Commission Implementing Regulation (EU) 2021/581 of 9 April 2021 on the situational pictures of the European Border Surveillance System (EUROSUR)
Commission Implementing Regulation (EU) 2021/581of 9 April 2021on the situational pictures of the European Border Surveillance System (EUROSUR)THE EUROPEAN COMMISSION,Having regard to the Treaty on the Functioning of the European Union,Having regard to Regulation (EU) 2019/1896 of the European Parliament and of the Council of 13 November 2019 on the European Border and Coast Guard and repealing Regulations (EU) No 1052/2013 and (EU) 2016/1624OJ L 295, 14.11.2019, p. 1., and in particular Article 24(3) thereof,Whereas:(1)Regulation (EU) 2019/1896 defines situational pictures as an aggregation of geo-referenced near-real-time data and information received from different authorities, sensors, platforms and other sources which is transmitted across secured communication and information channels and can be processed and selectively displayed and shared with other relevant authorities in order to achieve situational awareness and support the reaction capability at, along or in the proximity of the external borders and the pre-frontier area. This definition, represents a development of the concept as initially laid down in Regulation (EU) No 1052/2013 of the European Parliament and of the CouncilRegulation (EU) No 1052/2013 of the European Parliament and of the Council of 22 October 2013 establishing the European Border Surveillance System (Eurosur) (OJ L 295, 6.11.2013, p. 11)., reflecting a more a "data centric" approach permitting users to select the appropriate graphical display and user interface depending on the operational situation and their command and control needs.(2)Regulation (EU) 2019/1896 provides for the establishment of national situational pictures, a European situational picture and specific situational pictures to be produced through the collection, evaluation, collation, analysis, interpretation, generation, visualisation and dissemination of information. Situational pictures are to consist of three separate information layers, namely, an events layer, an operational layer and an analysis layer.(3)It is necessary to lay down the details of each of the information layers of the situational pictures and the rules for the establishment of specific situational pictures. It is further necessary to specify the type of information to be provided and the processes governing the provision of such information as well as mechanisms to ensure quality control. In order to ensure a coordinated approach that enhances information exchange, reporting in the European Border Surveillance System ("EUROSUR") should be specified and standardised.(4)In order to ensure that the events layer of situational pictures are sufficiently comprehensive and detailed, national coordination centres and, where applicable, the European Border and Coast Guard Agency ("the Agency") and the international coordination centres, should provide timely reports on events likely to have an impact on the external border.(5)The reporting of events through indicators and as single event reports is complementary. The indicators help assessing the overall evolution at a border section and contribute to improved situational awareness while the single event reports are linked to a timely response to a given event.(6)Single events reports may require urgent action to be taken. It must therefore be possible to report single events in a timely manner in order to allow a timely response to such events. An initial report should be sent as soon as the event is detected and should be displayed in the corresponding situational pictures. In order to prevent delay that could undermine the capability for a quick reaction, the validation process should permit the sending of a report with a partial validation.(7)At the same time, the issuing of reports in such circumstances can lead to false alarms. The originator and the owner of the situational picture should assess and indicate the level of confidence in the reports and in the events displayed in the situational picture. The first report should be completed with other follow up reports, as soon as supplementary information is available.(8)The reporting of events related to document fraud and criminality in EUROSUR will complement the reporting obligations provided for in Regulation (EU) 2020/493 of the European Parliament and of the CouncilRegulation (EU) 2020/493 of the European Parliament and of the Council of 30 March 2020 on the False and Authentic Documents Online (FADO) system and repealing Council Joint Action 98/700/JHA (OJ L 107, 6.4.2020, p. 1). as part of the False and Authentic Document Online system (FADO).(9)The reporting of single events involving the cross-border movement of goods and associated illicit trafficking under this Regulation should not affect existing reporting obligations, restrictions or competences concerning the customs area as well as systematic control reporting in particular under the Import Control System 2 ("ICS2") pursuant to Article 186 of Commission Implementing Regulation (EU) 2015/2447Commission Implementing Regulation (EU) 2015/2447 of 24 November 2015 laying down detailed rules for implementing certain provisions of Regulation (EU) No 952/2013 of the European Parliament and of the Council laying down the Union Customs Code (OJ L 343, 29.12.2015, p. 558) or risk information sharing under the Customs Risk Management System ("CRMS") pursuant to Article 86 of the same Regulation and the Customs Information System ("CIS") established by Council Regulation (EC) No 515/97Council Regulation (EC) No 515/97 of 13 March 1997 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters (OJ L 82, 22.3.1997, p. 1).. It should also not duplicate established reporting mechanisms carried out by Member States in connection with customs and customs performance matters. Where available, the relevant information could be obtained from existing Commission sources.(10)As regards the operational layer of situational pictures, in order to ensure sufficiently comprehensive overview, the owner of situational pictures should receive reporting on Member States’ own assets, reports on operational plans, as well as reports on environmental information including, in particular, meteorological and oceanographic information. In the case where the impact level at a border sections are high or critical, the need for coordination calls for a detailed reporting of the operational plans to better anticipate the response of the different authorities involved.(11)The operational reporting to be carried out in the framework of a joint border operation or a rapid border intervention should be described in the operational plans of each joint border operation or of a rapid border intervention.(12)As regards the analysis layer of the situational pictures, the owner of situational pictures should establish the analysis layer based on risks analysis reports. These reports aim at enhancing the understanding of events at the external border which can facilitate the forecasting of trends, the planning and conduct of border control operations as well as strategic risk analysis. The methodologies related to the risk analysis reporting, and the attribution of confidence levels should be based upon the common integrated risk analysis model (CIRAM).(13)In order to ensure consistency and facilitate information exchange while preserving security, the Agency should integrate and develop its various risk analysis networks and tools in the framework of EUROSUR, such as the Frontex Risk Analysis Network (FRAN), the European Document Fraud Risk Analysis Network (EDF-RAN) or the Maritime Intelligence Community Risk Analysis Network (MIC-RAN).(14)Reporting in EUROSUR should take into account the specificity of certain border control activities such as air or maritime surveillance border surveillance but also the specificity of certain related events such as secondary movements or Search and Rescue incidents. The reporting of such information contributes to the establishment of the European situational picture, including risk analysis and the attribution of impact levels. In addition, reporting on search and rescue operations of migrants, both at land and at sea, should contribute to ensure the protection and saving lives of migrants.(15)The owner of the situational picture should manage the situational picture with a view to providing a clear understanding of the situation at each external border section and for each area of responsibility, and to facilitate risk analysis and reaction capabilities at proper level.(16)When establishing specific situational pictures with third parties to EUROSUR, Member States and the Agency should comply with and promote the technical and operational standards for information exchange developed by the Agency.(17)It is necessary to lay down the operational responsibilities for reporting and for maintaining the situational pictures in relation with the technical responsibilities for operating and maintaining the various technical systems and networks that support the processing of information in EUROSUR.(18)In order to ensure that operational responsibilities for the technical implementation of EUROSUR are defined in sufficient detail, it is necessary to identify the technical components of EUROSUR. In order to manage the significant amount of information processed and to reduce the workload of operators, information exchange in EUROSUR should be automated. Member States and the Agency should develop technical interfaces to foster machine to machine interconnections and use decision support tools to assist EUROSUR operators in their tasks.(19)When defining format of reports related to the vessels of interest as part of the technical standards for information exchange, the Agency, in close cooperation with the relevant national authorities, should make use of internationally agreed formats deriving from the relevant international legislation with in the first place the UN Convention on the Law of the Sea, the Customary law of the Sea and the instruments derived notably by the International Maritime Organization (IMO) as well as their variations in the domestic legal order of the flag States.(20)When defining format of reports related to the aircrafts of interest as part of the technical standards for information exchange, the Agency, in close cooperation with the relevant national authorities, should seek to use internationally agreed formats such as those defined by the International Civil Aviation Organization (ICAO).(21)The data security in EUROSUR aims at ensuring the authenticity, availability, the integrity, the confidentiality and the non-repudiation of the reports and of any other data and information processed in EUROSUR.(22)The data security of the technical components of EUROSUR corresponds to the ability of the technical components to detect and resist, at a given level of confidence, any action that compromises the security of the processed data and information, or the related services offered by, or accessible via, those networks and information systems.(23)The data security of EUROSUR is a collective responsibility of the Member States and of the Agency.(24)The cybersecurity threats are constantly evolving and are now more and more affordable to criminal and terrorist networks. EUROSUR should ensure an adequate and homogeneous protection against cyber threats at both EU and national levels. EUROSUR is a framework for the exchange of information covering different levels of classification. While implementing the technical components of EUROSUR, the relevant national authorities and the Agency should ensure that any user has proper access to the relevant information corresponding to his level of accreditation and his need to know.(25)When deploying the Communication Network up to "Confidential EU", the Agency should provide an interim solution for those national components that would be still accredited only up to "RESTREINT UE/EU RESTRICTED" level or equivalent national classification levels.(26)As part of the data security rules of EUROSUR and in order to ensure a proper accreditation process, this Regulation establishes a joint Security Accreditation Board ("the Accreditation Board"), within the Agency. In line with the provisions of the Commission Decision (EU, Euratom) 2015/444Commission Decision (EU, Euratom) 2015/444 of 13 March 2015 on the security rules for protecting EU classified information (OJ L 72, 17.3.2015, p. 53)., such a Board is needed in the case of EUROSUR because EUROSUR is composed of several interconnected systems involving several parties.(27)The Accreditation Board is an independent technical body which does not affect the functions of the Agency’s management board.(28)In application of the principle of subsidiarity, security accreditation decisions should, following the process defined in the security accreditation strategy, be based on local security accreditation decisions taken by the respective national security accreditation authorities of the Member States.(29)In order for it to carry out all of its activities quickly and effectively, the Accreditation Board should be able to set up appropriate subordinate bodies acting on its instructions. It should accordingly set up a Board to assist it in preparing its decisions.(30)Security accreditation activities should be coordinated with the work of the authorities responsible for managing the systems and other relevant entities responsible for implementing the security provisions.(31)Given the specific nature and the complexity of EUROSUR, it is essential for the security accreditation activities to be carried out in a context of collective responsibility for the security of the Union and of the Member States, by making efforts to reach a consensus and by involving all parties with an interest in security, and for permanent risk monitoring. It is also imperative that technical security accreditation activities be entrusted to professionals who are duly qualified in the field of accrediting complex systems and who have an adequate level of security clearance.(32)In order to ensure that the Accreditation Board is able to accomplish its tasks, it should also be provided that Member States supply the Board with any necessary documentation, grant access to classified information in the framework of EUROSUR and supporting systems (including the Communication Network) and to any areas falling within their jurisdiction to duly authorised persons, and that they should be responsible at local level for the accreditation of the security of areas that are located within their territory.(33)While direct access to a national system is a sole prerogative of the Member State concerned, Agency staff could be granted direct access to national systems in the framework of EUROSUR to assist national authorities in their tasks.(34)The provisions related to data security of the external components of EUROSUR should be part of the provisions related to EUROSUR in the corresponding working arrangements and model status agreements. In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark did not take part in the adoption of Regulation (EU) 2019/817 of the European Parliament and of the CouncilRegulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (OJ L 135, 22.5.2019, p. 27). and is not bound by it or subject to its application. However, given that Regulation (EU) 2019/817 builds upon the Schengen acquis, Denmark notified on 31 October 2019, in accordance with Article 4 of that Protocol, its decision to implement Regulation (EU) 2019/817 in its national law.(35)This Regulation constitutes a development of the provisions of the Schengen acquis in which Ireland does not take part, in accordance with Council Decision 2002/192/ECCouncil Decision 2002/192/EC of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen acquis (OJ L 64, 7.3.2002, p. 20).; Ireland is therefore not taking part in the adoption of this Regulation and is not bound by it or subject to its application.(36)As regards Iceland and Norway, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latter’s association with the implementation, application and development of the Schengen acquis, which fall within the area referred to in Article 1, point A of Council Decision 1999/437/ECCouncil Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis (OJ L 176, 10.7.1999, p. 31)..(37)As regards Switzerland, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis, which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC, read in conjunction with Article 3 of Council Decision 2008/146/ECCouncil Decision 2008/146/EC of 28 January 2008 on the conclusion, on behalf of the European Community, of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (OJ L 53, 27.2.2008, p. 1).(38)As regards Liechtenstein, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis which fall within the area referred to in Article 1, point A of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EUCouncil Decision 2011/350/EU of 7 March 2011 on the conclusion, on behalf of the European Union, of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis, relating to the abolition of checks at internal borders and movement of persons (OJ L 160, 18.6.2011, p. 19)..(39)The measures provided for in this Regulation are in accordance with the opinion of the European Border and Coast Guard Committee,HAS ADOPTED THIS REGULATION:
Article 1Subject matterThis Regulation lays down:(a)the rules for reporting in EUROSUR, including the type of information to be provided and the time limits for reporting;(b)the details of the information layers of the situational pictures;(c)the modalities for the establishment of specific situational pictures;(d)the responsibilities related to the reporting, to the management of the situational pictures and for operating and maintaining the various technical systems and networks that support EUROSUR;(e)the data security and data protection rules of EUROSUR;(f)mechanisms for ensuring quality control.Article 2ScopeThis Regulation applies to the information exchange and cooperation for the purposes of EUROSUR including situational awareness, risk analysis and for supporting the planning and conduct of border control operations.Article 3DefinitionsFor the purpose of this Regulation, the following definitions apply:(1)"event" means a situation, which is likely to have an impact on the external borders either as regards migration, cross-border crime, or the protection and saving of the lives of migrants, including border incidents, or that may affect the functioning of EUROSUR, including any of its technical components;(2)"managing a situational picture" means establishing and maintaining the situational picture and processing all the information that it contains;(3)"owner" means the entity, agency or body managing the situational picture and the corresponding reports;(4)"processing" means any action performed on the data and metadata and information contained in a report, whether those actions are automated or not, including collecting, recording, organising, structuring, storing, modifying, consulting, using, transmitting, publishing, combining, erasing, downgrading and destroying this data and metadata;(5)"indicator" means a measurement or value that refers to events or to tasks describing the situation at external borders which contributes to situational awareness and risk analysis or supports reaction capabilities;(6)"technical indicator", means a measurement or value that refers to events or to tasks which contributes to situational awareness and risk analysis related to the functioning of EUROSUR or supports corresponding reaction capabilities;(7)"Maritime Rescue Coordination Centre" means a unit responsible for promoting efficient organisation of search and rescue services and for coordinating the conduct of search and rescue operations within a search and rescue region as referred to in the International Convention on Maritime Search and Rescue;(8)"external flight" means any flight of a manned or unmanned aircraft and its passengers and/or cargo to or from the territories of the Member States, which is not an internal flight as defined in point 3 of Article 2 of Regulation (EU) 2016/399 of the European Parliament and of the CouncilRegulation (EU) 2016/399 of the European Parliament and of the Council of 9 March 2016 on a Union Code on the rules governing the movement of persons across borders (Schengen Borders Code) (OJ L 77, 23.3.2016, p. 1).;(9)"International Coordination Centre" means the coordination structure established for the coordination of a joint operation or a rapid border intervention at the external borders;(10)"watchlist" means a list of suspicious entities, assets, behaviours or profiles established on the basis of risk analysis, with a view to orient the detection and risk analysis capabilities of the European Border and Coast Guard and trigger appropriate reaction capabilities;(11)"the technical components" means the systems and networks used for the purpose of EUROSUR, including the infrastructure, organisation, personnel and information resources needed to support it;(12)"facilitation" means facilitation of unauthorised entry, transit and residence as defined in Council Directive 2002/90/ECCouncil Directive 2002/90/EC of 28 November 2002 defining the facilitation of unauthorised entry, transit and residence (OJ L 328, 5.12.2002, p. 17).;(13)"refusal of entry" means a refusal of entry issued to a third-country national at external borders, in accordance with Article 14 of Regulation (EU) 2016/399, for not fulfilling all the entry conditions laid down in Article 6(1) while not belonging to the categories of persons referred to in Article 6(5) of that Regulation, and to whom a standard refusal form has been issued in accordance with Annex V of the Schengen Borders Code;(14)"trafficking in human beings" means an offence referred to in Article 2 of Directive 2011/36/EU of the European Parliament and of the CouncilDirective 2011/36/EU of the European Parliament and of the Council of 5 April 2011 on preventing and combating trafficking in human beings and protecting its victims, and replacing Council Framework Decision 2002/629/JHA (OJ L 101, 15.4.2011, p. 1).;(15)"security accreditation" means the formal authorisation and approval granted to a system or network of EUROSUR by the relevant Security Accreditation Authority (SAA) to process EUROSUR data in its operational environment, following the formal validation of a Security Plan and its correct implementation;(16)"operational status" means the ability of an asset, unit, system or centre to perform its operational function(s) characterised as "fully operational", "limited operational functions", or "not available";(17)"a sublayer" means a layer of information underneath the event layer, the operational layer or the risk analysis layer of a situational picture.CHAPTER IPRINCIPLES OF REPORTING IN EUROSURSECTION 1General principlesArticle 4Reports in EUROSUR1.Reports shall be transmitted between two or more entities, units, bodies or agencies for the purposes of contributing to the establishment of the different situational pictures, to contribute to risk analysis, or to support reaction capabilities.2.Reports shall be composed of:(a)data containing the basic information;(b)meta-data containing additional information that contributes to the understanding of the dataset in a wider context and supports its processing in EUROSUR.3.Reports may take the form of:(a)indicators as referred to in Article 8;(b)single event reports as referred to in Article 9;(c)reports on own assets as referred to in Article 10;(d)reports on operational plans as referred to in Article 11;(e)reports on environmental information as referred to in Article 12;(f)risk analysis reports as referred to in Article 13;(g)requests for information as referred to in Article 14;(h)watchlists as referred to in Article 15.Article 5Roles in reporting1.The national coordination centres, the European Border and Coast Guard Agency ("the Agency") or the entities managing the specific situational pictures, referred to as "the originators of the reports", shall transmit reports in EUROSUR.2.The owner of the situational pictures, referred to as the "owners", shall be the recipients of the report and shall be responsible for processing it in accordance with the applicable rules.3.Reports in EUROSUR may originate from the national sources referred to in Article 25(2) and Article 26(2) of Regulation (EU) 2019/1896 or from the Agency’s own sources.Article 6Links1.Where the originator of a report establishes a relationship between reports or with other elements of the situational picture that can facilitate the understanding of the overall situation and context, it shall link this report to the relevant elements.2.The owners of a situational picture may add or modify the links related to the situational picture he is managing.SECTION 2Event reportingArticle 7Reporting events in EUROSUR1.Each national coordination centre shall ensure that the national authorities of Member States responsible for border management, including coast guards to the extent that they carry out border control tasks, report in the event layer of relevant situational pictures all events detected while conducting border control activities, performing situational awareness and risk analysis as well as events related to unauthorised secondary movements, where available.2.When carrying out border control tasks, the Agency and, where relevant, the international coordination centres shall be subject to the obligation referred to in paragraph 1.3.Events in EUROSUR shall be reported as indicators or as single event reports or both.Article 8Indicators on events at external borders1.The national coordination centres and, when relevant and as provided for in the operational plans, the international coordination centres, shall report indicators on events at external borders to the Agency as set out in Annex 1 and provided at the times specified in that annex.2.The data corresponding to the indicators may be derived from information and statistics available to national authorities including through searches of relevant Union databases and large-scale information systems, in accordance with the legal framework applicable to those databases and systems.3.Indicators relating to illicit cross-border movement of goods and associated illicit trafficking shall be obtained in cooperation with competent national authorities taking due account of other reporting obligations or restrictions and the role of the Commission.4.In addition to the reporting obligation referred to under paragraph 1, an originator of a report may send a specific report:(a)to alert on an abnormal change of the values observed;(b)to inform on a specific modus operandi or pattern which has been detected;(c)in the case of situations referred to in point (b), the report may be linked to a specific risk analysis.5.Where the Agency obtains any of the indicators referred to in paragraph 1 by its own surveillance assets or through cooperation of the Agency with Union institutions, bodies, offices and agencies and international organisation or cooperation of the Agency with third countries, it shall report the indicators in the European Situational Picture and shall inform the national coordination centres thereof. In this case and for these indicators, the reporting obligation of Article 7(1) shall not apply.Article 9Single events reports1.The national coordination centres and, when relevant and as provided for in the operational plans, the international coordination centres, shall report the single events to the Agency.2.Single events shall be reported in EUROSUR wherever:(a)a timely reaction is needed for to the single event;(b)the specific event has an impact on external borders which is high or very high; or(c)the event is listed in Annex 2.3.Unless specified otherwise in Annex 2, the originator of the report shall send the first report on the event no later than 24 hours after relevant competent authority became aware of an event has occurred or is likely to occur.4.The originator of the report shall submit additional reports as appropriate for the purpose of complementing or updating a single event report. They shall be linked to the initial single event report and to the event reported in the situational picture.5.Reports prepared under this Article shall contain a description of the response of the authorities to the events reported, including any action taken or planned to be taken.6.Without prejudice to the first operational response, the owner of the report and the originator of the report may request further information and risk analysis as provided for in Article 14, in order to:(a)complete the information corresponding to the event;(b)increase the confidence level referred to in Article 16;(c)update the impact level attributed;(d)update the situation related to the event.7.On the basis of the reports received, the owner of the situational picture may close the event where it is considered that:(a)the suspected event did not take place;(b)the estimated impact of the event does not justify the reporting;(c)the situation described in the event has ended.In case an event is closed, the event and the various reports linked to it shall be stored and shall remain accessible in the situational picture for risk analysis purposes.8.Where the Agency obtains sufficient information on single events by its own surveillance assets or through cooperation of the Agency with Union institutions, bodies, offices and agencies and international organisation or cooperation of the Agency with third countries, it shall report this information in the European Situational Picture and shall inform the national coordination centres thereof. In this case, the reporting obligation of paragraph 1 shall not apply.9.The Agency shall include or update these events as appropriate in the European situational picture.SECTION 3Operational reportingArticle 10Reports on own assets1.Each national coordination centre and where applicable the relevant international coordination centre and the Agency shall ensure that their units participating in border control operations report on own assets in the European situational picture.2.The reports on own assets in EUROSUR shall comprise:(a)the operational status of the national coordination centres including their ability to perform the tasks listed in Article 21(3) of Regulation (EU) 2019/1896 and, when relevant, the operational status of the international coordination centres. Any significant change in operational status of the national coordination centre shall be reported to the Agency in real time;(b)the position and operational status of the command and control centres used for border control operations;(c)the areas of responsibility for border surveillance and for the checks at border crossing points;(d)the type and distribution of border control units and their status.Article 11Reports on operational plans1.Each national coordination centre shall ensure that the units participating in border control operations report their operational plans in the national situational pictures.2.National coordination centres, and, where relevant, the international coordination centres, shall report the operational plans in the European situational picture where the impact levels at the borders sections are high or critical or in the case of joint border operations/rapid border interventions.3.The reports on operational plans shall contain:(a)a description of the situation;(b)the operational aim and the anticipated duration of the operation;(c)the geographical area where the operation is to take place;(d)a description of the tasks, responsibilities and special instructions for the teams and units participating, with modus operandi and objectives of the deployment;(e)the composition of the deployed staff including numbers of staff deployed and their profiles;(f)command and control plans, including the operational status of the command and control centres, the function performed and corresponding systems and communication tools;(g)the technical equipment to be deployed, including specific requirements such as conditions for use, requested crew, transport and other logistics;(h)the schedule of border surveillance patrols, including the patrolling area and number of assets engaged;(i)detailed procedures on event reporting.Article 12Reports on environmental information1.The relevant authorities, services, agencies and programmes at national and EU level may report environmental information in the operational layer of the relevant situational pictures.2.The reporting on environmental information in EUROSUR may contain:(a)real-time images provided by video cameras, radar systems and other detection devices;(b)meteorological observations and weather forecasts;(c)oceanographic information and drifting model services;(d)geospatial products;(e)other operational pictures, which may help understand the situation at external borders or monitor a specific border operation.SECTION 4Risk analysis reportingArticle 13Reports related to risk analysis1.The national coordination centres, the Agency and, where relevant, the international coordination centres, shall ensure the provision of risk analysis reports with a view to updating the analysis layers of the situational pictures.2.The risk analysis reports shall include one or more of the following: analytical products such as briefing notes, analytical reports, third country analysis and risk profiles, and specific earth observation reports using geospatial information systems.3.The risk analysis reports shall be used for:(a)facilitating the understanding of events and incidents at external borders and, where available, their relation to unauthorised secondary movements and the analysis and forecast of related trends;(b)facilitating the targeted planning and conduct of border control operations;(c)strategic risk analysis.Article 14Request for information1.Where there is a need to obtain further reports on a specific event, or to update the situational picture, the national coordination centres, the Agency or the entities managing the specific situational pictures, may send a request for information to one or several sources referred to in Article 25(2) and 26(2) of Regulation (EU) 2019/1896.2.A request for information made pursuant to paragraph 1, may be subject to a classification level or other specific data policy restrictions.3.The risk analysis reports in response to a request for information shall be linked to the original request for information.4.The principle of originator’s consent shall apply both to the requests for information and to the reports made in response thereto.Article 15Watchlists1.The Agency shall establish and maintain watchlists for the purposes of enhancing the detection and risk analysis capabilities of the European Border and Coast Guard and trigger appropriate reaction capabilities.2.Watchlists shall be composed of:(a)entities, assets, behaviours or profiles, which, on the basis of risk analysis, are suspected to be connected with illegal immigration and cross-border crime, or that may endanger the safety of life of migrants;(b)a suggested reaction in case of detection, including data policy restrictions applicable to the reports.3.Watchlists may include:(a)suspected vessels;(b)suspected aircrafts;(c)suspected airports of origin, and other places known or suspected to be places of origin of external flights;(d)suspected ports of origin, anchorages, awaiting berths and other places known or suspected to be places of origin of maritime traffic;(e)suspected operators.SECTION 5Provisions common to the "events layer" and the "risk analysis layer"Article 16Confidence levels1.The originator of an event report or of a risk analysis report shall assess the confidence level in the reported information as part of the metadata forming part of the report.2.The confidence level shall be assessed on the basis of the following criteria:(a)the credibility of the reported information;(b)the reliability of the source;(c)the validation status of the report.3.The owner shall take into account the confidence level associated with the report to update the situational picture accordingly.Article 17Attribution of impact levels1.The originator of an event report or of a risk analysis report shall assess the impact level of the reported information as part of the metadata forming part of the report.2.The impact level shall reflect the overall impact of the reported information on:(a)the detection, prevention and combating of illegal immigration;(b)the detection, prevention and combating of cross-border crime;(c)the protection of and saving the lives of migrants.3.Originators of a report referred to in paragraph 1 shall attribute an impact level to each event and risk analysis report.4.Where a report relates to an event already reported in the situational picture, the originator shall link the report to that event.5.Owners shall attribute an impact level to the events or modify them based on the reports received and on their own risk analysis.SECTION 6Reporting in the context of specific border control activitiesArticle 18Reporting related to unauthorised secondary movementsWhere this information is available, Member States shall:(a)display the analysis related to unauthorised secondary movement on their territory in a specific sublayer of the national situational picture. This specific sublayer shall be shared with the Agency;(b)report single events related to unauthorised secondary movements as provided for in Article 9, in line with their national procedures;(c)report specific indicators related to unauthorised secondary movements.Article 19Reporting related to maritime border surveillance1.Each national coordination centre shall ensure that the units participating in maritime border surveillance report on vessels:(a)suspected of carrying persons circumventing or intending to circumvent checks at border crossing points, where such circumvention relates to illegal migration;(b)suspected of being engaged in smuggling activity by sea or other cross-border crime related activities;(c)in cases where lives of migrants could be at risk;(d)on the watchlists or which are subject to requests for information. In the case of reports relating to point (d), the reporting shall take into account the data policy restrictions provided for in Article 14(2) and Article 15(2)(b).2.The participating unit shall transmit the information to its own national coordination centre and, in the case of a joint operation or a rapid border intervention, to the corresponding international coordination centre in accordance with the operation plan.3.The national coordination centres and, when relevant, the international coordination centres shall update their respective situational pictures and report this information to the Agency with a view to update the European situational picture.Article 20Events related to Search and Rescue at sea1.While performing maritime border surveillance, Member States authorities rendering assistance to any vessel or person in distress at sea, in accordance with their obligation under international maritime law shall take into account and transmit all relevant information and observations related to a potential Search and Rescue incident to the respective responsible Maritime Rescue Coordination Centre and inform their national coordination centre with a view to updating that event in the relevant situational pictures.2.If Member States authorities clearly establish that the Search and Rescue incident is not related to the protection and saving of migrants’ lives or to cross-border crime, they may decide not to inform the national coordination centre.3.While performing maritime border surveillance operations and in accordance with Regulation (EU) No 656/2014 of the European Parliament and of the CouncilRegulation (EU) No 656/2014 of the European Parliament and of the Council of 15 May 2014 establishing rules for the surveillance of the external sea borders in the context of operational cooperation coordinated by the European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the European Union (OJ L 189, 27.6.2014, p. 93)., the Agency shall be subject to the same obligation as the one referred to in paragraph 1.4.During a Search and Rescue operation, the competent national coordination centre shall update the national situational picture and report this information to the Agency with a view to update the European situational picture.5.The situational pictures shall be regularly updated:(a)to support the planning and conduct of the next operational phase once the Search and Rescue operation is concluded;(b)to assess the impact levels attributed to the corresponding incident and to the overall maritime border section;(c)to update the relevant indicators referred to in Article 8.6.The competent national coordination centre shall report to the Agency about the termination of a Search and Rescue operation at the latest within 24 hours after the operation is terminated.Article 21Reporting related to air border surveillance1.Each national coordination centre shall ensure that the national agencies and bodies involved in air border surveillance report on external flights:(a)suspected of carrying persons circumventing or intending to circumvent checks at border crossing points, if the incident relates to illegal migration;(b)suspected of being engaged in smuggling by air or other cross-border crime;(c)where lives of migrants could be at risk;(d)on the watchlists or which are subject to requests for information. In the case of reports relating to point (d), the reporting shall take into account the data policy restrictions provided for in Article 14(2) and Article 15(2)(b).2.The national agencies and bodies involved in air border surveillance shall transmit that information to their own national coordination centre or, in the case of a joint operation or a rapid border intervention, to the corresponding international coordination centre in accordance with the operational plan.3.The national coordination centre or the international coordination centre shall update their respective situational pictures and report this information to the Agency with a view to update the European situational picture.SECTION 7Reporting quality control in EUROSURArticle 22Reporting quality of data in EUROSURTo monitor the quality of data in EUROSUR the Agency shall establish and maintain the following indicators:(a)the number and frequency of reports received per border section and per border crossing points;(b)the timeliness of the reporting;(c)the completeness and consistency of the reports.Article 23Reporting quality of service in EUROSUR1.In monitoring the technical and operational functioning of EUROSUR in accordance with Article 23 of Regulation (EU) 2019/1896, The Agency, in close cooperation with the competent national authorities, may establish technical indicators and the requirements for single event reporting, to monitor the operational status and quality of service offered by the various systems and networks of Member States and of the Agency connected to and forming part of the technical component of EUROSUR as defined in Article 27.2.The indicators shall be used:(a)to monitor the status of the various technical components of EUROSUR in real time;(b)to support the identification and response to incidents and failures identified in the functioning of EUROSUR;(c)to ensure the data security of EUROSUR.3.The Member States and the Agency shall report on any single incident affecting the technical components of EUROSUR or the data security of EUROSUR.CHAPTER IISITUATIONAL PICTURESArticle 24Structure of the situational pictures1.The event and analysis layers of the European situational picture shall contain a sublayer on unauthorised secondary movements. Where available, event and analysis layers of the national situational picture and of the specific situational picture shall also contain sublayers on unauthorised secondary movements, for the purpose of understanding migratory trends, volume and routes.2.The operational layer of the European situational picture shall contain sublayers on the technical functioning of EUROSUR. These sublayers shall describe:(a)the operational status of the national coordination centres and international coordination centres;(b)the main technical elements contributing to the functioning of EUROSUR and their status;(c)the quality of data and the quality of service in EUROSUR;(d)the incidents and events affecting the technical functioning of EUROSUR;(e)the data security incidents.3.The situational picture shall comprise other specific sublayers of information in order to facilitate the display of information to the users.4.Each situational picture shall be established in a document specifying the layer and sublayers and the applicable data policy.Article 25Management of the situational picturesThe owner of the situational picture shall:(a)process the reports received;(b)establish and maintain the event layer of the situational picture, generate and update the events in the event layer of the situational picture and attribute corresponding impact levels, and confidence levels;(c)establish and maintain the operational layer of the situational picture based on the reports on owns assets and reports on operational plans;(d)establish and maintain the analysis layer of the situational picture based on the risk analysis reports and attribute corresponding impact levels and confidence levels;(e)establish and maintain the links between the different elements of the situational picture taking into account the links in the reports;(f)manage user access to the situational picture and contribute to the data security of EUROSUR;(g)transmit the relevant reports and necessary information to the owners of other situational pictures, in line with Chapter I;(h)archive and delete the relevant information in line with the applicable data policy.Article 26Rules for establishing and sharing a specific situational picture1.When establishing a specific situational picture in accordance with Article 27 of Regulation (EU) 2019/1896, Member States and the Agency shall ensure alignment with:(a)the principles of reporting set out in Chapter I;(b)the requirements regarding the structure and management of situational pictures set out in Articles 24 and Article 25;(c)the general provisions set out in Chapter III.2.The rules for establishing and sharing a specific situational picture shall contain:(a)the content and scope of the specific situational picture, including:(i)the purpose of the specific situational picture,(ii)the information layers and sublayers,(iii)the type of information to be reported in the specific situational picture, including event reports, operational reports and risk analysis reports;(b)the governance of the specific situational picture, including:(i)the owner,(ii)the bodies, offices and agencies that can be originators of the reports,(iii)the rules for reporting,(iv)provisions related to data security, including user access;(c)the rules for information exchange with the other users of EUROSUR, including:(i)the mechanisms to exchange information with national and European situational pictures and the mechanisms to ensure the originator’s consent,(ii)the rules for the provision of EUROSUR Fusion Services referred to in Article 28 of Regulation (EU) 2019/1896 and the corresponding procedures,(iii)other aspects related to the technical functioning of EUROSUR, including the interconnection of the external component supporting the establishment of the specific situational picture with the relevant national or European components of EUROSUR.CHAPTER IIIGENERAL PROVISIONSSECTION 1Entities responsible for the technical aspectsArticle 27Technical components of EUROSUR1.The technical components of EUROSUR shall include national components and a European component.2.Each national component shall be composed of the national systems and networks used by Member States for the establishment of the situational pictures, reporting, situational awareness, risk analysis, and for supporting the planning and conduct of border control operations, including the infrastructure, organisation, personnel and information resources needed to support it. The interconnections among and between components inside a Member State as well as between Member States shall be part of the national components.3.The European component shall complement the national components. It shall include the interconnection with the national components. It shall comprise the Communication Network and the systems and networks used by the Agency for the establishment of the situational pictures, reporting, situational awareness, risk analysis, and for supporting the planning and conduct of border control operations.Article 28Technical responsibilities of the AgencyThe Agency shall be responsible for managing the European component, which shall include:(a)the definition of technical standards for interconnecting networks, systems, applications and equipment of the national and external components with those of the European component;(b)the certification process of the networks, systems, applications and equipment with a view to connecting them to EUROSUR, in close cooperation with the responsible authorities;(c)the service management of the systems and networks used by the Agency for the establishment of the situational pictures, reporting, situational awareness and risk analysis and for supporting the planning and conduct of border control operations;(d)the reporting of the operation, the quality service and the service management aspects of the systems and networks referred to in point (c), as provided for in Article 23;(e)the data security of the European component.Article 29Technical responsibilities of the Member States1.Each Member State shall be responsible for:(a)managing its national component, including service management, ensuring the coordination of the connection of national systems and networks used for the establishment of the situational pictures, reporting, situational awareness, risk analysis and for supporting the planning and conduct of border control operations;(b)reporting the operation and the quality of service and the service management aspects of the systems and networks referred to in point (a), as provided for in Article 23;(c)the compliance with the technical standards established by the Agency;(d)the data security of the national component.2.The national coordination centre shall:(a)support the coordination, planning and implementation of the national component;(b)contribute to the regular monitoring of the quality of service and quality of data, and report it to the Agency;(c)ensure the operational reporting on the systems and networks of the European component.Article 30External components1.An external component of EUROSUR shall be composed of the systems and networks, including the infrastructure, organisation, personnel and information resources needed to support it, that are not part of EUROSUR and which:(a)exchange data and information with EUROSUR;(b)support the establishment of a specific situational picture.2.The interconnection of an external component to EUROSUR belongs to the external component. It shall be specified in the rules establishing the relevant specific situational picture.SECTION 2Data security and data protection rules for EUROSURArticle 31General principles of EUROSUR data security1.EUROSUR data security shall encompass the management and the technical activities necessary to achieve an appropriate level of protection for handling EUROSUR data and information, cope with the evolving threat environment and enable the various national bodies and agencies involved in EUROSUR and the Agency to fulfil their mission. EUROSUR data security shall include information assurance, physical security, personal security and industrial security.2.EUROSUR data security shall comprise:(a)security risk management, including security controls and plans, and associated monitoring, evaluation, maintenance, improvement, reporting, awareness and training;(b)business continuity and disaster recovery, including impact assessment, continuity and recovery controls and plans, and associated monitoring evaluation, maintenance, improvement, reporting, awareness and training;(c)security incident response and cooperative response between the Agency and the Member States for security incidents;(d)security accreditation;(e)user access control;(f)data security related aspects of the planning of border operations and of the planning of information systems;(g)security aspects of the interconnections of components;(h)handling of classified information for the purpose of EUROSUR.Article 32Governance of EUROSUR data security1.The Agency shall ensure the overall security of EUROSUR, duly taking into account the need for oversight and integration of security requirements in each component of EUROSUR.2.The Agency shall be responsible for the data security of the European component.3.Each Member State shall be responsible for the data security of its national component.4.The Agency and the Member States shall ensure alignment of the controls, the processes and the plans, so that the data security of EUROSUR is horizontally and effectively assured, based on a global security risk management process.5.The responsibilities for the data security of the external component shall be set out in the agreements, arrangements and operational plans establishing the specific situational picture, as provided for in Article 26.6.The Agency shall adopt standards laying down the security functional requirements and the security assurance requirements for controlling the access to, and handling of, technologies that provide security to EUROSUR.7.Each Member State and the Agency shall ensure that the necessary steps are taken to comply with the standards referred to in paragraph 6, that adequate reasoning for fulfilment of the requirements and for controlling of the risks is documented and that any further requirements related to the security of the systems are met, taking full account of expert advice.8.Each Member State and the Agency shall report in EUROSUR any security incident affecting the data security of EUROSUR as part of the reporting on data quality and quality of service.9.Wherever the security of the Union or its Member States may be affected by the operation of EUROSUR:(a)the Agency shall immediately inform the relevant national coordination centres;(b)the executive director of the Agency may decide to take any appropriate measure to remedy the situation, in close coordination with the Member States concerned, including the disconnection of certain systems and networks from the European component of EUROSUR.Article 33Application of security rules in EUROSUR1.When handling EUROSUR data and information, each Member State and the Agency shall ensure that security controls, processes and plans are in place, ensuring a degree of protection which shall at least be equivalent to that guaranteed by the Commission’s rules on security set out in Decision (EU, Euratom) 2015/444 and Commission Decision (EU, Euratom) 2015/443Commission Decision (EU, Euratom) 2015/443 of 13 March 2015 on Security in the Commission (OJ L 72, 17.3.2015, p. 41)..2.Member States shall immediately inform the Commission and the Agency of the adoption of national security rules relevant for EUROSUR as referred to in paragraph 1.3.Natural persons resident in third countries and legal entities established in third countries may deal with EUROSUR data only where they are subject, in those countries, to security rules ensuring a degree of protection at least equivalent to that guaranteed by the equivalent rules on security of the Commission.4.The equivalence of security rules applied in a third country may be recognised in an agreement with that country.5.As part of the implementation of the European component of EUROSUR, the Agency shall support the corresponding exchange of EUROSUR reports and the interconnection of national components both at unclassified level and at classified level.Article 34Principles of security accreditation in EUROSURThe security accreditation activities shall be carried out in accordance with the following principles:(a)security accreditation activities and decisions are to be undertaken in a context of collective responsibility for the security of the Union and of the Member States;(b)efforts shall be made for decisions to be reached by consensus and for all relevant parties with an interest in security issues to be involved;(c)tasks shall be carried out in respect of relevant security rules and accreditation standards applicable to the Agency, the Member States’ authorities and the Commission;(d)a permanent monitoring process shall ensure that security risks are known, security measures are defined to reduce such risks to an acceptable level in accordance with the basic principles and minimum standards set out in the applicable security rules and that these measures are applied in line with the concept of defence in depth. The effectiveness of such measures shall be continuously evaluated;(e)security accreditation decisions shall, following the process defined in the security accreditation strategy, be based on local security accreditation decisions taken by the respective national Security Accreditation Authorities (SAAs) of the Member States;(f)the technical security accreditation activities shall be entrusted to professionals who are duly qualified in the field of accrediting complex systems, who have an appropriate level of security clearance, and who shall act objectively;(g)security accreditation decisions shall be taken independently of the Agency and of the entities responsible for implementing the national components of EUROSUR. The data security accreditation authority for EUROSUR shall be, within the Agency, an autonomous body that takes its decisions independently;(h)security accreditation activities shall be carried out while reconciling the requirement for independence with the need for adequate coordination between the Agency and the national authorities responsible for implementing security provisions in Member States.Article 35EUROSUR Security Accreditation Board1.A EUROSUR Security Accreditation Board ("the Accreditation Board") is established within the Agency.2.As security accreditation authority, the Accreditation Board shall, with regard to security accreditation for EUROSUR, be responsible for:(a)defining and approving a security accreditation strategy for EUROSUR including the European component;(b)Member States shall report to the Accreditation Board regarding the accreditation of their national components, so as to ensure that the Accreditation Board can take relevant interconnection decisions;(c)taking security accreditation decisions for the European component, taking into account the advice provided by national entities competent in security matters and the overall security risks;(d)approving relevant documentation relating to security accreditation;(e)advising, within its field of competence, the Agency and the Member States in the establishment of security operating procedures ("SecOps"), and providing a statement with its concluding position;(f)examining and approving the security risk assessment cooperating with the Agency, Member States and the Commission to define risk mitigation measures;(g)checking the implementation of security measures in relation to the security accreditation of the European component by undertaking or sponsoring security assessments, inspections or reviews;(h)endorsing the selection of approved products and measures and of approved cryptographic products used to provide security for the European component of EUROSUR and for interconnection;(i)approving or, where relevant, together with the relevant entity competent in security matters, participating in the joint approval of:(i)the interconnection of the European component with national components,(ii)the interconnection of the external components to EUROSUR;(j)agreeing with the relevant Member State the procedures relating to access control;(k)on the basis of the security risk reports, informing the Agency of its risk assessment and providing advice to the Agency on residual security risk treatment options for a given security accreditation decision;(l)carrying out the consultations which are necessary to perform its tasks.3.In the security accreditation strategy referred to in point (a) of paragraph 2, the Accreditation Board shall set out the following:(a)the scope of the activities necessary to perform and maintain the accreditation of the European component of EUROSUR, and their potential interconnection with other components;(b)a security accreditation process for the European component with a degree of detail commensurate with the required level of assurance and clearly stating the approval conditions;(c)the role of relevant stakeholders involved in the accreditation process;(d)an accreditation schedule compliant with the deployment of the EUROSUR standards, in particular as regards the deployment of infrastructure, service provision and evolution;(e)the principles of the security accreditation of the national components to be performed by national entities of the Member States competent in security matters;(f)the provisions related to data security of the external components of EUROSUR.4.The Accreditation Board shall perform its tasks independently when handling files, performing system security audits, preparing decisions and organising its meetings.Article 36Functioning of the Security Accreditation Board1.The Accreditation Board shall be composed of one representative per Member State and two representatives from the Commission.2.The security officer of the Agency shall be a designated secretary of the Accreditation Board.3.The Accreditation Board shall establish its rules of procedure and appoint its chairperson.4.If there is no consensus, the Accreditation Board shall have recourse to majority voting.5.The Accreditation Board may set up subgroups to investigate technical matters.6.The Accreditation Board shall keep the management board of the Agency and the executive director of the Agency and the Commission informed of any of its decisions.Article 37Role of Member States and the Agency with regard to the Accreditation BoardMember States and the executive director of the Agency shall:(a)transmit to the Accreditation Board all information they consider relevant for the purposes of security accreditation;(b)permit duly authorised persons appointed by the Accreditation Board to have access to any classified information and to any areas/sites related to the security of systems falling within their jurisdiction, in accordance with their national laws and regulations, and without any discrimination on ground of nationality, including for the purposes of security audits and tests as decided by the Accreditation Board;(c)be responsible for the accreditation of their components of EUROSUR, and report, to this end, to the Accreditation Board.Article 38User access1.Without prejudice to Article 35, the entity responsible for a component of EUROSUR shall manage user access to its systems networks and application.2.In case a national staff member would be given direct access to a system or application of the Agency used for the purpose of EUROSUR, the Agency shall coordinate access rights with the relevant National Coordination Centre.3.In case, an Agency staff member would be given direct access to a national system or application used for the purpose of EUROSUR, the responsible Member State shall coordinate access rights with the executive director of the Agency.Article 39Data security of the external components of EUROSUR1.The external components may be connected to EUROSUR only if their data security is equivalent to the data security of EUROSUR.2.The rules for establishing and sharing a specific situational picture referred to in Article 26 shall include provisions for data security, specifying the type of information that may be exchanged and the level of classification.3.Any interconnection of an external component to EUROSUR shall be subject to the prior approval of the Accreditation Board.Article 40Data protection rules for EUROSUR1.Although data processed by EUROSUR may exceptionally contain information relating to indirectly identifiable natural persons, such data shall not be processed in the framework of EUROSUR to identify these natural persons.2.Where the processing of information in EUROSUR exceptionally requires the processing of personal data other than ship and aircraft identification numbers, these personal data shall be deleted as soon as the purpose for which they have been collected has been achieved.Article 41Entry into forceThis Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.Done at Brussels, 9 April 2021.For the CommissionThe PresidentUrsula von der LeyenANNEX 1List of indicators1.INDICATOR ON REFUSALS OF ENTRYThe fifteenth day of each month each national coordination centre shall report the number of refusals of entry during the last month, per border crossing points.This indicator shall be broken down into the following subindicators:(a)nationality of the third-country nationals concerned;(b)country of origin;(c)last country of embarkation (for ports and airports, not counting transit);(d)age group;(e)gender;(f)breakdown of the reasons of refusal in accordance with Annex V, part B of Regulation (EU) 2016/399;(g)grounds for refusing, revoking or annulling ETIAS travel authorisations;(h)number of decisions of refusal of entry issued for the same persons with the same identity;(i)number of decisions of refusal of entry issued for the same persons using multiple identities.2.INDICATOR ON ILLEGAL STAYSThe fifteenth day of each month, each national coordination centre shall report the number of third-country nationals who have been detected by national authorities while not fulfilling, or no longer fulfilling, the conditions for stay or residence in the Member State during the last month, whether they were detected inland or while trying to exit the territory.This indicator shall be broken down into the following subindicators:(a)nationality of the third-country nationals concerned;(b)age group;(c)gender;(d)number of unaccompanied minors;(e)reason (e.g. visa over-stayers, expired residence permit etc.);(f)type of control when detected (border control, police check inland, crime prevention operations, traffic control;(g)main areas of detection.When this information is available, each national coordination centre shall report the corresponding indicators related to unauthorised secondary movement.3.INDICATOR ON FLOWS1.The fifteenth day of each month, each national coordination centre shall report the number of passengers during the last month, per border crossing point.When this information is available, this indicator shall be broken down into the following subindicators:(a)nationality;(b)destination: entry or exit of Schengen area.2.The fifteenth day of each month, each national coordination centre shall report:(a)per land border crossing point, the number of vehicles;(b)per maritime border crossing point (ports), the number of vessels;(c)per air border crossing points (airports), the number of external flights.When this information is available, these indicators shall be broken down into destination: entry or exit of Schengen area.4.INDICATORS ON THE SMUGGLING OF GOODS4.1.DrugsDrugs seizures shall be divided into the following categories:(1)Cannabis(2)Heroin(3)Other opioids(4)Cocaine(5)Amphetamine-type stimulants (including amphetamine and methamphetamine)(6)MDMA (ecstasy)(7)New psychoactive substances(8)Other illicit drugs.The fifteenth day of each month, for each border section, the national coordination centre shall report for the past month:(a)the overall quantity seized per category;(b)the number of seizures per category;(c)the breakdown per origin if established;(d)the breakdown per provenance if established;(e)the breakdown by destination (entry or exit of Schengen or unknown) and per category;(f)the breakdown per type of border control activity (border surveillance or check at border crossing point) and per category;(g)national authority that detected the drugs;(h)the overall number of perpetrators apprehended;(i)value of seized substances.4.2.Trafficking of vehiclesTrafficking of vehicles shall be divided into the following categories:(1)Stolen passenger cars(2)Stolen vans(3)Stolen lorries(4)Stolen construction and agricultural machinery(5)Other stolen vehicles(6)Stolen vehicle parts(7)Falsified vehicle registration documents.The fifteenth day of each month, for each border section, the national coordination centre shall report:(a)the number of seizures per category;(b)the overall quantity seized per category;(c)the breakdown per origin if established;(d)the breakdown per destination (entry or exit of Schengen or unknown) and per category;(e)the breakdown per type of border control activity (border surveillance or check at border crossing point) per category;(f)the total number of perpetrators apprehended.4.3.Weapons and explosivesIndicators on weapons and explosives shall be divided into the following categories:(1)FirearmsIncluding salute and acoustic weapons, as well as convertible alarm and signal weapons.Firearms can be divided in the following subcategories as available:(a)Handgun: revolver(b)Handgun: pistol(c)Long firearm: rifle(d)Long firearm: shotgun(e)Long firearm: machine gun/100 % automatic(f)Long firearm: other(g)Heavy firearm (anti-tank, rocket launcher, mortar, etc.).(2)Essential components of firearms(3)Non-lethal weapons: alarm and signal weapons (not convertible into firearms)(4)Non-lethal weapons: airsoft weapons(5)Non-lethal weapons: deactivated firearms(6)Explosives(7)Ammunition(8)Other weapons.The fifteenth day of each month, for each border section, the national coordination centre shall report:(a)the number of seizures per category;(b)the overall quantity seized per category;(c)the breakdown per origin if established;(d)the breakdown per destination (entry or exit of Schengen or unknown) and per category;(e)the breakdown per type of border control activity (border surveillance or check at border crossing point) per category;(f)the breakdown by transport mode:(1)Container(2)Lorry or commercial vehicle(3)Passenger car(4)Bus or coach(5)Train(6)Commercial aviation(7)General aviation(8)Freight and postal parcels(9)Pedestrian;(g)national authorities that detected the weapons and/or explosives;(h)the total number of perpetrators apprehended.4.4.Other goodsIndicators on other goods can be divided into the following categories:(1)Tobacco(2)Cigarettes(3)Alcohol(4)Energy products (fuels)(5)Illicit trafficking of cultural objects(6)Other goods.The fifteenth day of each month, for each border section, the national coordination centre shall report:(a)the number of seizures per category;(b)the overall quantity seized per category;(c)the breakdown by origin and per category if established;(d)the breakdown per provenance if established;(e)the breakdown per destination (entry or exit of Schengen or unknown) per category;(f)the breakdown by type of border control activity and per category (check at border crossing point, border surveillance);(g)national authority that detected the goods;(h)the total number of perpetrators apprehended;(i)value of seized goods.5.INDICATOR ON OTHER CROSS-BORDER CRIMESOther cross-border crimes shall be divided into the following categories:(1)Abduction of a minor(2)Attacks, threats to the staff of the European Border and Coast Guard (national authorities or the Agency staff)(3)Hijacking of means of transport(4)Others.The fifteenth day of each month, for each border section, the national coordination centre shall report:(a)the number of cases per category;(b)the breakdown by type of border control activity (check at border crossing point, border surveillance) and per category;(c)national authorities that detected the case;(d)the total number of perpetrators apprehended.6.OTHER INDICATORS DERIVED FROM SINGLE EVENT REPORTINGThe fifteenth day of each month, for each border section, the Agency shall establish monthly indicators.These indicators shall cover:(1)unauthorised border crossings based on the single event reports referred to in Annex 2 paragraph 1;(2)search and rescue events, based on the single event reports referred to in Annex 2 paragraph 8;(3)facilitation and trafficking in human beings, based on the single event reports referred to in Annex 2 paragraph 2;(4)document fraud based on the single event reports referred to in Annex 2 paragraph 4.The Agency may establish other indicators based upon available information, which are deemed relevant for risk analysis or situational awareness.ANNEX 2Cases of single event reporting and corresponding informationThe reporting of single events in EUROSUR consists in linking different building blocks of information, listed below, that help describe the situation at EU external borders.The first report shall contain the set of information collected to trigger the first reaction. Based on this first report the various parties to EUROSUR shall endeavour to complement this information as provided for in this annex.1.SINGLE EVENT REPORTING OF UNAUTHORISED BORDER CROSSING, OR SUSPICION TO ATTEMPT AN UNAUTHORISED BORDER CROSSINGThe national coordination centre shall report any event related to unauthorised border crossing. The report on unauthorised border crossing can be linked to facilitation or trafficking in human being as provided for in paragraph 2 and to search and rescue event in line with paragraph 8.The first report on the event shall be sent no later than 24 hours after the event is detected.The originators and the owners shall endeavour to report the following information as available.1.1.Type of event(a)attempt or actual illegal border crossing;(b)open or clandestine crossing.1.2.Circumstances of the event(a)time and position;(b)destination (entry or exit of Schengen or unknown);(c)last country of embarkation (only applicable on entry for maritime and air border sections ports and airports);(d)country of destination;(e)purpose of illegal border-crossing;(f)circumstances of detection:(1)during a check at border crossing point,(2)during a border surveillance operation,(3)other (secondary movement, pre-frontier area);(g)attempts to hide from the border control;(h)means of transport:(1)Flight (a report on the flight shall be linked to the report as provided for in paragraph 7)(2)Vessel (a report on the vessel shall be linked to the report as provided for in paragraph 1, or to the search and rescue case as provided for in paragraph 6)(3)Container(4)Lorry or commercial vehicle(5)Passenger car(6)Bus or coach(7)Train(8)Pedestrian.1.3.Persons involved(a)total numbers of persons involved;(b)number of minors;(c)number of persons in need of international protection;(d)breakdown by nationalities (supposed/confirmed), citizenships;(e)age group.2.SINGLE EVENT REPORTING OF FACILITATION OR TRAFFICKING IN HUMAN BEINGS, OR SUSPICION TO ATTEMPT FACILITATION OR TRAFFICKING IN HUMAN BEINGSThe national coordination centre shall report any event of facilitation, or suspicion to attempt facilitation, and of trafficking, or suspicion to attempt trafficking of human beings.The first report on the event shall be sent no later than 24 hours after the event is detected.The event can be linked to an event related to unauthorised border crossing.The originators and the owners shall endeavour to report the following information, as available:2.1.Type of event(a)facilitation, trafficking in human being;(b)stage (suspicion, attempt, committed).2.2.Circumstances of the event(a)time and location;(b)destination (entry or exit of Schengen or unknown);(c)circumstances of detection:(1)during a check at border crossing point,(2)during a border surveillance operation,(3)other (secondary movement, pre-frontier area);(d)means of transport:(1)Flight (a report on the flight shall be linked to the report as provided for in paragraph 7)(2)Vessel (a report on the vessel shall be linked to the report as provided for in paragraph 1, or to the search and rescue case as provided for in paragraph 6)(3)Container(4)Lorry or commercial vehicle(5)Passengers car(6)Bus or coach(7)Train(8)Pedestrian.2.3.Perpetrators(a)total numbers of persons involved;(b)age groups:(c)break down by nationalities (supposed/confirmed), and countries of origin;(d)form of exploitation (sexual, labour, other).2.4.Victims (if the event is not related to an unauthorised border crossing)(a)total numbers of victims;(b)number of minors;(c)number of un-accompanied minors and number of persons in need of international protection;(d)the breakdown of victims per transit countr(ies);(e)breakdown by nationalities (supposed/confirmed) and countries of origin.2.5.Motivation and modus operandi(a)modus operandi;(b)purpose of facilitation or targeted exploitation in the case of trafficking in human being.3.SINGLE EVENT REPORTING OF TRAFFICKING, OR SUSPICION TO ATTEMPT TRAFFICKING OF GOODSIn addition to the indicators referred to in Annex 1 paragraph 4, the national coordination centre shall report single events of trafficking, or suspicion to attempt trafficking of goods in the following cases:(1)The amounts seized are above the thresholds defined in Annex 3;(2)The trafficking, or suspicion to attempt trafficking is linked to a potential terrorist activity or could pose a threat for the security of the Union or of its Member States;(3)The trafficking, or suspicion to attempt trafficking entails a reaction from other Member States and the Agency or impacts border control measures;(4)The trafficking, or suspicion to attempt trafficking of goods is linked to a specific modus operandi. In that case the reports shall be linked to risk analysis report describing it;(5)The seizure of goods is abnormal, and could indicate a new criminal pattern.The originators and the owners shall endeavour to report the following information as available.3.1.Type of eventWhen describing the type of events the originator shall use the categories and subcategories of Annex 1 paragraph 4 and the units referred to in Annex 3 as appropriate.3.2.Circumstances of the event(a)time and position;(b)destination (entry or exit of Schengen or unknown);(c)circumstances of detection:(1)during a check at border crossing point,(2)during a border surveillance operation,(3)other (secondary movement, pre-frontier area);(d)means of transport:(1)Flight (a report on the flight shall be linked to the report as provided for in paragraph 7)(2)Vessel (a report on the vessel shall be linked to the report as provided for in paragraph 1, or to the search and rescue case as provided for in paragraph 6)(3)Container(4)Lorry or commercial vehicle(5)Passenger car(6)Bus or coach(7)Train(8)Pedestrian(9)Freight or postal parcel;(e)modus operandi or suspected modus operandi, including:(1)concealment type;(2)concealment details.3.3.Type of goods(a)category and subcategory in line with annex 1 paragraph 4;(b)amount (estimated/seized);(c)estimated value.3.4.Persons involved(a)total numbers of persons involved;(b)role of the person;(c)number of minors;(d)break down by nationalities (supposed/confirmed).4.SINGLE EVENT REPORTING OF DOCUMENT FRAUDThe national coordination centre shall report any single event related to document fraud or document criminality observed during a border control operation.The first report on the event shall be sent no later than 24 hours after the event is detected.The event can be linked to an event related to unauthorised border crossing, facilitation or trafficking in human beings, trafficking of goods, other forms of cross-border crime.The originators and the owners report the following information as available.4.1.Type of document fraud4.2.Circumstances of the event(a)time and position;(b)destination (entry or exit of Schengen or unknown);(c)circumstances of detection:(1)during a check at border crossing point,(2)during a border surveillance operation,(3)other (secondary movement, pre-frontier area);4.3.Information on the person(a)claimed nationality of person;(b)gender;(c)age group.4.4.Information on the document(a)document type and subtype (passport, id card, residence permit, visa, border stamp, other);(b)nationality of document;(c)document usage (presented, concealed, n.a.);(d)border crossing point of embarkation;(e)border crossing point of transit;(f)border crossing point of destination;(g)chip;(h)border stamp.5.SINGLE EVENT REPORTING ON OTHER FORMS OF CROSS-BORDER CRIMEIn addition to the indicators referred to in Annex 1 paragraph 7 the national coordination centre shall report single events related to other crime in the following cases:(1)The cross-border crime, or suspicion to attempt cross-border crime or the hit in the database or large-scale IT system is linked to a potential terrorist activity or could pose a threat for the security of the Union or of its Member States;(2)The cross-border crime, or suspicion to attempt cross-border crime or the hit in the database or large-scale IT system entails a reaction from other Member States and the Agency or has an impact on border control measures;(3)The cross-border crime, or suspicion to attempt cross-border crime is linked to a specific modus operandi. In that case the reports shall be linked to risk analysis report describing it.The originators and the owners shall endeavour to report the following information as available:5.1.Type of eventWhen describing the type of events the originator shall use the categories and subcategories of Annex 1 paragraph 7.5.2.Circumstances of the event(a)time and position;(b)destination (entry or exit of Schengen or unknown);(c)circumstances of detection:(1)during a check at border crossing point,(2)during a border surveillance operation,(3)other (secondary movement, pre-frontier area);(d)means of transport:(1)Flight (a report on the flight shall be linked to the report as provided for in paragraph 7)(2)Vessel (a report on the vessel shall be linked to the report as provided for in paragraph 1, or to the search and rescue case as provided for in paragraph 6)(3)Container(4)Lorry or commercial vehicle(5)Passenger car(6)Bus or coach(7)Train(8)Pedestrian(9)Freight or postal parcel.5.3.Persons involved(a)total numbers of persons involved;(b)role of the person;(c)number of minors;(d)break down by nationalities (supposed/confirmed).6.SINGLE EVENT REPORTING OF VESSELS OF INTERESTInformation related to vessels of interest shall be reported:(1)if the vessel detected is on the watch list of suspected vessels, in that case the reporting shall be linked to the corresponding watch list;(2)if the vessel is involved in an event listed in this annex, in that case the report shall be linked to the corresponding event;(3)if the vessel is deemed suspect by the originator, in that case the reporting shall be linked to a risk analysis report.The first report on the vessel shall be sent no later than 24 hours after the first detection.The originators and the owners shall endeavour to report the following information as available:6.1.Position and status of the vesselInformation on the position of the vessel of interest comprises:(a)the time of measurement, position and radius of uncertainty, heading and speed if the asset is moving;(b)the status of the vessel (engines off, smoke detected, anchored etc.);(c)the source of the measurement or detection (radar, positioning system, etc.);(d)the previous known positions of the vessel before the event.The originators that can obtain information on the vessel shall seek to update its position using the information sources at their disposal as early as possible.The information on the position of a vessel of interest at sea, once detected, shall be updated at least every hour.6.2.Type of vesselInformation on the type of the vessel shall help discriminate(a)between passenger ship, sailing boat, motor yacht, fishing vessel, container ship, bulk carriers, oil tanker, general cargo ship, high-speed craft, mobile offshore drilling unit, special purpose ship;(b)between the ship usage: either commercial work or leisure.6.3.Ship identifiersInformation on the ship identifiers comprises:(a)the flag;(b)the name of the ship;(c)International Maritime Organisation (IMO) number, Maritime Mobile Service Identity (MMSI) number and other visual and radio identifiers used to contact and characterize the vessels.6.4.Passengers and cargoInformation on the passengers and cargo includes:(a)number of crew members;(b)breakdown by nationality of the crew members;(c)number of passengers;(d)breakdown by nationality of the passengers;(e)type and amount/weight of cargo.7.SINGLE EVENT REPORTING ON EXTERNAL FLIGHTS OF INTERESTInformation related to external flights of interest shall be reported:(1)if the flight detected is on the watch list of suspicious flights, in that case the reporting shall be linked to the corresponding watch list;(2)if the flight is involved in an event listed in this annex, in that case the report shall be linked to the corresponding event;(3)if the vessel flight is deemed suspect by the originator; in that case the reporting shall be linked to a risk analysis report.The first report on the flight shall be sent no later than 24 hours after the first detection.The originators and the owners shall endeavour to report the following information as available.7.1.Position of the aircraft of interestInformation on the position of the flight of interest comprises:(a)time of measurement;(b)position including altitude and volume of uncertainty;(c)heading and speed;(d)source of the measurement or detection (radar, positioning system, etc.).The originators that can obtain information on the aircraft shall seek to update its position using the information sources at their disposal.The information on the position of aircraft of interest in flight shall be updated in near real time.7.2.Type of the aircraft of interestInformation on the type of the aircraft shall help distinguish between fixed or rotary wings, jet or propeller, piloted aboard or remotely, and if available could inform on the exact model.7.3.Aircraft identifiersInformation on the aircraft identifiers comprises the different visual and radio identifiers used to contact and characterize the aircraft.7.4.Information on the flightInformation on the flight comprises:(a)the flight type (commercial private governmental etc.);(b)the flight identifier, including the commercial flight identifiers;(c)the place of departure;(d)the destination;(e)the reference to the flight plan.7.5.Passengers and cargoInformation on the passengers and cargo includes:(a)number of crew;(b)breakdown by nationality of the crew members;(c)number of passengers;(d)breakdown by nationality of the passengers;(e)type of cargo.8.SINGLE EVENT REPORTING ON SEARCH AND RESCUE EVENTSThe national coordination centre shall report any event related to search and rescue in line with Article 21.The reporting related to possible search and rescue event shall cover the duration of the event from the first detection of the vessel of interest or from the alert received regarding people in distress at sea until the completion of the border crossing event and the termination of the related search and rescue case.The originators and the owners shall endeavour to report the following information as available.8.1.Links to the reporting on the vessel in distress in line with paragraph 6The report may also be linked to other vessels of interest involved in the search and rescue case such as mother ships.8.2.Reporting on the status of the search and rescue case including(a)the search and rescue phase (uncertainty, alert, distress, search and rescue operation ongoing, search and rescue operation concluded);(b)the competent Maritime Rescue Coordination Centre;(c)the foreseen place of safety or place of safety, when the search and rescue operation is completed.8.3.Links to the reporting of paragraph 1 and paragraph 2 as appropriateANNEX 3Thresholds for single event reporting of goods1.ILLICIT DRUGS(1)Cannabis: 10 kg(2)Heroin: 500 gram(3)Other opioids (e.g. morphine, opium, etc.): 500 gram(4)Cocaine: 10 kg(5)Amphetamine-type stimulants (including amphetamine and methamphetamine): 100 gram(6)MDMA (ecstasy): 5000 tablets(7)New psychoactive substances: 500 tablets or 100 gram(8)Other illicit drugs.2.WEAPONS AND EXPLOSIVES(1)Firearms or weapons parts: 15 units(2)Explosives: 3 kg(3)Ammunition: 10000 pieces.3.OTHER GOODS(1)Raw tobacco: 500kg(2)Cigarettes: 1 million units(3)Alcohol: 5000 litres of pure alcohol(4)Energy products (fuels): 10000 litres(5)Illicit trafficking of cultural objects: estimated value above EUR 1 million.