9.The budgetary authority shall authorise the appropriations for the subsidy to the Agency. The budgetary authority shall adopt the establishment plan for the Agency.10.The Agency’s budget shall be adopted by the Management Board. It shall become final following the final adoption of the general budget of the European Union. Where appropriate, it shall be adjusted accordingly.11.Any modification to the budget, including the establishment plan, shall follow the same procedure.12.The Management Board shall, as soon as possible, notify the budgetary authority of its intention to implement any project, which may have significant financial implications for the funding of its budget, in particular any projects relating to property such as the rental or purchase of buildings. It shall inform the Commission thereof as well as the countries associated with the implementation, application and development of the Schengen acquis and Eurodac-related measures. If either branch of the budgetary authority intends to issue an opinion, it shall, within 2 weeks after receipt of the information on the project, notify the Management Board of its intention to issue such an opinion. In the absence of a reply, the Agency may proceed with the planned operation.Article 33Implementation of the budget1.The Agency’s budget shall be implemented by its Executive Director.2.The Executive Director shall forward annually to the budgetary authority any information relevant to the outcome of the evaluation procedures.3.The Agency’s Accounting Officer shall send to the Commission’s Accounting Officer and the Court of Auditors by 1 March of the following year the Agency’s provisional accounts, together with the report on budgetary and financial management during the year. The Commission’s Accounting Officer shall consolidate the provisional accounts of the institutions and decentralised bodies in accordance with Article 128 of Regulation (EC, Euratom) No 1605/2002.4.The Agency’s Accounting Officer shall also send to the budgetary authority, by 31 March of the following year, the report on budgetary and financial management.5.On receipt of the Court of Auditors’ observations on the Agency’s provisional accounts, pursuant to Article 129 of Regulation (EC, Euratom) No 1605/2002, the Executive Director shall draw up the Agency’s final accounts under his own responsibility and forward them to the Management Board for an opinion.6.The Management Board shall deliver an opinion on the Agency’s final accounts.7.By 1 July of the following year, the Executive Director shall send the final accounts, together with the opinion of the Management Board, to the budgetary authority, the Commission’s Accounting Officer, the Court of Auditors as well as the countries associated with the implementation, application and development of the Schengen acquis and Eurodac-related measures.8.The final accounts shall be published.9.The Executive Director shall send the Court of Auditors a reply to its observations by 30 September. The Executive Director shall also send that reply to the Management Board.10.Upon the request of the European Parliament, the Executive Director shall submit the information necessary for the smooth application of the discharge procedure for the financial year in question, as laid down in Article 146(3) of Regulation (EC, Euratom) No 1605/2002.11.The European Parliament, on a recommendation from the Council acting by a qualified majority, shall, before 15 May of year n + 2, give a discharge to the Executive Director in respect of the implementation of the budget for year n.Article 34Financial rulesThe financial rules applicable to the Agency shall be adopted by the Management Board after consultation of the Commission. They shall not depart from Regulation (EC, Euratom) No 2343/2002 unless such departure is specifically required for the Agency’s operation and the Commission has given its prior consent.Article 35Combating fraud1.In order to combat fraud, corruption and other unlawful activities, Regulation (EC) No 1073/1999 shall apply.2.The Agency shall accede to the Interinstitutional Agreement concerning internal investigations by the European Anti-fraud Office (OLAF) and shall issue, without delay, the appropriate provisions applicable to all the employees of the Agency.3.The decisions concerning funding and the implementing agreements and instruments resulting from them shall explicitly stipulate that the Court of Auditors and OLAF may carry out, if necessary, on-the-spot checks among the recipients of the Agency’s funding and the agents responsible for allocating it.CHAPTER VIFINAL PROVISIONSArticle 36Preparatory actions1.The Commission shall be responsible for the establishment and initial operation of the Agency until the latter has the operational capacity to implement its own budget.2.For that purpose, until such time as the Executive Director takes up his duties following his appointment by the Management Board in accordance with Article 18, the Commission may assign a limited number of officials including one to fulfil the functions of the Executive Director, on an interim basis. The interim Executive Director may be assigned only once the Management Board is convened, in accordance with Article 13(2).If the interim Executive Director does not comply with the obligations laid down in this Regulation, the Management Board may ask the Commission to assign a new interim Executive Director.3.The interim Executive Director may authorise all payments covered by credits provided in the budget of the Agency, once approved by the Management Board and may conclude contracts, including staff contracts following the adoption of the Agency’s establishment plan. If justified, the Management Board may impose restrictions on the interim Executive Director’s powers.Article 37Participation by countries associated with the implementation, application and development of the Schengen acquis and Eurodac-related measuresUnder the relevant provisions of their association agreements, arrangements shall be made in order to specify, inter alia, the nature and extent of, and the detailed rules for, the participation by countries associated with the implementation, application and development of the Schengen acquis and Eurodac-related measures in the work of the Agency, including provisions on financial contributions, staff and voting rights.Article 38Entry into force and applicabilityThis Regulation shall enter into force on the 20th day following its publication in the Official Journal of the European Union.The Agency shall take up its responsibilities set out in Articles 3 to 9 from 1 December 2012.This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.