Commission Implementing Decision (EU) 2021/31 of 13 January 2021 on laying down r... (32021D0031)
EU - Rechtsakte: 19 Area of freedom, security and justice

COMMISSION IMPLEMENTING DECISION (EU) 2021/31

of 13 January 2021

on laying down rules for the application of Regulation (EU) 2018/1862 of the European Parliament and of the Council as regards the minimum data quality standards and technical specifications for entering photographs, DNA profiles and dactyloscopic data in the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters and repealing Commission Implementing Decision (EU) 2016/1345

(notified under document C(2020) 9228)

THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU (1), and in particular Article 42(5) thereof,
Whereas:
(1) The Schengen Information System (‘SIS’) in the field of police cooperation and judicial cooperation in criminal matters contains alerts on persons and objects sought by national competent authorities for the purposes of ensuring a high level of security within the area of freedom, security and justice.
(2) Pursuant to Article 20(3) of Regulation (EU) 2018/1862, the categories of data that may be entered in an alert on a person in SIS include photographs, facial images, DNA profiles and dactyloscopic data (the latter including fingerprints as well as palm prints). Pursuant to Article 22(1) of Regulation (EU) 2018/1862, such data should be entered into SIS, if available.
(3) Article 42(1) and (3) of Regulation (EU) 2018/1862 stipulates that photographs, facial images, DNA profiles and dactyloscopic data entered in an alert in SIS are subject to a quality check in order to ascertain that they meet minimum data quality standards and technical specifications.
(4) It is necessary to lay down implementing measures specifying the minimum data quality standards and technical specifications for entering and storing such data in SIS.
(5) Pursuant to Article 43(3) of Regulation (EU) 2018/1862, searching dactyloscopic data stored in SIS with complete or incomplete sets of fingerprints or palm prints found at a serious crime or terrorism scene is to be permitted if it can be established to a high degree of probability that they belong to the perpetrator of a serious crime or an act of terrorism, and provided that a search is carried out simultaneously in the Member States relevant national fingerprint databases. In addition, pursuant to Article 40 of Regulation (EU) 2018/1862, Member States may enter alerts on unknown wanted persons into SIS that contain only dactyloscopic data discovered at a serious crime or terrorism scene. Particular attention should be given to the establishment of quality standards applicable to the transmission of such dactyloscopic data to SIS.
(6) The specifications should only set the level of quality required for entering and storing photographs in SIS to be used to confirm the identity of a person in accordance with Article 43(1) of that Regulation. The level of quality required for entering and storing photographs and facial images in SIS to be used to identify a person pursuant to Article 43(4) should be laid down at a later stage, when the conditions laid down in that Article have been fulfilled. eu-LISA should, in consultation with the SIS II Advisory Group, develop and document the technical details of the standards and specifications laid down in this Decision, in the SIS Interface Control Document and Detailed Technical Specifications. Member States, the European Union Agency for Law Enforcement Cooperation (‘Europol’), the European Union Agency for Criminal Justice Cooperation (‘Eurojust’) and the European Border and Coast Guard Agency should develop their systems in compliance with the specifications set out in these documents.
(7) In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark did not take part in the adoption of Regulation (EU) 2018/1862 and is not bound by it or subject to its application. However, given that Regulation (EU) 2018/1862 builds upon the Schengen
acquis
, Denmark, in accordance with Article 4 of that Protocol, notified on 26 April 2019 its decision to implement Regulation (EU) 2018/1862 in its national law. Denmark is therefore bound under international law to implement this Decision.
(8) Ireland is taking part in this Decision, in accordance with Article 5(1) of Protocol No 19 on the Schengen
acquis
integrated into the framework of the European Union, annexed to the TEU and to the TFEU, and Article 6(2) of Council Decision 2002/192/EC (2).
(9) As regards Iceland and Norway, this Decision constitutes a development of provisions of the Schengen
acquis
within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latters’ association with the implementation, application and development of the Schengen
acquis
 (3), which fall within the area referred to in Article 1, point (G) of Council Decision 1999/437/EC (4).
(10) As regards Switzerland, this Decision constitutes a development of the provisions of the Schengen
acquis
within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen
acquis
 (5), which fall within the area referred to in Article 1, point (G), of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/149/JHA (6).
(11) As regards Liechtenstein, this Decision constitutes a development of the provisions of the Schengen
acquis
within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen
acquis
 (7), which fall within the area referred to in Article 1, point (G), of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/349/EU (8).
(12) As regards Bulgaria and Romania, this Decision constitutes an act building upon, or otherwise relating to, the Schengen
acquis
within the meaning of Article 4(2) of the 2005 Act of Accession and should be read in conjunction with Council Decisions 2010/365/EU (9) and (EU) 2018/934 (10).
(13) As regards Croatia, this Decision constitutes an act building upon, or otherwise relating to, the Schengen
acquis
within the meaning of Article 4(2) of the 2011 Act of Accession and should be read in conjunction with Council Decision (EU) 2017/733 (11).
(14) Concerning Cyprus, this Decision constitutes an act building upon, or otherwise relating to, the Schengen
acquis
within the meaning of Article 3(2) of the 2003 Act of Accession.
(15) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (12) and delivered an opinion on 26 August 2020.
(16) The measures provided for in this Decision are in accordance with the opinion of the SIS-SIRENE Police Committee,
HAS ADOPTED THIS DECISION:

Article 1

The entry and storage of photographs, DNA profiles and dactyloscopic data in SIS as referred to in Article 42 of Regulation (EU) 2018/1862, shall comply with minimum data quality standards and technical specifications set out in the Annex to this Decision.

Article 2

Commission Implementing Decision (EU) 2016/1345 (13) is hereby repealed.

Article 3

This Decision is addressed to the Member States, the European Union Agency for Law Enforcement Cooperation, the European Union Agency for Criminal Justice Cooperation and the European Border and Coast Guard Agency.
Done at Brussels, 13 January 2021.
For the Commission
Ylva JOHANSSON
Member of the Commission
(1)  
OJ L 312, 7.12.2018, p. 56
.
(2)  Council Decision 2002/192/EC of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen
acquis
(
OJ L 64, 7.3.2002, p. 20
).
(3)  
OJ L 176, 10.7.1999, p. 36
.
(4)  Council Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen
acquis
(
OJ L 176, 10.7.1999, p. 31
).
(5)  
OJ L 53, 27.2.2008, p. 52
.
(6)  Council Decision 2008/149/JHA of 28 January 2008 on the conclusion on behalf of the European Union of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen
acquis
(
OJ L 53, 27.2.2008, p. 50
).
(7)  
OJ L 160, 18.6.2011, p. 21
.
(8)  Council Decision 2011/349/EU of 7 March 2011 on the conclusion on behalf of the European Union of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen
acquis
, relating in particular to judicial cooperation in criminal matters and police cooperation (
OJ L 160, 18.6.2011, p. 1
).
(9)  Council Decision 2010/365/EU of 29 June 2010 on the application of the provisions of the Schengen
acquis
relating to the Schengen Information System in the Republic of Bulgaria and Romania (
OJ L 166, 1.7.2010, p. 17
).
(10)  Council Decision (EU) 2018/934 of 25 June 2018 on the putting into effect of the remaining provisions of the Schengen
acquis
relating to the Schengen Information System in the Republic of Bulgaria and Romania (
OJ L 165, 2.7.2018, p. 37
).
(11)  Council Decision (EU) 2017/733 of 25 April 2017 on the application of the provisions of the Schengen
acquis
relating to the Schengen Information System in the Republic of Croatia (
OJ L 108, 26.4.2017, p. 31
).
(12)  Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (
OJ L 295, 21.11.2018, p. 39
).
(13)  Commission Implementing Decision (EU) 2016/1345 of 4 August 2016 on minimum data quality standards for fingerprint records within the second generation Schengen Information System (SIS II) (
OJ L 213, 6.8.2016, p. 15
).

ANNEX

Minimum data quality standards and technical specifications for the use of photographs, DNA profiles and dactyloscopic data in SIS.

1.   

Dactyloscopic data

1.1.   

Categories of dactyloscopic data used in SIS

The following categories of dactyloscopic data may be used in SIS:
(a) flat fingerprints, including flat thumb slaps and flat four-finger slaps;
(b) rolled fingerprints;
(c) palm prints;
(d) fingermark: complete or incomplete set of fingerprints of unknown origin discovered at the scenes of terrorist offences or other serious crimes under investigation;
(e) palmmark: complete or incomplete set of palm prints of unknown origin discovered at the scenes of terrorist offences or other serious crimes under investigation.

1.2.   

Permitted dactyloscopic data formats

Member States may transmit to Central SIS:
(a) data captured using live-scan devices at the national level that are capable of capturing and segmenting up to ten individual fingerprints; rolled, flat or both;
(b) ‘inked’ fingerprints and palm prints; rolled, flat or both, which are digitally scanned at the relevant quality and resolution.
The Automated Fingerprint Identification System of Central SIS (CS-SIS AFIS), as defined in Article 43(2) of Regulation (EU) 2018/1862, must be compatible and interoperable with the dactyloscopic data formats mentioned under points (a) and (b).

1.3.   

Minimum data quality standards and technical specifications

1.3.1.   

File and compression format (‘dactyloscopic container’)

The input format for the transmission of dactyloscopic data (‘dactyloscopic container’) to SIS must be compliant with the SIS NIST standard based on the ANSI/NIST (1) binary format.
A ‘SIS NIST checker’ will be established at the level of the technical support function of Central SIS (CS-SIS) to check compliance of the transmitted dactyloscopic container with the defined SIS NIST standard.
Dactyloscopic containers that do not comply with the defined SIS NIST standard will be rejected by CS-SIS AFIS and will not be stored in Central SIS. If a non-compliant file is rejected by CS-SIS AFIS, CS-SIS will send an error message to the Member State that has transmitted the data.

1.3.2.   

Image format and Resolution

Fingerprint and palm print images referred to in points (a), (b) and (c) of Section 1.1, must be of a nominal resolution of either 1 000 ppi or of 500 ppi with 256 grey levels in order to be processed by CS-SIS. 500 ppi images must be entered using the WSQ format while 1 000 ppi images must be in JPEG2000 (JP2) format.
Fingermark and palmmark images referred to in points (d) and (e) of Section 1.1, must be of a resolution of 500 or 1 000 ppi in order to be processed by CS-SIS. 500 ppi images must be entered using the WSQ format while 1 000 ppi images must be in JPEG2000 (JP2) format. Lossless JPEG compression must be used for both resolutions images.

1.3.3.   

Quality thresholds for the storage and use of fingerprints and palm prints images in CS-SIS AFIS

Dactyloscopic images must comply with the quality thresholds laid down in the SIS Interface Control Document and Detailed Technical Specifications in order to be stored and used in CS-SIS AFIS.
Member States are recommended to check the compliance with the quality thresholds of the dactyloscopic images before transmitting them to CS-SIS.
Compliant dactyloscopic containers that contain dactyloscopic images on fingerprints or palm prints below the quality thresholds will not be stored in CS-SIS AFIS and will not be used for biometric searches. Dactyloscopic containers that contain dactyloscopic images rejected by CS-SIS AFIS may only be used to confirm the identity of a person in accordance with Article 43(1) of Regulation (EU) 2018/1862. CS-SIS will send an error message to the Member State that has transmitted the data wherever a file has been rejected by CS-SIS AFIS due to the low quality of the images.

1.3.4.   

Quality thresholds for the storage and use of fingermark and palmmark images in CS-SIS AFIS

Dactyloscopic images of a fingermark and palmmark must comply with the quality thresholds laid down in the SIS Interface Control Document and Technical Specifications, in order to be accepted in CS SIS AFIS.
Compliant dactyloscopic containers that contain dactyloscopic images of a fingermark or palmmark below the quality threshold will not be stored in CS-SIS AFIS. CS-SIS will send an error message to the Member State that has transmitted the data when a file has been rejected by CS-SIS AFIS due to the low quality of the images.

1.4.   

Biometric searches

CS-SIS AFIS will provide a biometric search functionality for all types of dactyloscopic images satisfying the quality requirements established under points 1.3.3 and 1.3.4.
The performance requirements and biometric accuracy for the different categories of biometric searches in CS-SIS AFIS are laid down in the SIS Interface Control Document and Detailed Technical Specifications.

2.   

Photographs

A minimum resolution of 480 × 600 pixels with 24 bits of colour depth must be used when entering photographs in SIS.

3.   

DNA profiles

The file type used to describe the DNA profile must follow the Extensible Markup Language (XML). The structure of the file must follow the Combined DNA Index System (CODIS) (2) standard to describe the DNA profile to be stored in SIS.
(1)  American National Standard for Information Systems / National Institute of Standards and Technology.
(2)  https://www.fbi.gov/services/laboratory/biometric-analysis/codis
Markierungen
Leseansicht