Commission Implementing Regulation (EU) 2017/2089 of 14 November 2017 on technical arrangements for developing, maintaining and employing electronic systems for the exchange of information and for the storage of such information under the Union Customs Code
Commission Implementing Regulation (EU) 2017/2089of 14 November 2017on technical arrangements for developing, maintaining and employing electronic systems for the exchange of information and for the storage of such information under the Union Customs Code THE EUROPEAN COMMISSION,Having regard to the Treaty on the Functioning of the European Union,Having regard to Regulation (EU) No 952/2013 of the European Parliament and the Council of 9 October 2013 laying down the Union Customs CodeOJ L 269, 10.10.2013, p. 1., and in particular Articles 8(1)(b) and 17 thereof,Whereas:(1)Article 6(1) of Regulation (EU) No 952/2013 ("the Code") requires that all exchanges of information, such as declarations, applications or decisions, between customs authorities and between economic operators and customs authorities, and the storage of that information, as required under the customs legislation, are made by using electronic data-processing techniques.(2)Commission Implementing Decision (EU) 2016/578Commission Implementing Decision (EU) 2016/578 of 11 April 2016 establishing the Work Programme relating to the development and deployment of the electronic systems provided for in the Union Customs Code (OJ L 99, 15.4.2016, p. 6). establishes the Work Programme for the implementation of the electronic systems required for the application of the Code, which are to be developed through projects listed in section II of the Annex to that Implementing Decision.(3)Important technical arrangements for the functioning of the electronic systems should be specified, such as arrangements for development, testing and deployment as well as for maintenance and for changes to be introduced in the electronic systems. Further arrangements should be specified concerning data protection, updating of data, limitation of data processing and systems ownership and security.(4)In order to safeguard the rights and interests of the Union, Member States and economic operators, it is important to lay down the procedural rules and provide for alternative solutions to be implemented in the event of a temporary failure of the electronic systems.(5)The Customs Decisions system, developed through the UCC Customs Decisions project referred to in Implementing Decision (EU) 2016/578, pursues the objective of harmonising the processes for the application for a customs decision, for the decision taking and the decision management in the whole of the Union using only electronic data-processing techniques. It is therefore necessary to lay down the rules governing that electronic system. The scope of the system should be determined by reference to the customs decisions which are to be applied for, taken and managed using that system. Detailed rules should be set out for the system's common components (EU trader portal, central customs decisions management system and customer reference services) and national components (national trader portal and national customs decisions management system), by specifying their functions and their interconnections.(6)Furthermore, rules have to be put in place concerning the data relating to authorisations that are already stored in existing electronic systems, such as the Regular Shipping Service system (RSS), and national systems and that have to be migrated to the Customs Decisions System.(7)The Uniform User Management and Digital Signature system, developed through the Direct trader access to the European Information Systems (Uniform User Management & Digital Signature) project referred to in Implementing Decision (EU) 2016/578, is to manage the authentication and access verification process for economic operators and other users. Detailed rules need to be set out regarding the scope and characteristicsof the system by defining the different components (common and national components) of the system, their functions and interconnections. However, the "Digital Signature" functionality is not yet available as part of the Uniform User Management and Digital Signature system. No detailed rules could therefore be laid down regarding that functionality in this Regulation.(8)This Regulation respects the fundamental rights and observes the principles recognised by the Charter of Fundamental Rights of the European Union, and notably the right to protection of personal data. Where for the purposes of the application of the customs legislation it is necessary to process personal data in the electronic systems, those data must be processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the CouncilRegulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ L 119, 4.5.2016, p. 1). and Regulation (EC) No 45/2001 of the European Parliament and of the CouncilRegulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (OJ L 8, 12.1.2001, p. 1).. The personal data of economic operators and persons other than economic operators processed by the electronic systems are restricted to the dataset as defined in Annex A, Group 3- Parties and Annex 12-01 of Commission Delegated Regulation (EU) 2015/2446Commission Delegated Regulation (EU) 2015/2446 of 28 July 2015 supplementing Regulation (EU) No 952/2013 of the European Parliament and of the Council as regards detailed rules concerning certain provisions of the Union Customs Code (OJ L 343, 29.12.2015, p. 1)..(9)The measures provided for in this Implementing Regulation are in accordance with the opinion of the Customs Code Committee,HAS ADOPTED THIS REGULATION:
CHAPTER IGENERAL PROVISIONS
Article 1ScopeThis Regulation shall apply to the following electronic systems:(a)the Customs Decisions system developed through the UCC Customs Decisions project referred to in the Annex to Implementing Decision (EU) 2016/578;(b)the Uniform User Management and Digital Signature system developed through the Direct trader access to the European Information Systems (Uniform User Management & Digital Signature) project referred to in the Annex to Implementing Decision (EU) 2016/578.
Article 2DefinitionsFor the purpose of this Regulation, the following definitions shall apply:(1)"common component" means a component of the electronic systems developed at Union level, which is available for all Member States;(2)"national component" means a component of the electronic systems developed at national level, which is available in the Member State that created such a component.
Article 3Contact points for the electronic systemsThe Commission and the Member States shall designate contact points for each of the electronic systems for the purposes of exchanging information to ensure a coordinated development, operation and maintenance of those electronic systems. They shall communicate the details of those contact points to each other.The Commission and the Member States shall inform each other immediately of any changes to the details of those contact points.
CHAPTER IICUSTOMS DECISIONS SYSTEM
Article 4Object and structure of the CDS1.The Customs Decisions system (CDS) shall enable communication between the Commission, Member States, economic operators and persons other than economic operators for the purposes of submitting and processing applications and decisions referred to in Article 5(1), as well as the management of decisions related to the authorisations, namely, amendments, revocations, annulments and suspensions.2.The CDS shall consist of the following common components:(a)an EU trader portal;(b)a central customs decisions management system ("central CDMS");(c)customer reference services.3.Member States may create the following national components:(a)a national trader portal;(b)a national customs decisions management system ("national CDMS").
Article 5Use of the CDS1.The CDS shall be used for the purposes of submitting and processing applications for the following authorisations, as well as the management of decisions related to the applications or authorisations:(a)authorisation for the simplification of the determination of amounts being part of the customs value of the goods, as referred to in Article 73 of the Code;(b)authorisation for the provision of a comprehensive guarantee, including possible reduction or waiver, as referred to in Article 95 of the Code;(c)authorisation of deferment of the payment of the duty payable, as far as the permission is not granted in relation to a single operation, as referred to in Article 110 of the Code;(d)authorisation for the operation of temporary storage facilities, as referred to in Article 148 of the Code;(e)authorisation to establish regular shipping services, as referred to in Article 120 of Delegated Regulation (EU) 2015/2446;(f)authorisation for the status of authorised issuer, as referred to in Article 128 of Delegated Regulation (EU) 2015/2446;(g)authorisation for the regular use of a simplified declaration, as referred to in Article 166(2) of the Code;(h)authorisation for centralised clearance, as referred to in Article 179 of the Code;(i)authorisation to lodge a customs declaration through an entry of data in the declarant's records, including for the export procedure, as referred to in Article 182 of the Code;(j)authorisation for self-assessment, as referred to in Article 185 of the Code;(k)authorisation for the status of an authorised weigher of bananas, as referred to in Article 155 of Delegated Regulation (EU) 2015/2446;(l)authorisation for the use of the inward processing procedure, as referred to in Article 211(1)(a) of the Code;(m)authorisation for the use of the outward processing procedure, as referred to in Article 211(1)(a) of the Code;(n)authorisation for the use of the end-use procedure, as referred to in Article 211(1)(a) of the Code;(o)authorisation for the use of the temporary admission procedure, as referred to in Article 211(1)(a) of the Code;(p)authorisation for the operation of storage facilities for customs warehousing of goods, as referred to in Article 211(1)(b) of the Code;(q)authorisation for the status of an authorised consignee for TIR operation, as referred to in Article 230 of the Code;(r)authorisation for the status of an authorised consignor for Union transit, as referred to in Article 233(4)(a) of the Code;(s)authorisation for the status of an authorised consignee for Union transit, as referred to in Article 233(4)(b) of the Code;(t)authorisation to use of seals of a special type, as referred to in Article 233(4)(c) of the Code;(u)authorisation to use a transit declaration with a reduced dataset, as referred to in Article 233(4)(d) of the Code;(v)authorisation for the use of an electronic transport document as a customs declaration, as referred to in Article 233(4)(e) of the Code.2.The common components of the CDS shall be used with respect to applications and authorisations referred to in paragraph 1, as well as the management of decisions related to those applications and authorisations where those authorisations or decisions may have an impact in more than one Member State.3.A Member State may decide that the common components of the CDS may be used with respect to applications and authorisations referred to in paragraph 1, as well as the management of decisions related to those applications and authorisations where those authorisations or decisions have an impact only in that Member State.4.The CDS shall not be used with respect to applications, authorisations or decisions other than those listed to in paragraph 1.
Article 6Authentication and access to the CDS1.The authentication and access verification of economic operators and persons other than economic operators for the purposes of access to the common components of the CDS shall be effected using the Uniform User Management and Digital Signatures (UUM&DS) system referred to in Article 14.2.The authentication and access verification of Member States' officials for the purposes of access to the common components of the CDS shall be effected using the network services provided by the Commission.3.The authentication and access verification of Commission's staff for the purposes of access to the common components of the CDS shall be effected using the UUM&DS system or the network services provided by the Commission.
Article 7EU trader portal1.The EU trader portal shall be an entry point to the CDS for economic operators and persons other than economic operators.2.The EU trader portal shall interoperate with the central CDMS as well as with national CDMS where created by Member States.3.The EU trader portal shall be used for applications and authorisations referred to in Article 5(1), as well as the management of decisions related to those applications and authorisations where those authorisations or decisions may have an impact in more than one Member State.4.A Member State may decide that the EU trader portal may be used for applications and authorisations referred to in Article 5(1), as well as the management of decisions related to those applications and authorisations where those authorisations or decisions have an impact only in that Member State.Where a Member State takes a decision to use the EU trader portal for authorisations or decisions that have an impact only in that Member State, it shall inform the Commission thereof.
Article 8Central customs decisions management system1.The central CDMS shall be used by the customs authorities of the Member States for processing of the applications and authorisations referred to in Article 5(1), as well as the management of decisions related to those applications and authorisations by enabling Member States to verify whether the conditions for the acceptance of the applications and for taking the decisions are fulfilled.2.The central CDMS shall interoperate with the EU trader portal, the customer reference services and with the national CDMS, where created by the Member States.
Article 9Consultation between the customs authorities using the CDSA customs authority of a Member State shall use the central CDMS when it needs to consult a customs authority of another Member State before taking a decision regarding the applications or authorisations referred to in Article 5(1).
Article 10Customer reference servicesThe customer reference services shall be used for the central storage of data relating to the authorisations referred to in Article 5(1), as well as decisions related to those authorisations, and shall enable the consultation, replication and validation of those authorisations by other electronic systems established for the purposes of Article 16 of the Code.
Article 11National trader portal1.The national trader portal, where created, shall be an additional entry point to the CDS for economic operators and persons other than economic operators.2.With respect to applications and authorisations referred to in Article 5(1), as well as the management of decisions related to those applications and authorisations where those authorisations or decisions may have an impact in more than one Member State, economic operators and persons other than economic operators may choose to use the national trader portal, where created, or the EU trader portal.3.The national trader portal shall interoperate with the national CDMS, where created.4.Where a Member State creates a national trader portal, it shall inform the Commission thereof.
Article 12National customs decisions management system1.A national CDMS, where created, shall be used by the customs authority of the Member State which created it for processing the applications and authorisations referred to in Article 5(1), as well as the management of decisions related to those applications and authorisations by verifying whether the conditions for the acceptance of the applications and for taking the decisions are fulfilled.2.The national CDMS shall interoperate with the central CDMS for the purposes of consultation between the customs authorities as referred to in Article 9.
Article 13Migration of data relating to authorisations to the CDS1.The data relating to authorisations referred to in Article 5(1) where those authorisations were issued as of 1 May 2016 or granted according to Article 346 of Commission Implementing Regulation (EU) 2015/2447Commission Implementing Regulation (EU) 2015/2447 of 24 November 2015 laying down detailed rules for implementing certain provisions of Regulation (EU) No 952/2013 of the European Parliament and of the Council laying down the Union Customs Code (OJ L 343, 29.12.2015, p. 558). and may have an impact in more than one Member State, shall be migrated and stored in the CDS if such authorisations are valid on the date of migration. The migration shall take place by 1 May 2019 at the latest.A Member State may decide to apply the first subparagraph also to authorisations referred to in Article 5(1) that have an impact only in that Member State.2.The customs authorities shall ensure that the data to be migrated in accordance with paragraph 1 comply with the data requirements laid down in Annex A to Delegated Regulation (EU) 2015/2446 and Annex A to Commission Implementing Regulation (EU) 2015/2447. For that purpose, they may request the necessary information from the holder of the authorisation.
CHAPTER IIIUNIFORM USER MANAGEMENT AND DIGITAL SIGNATURE SYSTEM
Article 14Object and structure of the UUM&DS system1.The Uniform User Management and Digital Signature (UUM&DS) system shall enable the communication between the Commission and the Member States' identity and access management systems referred to in Article 18 for the purposes of providing secure authorised access to the electronic systems to economic operators and persons other than the economic operators and Commission's staff.2.The UUM&DS system shall consist of the following common components:(a)an access management system;(b)an administration management system;3.A Member State shall create an identity and access management system as a national component of the UUM&DS system.
Article 15Use of the UUM&DS systemThe UUM&DS system shall be used to ensure the authentication and access verification of:(a)economic operators and persons other than economic operators for the purposes of having access to the common components of the CDS;(b)the Commission's staff for the purposes of having access to the common components of the CDS and for the purposes of maintenance and management of the UUM&DS system.
Article 16Access management systemThe Commission shall set up the access management system to validate the access requests submitted by the economic operators and persons other than economic operators within the UUM&DS system by interoperating with the Member States' identity and access management systems referred to in Article 18.
Article 17Administration management systemThe Commission shall set up the administration management system to manage the authentication and authorisation rules for validating the identification data of economic operators and persons other than economic operators for the purposes of allowing access to the electronic systems.
Article 18Member States' identity and access management systemsThe Member States shall set-up an identity and access management system to ensure:(a)a secure registration and storage of identification data of economic operators and persons other than economic operators;(b)a secure exchange of signed and encrypted identification data of economic operators and persons other than economic operators.
CHAPTER IVFUNCTIONING OF THE ELECTRONIC SYSTEMS AND TRAINING IN THE USE THEREOF
Article 19Development, testing, deployment and management of the electronic systems1.The common components shall be developed, tested, deployed and managed by the Commission. The national components shall be developed, tested, deployed and managed by the Member States.2.The Member States shall ensure that the national components are interoperable with the common components.
Article 20Maintenance of and changes to the electronic systems1.The Commission shall perform the maintenance of the common components and the Member States shall perform the maintenance of their national components.2.The Commission and the Member States shall ensure uninterrupted operation of the electronic systems.3.The Commission may change the common components of the electronic systems to correct malfunctions, to add new functionalities or alter existing ones.4.The Commission shall inform the Member States of changes and updates to the common components.5.Member States shall inform the Commission of changes and updates to the national components that may have repercussions on the functioning of the common components.6.The Commission and Member States shall make the information on the changes and updates to the electronic systems pursuant to paragraphs 4 and 5 publicly available.
Article 21Temporary failure of the electronic systems1.In case of a temporary failure of the electronic systems as referred to in Article 6(3)(b) of the Code, economic operators and persons other than economic operators shall submit the information to fulfil the formalities concerned by the means determined by the Member States, including means other than electronic data processing techniques.2.The customs authorities shall make sure the information submitted in accordance with paragraph 1 is made available in the respective electronic systems within 7 days of the respective electronic systems becoming available again.3.The Commission and the Member States shall inform each other of the unavailability of the electronic systems resulting from a temporary failure.
Article 22Training support on the use and functioning of the common componentsThe Commission shall support the Member States on the use and functioning of the common components of the electronic systems by providing the appropriate training material.
CHAPTER VDATA PROTECTION, DATA MANAGEMENT AND THE OWNERSHIP AND SECURITY OF THE ELECTRONIC SYSTEMS
Article 23Personal data protection1.The personal data registered in the electronic systems shall be processed for the purposes of implementing the customs legislation having regard to the specific objectives of each of the electronic systems as set out in Article 4(1) and Article 14(1), respectively.2.The national supervisory authorities in the field of personal data protection and the European Data Protection Supervisor shall cooperate to ensure coordinated supervision of the processing of personal data registered in the electronic systems.
Article 24Updating of data in the electronic systemsMember States shall ensure that the data registered at national level corresponds to the data registered in the common components and is kept up to date.
Article 25Limitation of data access and data processing1.The data registered in the common components of the electronic systems by a Member State may be accessed or processed by that Member State. It may also be accessed and processed by another Member State where it is involved in the processing of an application or the management of a decision to which the data relates, including by way of a consultation in accordance with Article 9.2.The data registered in the common components of the electronic systems by an economic operator or a person other than an economic operator may be accessed or processed by that economic operator or that person. It may also be accessed and processed by a Member State involved in the processing of an application or the management of a decision to which the data relates, including by way of a consultation in accordance with Article 9.
Article 26System ownership1.The Commission shall be the system owner of the common components.2.The Member States shall be the system owners of the national components.
Article 27System security1.The Commission shall ensure the security of the common components. The Member States shall ensure the security of the national components.For those purposes, the Commission and Member States shall take, at least, the necessary measures to:(a)prevent any unauthorised person from having access to installations used for the processing of data;(b)prevent the entry of data and any consultation, modification or deletion of data by unauthorised persons;(c)detect any of the activities referred to in points (a) and (b);2.The Commission and the Member States shall inform each other of any activities that might result in a breach or a suspected breach of the security of the electronic systems.
CHAPTER VIFINAL PROVISIONS
Article 28Assessment of the electronic systemsThe Commission and the Member States shall conduct assessments of the components they are responsible for and shall in particular analyse the security and integrity of the components and the confidentiality of data processed within those components.The Commission and the Member States shall inform each other of the assessment results.
Article 29Entry into forceThis Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly applicable in all Member States.Done at Brussels, 14 November 2017.For the CommissionThe PresidentJean-Claude Juncker