Regulation (EU) 2022/850 of the European Parliament and of the Council of 30 May 2022 on a computerised system for the cross-border electronic exchange of data in the area of judicial cooperation in civil and criminal matters (e-CODEX system), and amending Regulation (EU) 2018/1726 (Text with EEA relevance)
Regulation (EU) 2022/850 of the European Parliament and of the Councilof 30 May 2022on a computerised system for the cross-border electronic exchange of data in the area of judicial cooperation in civil and criminal matters (e-CODEX system), and amending Regulation (EU) 2018/1726(Text with EEA relevance)THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,Having regard to the Treaty on the Functioning of the European Union, and in particular Article 81(2) and Article 82(1) thereof,Having regard to the proposal from the European Commission,After transmission of the draft legislative act to the national parliaments,Having regard to the opinion of the European Economic and Social CommitteeOJ C 286, 16.7.2021, p. 82.,Acting in accordance with the ordinary legislative procedurePosition of the European Parliament of 24 March 2022 (not yet published in the Official Journal) and decision of the Council of 12 April 2022.,Whereas:(1)Ensuring the effective access of citizens and businesses to justice and facilitating judicial cooperation in civil, including commercial, and criminal matters between the Member States are among the main objectives of the Union’s area of freedom, security and justice enshrined in Part three, Title V of the Treaty on the Functioning of the European Union (TFEU).(2)It is sometimes difficult to access justice systems for a number of reasons such as formalistic and expensive legal procedures, long procedural delays and high costs of using court systems.(3)It is thus important that appropriate channels are developed to ensure that justice systems can efficiently cooperate in a digital way. Therefore, it is essential to establish, at Union level, an information technology system that allows for the swift, direct, interoperable, sustainable, reliable and secure cross-border electronic exchange of case-related data, while always respecting the right to protection of personal data. Such a system should contribute to improving access to justice and transparency by enabling citizens and businesses to exchange documents and evidence in digital form with judicial or other competent authorities, when provided for by national or Union law. That system should increase citizens’ trust in the Union and mutual trust between Member States’ judicial and other competent authorities.(4)Digitalisation of proceedings in civil and criminal matters should be encouraged with the aim of strengthening the rule of law and fundamental rights guarantees in the Union, particularly by facilitating access to justice.(5)This Regulation concerns the cross-border electronic exchange of data in the area of judicial cooperation in civil and criminal matters. Judicial cooperation in civil and criminal matters and the respective competences of judicial or other competent authorities should be understood in accordance with Union legal acts and the case law of the Court of Justice of the European Union.(6)Tools which have not replaced or required costly modifications to the existing back-end systems established in the Member States have previously been developed for the cross-border electronic exchange of case-related data. The e-Justice Communication via Online Data Exchange (e-CODEX) system is the main such tool developed to date.(7)The e-CODEX system is a tool specifically designed to facilitate the cross-border electronic exchange of data in the area of judicial cooperation in civil and criminal matters. In the context of increased digitalisation of proceedings in civil and criminal matters, the aim of the e-CODEX system is to improve the efficiency of cross-border communication between competent authorities and to facilitate citizens’ and businesses’ access to justice. Until the handover of the e-CODEX system to the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), established by Regulation (EU) 2018/1726 of the European Parliament and of the CouncilRegulation (EU) 2018/1726 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), and amending Regulation (EC) No 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) No 1077/2011 (OJ L 295, 21.11.2018, p. 99)., the e-CODEX system will be managed by a consortium of Member States and organisations with funding from Union programmes (the "entity managing the e-CODEX system").(8)The e-CODEX system provides an interoperable solution for the justice sector to connect the IT systems of the competent national authorities, such as the judiciary, or other organisations. The e-CODEX system should therefore be viewed as the preferred solution for an interoperable, secure and decentralised communication network between national IT systems in the area of judicial cooperation in civil and criminal matters.(9)For the purposes of this Regulation, the electronic exchange of data includes any content transmissible in electronic form by means of the e-CODEX system, such as text or sound, visual or audiovisual recordings, in the form of either structured or unstructured data, files or metadata.(10)This Regulation does not provide for the mandatory use of the e-CODEX system. At the same time, nothing in this Regulation should prevent Member States from developing and maintaining pilot use cases.(11)The e-CODEX system consists of two software elements: a gateway for the exchange of messages with other gateways; and a connector, which provides a number of functionalities related to the exchange of messages between national IT systems. Currently, the gateway is based on a building block of the Connecting Europe Facility maintained by the Commission known as "eDelivery", while the management of the connector is carried out by the entity managing the e-CODEX system. The connector provides functions such as verification of electronic signatures via a security library and proof of delivery. In addition, the entity managing the e-CODEX system has developed data schemas for digital forms to be used in the specific civil and criminal procedures for which it has piloted the e-CODEX system.(12)Given the importance of the e-CODEX system for cross-border exchanges in the area of judicial cooperation in the Union, the e-CODEX system should be established by means of a sustainable Union legal framework that provides for rules regarding its functioning and development. Such a legal framework should ensure the protection of fundamental rights as provided for in the Charter of Fundamental Rights of the European Union, especially those enshrined in Title VI thereof, and in particular in Article 47 on the right to an effective remedy and to a fair trial. It should in no way undermine the protection of procedural rights which are essential for the protection of those fundamental rights. It should also clearly set out and frame the components of the e-CODEX system in order to guarantee its technical sustainability and security. The e-CODEX system should establish the IT components of an e-CODEX access point, which should consist of a gateway for the purposes of secure communication with other identified gateways and a connector for the purpose of supporting the exchange of messages. The e-CODEX system should also include digital procedural standards to support the use of e-CODEX access points for legal procedures provided for by Union legal acts adopted in the area of judicial cooperation in civil and criminal matters and to enable the exchange of information between the e-CODEX access points.(13)Given that semantic interoperability, as one of the layers of interoperability, should be a contributing factor to achieving this Regulation’s objective of setting up a standardised and meaningful interaction between two or more parties, particular consideration should be given to the EU e-Justice Core Vocabulary, which is an asset for reusable semantical terms and definitions used to ensure data consistency and data quality over time and across use cases.(14)Since it is necessary to ensure the long-term sustainability of the e-CODEX system and its governance, while respecting the principle of the independence of the judiciary, an appropriate entity for the management of the e-CODEX system should be designated. The independence of the judiciary, in the context of the governance of the e-CODEX system within that entity, should be ensured.(15)The most appropriate entity for the management of the e-CODEX system is an agency, since its governance structure would allow Member States to be involved in the management of the e-CODEX system by participating in the agency’s management board, programme management board and advisory group. eu-LISA has relevant experience in managing large-scale IT systems. eu-LISA should therefore be entrusted with the management of the e-CODEX system. It is also necessary to adjust the existing governance structure of eu-LISA by adapting the responsibilities of its Management Board and by establishing an e-CODEX Advisory Group. Regulation (EU) 2018/1726 should therefore be amended accordingly. A specific e-CODEX Programme Management Board should also be established, taking into account gender balance. The e-CODEX Programme Management Board should advise eu-LISA’s Management Board on the prioritisation of activities, including on developing digital procedural standards, new features and new software versions.(16)In accordance with Article 19 of Regulation (EU) 2018/1726, the functions of eu-LISA’s Management Board are, inter alia, to ensure that all of eu-LISA’s decisions and actions which affect large-scale IT systems in the area of freedom, security and justice respect the principle of independence of the judiciary. eu-LISA’s governance structure and financing scheme further guarantee that that principle is respected. It is also important to involve the legal professions, other experts and relevant stakeholders in the governance of the e-CODEX system through the e-CODEX Advisory Group and the e-CODEX Programme Management Board. The detailed arrangements and conditions as regards the involvement of the legal professions, other experts and relevant stakeholders should allow them to participate effectively and be consulted effectively, namely by ensuring their feedback is duly considered.(17)Given eu-LISA’s priority tasks of developing and managing the Entry/Exit System (EES), the European Travel Information and Authorisation System (ETIAS), the centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN), the revised Schengen Information System (SIS), the Visa Information System (VIS) and Eurodac, as well as the strategic task of establishing a framework for interoperability between EU information systems, eu-LISA should take over the responsibility for the e-CODEX system between 1 July 2023 and 31 December 2023.(18)e-CODEX correspondents should be entitled to request and receive technical support under this Regulation and should support the operation of the e-CODEX system among Member States. The service level requirements for the activities to be carried out by eu-LISA should address the matter of the number of e-CODEX correspondents in Member States and in the Commission, in proportion to the number of the e-CODEX access points authorised by the Member States or by the Commission and to the number of the digital procedural standards which they apply.(19)The e-CODEX system can be used in cross-border civil and criminal matters. It should be possible to use the e-CODEX system and the components of the e-CODEX system for other purposes outside of the scope of judicial cooperation under national or Union law as long as such use does not impair the use of the e-CODEX system. This Regulation only applies to the cross-border exchange of data between connected systems via authorised e-CODEX access points, in accordance with the corresponding digital procedural standards.(20)eu-LISA should be responsible for the components of the e-CODEX system, except for the management of the gateway, since it is currently provided by the Commission on a cross-sectoral basis within eDelivery. eu-LISA should take over full responsibility for the management of the connector and the digital procedural standards from the entity managing the e-CODEX system. Given that the gateway and the connector are integral components of the e-CODEX system, eu-LISA should ensure that the connector is compatible with the latest version of the gateway. To that end, the Commission should include eu-LISA in the preparatory work undertaken before eu-LISA takes over responsibility for the e-CODEX system and in the relevant governance body of eDelivery as from the entry into force of this Regulation.(21)In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the CouncilRegulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission’s exercise of implementing powers (OJ L 55, 28.2.2011, p. 13).. The implementing acts adopted in that framework should establish: the minimum technical specifications and standards, including for security and methods for integrity and authenticity verification, underpinning the components of the e-CODEX system; the service level requirements for the activities carried out by eu-LISA and other necessary technical specifications for those activities, including the number of e-CODEX correspondents for the authorised e-CODEX access points, in proportion to the number of authorised e-CODEX access points and to the number of digital procedural standards which they apply; and the specific arrangements for the handover and takeover of the e-CODEX system. Implementing acts should also be able to establish digital procedural standards to support the use of the e-CODEX system in the procedures in the area of judicial cooperation in civil and criminal matters.(22)The connector should be able to technically support all types of electronic seals and electronic signatures as provided for in Regulation (EU) No 910/2014 of the European Parliament and of the CouncilRegulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73).. The minimum technical specifications and standards established by the Commission should include security operating standards regarding the connector. The security requirements for the functioning of the connector should take into account standards for information security and existing Union legal acts, such as Regulations (EU) No 910/2014, (EU) No 2016/679Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1). and (EU) 2018/1725Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39). of the European Parliament and of the Council and Directive (EU) 2016/680 of the European Parliament and of the CouncilDirective (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89)..(23)The specific responsibilities of eu-LISA in relation to the management of the e-CODEX system should be laid down.(24)The tasks of eu-LISA should include the addition of new features to the e-CODEX system, if needed. One such new feature should be a feature in the connector allowing for the retrieval of relevant statistical data regarding the number of technical messages sent and received through each authorised e-CODEX access point.(25)At national level, it should be possible for Member States to authorise public authorities or legal persons, such as private companies and organisations representing legal practitioners, to operate e-CODEX access points. The Member States should maintain a list of such authorised e-CODEX access points and notify them to eu-LISA in order to enable them to interact with one another in the context of the relevant procedures. Entities operating authorised e-CODEX access points at national level are to comply with the data protection requirements and principles laid down in Regulation (EU) 2016/679. At Union level, it should be possible for the Commission to authorise Union institutions, bodies, offices or agencies to operate e-CODEX access points. The Commission should maintain a list of such authorised e-CODEX access points and notify them to eu-LISA in order to enable them to interact with one another in the context of the relevant procedures. Entities operating authorised e-CODEX access points at Union level are to comply with the data protection requirements and principles laid down in Regulation (EU) 2018/1725. While eu-LISA should ensure the management of the e-CODEX system, and having regard to the decentralised nature of the e-CODEX system, the responsibility for setting up and operating the authorised e-CODEX access points should lie exclusively with the entities operating the relevant authorised e-CODEX access points. An entity operating an authorised e-CODEX access point should bear the responsibility for any damage resulting from the operation of that authorised e-CODEX access point, in accordance with the applicable law. The Member States and the Commission should verify that entities operating authorised e-CODEX access points have the necessary technical equipment and human resources in order to guarantee that the e-CODEX system functions properly and in a reliable manner. Where those entities do not have the necessary technical equipment and human resources, their authorised e-CODEX access point should lose its authorisation.(26)Member States should supervise the authorised e-CODEX access points for which they are responsible, in particular when they are operated by entities that are not public authorities. Member States should ensure that adequate data security measures are in place.(27)Member States should inform the general public about the e-CODEX system by means of a set of large-scale communication channels, including websites and social media platforms.(28)While it is for each Member State to determine the digital procedural standards which each e-CODEX access point it has authorised is entitled to apply, each Member State should nevertheless ensure that all the digital procedural standards adopted by means of implementing acts under this Regulation apply in their territory.(29)A mechanism should be put in place to monitor the impact of instruments that enable the cross-border electronic exchange of data in the area of judicial cooperation in civil and criminal matters in the Union. The entities operating authorised e-CODEX access points should therefore be able to systematically collect and maintain comprehensive data on the use of the e-CODEX system. That should not only alleviate the work of the Member States in collecting the relevant data and ensure mutual accountability and transparency, but also significantly facilitate the ex-post monitoring by the Commission of the Union legal acts adopted in the area of judicial cooperation in civil and criminal matters. The information collected should only encompass aggregated data and should not constitute personal data.(30)When providing technical support to e-CODEX correspondents in relation to the e-CODEX system, eu-LISA should act as a single point of contact, including for the purposes of the gateway.(31)eu-LISA should maintain a high level of security when carrying out its tasks. When undertaking further technical evolutions of software or developing upgrades, eu-LISA should implement the principles of security by design and data protection by design and by default, in accordance with Regulation (EU) 2018/1725. An entity operating an authorised e-CODEX access point should bear the responsibility for the security and protection of the data transmitted via its authorised e-CODEX access point.(32)Classified information, as defined in Article 2 of the Agreement between the Member States of the European Union, meeting within the Council, regarding the protection of classified information exchanged in the interests of the European UnionOJ C 202, 8.7.2011, p. 13., should not be transmitted via the e-CODEX system, unless the relevant conditions provided for in that Agreement, in other Union legal acts and in national law are fulfilled.(33)In order to allow eu-LISA to prepare adequately for the takeover of the e-CODEX system, the entity managing the e-CODEX system should submit by 31 December 2022 a handover document setting out the detailed arrangements for the transfer of the e-CODEX system, including the criteria for a successful handover process and for the successful completion of that process, in accordance with implementing acts adopted by the Commission pursuant to this Regulation. The handover document should cover the components of the e-CODEX system, including the gateway, the connector and the digital procedural standards, as well as the relevant supporting software products, documentation and other assets. The Commission should monitor the handover and takeover process in order to ensure that it complies with the implementing acts adopted pursuant to this Regulation and the handover document. The takeover should only take place once the Commission has declared that the process has been successfully completed, after consulting the entity managing the e-CODEX system and eu-LISA. After submitting the handover document and until the successful handover of the e-CODEX system to eu-LISA, the entity managing the e-CODEX system should not make changes to the e-CODEX system or deliver any new software release other than for the purpose of carrying out corrective maintenance of the e-CODEX system.(34)As part of the handover of the e-CODEX system to eu-LISA, it should be ensured that any intellectual property rights or usage rights relating to the e-CODEX system and the relevant supporting software products, documentation and other assets are transferred to eu-LISA so as to enable it to carry out its responsibilities under this Regulation. However, for the main software components of the e-CODEX system, a contractual transfer is not needed because those software components are open source and covered by the European Union Public Licence.(35)In order for the Commission to be able to evaluate the e-CODEX system on a regular basis, eu-LISA should report to the Commission every two years on the technical evolution and the technical functioning of the e-CODEX system. In order to feed into that report, Member States should provide eu-LISA with the relevant information concerning the authorised e-CODEX access points for the connected systems in their territory, and the Commission should provide relevant information concerning the authorised e-CODEX access points operated by Union institutions, bodies, offices and agencies.(36)The e-CODEX Advisory Group should provide eu-LISA with the necessary expertise related to the e-CODEX system, in particular by promoting the exchange of experiences and best practices. It should be possible for the e-CODEX Advisory Group to be involved in the development of new digital procedural standards, including those launched at the initiative of Member States.(37)The term of office of the members of the e-CODEX Programme Management Board and their alternates should be renewable. Due consideration should be given to the representation of different Member States on the e-CODEX Programme Management Board, which is to be promoted whenever possible so as to ensure that all Member States are represented on the e-CODEX Programme Management Board over time.(38)When carrying out its duties, the e-CODEX Programme Management Board should ensure that all measures taken by eu-LISA regarding the e-CODEX system, either technical, for example measures concerning infrastructure, data management and data separation, or organisational, for example measures concerning key personnel and other human resources, are in accordance with the principle of the independence of the judiciary.(39)In order to enable the European Parliament and the Council to assess the success of the transfer of the e-CODEX system and how well the e-CODEX system functions in general, the Commission should regularly produce overall evaluations of the e-CODEX system. The Commission should prepare the first such evaluation three years after eu-LISA takes over responsibility for the e-CODEX system and every four years thereafter.(40)Sufficient resources should be provided to eu-LISA in order to ensure that it is able to adequately carry out its new tasks as set out in this Regulation. The resources committed to the operation of the e-CODEX system in accordance with this Regulation should not be used for any other purpose.(41)As regards the costs incurred in the performance of tasks laid down by this Regulation, nothing in this Regulation should prevent Member States from applying for funding from Union financing programmes for the implementation of the e-CODEX system at national level.(42)Insofar as permitted by national law, nothing in this Regulation prevents the submission of information to eu-LISA in an automated way, in particular the notifications provided for in this Regulation.(43)This Regulation does not provide any specific legal basis for the processing of personal data. Any processing of personal data under this Regulation should be in accordance with the applicable data protection rules. Regulation (EU) 2016/679 and Directives 2002/58/ECDirective 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (OJ L 201, 31.7.2002, p. 37). and (EU) 2016/680 of the European Parliament and the Council apply to the processing of personal data carried out by entities operating authorised e-CODEX access points which are established within the territory of the Member States in accordance with this Regulation.(44)Regulation (EU) 2018/1725 applies to the processing of personal data carried out by Union institutions, bodies, offices and agencies under this Regulation.(45)It should be possible for international organisations or their subordinate bodies, governed by public international law, or other relevant entities or bodies, which are set up by, or on the basis of, an agreement between two or more countries, to participate in the e-CODEX system as relevant stakeholders after its operational management has been entrusted to eu-LISA. To that end, and in order to ensure the effective, standardised and secure operation of the e-CODEX system, it should be possible for eu-LISA to conclude working arrangements with those organisations, bodies and entities pursuant to Regulation (EU) 2018/1726.(46)Since the objectives of this Regulation, namely the establishment of the e-CODEX system at Union level and the entrusting of the system’s management to eu-LISA, cannot be sufficiently achieved by the Member States but can rather, by reason of the scale and effects of the action, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union (TEU). In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives.(47)The Commission should study the feasibility of allowing third countries to participate in the e-CODEX system and, if necessary, present a legislative proposal to allow for such participation and to lay down rules and protocols to that end.(48)In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the TEU and to the TFEU, Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application.(49)In accordance with Articles 1 and 2 and Article 4a(1) of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the TEU and to the TFEU, and without prejudice to Article 4 of that Protocol, Ireland is not taking part in the adoption of this Regulation and is not bound by it or subject to its application.(50)eu-LISA’s seat was established in Tallinn, Estonia. In view of its specific nature and characteristics, it was considered appropriate to develop and operationally manage the e-CODEX system in Tallinn, Estonia.(51)The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 and delivered an opinion on 26 January 2021,HAVE ADOPTED THIS REGULATION: