Eurlexa

English
- Sign in
- Register

Regulation (EU) 2021/1151 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EU) 2019/816 and (EU) 2019/818 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the European Travel Information and Authorisation System

Regulation (EU) 2021/1151 of the European Parliament and of the Councilof 7 July 2021amending Regulations (EU) 2019/816 and (EU) 2019/818 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the European Travel Information and Authorisation System THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,Having regard to the Treaty on the Functioning of the European Union, and in particular point (d) of Article 82(1) thereof,Having regard to the proposal from the European Commission,After transmission of the draft legislative act to the national parliaments,Acting in accordance with the ordinary legislative procedurePosition of the European Parliament of 8 June 2021 (not yet published in the Official Journal) and decision of the Council of 28 June 2021.,Whereas:(1)Regulation (EU) 2018/1240 of the European Parliament and of the CouncilRegulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1). established the European Travel Information and Authorisation System ("ETIAS") for third-country nationals exempt from the requirement to be in possession of a visa when crossing the external borders of the Union. That Regulation laid down the conditions and procedures for issuing or refusing a travel authorisation under ETIAS.(2)ETIAS enables consideration of whether the presence of those third-country nationals in the territory of the Member States would pose a security, illegal immigration or high epidemic risk.(3)In order to enable the ETIAS Central System to process application files as referred to in Regulation (EU) 2018/1240, it is necessary to establish interoperability between the ETIAS Information System, on the one hand, and the Entry/Exit System ("EES"), the Visa Information System ("VIS"), the Schengen Information System ("SIS"), Eurodac and the European Criminal Record Information System – Third-Country Nationals ("ECRIS-TCN") ("other EU information systems"), and Europol data as defined in that Regulation ("Europol data"), on the other hand.(4)This Regulation, together with Regulations (EU) 2021/1150Regulation (EU) 2021/1150 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EU) 2018/1862 and (EU) 2019/818 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the European Travel Information and Authorisation System (see page 1 of this Official Journal). and (EU) 2021/1152Regulation (EU) 2021/1152 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EC) No 767/2008, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1860, (EU) 2018/1861 and (EU) 2019/817 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the European Travel Information and Authorisation System (see page 15 of this Official Journal). of the European Parliament and of the Council, lays down rules on the implementation of interoperability between the ETIAS Information System, on the one hand, and other EU information systems and Europol data, on the other hand, and the conditions for the consultation of data stored in other EU information systems and Europol data by ETIAS for the purpose of automatically identifying hits. As a result, it is necessary to amend Regulations (EU) 2019/816Regulation (EU) 2019/816 of the European Parliament and of the Council of 17 April 2019 establishing a centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN) to supplement the European Criminal Records Information System and amending Regulation (EU) 2018/1726 (OJ L 135, 22.5.2019, p. 1). and (EU) 2019/818Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (OJ L 135, 22.5.2019, p. 85). of the European Parliament and of the Council in order to connect the ETIAS Central System to other EU information systems and to Europol data and to specify the data that will be sent between those EU information systems and Europol data.(5)As regards the implementation of interoperability with Eurodac, in accordance with Regulation (EU) 2018/1240, the necessary consequential amendments will be adopted once the recast of Regulation (EU) No 603/2013 of the European Parliament and of the CouncilRegulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of "Eurodac" for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (OJ L 180, 29.6.2013, p. 1). is adopted.(6)The European Search Portal (ESP), established by Regulation (EU) 2019/817 of the European Parliament and of the CouncilRegulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (OJ L 135, 22.5.2019, p. 27). and Regulation (EU) 2019/818, will enable the data stored in ETIAS and the data stored in the other EU information systems concerned to be queried in parallel.(7)Technical arrangements should be established to enable ETIAS to regularly and automatically verify in other EU information systems whether the conditions for the retention of application files, as laid down in Regulation (EU) 2018/1240, are still fulfilled.(8)Member States already collect and process data of third-country nationals as defined in Regulation (EU) 2019/816 for the purposes of that Regulation. This Regulation does not impose any obligation on Member States to change or to extend the categories of data of third-country nationals as defined in Regulation (EU) 2019/816 already being collected under that Regulation. For the purpose of the querying of ECRIS-TCN by ETIAS, only flags indicating that third-country nationals as defined in Regulation (EU) 2019/816 have been convicted of a terrorist offence or of any other criminal offence listed in the Annex to Regulation (EU) 2018/1240, if it is punishable by a custodial sentence or a detention order for a maximum period of at least three years under national law, and the codes of convicting Member States, should be added to the ECRIS-TCN data record.(9)In accordance with Regulation (EU) 2019/816, and in order to support the ETIAS objective of contributing to a high level of security by providing for a thorough security risk assessment of applicants prior to their arrival at external border crossing points in order to determine whether there are factual indications or reasonable grounds based on factual indications to conclude that the presence of the person on the territory of the Member States poses a security risk, ETIAS should be able to verify whether any correspondence exists between data in ETIAS application files and the data stored in ECRIS-TCN, as regards which Member States hold information on third-country nationals, as defined in Regulation (EU) 2019/816, who have been convicted in the previous 25 years of a terrorist offence or in the previous 15 years of any other criminal offence listed in the Annex to Regulation (EU) 2018/1240 if it is punishable by a custodial sentence or a detention order for a maximum period of at least three years under national law.(10)The conditions, including access rights, under which the ETIAS Central Unit and ETIAS National Units are able to consult data stored in other EU information systems for the purposes of ETIAS should be safeguarded by clear and precise rules regarding access by the ETIAS Central Unit and ETIAS National Units to the data stored in other EU information systems, the types of query and the categories of data, all of which should be limited to what is strictly necessary for the performance of their duties. In the same vein, the data stored in ETIAS application files should be visible only to those Member States that operate the underlying information systems in accordance with the arrangements for their participation.(11)A hit indicated by ECRIS-TCN should not by itself be taken to mean that the third-country national concerned as defined in Regulation (EU) 2019/816 has been convicted in the Member States that are indicated. The existence of previous convictions should be confirmed only on the basis of information received from the criminal records of the Member States concerned.(12)Pursuant to Regulation (EU) 2018/1240, the European Union Agency for the Operational Management of Large-Scale IT Systems in the area of Freedom, Security and Justice (eu-LISA), established by Regulation (EU) 2018/1726 of the European Parliament and of the CouncilRegulation (EU) 2018/1726 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), and amending Regulation (EC) No 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) No 1077/2011 (OJ L 295, 21.11.2018, p. 99)., is to be responsible for the design and development phase of the ETIAS Information System.(13)This Regulation is without prejudice to Directive 2004/38/EC of the European Parliament and of the CouncilDirective 2004/38/EC of the European Parliament and of the Council of 29 April 2004 on the right of citizens of the Union and their family members to move and reside freely within the territory of the Member States amending Regulation (EEC) No 1612/68 and repealing Directives 64/221/EEC, 68/360/EEC, 72/194/EEC, 73/148/EEC, 75/34/EEC, 75/35/EEC, 90/364/EEC, 90/365/EEC and 93/96/EEC (OJ L 158, 30.4.2004, p. 77)..(14)In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union (TEU) and to the Treaty on the Functioning of the European Union (TFEU), Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application.(15)In accordance with Article 3 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the TEU and to the TFEU, Ireland may notify the President of the Council of its wish to take part in the adoption and application of this Regulation.(16)In accordance with Articles 1 and 2 and Article 4a(1) of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the TEU and to the TFEU, and without prejudice to Article 4 of that Protocol, Ireland is not taking part in the adoption of this Regulation and is not bound by it or subject to its application.(17)Regulations (EU) 2019/816 and (EU) 2019/818 should therefore be amended accordingly.(18)Since the objectives of this Regulation, namely to amend Regulations (EU) 2019/816 and (EU) 2019/818 in order to connect the ETIAS Central System to other EU information systems and to Europol data and to specify the data that will be sent between those EU information systems and Europol data, cannot be sufficiently achieved by the Member States but can rather, by reason of their scale and effects, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 TEU. In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives.(19)The European Data Protection Supervisor was consulted, in accordance with Article 41(2) of Regulation (EU) 2018/1725 of the European Parliament and the CouncilRegulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).,HAVE ADOPTED THIS REGULATION:

Article 1Amendments to Regulation (EU) 2019/816Regulation (EU) 2019/816 is amended as follows:(1)in Article 1, the following point is added:"(e)the conditions under which data in ECRIS-TCN may be used by the ETIAS Central Unit, established within the European Border and Coast Guard Agency in accordance with Article 7 of Regulation (EU) 2018/1240 of the European Parliament and of the CouncilRegulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).";, for the purpose of supporting the ETIAS objective of contributing to a high level of security by providing for a thorough security risk assessment of applicants, prior to their arrival at external border crossing points, in order to determine whether there are factual indications or reasonable grounds based on factual indications to conclude that the presence of the person on the territory of the Member States poses a security risk.

----------------------

Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).";(2)Article 2 is replaced by the following:

"Article 2ScopeThis Regulation applies to the processing of identity information of third-country nationals who have been subject to convictions in the Member States, for the purpose of identifying the Member States where such convictions were handed down. With the exception of point (b)(ii) of Article 5(1), the provisions of this Regulation that apply to third-country nationals also apply to citizens of the Union who also hold a nationality of a third country and who have been subject to convictions in the Member States.This Regulation:(a)supports the VIS objective of assessing whether the applicant for a visa, a long-stay visa or a residence permit could pose a threat to public policy or internal security, in accordance with Regulation (EC) No 767/2008;(b)supports the ETIAS objective of contributing to a high level of security, in accordance with Regulation (EU) 2018/1240;(c)facilitates and assists in the correct identification of persons in accordance with this Regulation and with Regulation (EU) 2019/818.";

(3)in Article 3, point (6) is replaced by the following:"(6)"competent authorities" means the central authorities, Eurojust, Europol, the EPPO, the VIS designated authorities as referred to in Article 9d and Article 22b(13) of Regulation (EC) No 767/2008, and the ETIAS Central Unit, which are competent to access or query ECRIS-TCN in accordance with this Regulation;";(4)Article 5 is amended as follows:(a)paragraph 1 is amended as follows:(i)the first indent of point (a)(iii) is replaced by the following:"—identity number, or the type and number of the person’s identification documents, including travel documents, as well as the name of the issuing authority,";(ii)point (c) is replaced by the following:"(c)a flag indicating, for the purpose of Regulations (EC) No 767/2008 and (EU) 2018/1240, that the third-country national concerned has been convicted in the previous 25 years of a terrorist offence or in the previous 15 years of any other criminal offence listed in the Annex to Regulation (EU) 2018/1240 if it is punishable by a custodial sentence or a detention order for a maximum period of at least three years under national law, including the code of the convicting Member State.";(b)paragraph 7 is replaced by the following:"7.Flags and codes of convicting Member States as referred to in point (c) of paragraph 1 of this Article shall be accessible and searchable only by:(a)the VIS Central System, as established by point (b) of Article 2a(1) of Regulation (EC) No 767/2008, for the purpose of the verifications pursuant to Article 7a of this Regulation in conjunction with point (e) of Article 9a(4) or point (e) of Article 22b(3) of Regulation (EC) No 767/2008;(b)the ETIAS Central System, as defined in point (25) of Article 3(1) of Regulation (EU) 2018/1240, for the purpose of the verifications pursuant to Article 7b of this Regulation in conjunction with point (n) of Article 20(2) of Regulation (EU) 2018/1240 where hits are reported following the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6) and point (b) of Article 54(1) of that Regulation.Without prejudice to the first subparagraph of this paragraph, the flags and the code of the convicting Member State referred to in point (c) of paragraph 1 shall not be visible to any authority other than the central authority of the convicting Member State that created the flagged data record.";(5)Article 7(7) is replaced by the following:"7.In the event of a hit, the central system or the CIR shall automatically provide the competent authority with information on the Member States holding criminal record information on the third-country national, along with the associated reference numbers referred to in Article 5(1) and any corresponding identity information. Such identity information shall be used only for the purpose of verifying the identity of the third-country national concerned. The result of a search in the central system shall be used only for the purpose of:(a)making a request pursuant to Article 6 of Framework Decision 2009/315/JHA;(b)making a request as referred to in Article 17(3) of this Regulation;(c)supporting the VIS objective of assessing whether the applicant for a visa, a long-stay visa or a residence permit could pose a threat to public policy or internal security, in accordance with Regulation (EC) No 767/2008; or(d)supporting the ETIAS objective of contributing to a high level of security, in accordance with Regulation (EU) 2018/1240.";(6)the following article is inserted:

"Article 7bUse of ECRIS-TCN for ETIAS verifications1.For the purpose of performing the tasks pursuant to Regulation (EU) 2018/1240, the ETIAS Central Unit shall have the right to access and search ECRIS-TCN data. However, the ETIAS Central Unit shall have the right to access, in accordance with Article 11(8) of that Regulation, only those data records to which a flag has been added pursuant to point (c) of Article 5(1) of this Regulation.The data referred to in the first subparagraph shall be used only for the purpose of verification by:(a)the ETIAS Central Unit pursuant to Article 22 of Regulation (EU) 2018/1240; or(b)the ETIAS National Units pursuant to Article 25a(2) of Regulation (EU) 2018/1240 for the purpose of consulting national criminal records; national criminal records shall be consulted prior to the assessments and decisions referred to in Article 26 of that Regulation and, where applicable, prior to the assessments and opinions pursuant to in Article 28 of that Regulation.2.The CIR shall be connected to the ESP to enable the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6) and point (b) of Article 54(1) of Regulation (EU) 2018/1240.3.Without prejudice to Article 24 of Regulation (EU) 2018/1240, the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6) and point (b) of Article 54(1) of that Regulation shall enable the subsequent verifications provided for in Articles 22 and 26 of that Regulation.For the purpose of proceeding with the verifications referred to in point (n) of Article 20(2) of Regulation (EU) 2018/1240, the ETIAS Central System shall use the ESP to compare the data in ETIAS with the ECRIS-TCN data to which a flag has been added pursuant to point (c) of Article 5(1) of this Regulation and Article 11(8) of Regulation (EU) 2018/1240, using the data listed in the correspondence table set out in Annex II to this Regulation.";

(7)Article 8(3) is replaced by the following:"3.Flags as referred to in point (c) of Article 5(1) shall be erased automatically upon expiry of the retention period referred to in paragraph 1 of this Article or 25 years after the creation of the flag as regards convictions related to terrorist offences or 15 years after the creation of the flag as regards convictions related to other criminal offences, whichever comes first.";(8)Article 24(1) is replaced by the following:"1.The data entered into the central system and the CIR shall be processed only for the purposes of:(a)the identification of the Member States holding the criminal records information of third-country nationals;(b)supporting the VIS objective of assessing whether the applicant for a visa, a long-stay visa or a residence permit could pose a threat to public policy or internal security, in accordance with Regulation (EC) No 767/2008; or(c)supporting the ETIAS objective of contributing to a high level of security, in accordance with Regulation (EU) 2018/1240.The data entered into the CIR shall also be processed in accordance with Regulation (EU) 2019/818 for facilitating and assisting in the correct identification of persons registered in ECRIS-TCN in accordance with this Regulation.";(9)the following article is inserted:

"Article 31bKeeping of logs for the purposes of interoperability with ETIASFor the consultations referred to in Article 7b of this Regulation, a log of each ECRIS-TCN data processing operation carried out within the CIR and ETIAS shall be kept in accordance with Article 69 of Regulation (EU) 2018/1240.";

(10)in Article 32(3), the second subparagraph is replaced by the following:"Every month eu-LISA shall submit to the Commission statistics relating to the recording, storage and exchange of information extracted from criminal records through ECRIS-TCN and the ECRIS reference implementation, including statistics on the data records which include a flag as referred to in point (c) of Article 5(1). eu-LISA shall ensure that it is not possible to identify individuals on the basis of those statistics. At the request of the Commission, eu-LISA shall provide it with statistics on specific aspects related to the implementation of this Regulation.";(11)the following annex is added:

Article 2Amendments to Regulation (EU) 2019/818Regulation (EU) 2019/818 is amended as follows:(1)in Article 18, the following paragraph is inserted:"1b.For the purpose of Article 20 of Regulation (EU) 2018/1240, the CIR shall also store, logically separated from the data referred to in paragraph 1 of this Article, the data referred to in point (c) of Article 5(1) of Regulation (EU) 2019/816. The data referred to in point (c) of Article 5(1) of Regulation (EU) 2019/816 shall be accessible only in the manner referred to in Article 5(7) of that Regulation.";(2)in Article 68, the following paragraph is inserted:"1b.Without prejudice to paragraph 1 of this Article, the ESP shall start operations, for the purposes of the automated verifications pursuant to Article 20, Article 23, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) of Regulation (EU) 2018/1240 only, once the conditions laid down in Article 88 of that Regulation have been met.".

Article 3Entry into forceThis Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.Done at Strasbourg, 7 July 2021.For the European ParliamentThe PresidentD. M. SassoliFor the CouncilThe PresidentA. LogarANNEX IICorrespondence table

Data as referred to in Article 17(2) of Regulation (EU) 2018/1240 sent by the ETIAS Central System	The corresponding ECRIS-TCN data referred to in Article 5(1) of this Regulation with which data in ETIAS are to be compared
surname (family name)	surname (family name)
surname at birth	previous names
first name(s) (given name(s))	first names (given names)
other names (alias(es), artistic name(s), usual name(s))	pseudonyms or aliases
date of birth	date of birth
place of birth	place of birth (town and country)
country of birth	place of birth (town and country)
sex	gender
current nationality	nationality or nationalities
other nationalities (if any)	nationality or nationalities
type of the travel document	type of the person’s travel documents
number of the travel document	number of the person’s travel documents
country of issue of the travel document	name of the issuing authority