Commission Implementing Decision (EU) 2023/117 of 13 January 2023 on the service ... (32023D0117)
EU - Rechtsakte: 19 Area of freedom, security and justice

COMMISSION IMPLEMENTING DECISION (EU) 2023/117

of 13 January 2023

on the service level requirements for the activities to be carried out by eu-LISA concerning the e-CODEX system

(Text with EEA relevance)

THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) 2022/850 of the European Parliament and of the Council of 30 May 2022 on a computerised system for the cross-border electronic exchange of data in the area of judicial cooperation in civil and criminal matters (e-CODEX system), and amending Regulation (EU) 2018/1726 (1), and in particular Article 6(1), point (b), thereof,
Whereas:
(1) It is necessary to define the service level requirements for the activities to be carried out by eu-LISA with regard to the e-CODEX system and other necessary technical specifications for those activities, including the number of e-CODEX correspondents.
(2) The service level requirements for the activities to be carried out by eu-LISA with regard to the e-CODEX system should cover the tasks set out in Regulation (EU) 2022/850.
(3) An e-CODEX correspondent is a natural person, designated by a Member State or the Commission, who can request and receive technical support from eu-LISA concerning all the components of the e-CODEX system.
(4) The number of e-CODEX correspondents in Member States and in the Commission should be determined in proportion to the number of authorised e-CODEX access points and to the number of digital procedural standards which they apply.
(5) In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark did not take part in the adoption of Regulation (EU) 2022/850 and is therefore not bound by or subject to the application of this Decision.
(6) In accordance with Articles 1 and 2 and Article 4a(1) of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, and without prejudice to Article 4 of that Protocol, Ireland did not take part in the adoption of Regulation (EU) 2022/850 and is therefore not bound by or subject to the application of this Decision.
(7) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (2) and delivered an opinion on 24 November 2022.
(8) The measures provided for in this Decision are in accordance with the opinion of the Committee established by Article 19(1) of Regulation (EU) 2022/850,
HAS ADOPTED THIS DECISION:

Article 1

The service level requirements for the activities to be carried out by eu-LISA referred to in Article 7 of Regulation (EU) 2022/850 and other necessary technical specifications for those activities shall be as set out in the Annex to this Decision.

Article 2

The number of e-CODEX correspondents referred to in Article 6(1), point (b), of Regulation (EU) 2022/850 shall be as set out in the Annex to this Decision.

Article 3

This Decision shall enter into force on the twentieth day following that of its publication in the
Official Journal of the European Union
.
Done at Brussels, 13 January 2023.
For the Commission
The President
Ursula VON DER LEYEN
(1)  
OJ L 150, 1.6.2022, p. 1
.
(2)  Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (
OJ L 295, 21.11.2018, p. 39
).

ANNEX

Service level requirements for the activities to be carried out by eu-LISA concerning the e-CODEX system

1.   

INTRODUCTION

This Annex establishes the service level requirements for the activities to be carried out by eu-LISA referred to in Article 7 of Regulation (EU) 2022/850 (1) and other necessary technical specifications for those activities, including the number of e-CODEX correspondents.
In this regard, all activities have the objective of guaranteeing the provision of cost-effective high quality services necessary to ensure the long-term sustainability of the e-CODEX system and its governance.
For that purpose, this Annex defines the indicators that shall be used to measure the quality of the services provided and the minimum target levels to be achieved.
This Annex also specifies the number of e-CODEX correspondents that are entitled to request and receive technical support from eu-LISA.

2.   

DEFINITIONS

2.1.
The definitions and composition of the e-CODEX system laid down in Articles 3 and 5 of Regulation (EU) 2022/850 and in the Annex thereto apply.
2.2.
For the purpose of this Annex, the following definitions also apply:
(a) ‘supported e-CODEX package set-up’ means the combination between versions of the connector and gateway that were tested and recommended by eu-LISA for the correct functioning of an access point;
(b) ‘working days’ means normal working days for the European Institutions, agencies and bodies, excluding public holidays, as established for each calendar year pursuant to Article 61 of the Staff Regulations of Officials of the European Union and the Conditions of Employment of Other Servants of the Union, laid down in Council Regulation (EEC, Euratom, ECSC) No 259/68 (2);
(c) ‘business hours’ means working hours on working days between 09:00 – 17:00 (EET/EEST);
(d) ITSM’ or ‘IT Service Management’ means the activities that are performed by eu-LISA to design, build, deliver, operate and control information technology (IT) services;
(e) ‘Business Continuity Plan’ means the process of creating systems of prevention of and recovery from potential threats to e-CODEX. In addition to prevention, the goal of a Business Continuity Plan is to enable ongoing operations before and during execution of disaster;
(f) ‘demand management process’ means a process aimed at ensuring that the requests for change are recorded, assessed and, if approved, converted into requirements to be further handled with a controlled product, program or project management process at eu-LISA;
(g) ‘operational change management process’ means a process aimed at facilitating the realisation of the operational technical changes, in a controlled way and with limited and acceptable risks, maximizing the added-value, and reducing or avoiding disruption and re-work;
(h) ‘release’ means a cluster of new and/or updated changes, which have been first tested and approved;
(i) ‘Release management process’ means a process aimed at providing a structured way of delivering new releases, covering the definition and agreement on release and deployment plans and ensuring that each release package consists of a set of related assets and service components that are compatible with each other.

3.   

TASKS OF EU-LISA

3.1.   

Tasks of eu-LISA under Article 7(1) of Regulation (EU) 2022/850

3.1.1.
With regard to Article 7(1), point (a) of Regulation (EU) 2022/850 (developing, maintaining, fixing bugs in and updating, including as regards security, software products and other assets and distributing them to the entities operating authorised e-CODEX access points), eu-LISA shall be responsible for all software development lifecycle aspects related to the development and maintenance of the e-CODEX components.
eu-LISA shall maintain a repository where e-CODEX components artefacts are stored and available to the entities operating authorised e-CODEX access points. The components of the e-CODEX system covered by a European Union Public Licence shall be made publicly available.
3.1.2.
With regard to Article 7(1), point (b) of Regulation (EU) 2022/850 (preparing, maintaining and updating the documentation relating to the components of the e-CODEX system, its supporting software products and other assets, and distributing that documentation to the entities operating authorised e-CODEX access points), documentation outputs shall be made available to the entities operating authorised e-CODEX access points in a repository provided by eu-LISA. eu-LISA shall define an appropriate release management process.
3.1.3.
With regard to Article 7(1), point (c) of Regulation (EU) 2022/850 (developing, maintaining and updating a configuration file containing an exhaustive list of authorised e-CODEX access points, including the digital procedural standards which each of those authorised e-CODEX access points applies, and distributing it to the entities operating authorised e-CODEX access points), due to the criticality of the Configuration File service, eu-LISA shall develop and maintain the Configuration Management Tool in-line with the availability requirements set out below. This tool is a software product used to assist in the performance of the task referred to in Article 7(1).
3.1.4.
With regard to Article 7(1), point (d) of Regulation (EU) 2022/850 (making technical changes and adding new features, published as new software versions, to the e-CODEX system in order to respond to emerging requirements, such as those resulting from the implementing acts referred to in Article 6(2), or where requested by the e-CODEX Advisory Group), new software versions shall take the form of releases. In order to respond to emerging business and technical requirements, eu-LISA shall be responsible for the continuous evolution of the software components comprising the e-CODEX system.
The Management Board of eu-LISA, after taking into account the opinion of the e-CODEX Advisory Group, shall adopt the eu-LISA demand management process and operational change management process.
3.1.5.
With regard to Article 7(1), point (e) of Regulation (EU) 2022/850 (supporting and coordinating testing activities, including connectivity, involving the authorised e-CODEX access points), eu-LISA shall provide support and coordinate testing activities involving the authorised e-CODEX access points. In this regard, eu-LISA shall define guidance, test plans, test scenarios and test cases, as well as produce testing/compliance reports.
3.1.6.
With regard to Article 7(1), point (f) of Regulation (EU) 2022/850 (providing technical support for the e-CODEX correspondents in relation to the e-CODEX system), eu-LISA shall provide technical support to the e-CODEX correspondents in relation to the e-CODEX system. For that purpose, eu-LISA shall make resources continuously available during business hours to provide e-CODEX correspondents with a single-entry point of contact for technical support, including for the gateway (‘helpdesk’ service). eu-LISA shall follow up on gateway requests insofar as they concern its correct functioning with the connector, in a supported e-CODEX package set-up.
Technical support shall be provided in accordance with the e-CODEX Operator’s Manual.
When dealing with requests for technical support and with incidents, eu-LISA shall provide support to the extent of its competence and to the best of its ability, unless the requests and incidents are exclusively related to circumstances specific to the infrastructure of the entities operating an authorised e-CODEX access point.
3.1.7.
With regard to Article 7(1), point (g) of Regulation (EU) 2022/850 (developing, deploying, maintaining and updating the digital procedural standards and distributing them to the entities operating authorised e-CODEX access points), eu-LISA shall be responsible for the development, maintenance, updating and the deployment of digital procedural standards adopted under implementing acts either under Regulation (EU) 2022/850 (Article 6(2) thereof), under other Union legal acts in the area of judicial cooperation in civil and criminal matters, or those prepared by the e-CODEX Advisory Group (Article 12(2), point (b), of Regulation (EU) 2022/850).
eu-LISA shall be responsible for organising the deployment of new and/or updated digital procedural standards by distributing them to the relevant entities operating authorised e-CODEX access points.
3.1.8.
With regard to Article 7(1), point (h) of Regulation (EU) 2022/850 (publishing on its website a list of the authorised e-CODEX access points which have been notified to it and the digital procedural standards which each of those authorised e-CODEX access points applies), the list of authorised access points shall indicate the name of the entities operating them and shall be published on the e-CODEX dedicated eu-LISA website.
3.1.9.
With regard to Article 7(1), point (i) of Regulation (EU) 2022/850 (responding to requests for technical advice and support from the Commission services in the context of the preparation of the implementing acts referred to in Article 6(2)), eu-LISA shall provide technical assistance and expertise to the Commission in the elaboration of new digital procedural standards, including, in particular, preparation of technical background and evidence, as well as assistance throughout the procedure until the adoption of the implementing acts, including participation in meetings.
3.1.10.
With regard to Article 7(1), point (j) of Regulation (EU) 2022/850 (evaluating the need for, and assessing, and preparing, new digital procedural standards, including by organising and facilitating workshops with the e-CODEX correspondents), eu-LISA shall evaluate the need for, assess and prepare, new digital procedural standards. This task is entrusted, in particular to the e-CODEX Advisory Group (Article 12(2), point (b), of the Regulation). Organising and facilitating workshops with the e-CODEX correspondents shall be used as one of the tools in the evaluation.
3.1.11.
With regard to Article 7(1), point (k) of Regulation (EU) 2022/850 (developing, maintaining and updating the EU e-Justice Core Vocabulary on which the digital procedural standards are based), eu-LISA shall develop, maintain and update the EU e-Justice Core Vocabulary on which the digital procedural standards are based. In this regard, the EU e-Justice Core Vocabulary shall be maintained under demand management process and stored as part of a repository provided and hosted by eu-LISA.
3.1.12.
With regard to Article 7(1), point (l) of Regulation (EU) 2022/850 eu-LISA is responsible for developing and distributing security operating standards, as provided for in Article 11 of Regulation (EU) 2022/850).
3.1.13.
With regard to Article 7(1), point (m) of Regulation (EU) 2022/850 (providing training, including to all relevant stakeholders, on the technical use of the e-CODEX system in accordance with Regulation (EU) 2018/1726 (3), including providing online training materials), eu-LISA shall provide a training plan for the e-CODEX system based on the analysis of the stakeholders’ needs.

3.2.   

Tasks of eu-LISA under Article 7(2) of Regulation (EU) 2022/850

3.2.1.
With regard to Article 7(2), point (a) of Regulation (EU) 2022/850 (providing, operating and maintaining the hardware and software IT infrastructure in its technical sites necessary for carrying out its tasks), eu-LISA shall provide, operate and maintain all required hardware and software IT infrastructure in its technical sites necessary for carrying out eu-LISA’s tasks with regard to the e-CODEX system. eu-LISA shall update its relevant procedures, including the Business Continuity Plan, to contain all components of the e-CODEX system.
3.2.2.
With regard to Article 7(2), point (b) of Regulation (EU) 2022/850 (providing, operating and maintaining a central testing platform, while ensuring the integrity and availability of the rest of the e-CODEX system), eu-LISA shall provide, operate and maintain the e-CODEX Central Testing Platform (CTP) in-line with the availability requirements set out below. Any maintenance regarding testing activities carried out on the CTP shall not adversely affect the integrity and availability of the rest of the e-CODEX system.
3.2.3.
With regard to Article 7(2), point (c) of Regulation (EU) 2022/850 (informing the general public about the e-CODEX system by means of a set of large-scale communication channels, including websites or social media platforms), eu-LISA shall be responsible for informing the general public about the e-CODEX system and any major developments. This shall be done by means of a set of large-scale communication channels, including websites and/or social media platforms. Pursuant to Article 12(2), point (c), of Regulation (EU) 2022/850, in defining and carrying out its activities in this regard, eu-LISA shall take into account input from the e-CODEX Advisory Group.
3.2.4.
With regard to Article 7(2), point (d) of Regulation (EU) 2022/850 eu-LISA is responsible for preparing, updating and distributing online non-technical information relating to the e-CODEX system and the activities it carries out)

4.   

ROLE OF EU-LISA WITH REGARD TO THE GATEWAY

According to Article 7(3) of Regulation (EU) 2022/850, eu-LISA is to make resources available on an on-call basis during business hours to provide e-CODEX correspondents with a single point of contact for technical support, including for the gateway.
According to Article 7(1) of Regulation (EU) 2022/850, eu-LISA is responsible for the components of the e-CODEX system, except for the gateway, since it is currently based on a building block known as ‘eDelivery’, which is maintained by the Commission and provided on a cross-sectoral basis. eu-LISA shall take over full responsibility for the management of the connector and the digital procedural standards from the entity managing the e-CODEX system. Given that the gateway and the connector are integral components of the e-CODEX system, eu-LISA should ensure that the connector is compatible with the latest version of the gateway.
eu-LISA shall follow up on gateway issues insofar as it concerns their correct functioning with the connector, in a supported e-CODEX package set-up.
For technical support issues in a supported e-CODEX package set-up, which concern the gateway, and for which the eu-LISA Service desk alone cannot provide a resolution, eu-LISA shall liaise with the entity responsible for the management of the gateway. This process shall be transparent for the e-CODEX correspondents.
While eu-LISA shall exercise a ‘best effort’ approach to their resolution, this may ultimately depend on assistance of the actors responsible for the gateway. Therefore, the service level requirement targets shall not apply in instances where eu-LISA may need assistance from the actors responsible for the gateway.

 

Users of the Commission eDelivery implementation

Users of an implementation other than the eDelivery implementation

API Specifications

Included

Included

Deployment and configuration

Included

Not included

Certificates

Included

Included

Connectivity testing support

Included

Included

Integration testing support

Included

Included

Troubleshooting

Included

Not included

5.   

REPORTING TO THE ADVISORY GROUP

In order to allow the Advisory Group to monitor eu-LISA’s compliance with the service level requirements as referred to in Article 12(2), point (d) of Regulation (EU) 2022/850, eu-LISA shall keep the e-CODEX Advisory Group regularly updated on all operational management activities carried out in relation to the e-CODEX system. In particular, eu-LISA shall maintain and regularly communicate to the e-CODEX Advisory Group:
(a) any information relevant for the assessment of the compliance with the service level requirements set out in this Implementing Decision;
(b) schedules and planning artefacts of change requests implementation and new software releases.
The e-CODEX Advisory Group shall establish the exact structure, contents and parameters of this reporting, as well as its exact modalities and frequency.

6.   

e-CODEX OPERATOR’S MANUAL

eu-LISA shall provide the e-CODEX Operator’s Manual, which shall be the reference document for the operational management of the systems for the e-CODEX correspondents and eu-LISA’s Service desk. It shall describe all possible interactions in relation of IT Service Management.
The e-CODEX Operator’s Manual shall be a limited need-to-know basis document that eu-LISA’s Service desk will provide to all correspondents in its latest approved version. The correspondents may only share the e-CODEX Operator’s Manual if authorised to do so.
The e-CODEX Operator’s Manual shall contain in particular:
(a) Communication approach and channels of communication;
(b) Operational Setup Requirements with defined Services and Service Level Targets;
(c) Incident Management/Escalation Procedure including Classification and Prioritisation;
(d) Request Fulfilment Management and Technical assistance procedures;
(e) Maintenance Management;
(f) Any applicable Annexes.
The e-CODEX Operator’s Manual shall be adopted by the Management Board of eu-LISA, after taking into account the opinion of the e-CODEX Advisory Group.

7.   

e-CODEX CORRESPONDENTS

According to Article 6(5) and Article 8(2) of Regulation (EU) 2022/850, Member States and the Commission, respectively, are to designate a number of e-CODEX correspondents in proportion to the number of e-CODEX access points which it has authorised and to the number of digital procedural standards, which those authorised e-CODEX access points apply. They are to notify a list of the e-CODEX correspondents and any changes thereto to eu-LISA.
Each authorised e-CODEX access point shall have a minimum of two e-CODEX correspondents assigned. More than two correspondents could be assigned to an authorised e-CODEX access point, taking into account the number of digital procedural standards that it applies.
The total number of e-CODEX correspondents and the objective criteria allowing to assign more than two correspondents to an authorised e-CODEX access point shall be defined and reviewed annually, accordingly to the requirements of the authorised e-CODEX access points and taking into account the available resources of eu-LISA, by the Management Board of eu-LISA on a proposal made by the e-CODEX Programme Management Board.
The e-CODEX Advisory Group in the context of monitoring eu-LISA’s compliance with the service level requirements pursuant to Article 12(2), point (d) of Regulation (EU) 2022/850 shall monitor the need of changing the total number of e-CODEX correspondents.

8.   

SERVICES AND TARGET LEVELS

8.1.   

Principles

The responsibility for setting up securely and operating securely an authorised e-CODEX access point lies with the entities operating authorised e-CODEX access points. In this context, e-CODEX correspondents shall provide initial user support with regard to the deployment of authorised e-CODEX access points under their responsibility.
eu-LISA shall provide technical support to the e-CODEX correspondents with regard to providing response and resolution as defined in the e-CODEX Operator’s Manual.
eu-LISA shall set up a Service desk which shall constitute the single-entry point for technical support. e-CODEX correspondents shall open tickets in accordance with the e-CODEX Operator’s Manual, which shall be analysed by eu-LISA as they are created. The e-CODEX correspondent shall initially identify and categorise the tickets following guidance from the Operator’s Manual. With the agreement of the relevant e-CODEX correspondent, eu-LISA may reclassify a ticket.
Changes will be treated under the demand management process. In a complete and synthetic form eu-LISA shall share them regularly with the entities operating authorised e-CODEX access points and the e-CODEX Advisory Group.
The eu-LISA Service desk shall be available during business hours.

8.2.   

Components under IT Service Management:

(a) Connector software;
(b) Central Testing Platform;
(c) Configuration Management Tool;
(d) e-CODEX Repository;
(e) Digital Procedural Standards.
For those components, the Operator’s Manual will specify related services and service level targets that should be met in the frame of incident resolution management and availability.

8.3.   

Availability

The availability of e-CODEX components is calculated over the reporting period that will be defined in the e-CODEX Operator’s Manual. Planned unavailability periods will not be taken into account in the calculation of availability.

Component

Availability

Repository

95  %

CMT

98  %

CTP

90  %

ITSM tool

95  %

(1)  Regulation (EU) 2022/850 of the European Parliament and of the Council of 30 May 2022 on a computerised system for the cross-border electronic exchange of data in the area of judicial cooperation in civil and criminal matters (e-CODEX system), and amending Regulation (EU) 2018/1726 (
OJ L 150, 1.6.2022, p. 1
).
(2)  
OJ L 56, 4.3.1968, p. 1
.
(3)  Regulation (EU) 2018/1726 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), and amending Regulation (EC) No 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) No 1077/2011 (
OJ L 295, 21.11.2018, p. 99
).
Markierungen
Leseansicht