Commission Implementing Regulation (EU) 2021/581 of 9 April 2021 on the situational pictures of the European Border Surveillance System (EUROSUR)
Commission Implementing Regulation (EU) 2021/581of 9 April 2021on the situational pictures of the European Border Surveillance System (EUROSUR)THE EUROPEAN COMMISSION,Having regard to the Treaty on the Functioning of the European Union,Having regard to Regulation (EU) 2019/1896 of the European Parliament and of the Council of 13 November 2019 on the European Border and Coast Guard and repealing Regulations (EU) No 1052/2013 and (EU) 2016/1624OJ L 295, 14.11.2019, p. 1., and in particular Article 24(3) thereof,Whereas:(1)Regulation (EU) 2019/1896 defines situational pictures as an aggregation of geo-referenced near-real-time data and information received from different authorities, sensors, platforms and other sources which is transmitted across secured communication and information channels and can be processed and selectively displayed and shared with other relevant authorities in order to achieve situational awareness and support the reaction capability at, along or in the proximity of the external borders and the pre-frontier area. This definition, represents a development of the concept as initially laid down in Regulation (EU) No 1052/2013 of the European Parliament and of the CouncilRegulation (EU) No 1052/2013 of the European Parliament and of the Council of 22 October 2013 establishing the European Border Surveillance System (Eurosur) (OJ L 295, 6.11.2013, p. 11)., reflecting a more a "data centric" approach permitting users to select the appropriate graphical display and user interface depending on the operational situation and their command and control needs.(2)Regulation (EU) 2019/1896 provides for the establishment of national situational pictures, a European situational picture and specific situational pictures to be produced through the collection, evaluation, collation, analysis, interpretation, generation, visualisation and dissemination of information. Situational pictures are to consist of three separate information layers, namely, an events layer, an operational layer and an analysis layer.(3)It is necessary to lay down the details of each of the information layers of the situational pictures and the rules for the establishment of specific situational pictures. It is further necessary to specify the type of information to be provided and the processes governing the provision of such information as well as mechanisms to ensure quality control. In order to ensure a coordinated approach that enhances information exchange, reporting in the European Border Surveillance System ("EUROSUR") should be specified and standardised.(4)In order to ensure that the events layer of situational pictures are sufficiently comprehensive and detailed, national coordination centres and, where applicable, the European Border and Coast Guard Agency ("the Agency") and the international coordination centres, should provide timely reports on events likely to have an impact on the external border.(5)The reporting of events through indicators and as single event reports is complementary. The indicators help assessing the overall evolution at a border section and contribute to improved situational awareness while the single event reports are linked to a timely response to a given event.(6)Single events reports may require urgent action to be taken. It must therefore be possible to report single events in a timely manner in order to allow a timely response to such events. An initial report should be sent as soon as the event is detected and should be displayed in the corresponding situational pictures. In order to prevent delay that could undermine the capability for a quick reaction, the validation process should permit the sending of a report with a partial validation.(7)At the same time, the issuing of reports in such circumstances can lead to false alarms. The originator and the owner of the situational picture should assess and indicate the level of confidence in the reports and in the events displayed in the situational picture. The first report should be completed with other follow up reports, as soon as supplementary information is available.(8)The reporting of events related to document fraud and criminality in EUROSUR will complement the reporting obligations provided for in Regulation (EU) 2020/493 of the European Parliament and of the CouncilRegulation (EU) 2020/493 of the European Parliament and of the Council of 30 March 2020 on the False and Authentic Documents Online (FADO) system and repealing Council Joint Action 98/700/JHA (OJ L 107, 6.4.2020, p. 1). as part of the False and Authentic Document Online system (FADO).(9)The reporting of single events involving the cross-border movement of goods and associated illicit trafficking under this Regulation should not affect existing reporting obligations, restrictions or competences concerning the customs area as well as systematic control reporting in particular under the Import Control System 2 ("ICS2") pursuant to Article 186 of Commission Implementing Regulation (EU) 2015/2447Commission Implementing Regulation (EU) 2015/2447 of 24 November 2015 laying down detailed rules for implementing certain provisions of Regulation (EU) No 952/2013 of the European Parliament and of the Council laying down the Union Customs Code (OJ L 343, 29.12.2015, p. 558) or risk information sharing under the Customs Risk Management System ("CRMS") pursuant to Article 86 of the same Regulation and the Customs Information System ("CIS") established by Council Regulation (EC) No 515/97Council Regulation (EC) No 515/97 of 13 March 1997 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters (OJ L 82, 22.3.1997, p. 1).. It should also not duplicate established reporting mechanisms carried out by Member States in connection with customs and customs performance matters. Where available, the relevant information could be obtained from existing Commission sources.(10)As regards the operational layer of situational pictures, in order to ensure sufficiently comprehensive overview, the owner of situational pictures should receive reporting on Member States’ own assets, reports on operational plans, as well as reports on environmental information including, in particular, meteorological and oceanographic information. In the case where the impact level at a border sections are high or critical, the need for coordination calls for a detailed reporting of the operational plans to better anticipate the response of the different authorities involved.(11)The operational reporting to be carried out in the framework of a joint border operation or a rapid border intervention should be described in the operational plans of each joint border operation or of a rapid border intervention.(12)As regards the analysis layer of the situational pictures, the owner of situational pictures should establish the analysis layer based on risks analysis reports. These reports aim at enhancing the understanding of events at the external border which can facilitate the forecasting of trends, the planning and conduct of border control operations as well as strategic risk analysis. The methodologies related to the risk analysis reporting, and the attribution of confidence levels should be based upon the common integrated risk analysis model (CIRAM).(13)In order to ensure consistency and facilitate information exchange while preserving security, the Agency should integrate and develop its various risk analysis networks and tools in the framework of EUROSUR, such as the Frontex Risk Analysis Network (FRAN), the European Document Fraud Risk Analysis Network (EDF-RAN) or the Maritime Intelligence Community Risk Analysis Network (MIC-RAN).(14)Reporting in EUROSUR should take into account the specificity of certain border control activities such as air or maritime surveillance border surveillance but also the specificity of certain related events such as secondary movements or Search and Rescue incidents. The reporting of such information contributes to the establishment of the European situational picture, including risk analysis and the attribution of impact levels. In addition, reporting on search and rescue operations of migrants, both at land and at sea, should contribute to ensure the protection and saving lives of migrants.(15)The owner of the situational picture should manage the situational picture with a view to providing a clear understanding of the situation at each external border section and for each area of responsibility, and to facilitate risk analysis and reaction capabilities at proper level.(16)When establishing specific situational pictures with third parties to EUROSUR, Member States and the Agency should comply with and promote the technical and operational standards for information exchange developed by the Agency.(17)It is necessary to lay down the operational responsibilities for reporting and for maintaining the situational pictures in relation with the technical responsibilities for operating and maintaining the various technical systems and networks that support the processing of information in EUROSUR.(18)In order to ensure that operational responsibilities for the technical implementation of EUROSUR are defined in sufficient detail, it is necessary to identify the technical components of EUROSUR. In order to manage the significant amount of information processed and to reduce the workload of operators, information exchange in EUROSUR should be automated. Member States and the Agency should develop technical interfaces to foster machine to machine interconnections and use decision support tools to assist EUROSUR operators in their tasks.(19)When defining format of reports related to the vessels of interest as part of the technical standards for information exchange, the Agency, in close cooperation with the relevant national authorities, should make use of internationally agreed formats deriving from the relevant international legislation with in the first place the UN Convention on the Law of the Sea, the Customary law of the Sea and the instruments derived notably by the International Maritime Organization (IMO) as well as their variations in the domestic legal order of the flag States.(20)When defining format of reports related to the aircrafts of interest as part of the technical standards for information exchange, the Agency, in close cooperation with the relevant national authorities, should seek to use internationally agreed formats such as those defined by the International Civil Aviation Organization (ICAO).(21)The data security in EUROSUR aims at ensuring the authenticity, availability, the integrity, the confidentiality and the non-repudiation of the reports and of any other data and information processed in EUROSUR.(22)The data security of the technical components of EUROSUR corresponds to the ability of the technical components to detect and resist, at a given level of confidence, any action that compromises the security of the processed data and information, or the related services offered by, or accessible via, those networks and information systems.(23)The data security of EUROSUR is a collective responsibility of the Member States and of the Agency.(24)The cybersecurity threats are constantly evolving and are now more and more affordable to criminal and terrorist networks. EUROSUR should ensure an adequate and homogeneous protection against cyber threats at both EU and national levels. EUROSUR is a framework for the exchange of information covering different levels of classification. While implementing the technical components of EUROSUR, the relevant national authorities and the Agency should ensure that any user has proper access to the relevant information corresponding to his level of accreditation and his need to know.(25)When deploying the Communication Network up to "Confidential EU", the Agency should provide an interim solution for those national components that would be still accredited only up to "RESTREINT UE/EU RESTRICTED" level or equivalent national classification levels.(26)As part of the data security rules of EUROSUR and in order to ensure a proper accreditation process, this Regulation establishes a joint Security Accreditation Board ("the Accreditation Board"), within the Agency. In line with the provisions of the Commission Decision (EU, Euratom) 2015/444Commission Decision (EU, Euratom) 2015/444 of 13 March 2015 on the security rules for protecting EU classified information (OJ L 72, 17.3.2015, p. 53)., such a Board is needed in the case of EUROSUR because EUROSUR is composed of several interconnected systems involving several parties.(27)The Accreditation Board is an independent technical body which does not affect the functions of the Agency’s management board.(28)In application of the principle of subsidiarity, security accreditation decisions should, following the process defined in the security accreditation strategy, be based on local security accreditation decisions taken by the respective national security accreditation authorities of the Member States.(29)In order for it to carry out all of its activities quickly and effectively, the Accreditation Board should be able to set up appropriate subordinate bodies acting on its instructions. It should accordingly set up a Board to assist it in preparing its decisions.(30)Security accreditation activities should be coordinated with the work of the authorities responsible for managing the systems and other relevant entities responsible for implementing the security provisions.(31)Given the specific nature and the complexity of EUROSUR, it is essential for the security accreditation activities to be carried out in a context of collective responsibility for the security of the Union and of the Member States, by making efforts to reach a consensus and by involving all parties with an interest in security, and for permanent risk monitoring. It is also imperative that technical security accreditation activities be entrusted to professionals who are duly qualified in the field of accrediting complex systems and who have an adequate level of security clearance.(32)In order to ensure that the Accreditation Board is able to accomplish its tasks, it should also be provided that Member States supply the Board with any necessary documentation, grant access to classified information in the framework of EUROSUR and supporting systems (including the Communication Network) and to any areas falling within their jurisdiction to duly authorised persons, and that they should be responsible at local level for the accreditation of the security of areas that are located within their territory.(33)While direct access to a national system is a sole prerogative of the Member State concerned, Agency staff could be granted direct access to national systems in the framework of EUROSUR to assist national authorities in their tasks.(34)The provisions related to data security of the external components of EUROSUR should be part of the provisions related to EUROSUR in the corresponding working arrangements and model status agreements. In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark did not take part in the adoption of Regulation (EU) 2019/817 of the European Parliament and of the CouncilRegulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (OJ L 135, 22.5.2019, p. 27). and is not bound by it or subject to its application. However, given that Regulation (EU) 2019/817 builds upon the Schengen acquis, Denmark notified on 31 October 2019, in accordance with Article 4 of that Protocol, its decision to implement Regulation (EU) 2019/817 in its national law.(35)This Regulation constitutes a development of the provisions of the Schengen acquis in which Ireland does not take part, in accordance with Council Decision 2002/192/ECCouncil Decision 2002/192/EC of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen acquis (OJ L 64, 7.3.2002, p. 20).; Ireland is therefore not taking part in the adoption of this Regulation and is not bound by it or subject to its application.(36)As regards Iceland and Norway, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latter’s association with the implementation, application and development of the Schengen acquis, which fall within the area referred to in Article 1, point A of Council Decision 1999/437/ECCouncil Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis (OJ L 176, 10.7.1999, p. 31)..(37)As regards Switzerland, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis, which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC, read in conjunction with Article 3 of Council Decision 2008/146/ECCouncil Decision 2008/146/EC of 28 January 2008 on the conclusion, on behalf of the European Community, of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (OJ L 53, 27.2.2008, p. 1).(38)As regards Liechtenstein, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis which fall within the area referred to in Article 1, point A of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EUCouncil Decision 2011/350/EU of 7 March 2011 on the conclusion, on behalf of the European Union, of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis, relating to the abolition of checks at internal borders and movement of persons (OJ L 160, 18.6.2011, p. 19)..(39)The measures provided for in this Regulation are in accordance with the opinion of the European Border and Coast Guard Committee,HAS ADOPTED THIS REGULATION: