Regulation (EU) 2021/1151 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EU) 2019/816 and (EU) 2019/818 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the European Travel Information and Authorisation System
Regulation (EU) 2021/1151 of the European Parliament and of the Councilof 7 July 2021amending Regulations (EU) 2019/816 and (EU) 2019/818 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the European Travel Information and Authorisation SystemTHE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,Having regard to the Treaty on the Functioning of the European Union, and in particular point (d) of Article 82(1) thereof,Having regard to the proposal from the European Commission,After transmission of the draft legislative act to the national parliaments,Acting in accordance with the ordinary legislative procedurePosition of the European Parliament of 8 June 2021 (not yet published in the Official Journal) and decision of the Council of 28 June 2021.,Whereas:(1)Regulation (EU) 2018/1240 of the European Parliament and of the CouncilRegulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1). established the European Travel Information and Authorisation System ("ETIAS") for third-country nationals exempt from the requirement to be in possession of a visa when crossing the external borders of the Union. That Regulation laid down the conditions and procedures for issuing or refusing a travel authorisation under ETIAS.(2)ETIAS enables consideration of whether the presence of those third-country nationals in the territory of the Member States would pose a security, illegal immigration or high epidemic risk.(3)In order to enable the ETIAS Central System to process application files as referred to in Regulation (EU) 2018/1240, it is necessary to establish interoperability between the ETIAS Information System, on the one hand, and the Entry/Exit System ("EES"), the Visa Information System ("VIS"), the Schengen Information System ("SIS"), Eurodac and the European Criminal Record Information System – Third-Country Nationals ("ECRIS-TCN") ("other EU information systems"), and Europol data as defined in that Regulation ("Europol data"), on the other hand.(4)This Regulation, together with Regulations (EU) 2021/1150Regulation (EU) 2021/1150 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EU) 2018/1862 and (EU) 2019/818 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the European Travel Information and Authorisation System (see page 1 of this Official Journal). and (EU) 2021/1152Regulation (EU) 2021/1152 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EC) No 767/2008, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1860, (EU) 2018/1861 and (EU) 2019/817 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the European Travel Information and Authorisation System (see page 15 of this Official Journal). of the European Parliament and of the Council, lays down rules on the implementation of interoperability between the ETIAS Information System, on the one hand, and other EU information systems and Europol data, on the other hand, and the conditions for the consultation of data stored in other EU information systems and Europol data by ETIAS for the purpose of automatically identifying hits. As a result, it is necessary to amend Regulations (EU) 2019/816Regulation (EU) 2019/816 of the European Parliament and of the Council of 17 April 2019 establishing a centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN) to supplement the European Criminal Records Information System and amending Regulation (EU) 2018/1726 (OJ L 135, 22.5.2019, p. 1). and (EU) 2019/818Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (OJ L 135, 22.5.2019, p. 85). of the European Parliament and of the Council in order to connect the ETIAS Central System to other EU information systems and to Europol data and to specify the data that will be sent between those EU information systems and Europol data.(5)As regards the implementation of interoperability with Eurodac, in accordance with Regulation (EU) 2018/1240, the necessary consequential amendments will be adopted once the recast of Regulation (EU) No 603/2013 of the European Parliament and of the CouncilRegulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of "Eurodac" for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (OJ L 180, 29.6.2013, p. 1). is adopted.(6)The European Search Portal (ESP), established by Regulation (EU) 2019/817 of the European Parliament and of the CouncilRegulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (OJ L 135, 22.5.2019, p. 27). and Regulation (EU) 2019/818, will enable the data stored in ETIAS and the data stored in the other EU information systems concerned to be queried in parallel.(7)Technical arrangements should be established to enable ETIAS to regularly and automatically verify in other EU information systems whether the conditions for the retention of application files, as laid down in Regulation (EU) 2018/1240, are still fulfilled.(8)Member States already collect and process data of third-country nationals as defined in Regulation (EU) 2019/816 for the purposes of that Regulation. This Regulation does not impose any obligation on Member States to change or to extend the categories of data of third-country nationals as defined in Regulation (EU) 2019/816 already being collected under that Regulation. For the purpose of the querying of ECRIS-TCN by ETIAS, only flags indicating that third-country nationals as defined in Regulation (EU) 2019/816 have been convicted of a terrorist offence or of any other criminal offence listed in the Annex to Regulation (EU) 2018/1240, if it is punishable by a custodial sentence or a detention order for a maximum period of at least three years under national law, and the codes of convicting Member States, should be added to the ECRIS-TCN data record.(9)In accordance with Regulation (EU) 2019/816, and in order to support the ETIAS objective of contributing to a high level of security by providing for a thorough security risk assessment of applicants prior to their arrival at external border crossing points in order to determine whether there are factual indications or reasonable grounds based on factual indications to conclude that the presence of the person on the territory of the Member States poses a security risk, ETIAS should be able to verify whether any correspondence exists between data in ETIAS application files and the data stored in ECRIS-TCN, as regards which Member States hold information on third-country nationals, as defined in Regulation (EU) 2019/816, who have been convicted in the previous 25 years of a terrorist offence or in the previous 15 years of any other criminal offence listed in the Annex to Regulation (EU) 2018/1240 if it is punishable by a custodial sentence or a detention order for a maximum period of at least three years under national law.(10)The conditions, including access rights, under which the ETIAS Central Unit and ETIAS National Units are able to consult data stored in other EU information systems for the purposes of ETIAS should be safeguarded by clear and precise rules regarding access by the ETIAS Central Unit and ETIAS National Units to the data stored in other EU information systems, the types of query and the categories of data, all of which should be limited to what is strictly necessary for the performance of their duties. In the same vein, the data stored in ETIAS application files should be visible only to those Member States that operate the underlying information systems in accordance with the arrangements for their participation.(11)A hit indicated by ECRIS-TCN should not by itself be taken to mean that the third-country national concerned as defined in Regulation (EU) 2019/816 has been convicted in the Member States that are indicated. The existence of previous convictions should be confirmed only on the basis of information received from the criminal records of the Member States concerned.(12)Pursuant to Regulation (EU) 2018/1240, the European Union Agency for the Operational Management of Large-Scale IT Systems in the area of Freedom, Security and Justice (eu-LISA), established by Regulation (EU) 2018/1726 of the European Parliament and of the CouncilRegulation (EU) 2018/1726 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), and amending Regulation (EC) No 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) No 1077/2011 (OJ L 295, 21.11.2018, p. 99)., is to be responsible for the design and development phase of the ETIAS Information System.(13)This Regulation is without prejudice to Directive 2004/38/EC of the European Parliament and of the CouncilDirective 2004/38/EC of the European Parliament and of the Council of 29 April 2004 on the right of citizens of the Union and their family members to move and reside freely within the territory of the Member States amending Regulation (EEC) No 1612/68 and repealing Directives 64/221/EEC, 68/360/EEC, 72/194/EEC, 73/148/EEC, 75/34/EEC, 75/35/EEC, 90/364/EEC, 90/365/EEC and 93/96/EEC (OJ L 158, 30.4.2004, p. 77)..(14)In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union (TEU) and to the Treaty on the Functioning of the European Union (TFEU), Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application.(15)In accordance with Article 3 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the TEU and to the TFEU, Ireland may notify the President of the Council of its wish to take part in the adoption and application of this Regulation.(16)In accordance with Articles 1 and 2 and Article 4a(1) of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the TEU and to the TFEU, and without prejudice to Article 4 of that Protocol, Ireland is not taking part in the adoption of this Regulation and is not bound by it or subject to its application.(17)Regulations (EU) 2019/816 and (EU) 2019/818 should therefore be amended accordingly.(18)Since the objectives of this Regulation, namely to amend Regulations (EU) 2019/816 and (EU) 2019/818 in order to connect the ETIAS Central System to other EU information systems and to Europol data and to specify the data that will be sent between those EU information systems and Europol data, cannot be sufficiently achieved by the Member States but can rather, by reason of their scale and effects, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 TEU. In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives.(19)The European Data Protection Supervisor was consulted, in accordance with Article 41(2) of Regulation (EU) 2018/1725 of the European Parliament and the CouncilRegulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).,HAVE ADOPTED THIS REGULATION: