Eurlexa

English
- Sign in
- Register

Commission Implementing Regulation (EU) 2021/331 of 24 February 2021 on the reporting of abuses committed by commercial intermediaries providing application services for travel authorisation under Regulation (EU) 2018/1240 of the European Parliament and of the Council

Commission Implementing Regulation (EU) 2021/331of 24 February 2021on the reporting of abuses committed by commercial intermediaries providing application services for travel authorisation under Regulation (EU) 2018/1240 of the European Parliament and of the Council THE EUROPEAN COMMISSION,Having regard to the Treaty on the Functioning of the European Union,Having regard to Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226OJ L 236, 19.9.2018, p. 1., and in particular Articles 15(5) and 16(10) thereof,Whereas:(1)Regulation (EU) 2018/1240 establishes the European Travel Information and Authorisation System ("ETIAS") for third-country nationals exempt from the requirement to be in the possession of a visa for the purposes of entering and staying in the territory of the Member States.(2)To obtain the travel authorisation, the application is to be submitted by the applicant directly, or by a third person or a commercial intermediary authorised by the applicant to submit the application on his or her behalf.(3)In the context of comparable travel authorisation systems, commercial intermediaries have been known to engage in abusive practices. Abuses may take many different forms including: attempting to mislead applicants into believing that their website is the dedicated official public website or application for mobile devices for submitting an application, thereby giving the false impression that the excess charged by the commercial intermediary is a mandatory part of the application process rather than consideration for the voluntary use of a commercial service; making fraudulent use of the personal or financial data provided by the applicant; charging an unreasonably high price for its service, or failing to request the application in the required time, format and quality on behalf of the applicant.(4)In order to detect abusive practices and to prevent their recurrence, an online form for the reporting of abuse by commercial intermediaries should be made accessible via the dedicated public website and the application for mobile devices. In order to promote awareness of the possibility to report abuse and to facilitate such reporting, information regarding the process to be followed should be displayed visibly on the public website and the application for mobile devices. The form should contain standardised fields and request users to enter details of the abusive conduct.(5)In order to ensure that applicants are adequately informed of the nature and purpose of the reporting facility, the form should clarify that the reporting system is for monitoring purposes, it shall not collect any personal data and does not constitute a channel for appealing decisions on applications, or as a substitute for the pursuit of remedies under administrative, civil or criminal law.(6)The ETIAS Central Unit should receive and assess such reports, taking into account the similarities and recurrences of the abuses reported. The ETIAS Central Unit should regularly report to the Commission, as necessary, on the abuses reported and the assessments made. Account should be taken of these assessments in the development by the Commission of information campaigns referred to in Article 72 of Regulation (EU) 2018/1240. On the basis of the assessments, the ETIAS Central Unit should modify, as appropriate, the information to the general public referred to in Article 71 of Regulation (EU) 2018/1240, and in particular to the applicants.(7)In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union ("TEU") and to the Treaty on the Functioning of the European Union ("TFEU"), Denmark did not take part in the adoption of Regulation (EU) 2018/1240 and is not bound by it or subject to its application. However, given that Regulation (EU) 2018/1240 builds upon the Schengen acquis, Denmark notified on 21 December 2018, in accordance with Article 4 of that Protocol, its decision to implement Regulation (EU) 2018/1240 in its national law.(8)This Regulation constitutes a development of the provisions of the Schengen acquis in which Ireland does not take part, in accordance with Council Decision 2002/192/ECCouncil Decision 2002/192/EC of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen acquis (OJ L 64, 7.3.2002, p. 20).; Ireland is therefore not taking part in the adoption of this Regulation and is not bound by it or subject to its application.(9)As regards Iceland and Norway, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquisOJ L 176, 10.7.1999, p. 36., which fall within the area referred to in Article 1, point A of Council Decision 1999/437/ECCouncil Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis (OJ L 176, 10.7.1999, p. 31)..(10)As regards Switzerland, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquisOJ L 53, 27.2.2008, p. 52., which fall within the area referred to in Article 1, point A of Decision 1999/437/EC, read in conjunction with Article 3 of Council Decision 2008/146/ECCouncil Decision 2008/146/EC of 28 January 2008 on the conclusion, on behalf of the European Community, of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (OJ L 53, 27.2.2008, p. 1)..(11)As regards Liechtenstein, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquisOJ L 160, 18.6.2011, p. 21. which fall within the area referred to in Article 1, point A of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EUCouncil Decision 2011/350/EU of 7 March 2011 on the conclusion, on behalf of the European Union, of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis, relating to the abolition of checks at internal borders and movement of persons (OJ L 160, 18.6.2011, p. 19)..(12)As regards Cyprus, Bulgaria and Romania and Croatia, this Regulation constitutes an act building upon, or otherwise relating to, the Schengen acquis within, respectively, the meaning of Article 3(1) of the 2003 Act of Accession, Article 4(1) of the 2005 Act of Accession and Article 4(1) of the 2011 Act of Accession.(13)The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the CouncilRegulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39). and delivered an opinion on 4 September 2020.(14)The measures provided for in this Regulation are in accordance with the opinion of the Smart Borders Committee (ETIAS),HAS ADOPTED THIS REGULATION:

Article 1Form for reporting abuse1.The reporting of abuse by a commercial intermediary shall be made using a form containing the information and fulfilling the technical requirements set out in points 1 to 7 of the Annex.2.It shall be possible for the form to be completed in any of the official languages of the Union.3.Before submitting the form, applicants shall be requested to provide confirmation of their having understood and consented to the general conditions applicable to the submission of a report on abuse, including that the applicant should not provide any personal data in his/her report, and the purposes for which the information provide shall be used, as set out in point 7 of the Annex.4.Once submitted, the form shall automatically be sent to the ETIAS Central Unit.

Article 2Additional documentationThe limitations on the number and size of additional files that may be uploaded shall be set out in the technical specifications referred to in Article 73(3) of Regulation (EU) 2018/1240.

Article 3Notification to applicants1.A notification of the receipt of the report of the abuse shall automatically appear on the screen of the applicant. The applicant shall be offered the possibility to save locally or print the acknowledgment of receipt.2.Notifications shall at least include the following:(a)acknowledgement of receipt of the report and confirmation of the date and time at which the form was submitted(b)a reminder of all relevant information in relation to submitting an application for a travel authorisation as referred to in Article 71 of Regulation (EU) 2018/1240;(c)information that the report of abuse shall be used to assist the monitoring and improving of the European Travel Information and Authorisation System. By contrast, the reporting facility is not intended to provide remedies in individual cases and is not a substitute for the pursuit of any claims in administrative, civil or criminal law that may be provided for under the applicable national law.

Article 4Roles of the ETIAS Central Unit1.The ETIAS Central Unit shall:(a)monitor, process and analyse all reports of abuses;(b)publish on the dedicated public website and in the application for mobile devices relevant information in order to prevent abuses.2.Once a year, the ETIAS Central Unit shall submit a report to the Commission, which shall at least include:(a)an anonymised description of the cases of abuse reported, including similarities between the cases, recurrences, trends and characteristics;(b)an overview of the actions taken to adapt the information to the general public and applicants.

Article 5Specific security measuresThe form to report abuses shall be designed and implemented to ensure the confidentiality, integrity, availability, protection of personal data and non-repudiation of transactions as referred to in the Commission Decision (EU, Euratom) 2017/46Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission; OJ L 6, 11.1.2017, p. 40.. Its technical and organisational implementation shall meet the requirements of the European Travel Information and Authorisation System’s security plan, referred in Article 59(3) of Regulation (EU) 2018/1240, and shall comply with the rules on data protection and security applicable to the public website and the application for mobile devices referred to in Article 16(10) of Regulation (EU) 2018/1240.

Article 6Entry into forceThis Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.Done at Brussels, 24 February 2021.For the CommissionThe PresidentUrsula von der LeyenANNEXFORM FOR REPORTING ABUSE BY COMMERCIAL INTERMEDIARIES SUBMITTING AN APPLICATION FOR A TRAVEL AUTHORISATION ON BEHALF OF AN APPLICANT1.Introduction(a)The form for reporting abuse by commercial intermediaries is to have the following title:"Form for reporting abuse by commercial intermediaries submitting an application for a travel authorisation on behalf of an applicant."(b)The following introductory notice is to appear at the beginning of this form:"Please complete this form to report incidents of abuse you may have experienced by a commercial intermediary applying for a travel authorisation on your behalf.Please note that the information you provide will be used to assist the monitoring and improving of ETIAS.Please do not insert any personal data in this form, whether they are yours or those of any other person."(c)The form must contain prompts requesting and permitting the entry of the data elements set out in the table below (though not necessarily in the order listed) in accordance with the standards, formats and requirements indicated.2.Circumstances of the abuse

Circumstances of the abuse	Standard	Format	Requirement
The applicant must be offered the possibility to indicate whether his/her complaint has arisen in one or more of the following circumstances:the applicant knowingly authorised a commercial intermediary to submit an application on his/her behalfthe applicant completed the application directly without knowing that he or she was using a non-official EU website operated by a commercial intermediaryother	N/A	Tick boxes.	Mandatory.
If the reply to the "circumstances of the abuse" is "other".	N/A	Free text, including: latin-alphabet characters A-Z, spaces, diacritics, apostrophes and hyphens only.[number of characters permitted: 255]	Mandatory.

3.Information about the traveller reporting the abuse

Information	Standard	Format	Requirement
Country of birth	ISO 3166-1	Selection list of all countries, including countries that no longer exist.	Mandatory."Unknown" as a selectable option shall be available.
Nationality	ISO 3166-1	Selection list of all countries, including countries that no longer exist.	Mandatory."Unknown" as a selectable option shall be available.
Age group	N/A	18-2526-4041-55> 55	Optional.
Gender		Tick boxes: Male/Female/Other	Optional.

4.Details of the abuse

Details of the abuse	Standard	Format	Requirement
Date of abuse	N/A	DDMonth as word/YYYY	Optional.Mandatory.
Description and consequences of abuse	N/A	Free text, including: latin-alphabet characters A-Z, digits, spaces, diacritics, apostrophes and hyphens only.[Number of characters permitted: to be defined]	Mandatory.
Travel authorisation received	N/A	Tick boxes: yes/no/I do not know.	Mandatory.
The total fee charged for travel authorisation and the provision of intermediary services	N/A	Free text (digits and currency).	Mandatory."not applicable" option shall be available
Payment method of fee	N/A	Free text.	Mandatory."not applicable" option shall be available

5.Information regarding the commercial intermediary

Information	Standard	Format	Requirement
Commercial name of the commercial intermediary		Free text, including: latin-alphabet characters A-Z, digits, spaces, diacritics, apostrophes and hyphens. Other special characters: "!", "@", "#", "$", "&", "*", "?".	Mandatory.
Main commercial activities	N/A	Free text, including: latin-alphabet characters A-Z, digits, spaces, diacritics, apostrophes and hyphens. Other special characters: "!", "@", "#", "$", "&", "*", "?".	Mandatory."Not applicable" option shall be available.
Internet address	N/A	Free text, including: latin-alphabet characters A-Z, digits, spaces, diacritics, oblique characters and hyphens only.	Mandatory."Not applicable" option shall be available.
Email	N/A	Local-part@domain	Mandatory."Not applicable" option shall be available
Work phone number	ITU T, E.123 and E.164(country codes)	Selection list with all country codes, and free text (digits only).	Mandatory"Not applicable" option shall be available.
Mailing addressStreet name	N/A	Free text, including: latin-alphabet characters A-Z, digits, spaces, diacritics, apostrophes, oblique characters and hyphens only.	Mandatory."Not applicable" option shall be available.
Mailing address:Street number	N/A	Free text, including: latin-alphabet characters A-Z, digits, spaces, diacritics, oblique characters and hyphens only.	Mandatory."Not applicable" option shall be available.
Mailing address:Apartment number	N/A	Free text, including: latin-alphabet characters A-Z, digits, spaces, diacritics, oblique characters and hyphens only.	Mandatory."Not applicable" option shall be available.
Mailing address:2nd line address	N/A	Free text, including: latin-alphabet characters A-Z, digits, spaces, diacritics, apostrophes, oblique characters and hyphens only.	Mandatory."Not applicable" option shall be available.
Mailing address:Town/City	N/A	Free text, including: latin-alphabet characters A-Z, digits, spaces, diacritics, apostrophes and hyphens only.	Mandatory."Not applicable" option shall be available.
Mailing address:Postal Code	N/A	Free text, including: latin-alphabet characters A-Z, digits, spaces, diacritics, oblique characters and hyphens only.	Mandatory."Not applicable" option shall be available.
Mailing address:Country	ISO 3166-1	Selection list of countries dependent territories and special areas of geographical interest.	Mandatory"Not applicable" option shall be available.

6.Supporting documentation

Supporting documentation	Standard	Format	Requirement
The applicant must be offered the possibility to upload documents in support of the report (where available).The applicant must acknowledge that the documents he/she will upload do not contain any personal data, or that he/she took care and redacted the personal data before he/she will upload the documents.	N/A	Uploading boxTick box	Size and number of additional files that may be uploaded.Accepted formats: Portable Document Format (PDF); Joint Photographic Experts Group (JPEG); Portable Network Graphics (PNG)).

7.Notice and consent

Notice and consent	Standard	Format	Requirement
Prior to submission, the applicant must be offered the possibility to confirm:(i)the applicant’s understanding that the information provided will be used to assist the monitoring and improving of ETIAS.(ii)the applicant’s understanding that the reporting facility does not constitute an appeal procedure against a refusal, annulment or revocation of a travel authorisation imputable to the conduct of a commercial intermediary. Neither does it provide remedies in individual cases and is not a substitute for the pursuit of any claims in civil or criminal law that may be provided for under the applicable national law.(iii)the applicant is informed that no personal data should be included in the report and where personal data are nonetheless provided consents that the data will be redacted.	N/A	Tick box	Mandatory.