Commission Implementing Decision (EU) 2023/2601 of 20 November 2023 laying down d... (32023D2601)
EU - Rechtsakte: 19 Area of freedom, security and justice
2023/2601
22.11.2023

COMMISSION IMPLEMENTING DECISION (EU) 2023/2601

of 20 November 2023

laying down detailed rules on the management of the functionality for the centralised management of the lists of competent national authorities accessing the Entry/Exit System and the Visa Information System

THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes and amending the Convention implementing the Schengen Agreement and Regulation (EC) No 767/2008 and Regulation (EU) No 1077/2011 (1), and in particular the second paragraph of Article 9(2) thereof,
Having regard to Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of information between Member States on short-stay visas, long-stay visas and residence permits (VIS Regulation) (2), and in particular Article 6(5) thereof,
Whereas:
(1) Regulation (EU) 2017/2226 established the Entry/Exit System (EES) as a system that registers electronically the time and place of entry and exit of third-country nationals admitted for a short stay to the territory of the Member States and which calculates the duration of their authorised stay.
(2) Regulation (EC) No 767/2008 established the Visa Information System (VIS) for the exchange of data between Member States regarding applications for short-stay visas, long-stay visas and residence permits, and on the decision taken to annul, revoke or extend the visa.
(3) Access to the EES or the VIS to enter, amend, delete or consult data should be limited to duly authorised staff of the competent national authorities of each Member State.
(4) Member States should notify the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (‘eu-LISA’) and the Commission of the lists of competent national authorities entitled at national level to enter, amend, delete or consult data in the EES or the VIS.
(5) The lists should be managed centrally by means of a functionality set up pursuant to Article 9(2), second subparagraph of Regulation (EU) 2017/2226 and Article 6(5) of the Regulation (EC) No 767/2008.
(6) For every competent national authority in the notified lists, Member States should specify the purpose for access to the EES or the VIS data.
(7) Therefore, detailed rules should be laid down on the management of the functionality for the centralised management of the lists of competent national authorities.
(8) Given that Regulation (EU) 2017/2226 and Regulation (EU) 2021/1134 of the European Parliament and of the Council (3) build upon the Schengen
acquis
, in accordance with Article 4 of Protocol No 22 on the Position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark notified the implementation of Regulation (EU) 2017/2226 and Regulation (EU) 2021/1134 in its national law. Denmark is therefore, bound by this Decision.
(9) As regards Ireland, this Decision constitutes a development of the provisions of the Schengen
acquis
in which Ireland does not take part (4); Ireland is therefore not taking part in the adoption of this Decision and is not bound by it or subject to its application.
(10) As regards Iceland and Norway, this Decision constitutes a development of the provisions of the Schengen
acquis
within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning those States association with the implementation, application and development of the Schengen
acquis
 (5), which fall within the area referred to in Article 1, points A and B of Council Decision 1999/437/EC (6).
(11) As regards Switzerland, this Decision constitutes a development of the provisions of the Schengen
acquis
within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen
acquis
 (7), which fall within the area referred to in Article 1, point A and B of Decision 1999/437/EC, read in conjunction with Article 3 of Council Decision 2008/146/EC (8).
(12) As regards Liechtenstein, this Decision constitutes a development of the provisions of the Schengen
acquis
within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen
acquis
 (9) which fall within the area referred to in Article 1, point A and B of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU (10).
(13) As regards Bulgaria and Romania, in relation to the provisions under this act concerning Regulation (EU) 2017/2226, as the verification in accordance with the applicable Schengen evaluation procedure has been successfully completed, as confirmed by Council conclusions of 9 and 10 June 2011 regarding the Schengen evaluation of Bulgaria and Romania, the provisions of the Schengen
acquis
relating to the Schengen Information System have been put into effect by Council Decision (EU) 2018/934 (11) and the provisions of the Schengen
acquis
relating to the VIS have been put into effect by Council Decision (EU) 2017/1908 (12), all the conditions for the operation of the EES set out in Article 66(2)(b) of Regulation 2017/2226 are met and those Member States should therefore operate the Entry/Exit System from the start of operations. The provisions under this act concerning Regulation (EC) No 767/2008, constitute an act building upon, or otherwise relating to, the Schengen
acquis
within the meaning of Article 4(2) of the 2005 Act of Accession (13).
(14) As regards Cyprus, in relation to the provisions under this act concerning Regulation (EU) 2017/2226, the operation of the EES requires the granting of passive access to the VIS and the putting into effect of all the provisions of the Schengen
acquis
relating to the Schengen Information System in accordance with the relevant Council Decisions. Those conditions can only be met once the verification in accordance with the applicable Schengen evaluation procedure has been successfully completed. The EES should be operated only by those Member States which fulfil those conditions at the start of the operation of the EES. Member States not operating the EES from the start of operations should be connected to the EES, in accordance with the procedure set out in Regulation (EU) 2017/2226, as soon as all of those conditions are met. The provisions of this Decision concerning Regulation (EC) No 767/2008, constitute an act building upon, or otherwise relating to, the Schengen
acquis
, within the meaning of Article 3(2) of the 2003 Act of Accession (14).
(15) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation 2018/1725 of the European Parliament and of the Council (15) and delivered an opinion on 24 of March 2023.
(16) The measures provided for in this Decision are in accordance with the opinion of the Smart Borders Committee, established by Article 68(1) of Regulation (EU) 2017/2226.
HAS ADOPTED THIS DECISION:

Article 1

Content and format of the lists of competent national authorities

1.   Member States shall specify the competent national authorities whose duly authorised staff is entitled to enter, amend, delete or consult the Entry/Exit System (EES) and the Visa Information System (VIS) data, in the lists of competent national authorities for each system respectively, referred to in Article 9(2) of Regulation (EU) 2017/2226 and Article 6(3) of the Regulation (EC) No 767/2008 (‘lists of authorities’).
2.   eu-LISA shall provide a standard table to be edited by the Member States to create and update the lists of competent national authorities referred to in paragraph 1.
3.   The table referred to in paragraph 2 shall include at least the following information, which shall not contain personal data, for each competent national authority processing data in the EES or the VIS:
(a) the name of the Member State;
(b) the unique identifier of the authority;
(c) the name of the authority;
(d) the contact details of the authority;
(e) the period of validity of the access to the systems;
(f) the purpose for access.
4.   The table referred to in paragraph 2 shall contain filtering options that enable searches. The filtering options shall include at least the following information:
(a) the name of the Member State;
(b) the unique identifier of the authority;
(c) the name of the authority.

Article 2

Development of the functionality to manage the lists of authorities

1.   eu-LISA shall develop and host the functionality for the centralised management of the lists of competent national authorities referred to in Article 1(1).
2.   The functionality for the centralised management of the lists of competent national authorities shall enable its further development for the centralised management of additional lists of competent authorities using other large-scale IT systems in the area of freedom, security and justice in line with the applicable legislation.
3.   eu-LISA shall integrate the lists of competent national authorities provided by the Member States in the functionality referred in paragraph 1 of this Article.
4.   eu-LISA shall be responsible for the technical maintenance of the functionality referred in paragraph 1 of this Article.

Article 3

Management of the functionality

1.   The functionality referred to in Article 2(1) shall allow the Member States to:
(a) search and consult the lists of competent national authorities in accordance with the applicable access rights;
(b) update their lists of competent national authorities.
2.   The functionality shall allow Member States to manage the lists of competent national authorities. Eu-LISA shall ensure availability of the latest version of those lists at all times.
3.   All modifications made to the lists of competent national authorities by the Member States shall be logged centrally in the functionality. Member States may keep a copy of their logs at national level.
4.   The functionality shall allow Member States to access and search the logs relevant to their Member State in the functionality. Access and search of the logs shall be restricted to duly authorised staff of that Member State.
5.   Users of the functionality may use pseudonyms to search, consult or update the lists of competent national authorities. Those pseudonyms shall be traceable to the users’ official identities at national level.

Article 4

Entry into force and applicability

1.   This Decision shall enter into force on the twentieth day following that of its publication in the
Official Journal of the European Union
.
2.   The provisions in this Decision relating to the VIS shall apply from the date of the start of operations of the VIS pursuant to Article 11 of Regulation (EU) 2021/1134.
Done at Brussels, 20 November 2023.
For the Commission
The President
Ursula VON DER LEYEN
(1)  
OJ L 327, 9.12.2017, p. 20
.
(2)  
OJ L 218, 13.8.2008, p. 60
.
(3)  Regulation (EU) 2021/1134 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EC) No 767/2008, (EC) No 810/2009, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1860, (EU) 2018/1861, (EU) 2019/817 and (EU) 2019/1896 of the European Parliament and of the Council and repealing Council Decisions 2004/512/EC and 2008/633/JHA, for the purpose of reforming the Visa Information System, (
OJ L 248, 13.7.2021, p. 11
).
(4)  This Decision falls outside the scope of the measures provided for in Council Decision 2002/192/EC of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen
acquis
(
OJ L 64, 7.3.2002, p. 20
).
(5)  
OJ L 176, 10.7.1999, p. 36
.
(6)  Council Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen
acquis
(
OJ L 176, 10.7.1999, p. 31
).
(7)  
OJ L 53, 27.2.2008, p. 52
.
(8)  Council Decision 2008/146/EC of 28 January 2008 on the conclusion, on behalf of the European Community, of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen
acquis
(
OJ L 53, 27.2.2008, p. 1
).
(9)  
OJ L 160, 18.6.2011, p. 21
.
(10)  Council Decision 2011/350/EU of 7 March 2011 on the conclusion, on behalf of the European Union, of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen
acquis
, relating to the abolition of checks at internal borders and movement of persons (
OJ L 160, 18.6.2011, p. 19
).
(11)  Council Decision (EU) 2018/934 of 25 June 2018 on the putting into effect of the remaining provisions of the Schengen
acquis
relating to the Schengen Information System in the Republic of Bulgaria and Romania (
OJ L 165, 2.7.2018, p. 37
).
(12)  Council Decision (EU) 2017/1908 of 12 October 2017 on the putting into effect of certain provisions of the Schengen
acquis
relating to the Visa Information System in the Republic of Bulgaria and Romania (
OJ L 269, 19.10.2017, p. 39
).
(13)  Act concerning the conditions of accession of the Republic of Bulgaria and Romania and the adjustments to the Treaties on which the European Union is founded (
OJ L 157, 21.6.2005, p. 203
).
(14)  Treaty between the Kingdom of Belgium, the Kingdom of Denmark, the Federal Republic of Germany, the Hellenic Republic, the Kingdom of Spain, the French Republic, Ireland, the Italian Republic, the Grand Duchy of Luxembourg, the Kingdom of the Netherlands, the Republic of Austria, the Portuguese Republic, the Republic of Finland, the Kingdom of Sweden, the United Kingdom of Great Britain and Northern Ireland (Member States of the European Union) and the Czech Republic, the Republic of Estonia, the Republic of Cyprus, the Republic of Latvia, the Republic of Lithuania, the Republic of Hungary, the Republic of Malta, the Republic of Poland, the Republic of Slovenia, the Slovak Republic, concerning the accession of the Czech Republic, the Republic of Estonia, the Republic of Cyprus, the Republic of Latvia, the Republic of Lithuania, the Republic of Hungary, the Republic of Malta, the Republic of Poland, the Republic of Slovenia and the Slovak Republic to the European Union (
OJ L 236, 23.9.2003, p. 17
).
(15)  Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (
OJ L 295, 21.11.2018, p. 39
).
ELI: http://data.europa.eu/eli/dec_impl/2023/2601/oj
ISSN 1977-0677 (electronic edition)
Markierungen
Leseansicht