Regulation (EU) 2021/1133 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EU) No 603/2013, (EU) 2016/794, (EU) 2018/1862, (EU) 2019/816 and (EU) 2019/818 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the Visa Information System
Regulation (EU) 2021/1133 of the European Parliament and of the Councilof 7 July 2021amending Regulations (EU) No 603/2013, (EU) 2016/794, (EU) 2018/1862, (EU) 2019/816 and (EU) 2019/818 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the Visa Information SystemTHE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,Having regard to the Treaty on the Functioning of the European Union, and in particular point (e) of Article 78(2), point (d) of Article 82(1), point (a) of Article 87(2), and Article 88(2) thereof,Having regard to the proposal from the European Commission,After transmission of the draft legislative act to the national parliaments,Having regard to the opinion of the European Economic and Social CommitteeOJ C 440, 6.12.2018, p. 154.,After consulting the Committee of the Regions,Acting in accordance with the ordinary legislative procedurePosition of the European Parliament of 13 March 2019 (OJ C 23, 21.1.2021, p. 286) and position of the Council at first reading of 27 May 2021 (OJ C 227, 14.6.2021, p. 20). Position of the European Parliament of 7 July 2021 (not yet published in the Official Journal).,Whereas:(1)The Visa Information System (VIS) was established by Council Decision 2004/512/ECCouncil Decision 2004/512/EC of 8 June 2004 establishing the Visa information System (VIS) (OJ L 213, 15.6.2004, p. 5). to serve as the technological solution for exchanging visa data between Member States. Regulation (EC) No 767/2008 of the European Parliament and of the CouncilRegulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) (OJ L 218, 13.8.2008, p. 60). laid down the purpose, functionalities and responsibilities for the VIS, as well as the conditions and procedures for the exchange of short-stay visa data between Member States to facilitate the examination of applications for short-stay visas and related decisions. Regulation (EC) No 810/2009 of the European Parliament and of the CouncilRegulation (EC) No 810/2009 of the European Parliament and of the Council of 13 July 2009 establishing a Community Code on Visas (Visa Code) (OJ L 243, 15.9.2009, p. 1). set out the rules on the registration of biometric identifiers in the VIS. The access of law enforcement authorities of the Member States and of the European Union Agency for Law Enforcement Cooperation (Europol) to the VIS was established by Council Decision 2008/633/JHACouncil Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences (OJ L 218, 13.8.2008, p. 129).. That Decision should be integrated into Regulation (EC) No 767/2008, to bring it in line with the current Treaty framework.(2)Interoperability between certain EU information systems was established by Regulations (EU) 2019/817Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (OJ L 135, 22.5.2019, p. 27). and (EU) 2019/818Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (OJ L 135, 22.5.2019, p. 85). of the European Parliament and of the Council so that those systems and their data supplement each other with a view to improving the effectiveness and efficiency of border checks at the external borders of the Union, contributing to preventing and combating illegal immigration and contributing to a high level of security within the area of freedom, security and justice of the Union, including the maintenance of public security and public policy and safeguarding security in the territories of the Member States.(3)Interoperability between the EU information systems allows those systems to supplement each other in order to facilitate the correct identification of persons, contribute to fighting identity fraud, improve and harmonise data quality requirements of the relevant EU information systems, facilitate the technical and operational implementation by Member States of existing and future EU information systems, strengthen and simplify the data security and data protection safeguards that govern the relevant EU information systems, streamline the law enforcement access to the VIS, the Entry/Exit System (EES), the European Travel Information and Authorisation System (ETIAS) and Eurodac, and support the purposes of the VIS, Schengen Information System (SIS), the EES, the ETIAS, Eurodac and the European Criminal Records Information System for third-country nationals (ECRIS-TCN).(4)The interoperability components cover the VIS, the SIS, the EES, the ETIAS, Eurodac and ECRIS-TCN, as well as Europol data to enable Europol data to be queried simultaneously with those EU information systems. It is therefore appropriate to use those interoperability components for the purpose of carrying out automated queries and when accessing the VIS for law enforcement purposes. The European search portal (ESP) established by Regulation (EU) 2019/818 should be used to enable fast, seamless, efficient, systematic and controlled access by Member States’ authorities to the EU information systems, the Europol data and the Interpol databases needed to perform their tasks, in accordance with their access rights, and to support the objectives of the VIS.(5)The ESP will enable the data stored in the VIS and the data stored in the other EU information systems concerned to be queried in parallel.(6)The comparison of data stored in the VIS against data stored in other information systems and databases should be automated. If such a comparison reveals the existence of a correspondence, known as a "hit", between any of the personal data or combination thereof in an application and a record, file or alert in those other information systems or databases, or with personal data in the ETIAS watchlist, the application should be verified manually by an operator from the competent authority. The assessment of hits performed by the competent authority should be taken into account for the decision whether to issue a short-stay visa, a long-stay visa or a residence permit.(7)This Regulation lays down the manner in which interoperability and the conditions for the consultation of the data stored in SIS, Eurodac and ECRIS-TCN as well as of the Europol data by the VIS automated process for the purpose of identifying hits are to be implemented. As a result, it is necessary to amend Regulations (EU) No 603/2013Regulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of "Eurodac" for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (OJ L 180, 29.6.2013, p. 1)., (EU) 2016/794Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA (OJ L 135, 24.5.2016, p. 53)., (EU) 2018/1862Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU (OJ L 312, 7.12.2018, p. 56)., (EU) 2019/816Regulation (EU) 2019/816 of the European Parliament and of the Council of 17 April 2019 establishing a centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN) to supplement the European Criminal Records Information System and amending Regulation (EU) 2018/1726 (OJ L 135, 22.5.2019, p. 1). and (EU) 2019/818 of the European Parliament and of the Council in order to connect the VIS to the other EU information systems and to Europol data.(8)The conditions under which, on the one hand, the visa authorities are able to consult data stored in Eurodac and, on the other, the VIS designated authorities are able to consult Europol data, certain SIS data and data stored in ECRIS-TCN for the purposes of the VIS should be safeguarded by clear and precise rules regarding the access by those authorities to those data, the type of queries and categories of data, all of which should be limited to what is strictly necessary for the performance of the duties of those authorities. In the same vein, the data stored in the VIS application file should be visible only to those Member States that are operating the underlying information systems in accordance with the arrangements for their participation.(9)Regulation (EU) 2021/1134 of the European Parliament and of the CouncilRegulation (EU) 2021/1134 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EC) No 767/2008, (EC) No 810/2009, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1860, (EU) 2018/1861, (EU) 2019/817 and (EU) 2019/1896 of the European Parliament and of the Council and repealing Council Decisions 2004/512/EC and 2008/633/JHA, for the purpose of reforming the Visa Information System (see page 11 of this Official Journal). allocates new tasks to Europol such as the provision of opinions following consultation requests by the VIS designated authorities and the ETIAS National Units. To implement those tasks, it is therefore necessary to amend Regulation (EU) 2016/794 accordingly.(10)In order to support the VIS objective of assessing whether an applicant for a short-stay visa, a long-stay visa or a residence permit could pose a threat to public policy or public security, the VIS should be able to verify whether any correspondence exists between data in the VIS application files and the ECRIS-TCN data in the Common Identity Repository (CIR) established by Regulation (EU) 2019/818 in regard to which Member States hold information on third-country nationals and stateless persons concerning convictions for a terrorist offence or any other criminal offence listed in the Annex to Regulation (EU) 2018/1240 of the European Parliament and of the CouncilRegulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1). if it is punishable by a custodial sentence or a detention order for a maximum period of at least three years under national law.(11)A hit indicated by ECRIS-TCN should not by itself be taken to mean that the third-country national concerned has been convicted in the Member States that are indicated. The existence of previous convictions should be confirmed only on the basis of information received from the criminal records of the Member States concerned.(12)This Regulation is without prejudice to Directive 2004/38/EC of the European Parliament and of the CouncilDirective 2004/38/EC of the European Parliament and of the Council of 29 April 2004 on the right of citizens of the Union and their family members to move and reside freely within the territory of the Member States amending Regulation (EEC) No 1612/68 and repealing Directives 64/221/EEC, 68/360/EEC, 72/194/EEC, 73/148/EEC, 75/34/EEC, 75/35/EEC, 90/364/EEC, 90/365/EEC and 93/96/EEC (OJ L 158, 30.4.2004, p. 77)..(13)In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union (TEU) and to the Treaty on the Functioning of the European Union (TFEU), Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application. Given that this Regulation, insofar as it relates to SIS as governed by Regulation (EU) 2018/1862, builds upon the Schengen acquis, Denmark shall, in accordance with Article 4 of that Protocol, decide within a period of six months after the Council has decided on this Regulation whether it will implement it in its national law.(14)Insofar as it relates to SIS as governed by Regulation (EU) 2018/1862, Ireland is taking part in this Regulation, in accordance with Article 5(1) of Protocol No 19 on the Schengen acquis integrated into the framework of the European Union, annexed to the TEU and to the TFEU, and Article 6(2) of Council Decision 2002/192/ECCouncil Decision 2002/192/EC of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen acquis (OJ L 64, 7.3.2002, p. 20).. Furthermore, insofar as it relates to Europol, Eurodac and ECRIS-TCN, in accordance with Articles 1 and 2 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the TEU and to the TFEU, and without prejudice to Article 4 of that Protocol, Ireland is not taking part in the adoption of this Regulation and is not bound by it or subject to its application.(15)As regards Iceland and Norway, this Regulation constitutes, insofar as it relates to SIS as governed by Regulation (EU) 2018/1862, a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latters’ association with the implementation, application and development of the Schengen acquisOJ L 176, 10.7.1999, p. 36. which fall within the area referred to in Article 1, point G, of Council Decision 1999/437/ECCouncil Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis (OJ L 176, 10.7.1999, p. 31)..(16)As regards Switzerland, this Regulation constitutes, insofar as it relates to SIS as governed by Regulation (EU) 2018/1862, a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquisOJ L 53, 27.2.2008, p. 52. which fall within the area referred to in Article 1, point G, of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/149/JHACouncil Decision 2008/149/JHA of 28 January 2008 on the conclusion on behalf of the European Union of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (OJ L 53, 27.2.2008, p. 50)..(17)As regards Liechtenstein, this Regulation constitutes, insofar as it relates to SIS as governed by Regulation (EU) 2018/1862, a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquisOJ L 160, 18.6.2011, p. 21. which fall within the area referred to in Article 1, point G, of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EUCouncil Decision 2011/350/EU of 7 March 2011 on the conclusion, on behalf of the European Union, of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis, relating to the abolition of checks at internal borders and movement of persons (OJ L 160, 18.6.2011, p. 19)..(18)For this Regulation to fit into the existing legal framework, Regulations (EU) No 603/2013, (EU) 2016/794, (EU) 2018/1862, (EU) 2019/816 and (EU) 2019/818 should be amended accordingly,HAVE ADOPTED THIS REGULATION: