Regulation (EU) 2023/969 of the European Parliament and of the Council of 10 May ... (32023R0969)
EU - Rechtsakte: 19 Area of freedom, security and justice

REGULATION (EU) 2023/969 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

of 10 May 2023

establishing a collaboration platform to support the functioning of joint investigation teams and amending Regulation (EU) 2018/1726

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 82(1), second subparagraph, point (d), thereof,
Having regard to the proposal from the European Commission,
After transmission of the draft legislative act to the national parliaments,
Acting in accordance with the ordinary legislative procedure (1),
Whereas:
(1) The Union has set itself the objective of offering its citizens an area of freedom, security and justice without internal frontiers, in which the free movement of persons is ensured. At the same time, the Union should ensure that that area remains a safe place. That objective can only be achieved by more effective, coordinated cooperation of the national and international law enforcement and judicial authorities and by means of appropriate measures to prevent and combat crime, including organised crime and terrorism.
(2) Achieving that objective is especially challenging where crime takes a cross-border dimension on the territory of two or more Member States and/or third countries. In such situations, Member States need to be able to join their forces and operations to allow for effective and efficient cross-border investigations and prosecutions, for which the exchange of information and evidence is crucial. One of the most successful tools for such cross-border cooperation is joint investigation teams (‘JITs’) that allow for direct cooperation and communication between the judicial and law enforcement authorities of two or more Member States and possibly third countries so that they can organise their actions and investigations in the most efficient manner. JITs are set up for a specific purpose and a limited period by the competent authorities of two or more Member States and possibly third countries, to carry out criminal investigations with a cross-border impact jointly.
(3) JITs have proven instrumental in improving judicial cooperation in relation to the investigation and prosecution of cross-border crimes, such as cybercrime, terrorism, and serious and organised crime, by reducing time-consuming procedures and formalities between JIT members. The increased use of JITs has also enhanced the culture of cross-border cooperation in criminal matters between judicial authorities in the Union.
(4) The Union
acquis
provides for two legal frameworks to set up JITs with the participation of at least two Member States: Article 13 of the Convention established by the Council in accordance with Article 34 of the Treaty on European Union, on Mutual Assistance in Criminal Matters between the Member States of the European Union (2) and Council Framework Decision 2002/465/JHA (3). Third countries can be involved in JITs as Parties where there is a legal basis for such involvement, such as Article 20 of the Second Additional Protocol to the European Convention on Mutual Assistance in Criminal Matters, signed in Strasbourg on 8 November 2001 (4) and Article 5 of the Agreement on mutual legal assistance between the European Union and the United States of America (5).
(5) International judicial authorities play a crucial role in the investigation and prosecution of international crimes. Their representatives may participate in a particular JIT on invitation of the JIT members based on the relevant agreement setting up a JIT (‘JIT agreement’). Therefore, the exchange of information and evidence between national competent authorities and any other court, tribunal or mechanism that aims to address serious crimes of concern to the international community as a whole, in particular the International Criminal Court (ICC), should be facilitated as well. This Regulation should therefore provide access to the Information Technology (IT) platform (‘JITs collaboration platform’) for representatives of such international judicial authorities in order to enhance international cooperation in relation to the investigation and prosecution of international crimes.
(6) There is a pressing need for a collaboration platform for JITs to communicate efficiently and to exchange information and evidence in a secure manner in order to ensure that those responsible for the gravest crimes can be swiftly held responsible. That need is underlined by the mandate of the European Union Agency for Criminal Justice Cooperation (Eurojust) established by Regulation (EU) 2018/1727 of the European Parliament and of the Council (6), which was amended by Regulation (EU) 2022/838 of the European Parliament and of the Council (7), enabling Eurojust to preserve, analyse and store evidence relating to genocide, crimes against humanity, war crimes and related criminal offences and enabling the exchange of related evidence with competent national authorities and international judicial authorities, in particular the ICC.
(7) The existing legal frameworks at Union level do not set out how the entities that participate in a JIT are to exchange information and communicate. Those entities reach an agreement on such exchange and communication on the basis of needs and available means. To fight increasingly complex and fast-evolving cross-border crime, speed, cooperation and efficiency are crucial. However, there is currently no system to support the management of JITs, to allow for more efficient evidence searching and recording, and to secure the data exchanged between those involved in a JIT. There is an evident lack of dedicated secure and effective channels to which all those involved in a JIT could have recourse and through which they could promptly exchange large volumes of information and evidence or allow for secure and effective communication. Furthermore, there is no system to support either the management of JITs, including the traceability of evidence exchanged among those involved in a JIT in a manner that is compliant with legal requirements before national courts, or the planning and coordination of operations of a JIT.
(8) In light of the increasing possibilities of crime infiltrating IT systems, the current state of play could hamper the effectiveness and efficiency of cross-border investigations, as well as jeopardise and slow down such investigations and prosecutions due to the insecure and non-digital exchange of information and evidence, thereby making them more costly. The judicial and law enforcement authorities in particular need to ensure that their systems are as modern and as safe as possible and that all JIT members can connect and interact easily, independently of their national systems.
(9) It is important for JIT cooperation to be improved and supported by modern IT tools. The speed and efficiency of the exchanges between those involved in a JIT could be considerably enhanced by creating a dedicated IT platform to support the functioning of JITs. Therefore, it is necessary to lay down rules establishing a JITs collaboration platform at Union level in order to help those involved in a JIT to collaborate, securely communicate and share information and evidence.
(10) The JITs collaboration platform should only be used where there is, inter alia, a Union legal basis for the setting up of a JIT. For all JITs set up solely on international legal bases, the JITs collaboration platform should not be used, since it is financed by the Union budget and developed on the basis of Union legislation. However, where the competent authorities of a third country are a Party to a JIT agreement that has a Union legal basis as well as an international one, the representatives of the competent authorities of that third country should be considered to be JIT members.
(11) The use of the JITs collaboration platform should be on a voluntary basis. However, in view of its added value for cross-border investigations, its use is strongly encouraged. The use or non-use of the JITs collaboration platform should not prejudice or affect the legality of other forms of communication or exchange of information, nor should it change the way in which the JITs are set up, are organised or function. The establishment of the JITs collaboration platform should not have an impact on the underlying legal bases for the setting up of JITs, nor should it affect the applicable national procedural legislation regarding the collection and use of the obtained evidence. Officials from other national competent authorities, such as customs, where they are members of JITs set up pursuant to Framework Decision 2002/465/JHA, should be able to have access to the JIT collaboration spaces. The JITs collaboration platform should only provide a secure IT tool to improve cooperation, accelerate the flow of information between its users and increase the security of the data exchanged and the effectiveness of the JITs.
(12) The JITs collaboration platform should cover the operational and post-operational phases of a JIT from the moment that the relevant JIT agreement is signed until the JIT evaluation has been completed. Due to the fact that the actors participating in the JIT set-up process are different from the actors who are members of a JIT once it is established, the process of setting up a JIT, especially the negotiation of the content and the signature of the JIT agreement, should not be managed through the JITs collaboration platform. However, given the need for an electronic tool to support the process of signing a JIT agreement, it is important for the Commission to consider covering that process by the e-Evidence Digital Exchange System (eEDES), which is a secure online portal for electronic requests and responses developed by the Commission.
(13) For each JIT that uses the JITs collaboration platform, the JIT members should be encouraged to conduct an evaluation of the JIT, either during the operational phase of the JIT or following its closure, using the tools provided for by the JITs collaboration platform.
(14) A JIT agreement, including any appendices, should be a prerequisite for the use of the JITs collaboration platform. The content of all future JIT agreements should be adapted to take into account the relevant provisions of this Regulation.
(15) The network of national experts on JITs, which was formed in 2005 (‘JITs Network’), developed a model agreement which includes appendices, in order to facilitate the setting up of JITs. The content of the model agreement and its appendices should be adapted to take into account the decision to use the JITs collaboration platform and the rules for access to the JITs collaboration platform.
(16) From an operational perspective, the JITs collaboration platform should be composed of isolated JIT collaboration spaces created for each individual JIT hosted by the JITs collaboration platform.
(17) From a technical perspective, the JITs collaboration platform should be accessible via a secure connection over the internet and should be composed of a centralised information system, accessible through a secure web portal, communication software for mobile and desktop devices, including an advanced logging and tracking mechanism, and a connection between the centralised information system and the relevant IT tools that support the functioning of JITs and that are managed by the JITs Network Secretariat.
(18) The purpose of the JITs collaboration platform should be to facilitate the coordination and management of a JIT. The JITs collaboration platform should ensure the exchange and temporary storage of operational information and evidence, provide secure communication, provide for evidence traceability and support the process of the evaluation of a JIT. All those involved in a JIT should be encouraged to use all functionalities of the JITs collaboration platform and to replace insofar as possible the communication and data exchange channels which are currently used with those of the JITs collaboration platform.
(19) The coordination and exchange of data between Union agencies and bodies in the area of freedom, security and justice that are involved in judicial cooperation and JIT members is key in ensuring a coordinated Union response to criminal activities and in providing crucial support to Member States in tackling crime. The JITs collaboration platform should complement existing tools that allow for the secure exchange of data among judicial and law enforcement authorities, such as the Secure Information Exchange Network Application (SIENA) managed by the European Union Agency for Law Enforcement Cooperation (Europol) established by Regulation (EU) 2016/794 of the European Parliament and of the Council (8).
(20) Communication-related functionalities of the JITs collaboration platform should be provided by state-of-the-art software that allows for non-traceable communication to be stored locally on the devices of the JITs collaboration platform users.
(21) A proper functionality that allows the exchange of operational information and evidence, including large files, should be ensured through an upload/download mechanism designed to store the data centrally only for the limited period of time necessary for the technical transfer of the data. As soon as the data are downloaded by all addressees, they should be automatically and permanently erased from the JITs collaboration platform.
(22) Given its experience with managing large-scale systems in the area of justice and home affairs, the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA) established by Regulation (EU) 2018/1726 of the European Parliament and of the Council (9) should be entrusted with the task of designing, developing and operating the JITs collaboration platform, making use of the existing functionalities of SIENA and other functionalities at Europol to ensure complementarity and, where appropriate, connectivity. Therefore, eu-LISA’s mandate should be amended to reflect those new tasks and eu-LISA should be provided with the appropriate funding and staffing to meet its responsibilities under this Regulation. In that regard, rules should be established on the responsibilities of eu-LISA, as the agency entrusted with the development, technical operation and maintenance of the JITs collaboration platform.
(23) eu-LISA should ensure that data held by law enforcement authorities could, where necessary, easily be transmitted from SIENA to the JITs collaboration platform. To that end, a report should be submitted by the Commission to the European Parliament and to the Council assessing the necessity, feasibility and suitability of a connection of the JITs collaboration platform with SIENA. That report should contain the conditions, technical specifications and procedures that ensure a secure and efficient connection and data exchange. The assessment should take into account the high level of data protection needed for such a connection, based on the existing Union and national data protection legal framework, such as Directive (EU) 2016/680 of the European Parliament and of the Council (10), Regulation (EU) 2018/1725 of the European Parliament and of the Council (11) and the rules applicable to relevant Union bodies, offices or agencies in the legal acts establishing them. The protection level of data that will be exchanged through the JITs collaboration platform, namely sensitive and non-classified data, should be taken into account. In accordance with Regulation (EU) 2018/1725, the Commission should also consult the European Data Protection Supervisor prior to submitting that report to the European Parliament and Council with regard to the impact on the protection of individuals’ rights and freedoms stemming from the envisaged processing of personal data.
(24) Since the formation of the JITs Network in 2005, the JITs Network Secretariat supports the work of the JITs Network by organising annual meetings and training activities, by collecting and analysing evaluations of the individual JITs and by managing Eurojust’s JIT funding programme. Since 2011, the JITs Network Secretariat has been hosted by Eurojust as a separate unit. Eurojust should be provided with appropriate staff allocated to the JITs Network Secretariat in order to allow the JITs Network Secretariat to support JITs collaboration platform users in the practical application of the JITs collaboration platform, to provide day-to-day guidance and assistance, to design and provide training courses and to raise awareness and promote the use of the JITs collaboration platform.
(25) Given the currently existing IT tools supporting operations of JITs, which are hosted at Eurojust and managed by the JITs Network Secretariat, it is necessary to connect the JITs collaboration platform with those IT tools, in order to facilitate the management of JITs. To that end, Eurojust should ensure the necessary technical adaptation of its systems in order to establish such a connection. Eurojust should also be provided with the appropriate funding and staffing to meet its responsibilities in that regard.
(26) During the operational phase of a JIT, Eurojust and Europol provide valuable operational support to JIT members by offering a wide range of supporting tools, including mobile offices, cross-match and analytical analyses, coordination and operational centres, the coordination of prosecution, expertise and funding.
(27) In order to ensure a clear division of rights and tasks, rules should be established on the responsibilities of Member States, Eurojust, Europol, the European Public Prosecutor’s Office (‘the EPPO’) established by Council Regulation (EU) 2017/1939 (12), the European Anti-Fraud Office (OLAF) established by Commission Decision 1999/352/EC, ECSC, Euratom (13) and other competent Union bodies, offices and agencies, including the conditions under which they may use the JITs collaboration platform for operative purposes.
(28) This Regulation sets out the details regarding the mandate, composition and organisational aspects of a Programme Management Board which should be established by the Management Board of eu-LISA. The Programme Management Board should ensure adequate management of the design and development phase of the JITs collaboration platform. It is also necessary to set out the details of the mandate, composition and organisational aspects of an Advisory Group to be established by eu-LISA in order to obtain expertise related to the JITs collaboration platform, in particular in the context of the preparation of eu-LISA’s annual work programme and annual activity report.
(29) This Regulation establishes rules on access to the JITs collaboration platform and the necessary safeguards. The JIT space administrator or administrators should be entrusted with the management of access rights to the individual JIT collaboration spaces. They should be in charge of managing access, during the operational and post-operational phases of the JIT, for JITs collaboration platform users, on the basis of the relevant JIT agreement. JIT space administrators should be able to delegate their technical and administrative tasks to the JITs Network Secretariat, except for verification of the data uploaded by third countries or representatives of international judicial authorities.
(30) Bearing in mind the sensitivity of the operational data exchanged among the JITs collaboration platform users, the JITs collaboration platform should ensure a high level of security. eu-LISA should take all necessary technical and organisational measures in order to ensure the security of the exchange of data by using strong end-to-end encryption algorithms to encrypt data in transit or at rest.
(31) This Regulation establishes rules on the liability of Member States, eu-LISA, Eurojust, Europol, the EPPO, OLAF and other competent Union bodies, offices and agencies, in respect of material or non-material damage occurring as a result of any act incompatible with this Regulation. Concerning third countries and international judicial authorities, liability clauses in respect of material or non-material damage should be contained in the relevant JIT agreements.
(32) This Regulation lays down specific data protection provisions that concern both operational data and non-operational data. Those data protection provisions are required in order to supplement the existing data protection arrangements and to provide for an adequate overall level of data protection, data security and protection of the fundamental rights of the persons concerned.
(33) The processing of personal data under this Regulation should comply with the Union’s legal framework on the protection of personal data. Directive (EU) 2016/680 applies to the processing of personal data by competent national authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and preventing threats to public security. As regards the processing of data by Union institutions, bodies, offices and agencies, Regulation (EU) 2018/1725 applies in the context of this Regulation. To that end, appropriate data protection safeguards should be ensured.
(34) Each competent national authority of a Member State and, where appropriate, Eurojust, Europol, the EPPO, OLAF or any other competent Union body, office or agency, should be individually responsible for the processing of operational personal data when using the JITs collaboration platform. JITs collaboration platform users should be considered joint controllers, within the meaning of Regulation (EU) 2018/1725, for the processing of non-operational personal data.
(35) In accordance with the relevant JIT agreement, it should be possible for JIT space administrators to grant access to a JIT collaboration space to representatives of competent authorities of third countries which are Parties to a JIT agreement or to representatives of international judicial authorities who participate in a JIT. In the context of a JIT agreement, any transfer of personal data to third countries or international judicial authorities, those authorities being considered international organisations for that purpose, is subject to compliance with the provisions set out in Chapter V of Directive (EU) 2016/680. Exchanges of operational data with third countries or international judicial authorities should be limited to those strictly required to fulfil the purposes of the relevant JIT agreement.
(36) Where a JIT has multiple JIT space administrators, one of them should be designated in the relevant JIT agreement as controller of the data uploaded by third countries or representatives of international judicial authorities, before the JIT collaboration space in which third countries or representatives of international judicial authorities are involved is created.
(37) eu-LISA should ensure that accessing the centralised information system and all data processing operations in the centralised information system are logged for the purposes of monitoring data integrity and security and the lawfulness of the data processing, as well as for the purposes of self-monitoring. eu-LISA should not have access to operational and non-operational data stored in the JIT collaboration spaces.
(38) This Regulation imposes reporting obligations on eu-LISA regarding the development and functioning of the JITs collaboration platform in light of objectives relating to the planning, technical output, cost-effectiveness, security and quality of service. Furthermore, the Commission should conduct an overall evaluation of the JITs collaboration platform that takes into account the objectives of this Regulation, as well as the aggregated results of the evaluations of the individual JITs, not later than two years after the start of operations of the JITs collaboration platform and every four years thereafter.
(39) While the cost of setting up and maintenance of the JITs collaboration platform and the supporting role of Eurojust after the start of operations of the JITs collaboration platform should be borne by the Union budget, each Member State, as well as Eurojust, Europol, the EPPO, OLAF and any other competent Union body, office and agency, should bear its own costs that arise from its use of the JITs collaboration platform.
(40) In order to establish uniform conditions for the technical development and implementation of the JITs collaboration platform, implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and the Council (14).
(41) The Commission should adopt the relevant implementing acts necessary for the technical development of the JITs collaboration platform as soon as possible after the date of entry into force of this Regulation.
(42) The Commission should determine the date of the start of operations of the JITs collaboration platform once the relevant implementing acts necessary for the technical development of the JITs collaboration platform have been adopted and eu-LISA has carried out a comprehensive test of the JITs collaboration platform, with the involvement of the Member States.
(43) Since the objective of this Regulation, namely to enable the effective and efficient cooperation, communication and exchange of information and evidence among JIT members, representatives of international judicial authorities, Eurojust, Europol, OLAF and other competent Union bodies, offices and agencies, cannot be sufficiently achieved by the Member States, but can rather, by setting out common rules, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union (TEU). In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary to achieve that objective.
(44) In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the TEU and to the Treaty on the Functioning of the European Union (TFEU), Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application.
(45) In accordance with Article 3 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the TEU and to the TFEU, Ireland has notified, by letter of 7 April 2022, its wish to take part in the adoption and application of this Regulation.
(46) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 and delivered formal comments on 25 January 2022,
HAVE ADOPTED THIS REGULATION:

CHAPTER I

GENERAL PROVISIONS

Article 1

Subject matter

This Regulation:
(a) establishes an IT platform (the ‘JITs collaboration platform’), to be used on a voluntary basis, to facilitate the cooperation of competent authorities participating in joint investigation teams (‘JITs’) set up on the basis of Article 13 of the Convention established by the Council in accordance with Article 34 of the Treaty on European Union, on Mutual Assistance in Criminal Matters between the Member States of the European Union or of Framework Decision 2002/465/JHA;
(b) lays down rules on the division of responsibilities between the JITs collaboration platform users and the agency responsible for the development and maintenance of the JITs collaboration platform;
(c) sets out conditions under which the JITs collaboration platform users may be granted access to the JITs collaboration platform;
(d) lays down specific data protection provisions needed to supplement the existing data protection arrangements and to provide for an adequate overall level of data protection, data security and protection of the fundamental rights of the persons concerned.

Article 2

Scope

1.   This Regulation applies to the processing of information, including personal data, within the context of a JIT. That includes the exchange and storage of operational data, as well as of non-operational data.
2.   This Regulation applies to the operational and post-operational phases of a JIT, starting from the moment the relevant JIT agreement is signed until all operational and non-operational data of that JIT have been removed from the centralised information system.
3.   This Regulation does not amend or otherwise affect the existing legal provisions on the establishment, conduct or evaluation of JITs.

Article 3

Definitions

For the purposes of this Regulation, the following definitions apply:
(1) ‘centralised information system’ means a central IT system where the storage and processing of JITs-related data takes place;
(2) ‘communication software’ means software that facilitates the exchange of files and messages in text, audio, image or video formats between JITs collaboration platform users;
(3) ‘competent authorities’ means the authorities of the Member States that are competent to be part of a JIT that was set up in accordance with Article 13 of the Convention established by the Council in accordance with Article 34 of the Treaty on European Union on Mutual Assistance in Criminal Matters between the Member States of the European Union and Article 1 of Framework Decision 2002/465/JHA, the EPPO when acting pursuant to its competences as provided for in Articles 22, 23 and 25 of Regulation (EU) 2017/1939, as well as the competent authorities of a third country where they are Party to a JIT agreement under an additional legal basis;
(4) ‘JIT members’ means representatives of the competent authorities;
(5) ‘JITs collaboration platform users’ means JIT members, Eurojust, Europol, OLAF and other competent Union bodies, offices and agencies or representatives of an international judicial authority that participates in a JIT;
(6) ‘international judicial authority’ means an international body, court, tribunal, or mechanism established to investigate and prosecute serious crimes of concern to the international community as a whole, namely crimes of genocide, crimes against humanity, war crimes and related criminal offences that affect international peace and security;
(7) ‘JIT collaboration space’ means an individual isolated space for each JIT hosted on the JITs collaboration platform;
(8) ‘JIT space administrator’ means a Member State’s JIT member, or an EPPO JIT member, designated in a JIT agreement, in charge of a JIT collaboration space;
(9) ‘operational data’ means information and evidence processed by the JITs collaboration platform during the operational phase of a JIT to support cross-border investigations and to support prosecutions;
(10) ‘non-operational data’ means administrative data processed by the JITs collaboration platform, in particular to facilitate the management of a JIT and cooperation between JITs collaboration platform users.

Article 4

Technical architecture of the JITs collaboration platform

The JITs collaboration platform shall be composed of the following:
(a) a centralised information system which allows for temporary central data storage;
(b) communication software which allows for the secure local storage of communication data on the devices of the JITs collaboration platform users;
(c) a connection between the centralised information system and relevant IT tools that support the functioning of JITs and that are managed by the JITs Network Secretariat.
The centralised information system shall be hosted by eu-LISA at its technical sites.

Article 5

Purpose of the JITs collaboration platform

The purpose of the JITs collaboration platform shall be to facilitate:
(a) the coordination and management of a JIT, through a set of functionalities that support the administrative and financial processes within the JIT;
(b) the rapid and secure exchange and temporary storage of operational data, including large files, through an upload and download functionality;
(c) secure communications through a functionality that covers instant messaging, chats, audio-conferencing and video-conferencing;
(d) the traceability of exchanges of evidence through an advanced logging and tracking mechanism which allows all evidence exchanged, including its access and processing, through the JITs collaboration platform to be kept track of;
(e) the evaluation of a JIT through a dedicated collaborative evaluation process.

CHAPTER II

DEVELOPMENT AND OPERATIONAL MANAGEMENT

Article 6

Adoption of implementing acts by the Commission

The Commission shall adopt the implementing acts necessary for the technical development of the JITs collaboration platform as soon as possible after 7 June 2023, and in particular implementing acts concerning:
(a) the list of functionalities required for the coordination and management of a JIT, including machine translation of non-operational data;
(b) the list of functionalities required for secure communications;
(c) business specifications of the connection referred to in Article 4, first paragraph, point (c);
(d) security as referred to in Article 19;
(e) technical logs as referred to in Article 25;
(f) statistics and information as referred to in Article 26;
(g) performance and availability requirements of the JITs collaboration platform.
The implementing acts referred to in the first paragraph of this Article shall be adopted in accordance with the examination procedure referred to in Article 29(2).

Article 7

Responsibilities of eu-LISA

1.   eu-LISA shall establish the design of the physical architecture of the JITs collaboration platform, including its technical specifications and evolution, on the basis of the implementing acts referred to in Article 6. That design shall be approved by its Management Board, subject to a favourable opinion of the Commission.
2.   eu-LISA shall be responsible for the development of the JITs collaboration platform in accordance with the principle of data protection by design and by default. Such development shall consist of the elaboration and implementation of the technical specifications, testing and overall project coordination.
3.   eu-LISA shall make the communication software available to the JITs collaboration platform users.
4.   eu-LISA shall develop and implement the JITs collaboration platform as soon as possible after 7 June 2023 and following the adoption of the implementing acts referred to in Article 6.
5.   eu-LISA shall ensure that the JITs collaboration platform is operated in accordance with this Regulation and with the implementing acts referred to in Article 6 of this Regulation, as well as in accordance with Regulation (EU) 2018/1725.
6.   eu-LISA shall be responsible for the operational management of the JITs collaboration platform. The operational management of the JITs collaboration platform shall consist of all the tasks necessary to keep the JITs collaboration platform operational in accordance with this Regulation, and in particular the maintenance work and technical developments necessary to ensure that the JITs collaboration platform functions at a satisfactory level in accordance with the technical specifications.
7.   eu-LISA shall ensure the provision of training on the technical use of the JITs collaboration platform to the JITs Network Secretariat, including by providing training materials.
8.   eu-LISA shall set up a support service for mitigating, in a timely manner, technical incidents reported to it.
9.   eu-LISA shall continuously carry out improvements and add new functionalities to the JITs collaboration platform, based on the input it receives from the Advisory Group referred to in Article 12 and on the annual report of the JITs Network Secretariat referred to in Article 10, point (e).
10.   eu-LISA shall not have access to operational and non-operational data stored in the JIT collaboration spaces.
11.   Without prejudice to Article 17 of the Staff Regulations of Officials of the European Union and the Conditions of Employment of Other Servants of the Union, laid down in Council Regulation (EEC, Euratom, ECSC) No 259/68 (15), eu-LISA shall apply appropriate rules of professional secrecy or other equivalent duties of confidentiality to all members of its staff that are required to work with data registered in the centralised information system. That obligation shall also apply after such staff leave office or employment or after the termination of their activities.

Article 8

Responsibilities of the Member States

1.   Each Member State shall make the technical arrangements necessary for access of its competent authorities to the JITs collaboration platform in accordance with this Regulation.
2.   Member States shall ensure that the JITs collaboration platform users have access to the training courses provided by the JITs Network Secretariat pursuant to Article 10, point (c), or to equivalent training courses provided at the national level. Member States shall also ensure that the JITs collaboration platform users are fully aware of data protection requirements under Union law.

Article 9

Responsibilities of competent Union bodies, offices and agencies

1.   Eurojust, Europol, the EPPO, OLAF and other competent Union bodies, offices and agencies shall make the necessary technical arrangements to enable them to access the JITs collaboration platform.
2.   Eurojust shall be responsible for the necessary technical adaptation of its systems, required to establish the connection referred to in Article 4, first paragraph, point (c).

Article 10

Responsibilities of the JITs Network Secretariat

The JITs Network Secretariat shall support the functioning of the JITs collaboration platform by:
(a) providing, at the request of the JIT space administrator or administrators, administrative, legal and technical support in the context of the creation and access rights management of individual JIT collaboration spaces, pursuant to Article 14(3);
(b) providing day-to-day guidance, functional support and assistance to practitioners on the use of the JITs collaboration platform and its functionalities;
(c) designing and providing training courses for the JITs collaboration platform users, thereby aiming to facilitate the use of the JITs collaboration platform;
(d) enhancing a culture of cooperation within the Union in relation to cross-border cooperation in criminal matters by raising awareness and promoting the use of the JITs collaboration platform among practitioners;
(e) keeping, after the start of operations of the JITs collaboration platform, eu-LISA informed of additional functional requirements by submitting an annual report on potential improvements and new functionalities of the JITs collaboration platform based on the feedback on the practical use of the JITs collaboration platform that it collects from the JITs collaboration platform users.

Article 11

Programme Management Board

1.   Prior to the design and development phase of the JITs collaboration platform, the Management Board of eu-LISA shall establish a Programme Management Board for the duration of the design and development phase.
2.   The Programme Management Board shall be composed of ten members, as follows:
(a) eight members appointed by the Management Board of eu-LISA;
(b) the Chair of the Advisory Group referred to in Article 12;
(c) one member appointed by the Commission.
3.   The Management Board of eu-LISA shall ensure that the members that it appoints to the Programme Management Board have the necessary experience and expertise in the development and management of IT systems which support judicial authorities.
4.   eu-LISA shall participate in the work of the Programme Management Board. To that end, representatives of eu-LISA shall attend the meetings of the Programme Management Board in order to report on work regarding the design and development of the JITs collaboration platform and on any other related work and activities.
5.   The Programme Management Board shall meet at least once every three months, and more often where necessary. It shall ensure the adequate management of the design and development phase of the JITs collaboration platform. The Programme Management Board shall submit written reports regularly, and where possible every month, to the Management Board of eu-LISA, on the progress of the JITs collaboration platform. The Programme Management Board shall have no decision-making power nor any mandate to represent the members of the Management Board of eu-LISA.
6.   The Programme Management Board, in consultation with the Management Board of eu-LISA, shall establish its rules of procedure, which shall include in particular rules on chairmanship, meeting venues, preparation of meetings, admission of experts to meetings and communication plans that ensure that members of the Management Board of eu-LISA who are not members of the Programme Management Board are fully informed.
7.   The chairmanship of the Programme Management Board shall be held by a Member State.
8.   The Programme Management Board’s secretariat shall be provided by eu-LISA.

Article 12

Advisory Group

1.   eu-LISA shall establish an Advisory Group in order to obtain expertise related to the JITs collaboration platform, in particular in the context of the preparation of eu-LISA`s annual work programme and annual activity report, and to identify potential improvements and new functionalities to be implemented in the JITs collaboration platform.
2.   The Advisory Group shall be composed of the representatives of the Member States, the Commission and the JITs Network Secretariat. It shall be chaired by eu-LISA. It shall:
(a) meet at least once a month until the start of operations of the JITs collaboration platform where possible, and meet regularly thereafter;
(b) during the design and development phase of the JITs collaboration platform, report to the Programme Management Board after each meeting;
(c) during the design and development phase of the JITs collaboration platform, provide technical expertise to support the tasks of the Programme Management Board.

CHAPTER III

CREATION OF AND ACCESS TO THE JIT COLLABORATION SPACES

Article 13

Creation of the JIT collaboration spaces

1.   Where a JIT agreement provides for the use of the JITs collaboration platform in accordance with this Regulation, a JIT collaboration space shall be created within the JITs collaboration platform for each JIT.
2.   The relevant JIT agreement shall provide for the competent authorities of Member States and the EPPO to be granted access to the relevant JIT collaboration space and may provide for competent Union bodies, offices and agencies, competent authorities of third countries which have signed the agreement and representatives of international judicial authorities to be granted access to that JIT collaboration space. The relevant JIT agreement shall provide for the rules for such access.
3.   The relevant JIT collaboration space shall be created by the JIT space administrator or administrators, with the technical support of eu-LISA.
4.   If JIT members decide not to use the JITs collaboration platform upon signing the JIT agreement, but agree to start using the JITs collaboration platform over the course of the relevant JIT, that JIT agreement, where it does not provide for that possibility, shall be amended and paragraphs 1, 2 and 3 shall apply. In the event that JIT members agree to stop using the JITs collaboration platform over the course of the JIT, the relevant JIT agreement shall be amended if that possibility was not already included in that JIT agreement.

Article 14

Designation and role of the JIT space administrator

1.   If the use of the JITs collaboration platform is provided for in the JIT agreement, one or more JIT space administrators from among the Member States’ JIT members or an EPPO JIT member shall be designated in that JIT agreement.
2.   The JIT space administrator or administrators shall manage the access rights of the JITs collaboration platform users to the relevant JIT collaboration space, in accordance with the relevant JIT agreement.
3.   A JIT agreement may provide for the JITs Network Secretariat to have access to a JIT collaboration space for the purpose of technical and administrative support, as well as for the purpose of technical, legal and administrative support for the management of access rights. In such situations, as agreed by the JIT members, the JIT space administrator or administrators shall grant the JITs Network Secretariat access to that JIT collaboration space.

Article 15

Access to the JIT collaboration spaces by Member States’ competent authorities and the European Public Prosecutor’s Office

In accordance with the relevant JIT agreement, the JIT space administrator or administrators shall grant access to a JIT collaboration space to the Member States’ competent authorities which are designated in that JIT agreement and to the EPPO where it is designated in that JIT agreement.

Article 16

Access to the JIT collaboration spaces by competent Union bodies, offices and agencies

In accordance with the relevant JIT agreement, the JIT space administrator or administrators shall grant access, to the extent necessary, to a JIT collaboration space to:
(a) Eurojust, for the purpose of fulfilling its tasks set out in Regulation (EU) 2018/1727;
(b) Europol, for the purpose of fulfilling its tasks set out in Regulation (EU) 2016/794;
(c) OLAF, for the purpose of fulfilling its tasks set out in Regulation (EU, Euratom) No 883/2013 of the European Parliament and of the Council (16); and
(d) other competent Union bodies, offices and agencies, for the purpose of fulfilling tasks set out in the relevant legal acts establishing them.

Article 17

Access to the JIT collaboration spaces by the competent authorities of third countries

1.   In accordance with the relevant JIT agreement, and for the purposes listed in Article 5, the JIT space administrator or administrators shall grant access to a JIT collaboration space to the competent authorities of third countries which have signed that JIT agreement.
2.   Whenever Member States’ JIT members and the EPPO JIT member, when it participates in the relevant JIT, upload operational data to a JIT collaboration space for it to be downloaded by a third country, the relevant Member States’ JIT member or the EPPO JIT member shall verify that the data they have respectively uploaded are limited to what is required for the purposes of the relevant JIT agreement and that those data comply with the conditions laid down therein.
3.   Whenever a third country uploads operational data to a JIT collaboration space, the JIT space administrator or administrators shall verify that such data are limited to what is required for the purposes of the relevant JIT agreement and that those data comply with the conditions laid down therein, before it can be downloaded by other users of the JIT collaboration space.
4.   Member States’ competent authorities shall ensure that their transfers of personal data to third countries that have been granted access to a JIT collaboration space only take place where the conditions laid down in Chapter V of Directive (EU) 2016/680 are met.
5.   Union bodies, offices and agencies shall ensure that their transfers of personal data to third countries that have been granted access to a JIT collaboration space take place only where the conditions laid down in Chapter IX of Regulation (EU) 2018/1725 are met, without prejudice to data protection rules applicable to such Union bodies, offices or agencies in the relevant legal acts establishing them, where such rules impose specific conditions for data transfers.
6.   The EPPO, when acting in accordance with its competences as provided for in Articles 22, 23 and 25 of Regulation (EU) 2017/1939, shall ensure that its transfers of personal data to third countries that have been granted access to a JIT collaboration space take place only when the conditions laid down in Articles 80 to 84 of that Regulation are met.

Article 18

Access to the JIT collaboration spaces by representatives of international judicial authorities who participate in a JIT

1.   For the purposes listed in Article 5, the JIT space administrator or administrators shall, where provided for in the JIT agreement, grant access to a JIT collaboration space to the representatives of international judicial authorities who participate in the relevant JIT.
2.   The JIT space administrator or administrators shall verify and ensure that the exchanges of operational data with representatives of international judicial authorities that have been granted access to a JIT collaboration space are limited to what is required for the purposes of the relevant JIT agreement and that those data comply with the conditions laid down therein.
3.   Member States shall ensure that their transfers of personal data to representatives of international judicial authorities that have been granted access to a JIT collaboration space only take place where the conditions laid down in Chapter V of Directive (EU) 2016/680 are met.
4.   Union bodies, offices and agencies shall ensure that their transfers of personal data to representatives of international judicial authorities that have been granted access to a JIT collaboration space take place only where the conditions laid down in Chapter IX of Regulation (EU) 2018/1725 are met, without prejudice to data protection rules applicable to such Union bodies, offices or agencies in the relevant legal acts establishing them, where such rules impose specific conditions for data transfers.

CHAPTER IV

SECURITY AND LIABILITY

Article 19

Security

1.   eu-LISA shall take the necessary technical and organisational measures to ensure a high level of cybersecurity of the JITs collaboration platform and the information security of data within the JITs collaboration platform, in particular in order to ensure the confidentiality and integrity of operational and non-operational data stored in the centralised information system.
2.   eu-LISA shall prevent unauthorised access to the JITs collaboration platform and shall ensure that persons authorised to access the JITs collaboration platform have access only to the data covered by their access authorisation.
3.   For the purposes of paragraphs 1 and 2 of this Article, eu-LISA shall adopt a security plan and a business continuity and disaster recovery plan, in order to ensure that the centralised information system can be restored in the event of interruption. eu-LISA shall provide for a working arrangement with the computer emergency response team for the Union’s institutions, bodies and agencies established by the Arrangement between the European Parliament, the European Council, the Council of the European Union, the European Commission, the Court of Justice of the European Union, the European Central Bank, the European Court of Auditors, the European External Action Service, the European Economic and Social Committee, the European Committee of the Regions and the European Investment Bank on the organisation and operation of a computer emergency response team for the Union’s institutions, bodies and agencies (CERT-EU) (17). When adopting that security plan, eu-LISA shall take into account the possible recommendations of the security experts present in the Advisory Group referred to in Article 12 of this Regulation.
4.   eu-LISA shall monitor the effectiveness of all the measures described in this Article and shall take the necessary organisational measures related to self-monitoring and supervision to ensure compliance with this Regulation.

Article 20

Liability

1.   Where a Member State, Eurojust, Europol, the EPPO, OLAF or any other competent Union body, office or agency, as a consequence of a failure on their part to comply with their obligations under this Regulation, cause damage to the JITs collaboration platform, that Member State, Eurojust, Europol, the EPPO, OLAF or other competent Union body, office or agency, respectively, shall be held liable for such damage, unless and insofar as eu-LISA fails to take reasonable measures to prevent the damage from occurring or to minimise its impact.
2.   Claims for compensation against a Member State for the damage referred to in paragraph 1 shall be governed by the law of that Member State. Claims for compensation against Eurojust, Europol, the EPPO, OLAF or any other competent Union body, office or agency for such damage shall be governed by the relevant legal acts establishing them.

CHAPTER V

DATA PROTECTION

Article 21

Retention period for storage of operational data

1.   Operational data pertaining to each JIT collaboration space shall be stored in the centralised information system for as long as required for all JITs collaboration platform users concerned to complete the process of its downloading. The retention period shall not exceed four weeks from the date of the upload of such data to the JITs collaboration platform.
2.   As soon as the process of downloading has been completed by all intended JITs collaboration platform users or, at the latest, upon expiry of the retention period referred to in paragraph 1, the data shall be automatically and permanently erased from the centralised information system.

Article 22

Retention period for storage of non-operational data

1.   Where an evaluation of a JIT is envisaged, non-operational data pertaining to each JIT collaboration space shall be stored in the centralised information system until the relevant JIT evaluation has been completed. The retention period shall not exceed five years from the date of entry of such data in the JITs collaboration platform.
2.   If it is decided not to conduct an evaluation upon the closure of a JIT or, at the latest, upon expiry of the retention period referred to in paragraph 1, the data shall be automatically erased from the centralised information system.

Article 23

Data controller and data processor

1.   Each competent national authority of a Member State and, where appropriate, Eurojust, Europol, the EPPO, OLAF or any other competent Union body, office or agency shall be considered to be data controllers in accordance with applicable Union data protection rules, for the processing of operational personal data under this Regulation.
2.   With regard to data uploaded to the JITs collaboration platform by the competent authorities of third countries or representatives of international judicial authorities, one of the JIT space administrators shall be designated in the relevant JIT agreement as data controller as regards the personal data exchanged through, and stored in, the JITs collaboration platform.
No data from third countries or international judicial authorities shall be uploaded prior to the designation of the data controller.
3.   eu-LISA shall be considered to be a data processor in accordance with Regulation (EU) 2018/1725 as regards the personal data exchanged through, and stored in, the JITs collaboration platform.
4.   The JITs collaboration platform users shall be joint controllers, within the meaning of Article 28 of Regulation (EU) 2018/1725, for the processing of non-operational personal data in the JITs collaboration platform.

Article 24

Purpose of the processing of personal data

1.   The data entered into the JITs collaboration platform shall only be processed for the purposes of:
(a) the exchange of operational data between the JITs collaboration platform users for the purpose for which the relevant JIT has been set up;
(b) the exchange of non-operational data between the JITs collaboration platform users, for the purposes of managing the relevant JIT.
2.   Access to the JITs collaboration platform shall be limited to duly authorised staff of the competent authorities of Member States and of third countries, Eurojust, Europol, the EPPO, OLAF and other competent Union bodies, offices or agencies, or representatives of international judicial authorities, to the extent necessary for the performance of their tasks in accordance with the purposes referred to in paragraph 1, and to what is strictly necessary and proportionate to the objectives pursued.

Article 25

Technical logs

1.   eu-LISA shall ensure that a technical log is kept of all access to the centralised information system and all data processing operations in the centralised information system, in accordance with paragraph 2.
2.   The technical logs shall show:
(a) the date, time zone and exact time of accessing the centralised information system;
(b) the identifying mark of each individual JITs collaboration platform user who accessed the centralised information system;
(c) the date, time zone and access time of each operation carried out by each individual JITs collaboration platform user;
(d) the operation carried out by each individual JITs collaboration platform user.
The technical logs shall be protected by appropriate technical measures against modification and unauthorised access. The technical logs shall be kept for three years or for such longer period as required for the termination of ongoing monitoring procedures.
3.   On request, eu-LISA shall make the technical logs available to the competent authorities of the Member States which participated in a particular JIT without undue delay.
4.   Within the limits of their competences and for the purpose of fulfilling their duties, the national supervisory authorities responsible for monitoring the lawfulness of data processing shall have access to the technical logs upon request.
5.   Within the limits of its competences and for the purpose of fulfilling its supervisory duties in accordance with Regulation (EU) 2018/1725, the European Data Protection Supervisor shall have access to the technical logs upon request.

CHAPTER VI

FINAL PROVISIONS

Article 26

Monitoring and evaluation

1.   eu-LISA shall establish procedures to monitor the development of the JITs collaboration platform as regards the objectives relating to planning and costs and to monitor the functioning of the JITs collaboration platform as regards the objectives relating to the technical output, cost-effectiveness, usability, security and quality of service.
2.   The procedures referred to in paragraph 1 shall provide for the possibility to produce regular technical statistics for monitoring purposes and shall contribute to the overall evaluation of the JITs collaboration platform.
3.   If there is a risk of substantial delays in the development process, eu-LISA shall inform the European Parliament and the Council as soon as possible of the reasons for the delays, their impact in terms of timeframes and finances, and the steps that it intends to take in order to remedy the situation.
4.   Once the development of the JITs collaboration platform is finalised, eu-LISA shall submit a report to the European Parliament and to the Council explaining how the objectives, in particular relating to planning and costs, were achieved and justifying any discrepancies.
5.   In the event of a technical upgrade of the JITs collaboration platform, which could result in substantial costs, eu-LISA shall inform the European Parliament and the Council before making the upgrade.
6.   Not later than two years after the start of operations of the JITs collaboration platform:
(a) eu-LISA shall submit to the Commission a report on the technical functioning of the JITs collaboration platform, including its non-sensitive security aspects, and shall make that report publicly available;
(b) on the basis of the report referred to in point (a), the Commission shall conduct an overall evaluation of the JITs collaboration platform and shall transmit an overall evaluation report to the European Parliament and the Council.
Every year after the submission of the report referred to in point (a) of the first subparagraph, eu-LISA shall submit to the Commission a report on the technical functioning of the JITs collaboration platform, including its non-sensitive security aspects, and shall make that report publicly available.
Every four years after the transmission of the overall evaluation report referred to in point (b) of the first subparagraph and on the basis of the reports submitted by eu-LISA in accordance with the second subparagraph, the Commission shall conduct an overall evaluation of the JITs collaboration platform and shall transmit an overall evaluation report to the European Parliament and the Council.
7.   Within 18 months after the date of the start of operations of the JITs collaboration platform, the Commission, following consultation with Europol and the Advisory Group referred to in Article 12, shall submit a report to the European Parliament and to the Council assessing the necessity, feasibility, suitability and cost-effectiveness of a potential connection between the JITs collaboration platform and SIENA. That report shall also include conditions, technical specifications and procedures for ensuring a secure and efficient connection. Where appropriate, that report shall be accompanied by the necessary legislative proposals, which may include empowering the Commission to adopt the technical specifications of such a connection.
8.   The Member States’ competent authorities, Eurojust, Europol, the EPPO, OLAF and other competent Union bodies, offices and agencies shall provide eu-LISA and the Commission with the information necessary to draft the report referred to in paragraph 4 of this Article and the overall evaluation report of the Commission referred to in paragraph 6 of this Article. They shall also provide the JITs Network Secretariat with the information necessary to draft the annual report referred to in Article 10, point (e). The information referred to in the first and second sentence of this paragraph shall not jeopardise working methods nor include information that reveals sources, names of staff members or investigations.
9.   eu-LISA shall provide the Commission with the information necessary to conduct the overall evaluation referred to in paragraph 6.

Article 27

Costs

The costs incurred in connection with the establishment and operation of the JITs collaboration platform shall be borne by the general budget of the Union.

Article 28

Start of operations

1.   The Commission shall determine the date of the start of operations of the JITs collaboration platform, once it is satisfied that the following conditions are met:
(a) the implementing acts referred to in Article 6, points (a) to (g), have been adopted;
(b) eu-LISA has successfully carried out a comprehensive test of the JITs collaboration platform, with the involvement of Member States, using anonymous test data.
In any event, that date shall not be later than 7 December 2025.
2.   Where the Commission has determined the date of the start of operations of the JITs collaboration platform in accordance with paragraph 1, it shall communicate that date to the Member States, Eurojust, Europol, the EPPO and OLAF. It shall also inform the European Parliament.
3.   The decision of the Commission in determining the date of the start of operations of the JITs collaboration platform, as referred to in paragraph 1, shall be published in the
Official Journal of the European Union
.
4.   The JITs collaboration platform users shall commence use of the JITs collaboration platform from the date of the start of operations determined by the Commission in accordance with paragraph 1.

Article 29

Committee procedure

1.   The Commission shall be assisted by a committee. That committee shall be a committee within the meaning of Regulation (EU) No 182/2011.
2.   Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.
3.   Where the committee delivers no opinion, the Commission shall not adopt the draft implementing act and Article 5(4), third subparagraph, of Regulation (EU) No 182/2011 shall apply.

Article 30

Amendments to Regulation (EU) 2018/1726

Regulation (EU) 2018/1726 is amended as follows:
(1) in Article 1, the following paragraph is inserted:
‘4b.   The Agency shall be responsible for the development and operational management, including technical evolutions, of the joint investigation teams collaboration platform (“JITs collaboration platform”)’;
(2) the following Article is inserted:

‘Article 8c

Tasks related to the JITs collaboration platform

In relation to the JITs collaboration platform, the Agency shall perform:
(a) the tasks conferred on it by Regulation (EU) 2023/969 of the European Parliament and of the Council
 (
*1
)
;
(b) tasks relating to training on the technical use of the JITs collaboration platform provided to the JITs Network Secretariat, including the provision of training materials.
(
*1
)
  Regulation (EU) 2023/969 of the European Parliament and of the Council of 10 May 2023 establishing a collaboration platform to support the functioning of joint investigation teams and amending Regulation (EU) 2018/1726 (
OJ L 132, 17.5.2023, p. 1
).’;"
(3) in Article 14, paragraph 1 is replaced by the following:
‘1.   The Agency shall monitor developments in research relevant for the operational management of SIS II, VIS, Eurodac, the EES, ETIAS, DubliNet, ECRIS-TCN, the e-CODEX system, the JITs collaboration platform and other large-scale IT systems as referred to in Article 1(5).’
;
(4) in Article 19(1), point (ff), the following point is added:
‘(viii)
the JITs collaboration platform pursuant to Article 26(6) of Regulation (EU) 2023/969;’;
(5) in Article 27(1), the following point is inserted:
‘(dd)
the JITs collaboration platform Advisory Group;’.

Article 31

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the
Official Journal of the European Union
.
This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.
Done at Strasbourg, 10 May 2023.
For the European Parliament
The President
R. METSOLA
For the Council
The President
J. ROSWALL
(1)  Position of the European Parliament of 30 March 2023 (not yet published in the Official Journal) and decision of the Council of 24 April 2023.
(2)  
OJ C 197, 12.7.2000, p. 3
.
(3)  Council Framework Decision 2002/465/JHA of 13 June 2002 on joint investigation teams (
OJ L 162, 20.6.2002, p. 1
).
(4)  ETS No 182.
(5)  
OJ L 181, 19.7.2003, p. 34
.
(6)  Regulation (EU) 2018/1727 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for Criminal Justice Cooperation (Eurojust), and replacing and repealing Council Decision 2002/187/JHA (
OJ L 295, 21.11.2018, p. 138
).
(7)  Regulation (EU) 2022/838 of the European Parliament and of the Council of 30 May 2022 amending Regulation (EU) 2018/1727 as regards the preservation, analysis and storage at Eurojust of evidence relating to genocide, crimes against humanity, war crimes and related criminal offences (
OJ L 148, 31.5.2022, p. 1
).
(8)  Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA (
OJ L 135, 24.5.2016, p. 53
).
(9)  Regulation (EU) 2018/1726 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), and amending Regulation (EC) No 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) No 1077/2011 (
OJ L 295, 21.11.2018, p. 99
).
(10)  Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (
OJ L 119, 4.5.2016, p. 89
).
(11)  Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (
OJ L 295, 21.11.2018, p. 39
).
(12)  Council Regulation (EU) 2017/1939 of 12 October 2017 implementing enhanced cooperation on the establishment of the European Public Prosecutor’s Office (‘the EPPO’) (
OJ L 283, 31.10.2017, p. 1
).
(13)  Commission Decision 1999/352/EC, ECSC, Euratom of 28 April 1999 establishing the European Anti-fraud Office (OLAF) (
OJ L 136, 31.5.1999, p. 20
).
(14)  Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission’s exercise of implementing powers (
OJ L 55, 28.2.2011, p. 13
).
(15)  
OJ L 56, 4.3.1968, p. 1
.
(16)  Regulation (EU, Euratom) No 883/2013 of the European Parliament and of the Council of 11 September 2013 concerning investigations conducted by the European Anti-Fraud Office (OLAF) and repealing Regulation (EC) No 1073/1999 of the European Parliament and of the Council and Council Regulation (Euratom) No 1074/1999 (
OJ L 248, 18.9.2013, p. 1
).
(17)  
OJ C 12, 13.1.2018, p. 1
.
Markierungen
Leseansicht