2025/512

20.3.2025

COMMISSION IMPLEMENTING REGULATION (EU) 2025/512

of 13 March 2025

on technical arrangements for developing, maintaining and employing electronic systems for the exchange and storage of information under Regulation (EU) No 952/2013 of the European Parliament and of the Council

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) No 952/2013 of the European Parliament and of the Council of 9 October 2013 laying down the Union Customs Code (1), and in particular Article 8(1), point (b), Article 17 and Article 50(1) thereof,

Whereas:

(1) Article 6(1) of Regulation (EU) No 952/2013 (‘the Code’ or ‘UCC’) requires that all exchanges of information, such as declarations, applications, or decisions, between the customs authorities of the Member States and between economic operators and the customs authorities of the Member States, and the storage of that information, as required under the customs legislation of the Union, be made by using electronic data-processing techniques.

(2) Commission Implementing Decision (EU) 2023/2879 (2) establishes the work programme for the implementation of the electronic systems required for the application of the Code, which are to be developed through the projects listed in Section II of the Annex to that Implementing Decision.

(3) Important technical arrangements for the functioning of the electronic systems should be specified, such as arrangements for development, testing and deployment as well as for maintenance and for changes to be introduced in the electronic systems. Further arrangements should be specified concerning data protection, updating of data, limitation of data processing and systems ownership and security.

(4) In order to safeguard the rights and interests of the Union, Member States, and economic operators, it is important to lay down the procedural rules and provide for alternative solutions to be implemented in the event of a temporary failure of the electronic systems.

(5) The European Union Customs Trader Portal (EUCTP), as initially developed through the UCC Authorised Economic Operator (AEO), European Binding Tariff Information (EBTI) and Information Sheets (INF) for Special Procedures (INF SP) projects, aims to provide a unique access point for economic operators and other persons, and to access each of the specific trader portals developed for their related systems.

(6) The Customs Decisions System (CDS), developed through the UCC Customs Decisions project referred to in Implementing Decision (EU) 2023/2879, pursues the objective of harmonising the processes for the application for a customs decision, for the decision-taking and the decision management in the whole of the Union by using electronic data-processing techniques only. It is therefore necessary to lay down the rules governing that electronic system. The scope of the system should be determined by reference to the customs decisions which are to be applied for, taken, and managed using that system. Detailed rules should be set out regarding the system’s common components (EU trader portal, central customs decisions management system and customer reference services) and national components (national trader portal and national customs decisions management system), by specifying their functions and their interconnections.

(7) The Uniform User Management and Digital Signature (UUM&DS) system, developed through the direct trader access to the European Information Systems (Uniform User Management & Digital Signature) project referred to in Implementing Decision (EU) 2023/2879, aims to manage the authentication and access verification process for economic operators and other persons. It is necessary to set out detailed rules regarding the scope and characteristics of the system by specifying the different components (common and national components) of the system, their functions and interconnections.

(8) The EBTI system, as upgraded through the UCC Binding Tariff Information (BTI) project referred to in Implementing Decision (EU) 2023/2879, aims to align the processes for applying for, taking, and managing BTI decisions with the requirements of the Code using electronic data-processing techniques only. It is therefore necessary to lay down rules governing that system. Detailed rules should be laid down for the system’s common components (EU trader portal, central EBTI system and BTI usage monitoring) and national components (national trader portal and national BTI system), by specifying their functions and interconnections. Moreover, the project aims to facilitate the monitoring of compulsory BTI usage and the monitoring and management of BTI extended usage.

(9) The Economic Operator Registration and Identification (EORI) system, as upgraded through the UCC Economic Operator Registration and Identification system (EORI 2) project referred to in Implementing Decision (EU) 2023/2879, enables the registration and identification of economic operators of the Union and of third countries and of other persons for the purposes of applying the customs legislation of the Union. It is therefore necessary to lay down rules governing the system by specifying the components (central EORI system and national EORI systems) and the use of the EORI system. To ensure the uniform application of customs legislation and customs controls, which encompass all legislation governing entry, import, export, transit and exit of the goods, including restrictive measures in line with Articles 46 and 50(1) of the Code, and, in particular, to provide Member States with enriched data and other information relevant for the identification of risks through data processing, and the comparison and analysis of data from different sources at Union level, it is necessary to ensure that the Commission is provided with access to the central component of the EORI system. In addition, as laid down in Article 17 of the Treaty on the European Union, the Commission is to ensure the application of the Treaties and of measures adopted by the institutions pursuant to them, which includes the customs legislation and thus also the provisions on the identification and registration of economic operators in the customs legislation, the present regulation and Implementing Decision (EU) 2023/2879 adopted according to Article 280(2), point (b) of the Code to enhance the efficiency, effectiveness and uniform application of customs procedures including customs controls. As one of the systems laid down in the present regulation and in Implementing Decision (EU) 2023/2879, and as already provided for with respect to the Import Control System 2 (ICS2) and Surveillance system, the EORI system should therefore also be used by the Commission to ensure the uniform, effective and efficient implementation of customs legislation and thus it should be clarified that the Commission should access the central component of the EORI system also for this purpose.

(10) The AEO system, as upgraded through the UCC Authorised Economic Operators (AEO) project referred to in Implementing Decision (EU) 2023/2879, aims to improve the business processes relating to AEO applications and authorisations and the management of such applications and authorisations. The system also aims to implement the electronic form to be used for AEO applications and decisions, and to provide economic operators with an EUCTP through which to submit AEO applications and to receive AEO decisions electronically. It is necessary to lay down detailed rules regarding the system’s common components.

(11) The Import Control System 2 (ICS2), as developed through the ICS2 project referred to in Implementing Decision (EU) 2023/2879 aims to strengthen the safety and security of goods entering the Union. The system supports the collection of entry summary declaration data from different economic operators and other persons acting in the international supply chains for goods. The system also aims to support all exchanges of information related to fulfilment of the entry summary declaration requirements between the customs authorities of the Member States and economic operators and other persons through a harmonised trader interface developed either as a common or as a national application. The system further aims to support, via a common repository and related processes, the real-time collaborative implementation of security and safety risk analysis by the customs offices of first entry and exchange of risk analysis results among the customs authorities of the Member States, prior to goods departure from third countries and/or prior to their arrival in the customs territory of the Union. In addition, the system supports customs measures to address safety and security risks identified following risk analysis, including customs controls and the exchange of results of controls, and, where relevant, notifications to economic operators and other persons regarding certain measures which they need to take to mitigate risks. Finally, the system supports the monitoring and evaluation by the Commission and the customs authorities of the Member States of the implementation of the common safety and security risk criteria and standards and of the control measures and priority control areas referred to in the Code. For the above stated reasons, it is necessary to lay down detailed rules specifying the components and the use of the system.

(12) In accordance with Decision No 6/2020 of the Joint Committee (3) and with Article 12(2) of the Windsor Framework (4), it should be confirmed that the Union Representatives as referred to in Article 12(2) of the Windsor Framework can continue to use the data related to the United Kingdom in respect of Northern Ireland, which are collected via the ICS2.

(13) The Automated Export System, as upgraded through the UCC Automated Export System (AES) project referred to in Implementing Decision (EU) 2023/2879, aims to upgrade the existing Export Control System to be aligned with the new business and data requirements laid down in the Code. The system also aims to offer all the required functionalities and to cover the necessary interfaces with supporting systems, namely the New Computerised Transit System (NCTS) and the Excise Movement Control System. In addition, the AES supports the implementation of the centralised clearance at export functionalities. As the AES is a decentralised system, it is necessary to lay down rules specifying the components and the use of the system.

(14) In the interest of business continuity and in order to prevent serious disruptions of the trade, Member States should have the possibility to keep making use of the transitional measures and supporting mechanisms, including the central convertor for AES, during a prolonged period ending on the date defined in Article 56 of this Regulation, which is beyond the AES deployment window set out in the Annex to Implementing Decision (EU) 2023/2879.

(15) The NCTS, as upgraded through the UCC New Computerised Transit System (NCTS) project referred to in Implementing Decision (EU) 2023/2879, aims to upgrade the existing NCTS Phase 4 to align with the new business and data requirements laid down in the Code. The system also aims to offer new functionalities referred to in the Code and to cover the necessary interfaces with supporting systems and the AES. As the NCTS is a decentralised system, it is necessary to lay down rules specifying the components and the use of the system.

(16) The INF SP system, developed through the UCC Information Sheets (INF) for Special Procedures project referred to in Implementing Decision (EU) 2023/2879, aims to develop a new trans-European system to support and streamline the processes of INF data management and the electronic handling of INF data in the domain of Special Procedures. Detailed rules should be laid down to specify the system’s components and usage.

(17) In line with Article 46(3) and (5) as well as Article 47(2) of the Code, with Article 8 of the Agreement on the European Economic Area (5), Protocol 10 on simplification of inspections and formalities in respect of carriage of goods as amended by the Decision of the EEA Joint Committee No 76/2009 (6) and with Article 12 of the Agreement of 25 June 2009 between the European Community and the Swiss Confederation on the simplification of inspections and formalities in respect of the carriage of goods and on customs security measures as amended by Decision No 1/2021 of the EU-Switzerland Joint Committee (7), the customs risk management system (CRMS) referred to in Article 36 of Commission Implementing Regulation (EU) 2015/2447 (8) aims to support the exchange of risk information between the customs authorities of the Member States, Switzerland and Norway, and between those customs authorities and the Commission to support the implementation of the common risk management framework.

(18) The Centralised Clearance for Import (CCI) system, as developed through the UCC Centralised Clearance for Import (CCI) project referred to in Implementing Decision (EU) 2023/2879 aims to allow goods to be placed under a customs procedure using centralised clearance, thereby enabling economic operators to centralise their business from a customs viewpoint. The processing of the customs declaration and the physical release of the goods should be coordinated between the customs offices involved. As the CCI system is a decentralised system, it is necessary to lay down rules specifying the components and the use of the system.

(19) The Registered Exporter (REX) system, referred to in Articles 68 to 93 of Implementing Regulation (EU) 2015/2447, aims to enable exporters registered in the Union and in some third countries with which the Union has a preferential trade arrangement to self-certify the origin of their goods. Detailed rules should be laid down to specify the system’s components and usage.

(20) The Proof of Union Status (PoUS) system, developed through the UCC PoUS project referred to in Implementing Decision (EU) 2023/2879, aims to create a new trans-European system to store, manage and retrieve the proofs of Union status in the form of T2L/T2LF and customs goods manifest (CGM) documents. It is necessary to lay down rules specifying the components and the use of the system.

(21) The Surveillance system, as upgraded through the UCC Surveillance 3 project referred to in Implementing Decision (EU) 2023/2879, aims to upgrade the Surveillance 2+ system to ensure it is aligned with the UCC requirements such as the standard exchange of information via electronic data processing techniques and the establishment of the functionalities needed for the processing and analysis of the full surveillance dataset obtained from Member States. The Surveillance system, which is available to the Commission and the Member States, further includes data mining capabilities and reporting functionalities. It is necessary to lay down rules specifying the components and the use of the system.

(22) The Guarantee Management (GUM) system, developed through the UCC GUM project referred to in Implementing Decision (EU) 2023/2879, aims to ensure the efficient and effective management of different types of guarantees, except for transit which is handled as part of the NCTS project. Detailed rules should be laid down to specify the system’s components and usage.

(23) Where the Commission shall act as a joint controller together with the Member States, the Member States and the Commission shall establish joint controllership arrangements pursuant to Article 26 of Regulation (EU) 2016/679 of the European Parliament and of the Council (9) and Article 28 of Regulation (EU) 2018/1725 of the European Parliament and of the Council (10).

(24) Data retention periods need to be defined to allow for the full application of the customs legislation and to ensure effective risk management and controls, including ex post controls.

(25) Commission Implementing Regulation (EU) 2023/1070 (11) sets out technical arrangements for developing, maintaining, and employing electronic systems for the exchange of information and for the storage of such information under the Code. Given the number of amendments that need to be made to that Regulation to take account of the fact that GUM has become fully operational, the developments as regards the transition approach for AES and the updated data access for EORI, Implementing Regulation (EU) 2023/1070 should be repealed and replaced by a new Implementing Regulation.

(26) This Regulation respects the fundamental rights and observes the principles recognised by the Charter of Fundamental Rights of the European Union, and notably the right to the protection of personal data. Where for the purposes of the uniform application of the customs legislation of the Union it is necessary to process personal data in the electronic systems, Member States’ authorities should process those data in accordance with Regulation (EU) 2016/679 and the Commission should process those data in accordance with Regulation (EU) 2018/1725. The personal data of economic operators and other persons processed by the electronic systems should be restricted to the datasets as set out in Annex A, Title II, Section 3, Group 33 – Parties; Annex B, Title II, Group 13 – Parties; and Annex 12-01 to Commission Delegated Regulation (EU) 2015/2446 (12).

(27) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725.

(28) The measures provided for in this Regulation are in accordance with the opinion of the Customs Code Committee,

HAS ADOPTED THIS REGULATION:

CHAPTER I

GENERAL PROVISIONS

Article 1

Scope

1. This Regulation applies to the following central systems developed or upgraded through the following projects referred to in the Annex to Implementing Decision (EU) 2023/2879:

(a) the Customs Decisions System (CDS), developed through the Union Customs Code (‘the Code’ or ‘UCC’) Customs Decisions project;

(b) the Uniform User Management and Digital Signature (UUM&DS) system, developed through the direct trader access to the European Information Systems (Uniform User Management & Digital Signature) project;

(c) the European Binding Tariff Information (EBTI) system, upgraded through the UCC Binding Tariff Information (BTI) project;

(d) the Economic Operator Registration and Identification (EORI) system, upgraded through the UCC Economic Operator Registration and Identification system upgrade (EORI 2) project;

(e) the Authorised Economic Operator (AEO) system, upgraded in line with the requirements of the Code through the AEO upgrade project;

(f) the Import Control System 2 (ICS2), developed through the ICS2 project;

(g) the Information Sheets (INF) for Special Procedures (INF SP) system, developed through the UCC Information Sheets (INF) for Special Procedures project;

(h) the Registered Exporter (REX) system, developed through the UCC REX project;

(i) the Proof of Union Status (PoUS) system, developed through the UCC PoUS project;

(j) the Surveillance system, upgraded through the UCC Surveillance 3 project.

2. This Regulation applies to the following decentralised systems as developed or upgraded through the following projects referred to in the Annex to Implementing Decision (EU) 2023/2879:

(a) the Automated Export System (AES), developed in line with the requirements of the Code through the AES project;

(b) the New Computerised Transit System (NCTS), upgraded in line with the requirements of the Code through the NCTS upgrade project;

(d) the Guarantee Management (GUM) system, developed through the UCC GUM project.

3. This Regulation also applies to the following central systems:

(a) the European Union Customs Trader Portal (EUCTP);

(b) the customs risk management system (CRMS) referred to in Article 36 of Implementing Regulation (EU) 2015/2447.

Article 2

Definitions

For the purposes of this Regulation, the following definitions shall apply:

(1) ‘common component’ means a component of the electronic systems developed at Union level which is available for all Member States or identified as common by the Commission for reasons of efficiency, security, and rationalisation;

(2) ‘national component’ means a component of the electronic systems developed at national level which is available in the Member State that created such component or contributed to its joint creation;

(3) ‘trans-European system’ means a collection of collaborating systems with responsibilities distributed across the national administrations and the Commission and developed in cooperation with the Commission;

(4) ‘central system’ means a trans-European system developed at Union level consisting of common components which are available for all Member States and which do not necessitate the creation of a national component;

(5) ‘decentralised system’ means a trans-European system consisting of common and national components based on common specifications;

(6) ‘EU Login’ is the Commission’s user authentication service which allows authorised users to securely access a wide range of Commission web services;

(7) ‘data mining’ means the analysis of large volumes of data in digital form by any analytical technique to generate information which includes patterns, trends and correlations to mitigate risks and enable informed decision-making based on human intervention;

(8) ‘Union representatives’ means the Union representatives as referred to in Article 12(2) of the Windsor Framework.

Article 3

Contact points for the electronic systems

The Commission and the Member States shall designate contact points for each of the electronic systems referred to in Article 1 of this Regulation, for the purposes of exchanging information to ensure a coordinated development, operation, and maintenance of those electronic systems.

The Commission and the Member States shall communicate the details of those contact points to each other and inform each other immediately of any changes.

CHAPTER II

EU CUSTOMS TRADER PORTAL

Article 4

Objective and structure of the EUCTP

The EU Customs Trader Portal (‘EUCTP’) shall provide economic operators and other persons a unique entry point to access the specific trader portals of the trans-European systems referred to in Article 6(1) of this Regulation.

Article 5

Authentication and access to the EUCTP

1. The authentication and access verification of economic operators and other persons for the purposes of access to the EUCTP shall be effected using the UUM&DS system.

For customs representatives to be authenticated and be able to access the EUCTP, their empowerment to act in that capacity shall be registered in the UUM&DS system or in an identity and access management system set up by a Member State pursuant to Article 20 of this Regulation. The empowerment shall not be registered for the purpose of accessing the shared trader interface for the ICS2 as referred to in Article 45 of this Regulation.

2. The authentication and access verification of the customs authorities of the Member States for the purposes of access to the EUCTP shall be effected using the network services provided by the Commission.

3. The authentication and access verification of the Commission’s staff for the purposes of access to the EUCTP shall be effected using the UUM&DS system or the network services provided by the Commission.

Article 6

Use of the EUCTP

1. The EUCTP shall provide access to the specific trader portals of the trans-European systems EBTI, AEO, INF, REX, and PoUS referred to in Articles 24, 38, 68, 83 and 96 of this Regulation, respectively, as well as to the shared trader interface for the ICS2 referred to in Article 45 of this Regulation.

2. The EUCTP shall be used for the exchange of information between the customs authorities of the Member States and economic operators and other persons on the requests, applications, authorisations, and decisions related to EBTI, AEO, INF, the REX system and PoUS.

3. The EUCTP may be used for the exchange of information between the customs authorities of the Member States and economic operators and other persons, on entry summary declarations and where applicable, on their amendments, issued referrals, and invalidation related to the ICS2.

CHAPTER III

CUSTOMS DECISIONS SYSTEM

Article 7

Objective and structure of the CDS

1. The Customs Decision System (‘CDS’) shall enable communication between the Commission, the customs authorities of the Member States, economic operators and other persons to submit and process the applications and decisions referred to in Article 8(1) of this Regulation, as well as to manage decisions related to the authorisations, namely, amendments, revocations, annulments and suspensions.

2. The CDS shall consist of the following common components:

(a) an EU trader portal;

(b) a central customs decisions management system (‘central CDMS’);

3. Member States may create the following national components:

(a) a national trader portal;

(b) a national customs decisions management system (‘national CDMS’).

Article 8

Use of the CDS

1. The CDS shall be used to submit and process applications for the following authorisations, as well as to manage decisions related to those applications or authorisations:

(a) authorisation for the simplification of the determination of amounts being part of the customs value of the goods, as referred to in Article 73 of the Code;

(b) authorisation for the provision of a comprehensive guarantee, including possible reduction or waiver, as referred to in Article 95 of the Code;

(c) authorisation of deferment of the payment of the duty payable, as far as the permission is not granted in relation to a single operation, as referred to in Article 110 of the Code;

(d) authorisation for the operation of temporary storage facilities, as referred to in Article 148 of the Code;

(e) authorisation to establish regular shipping services, as referred to in Article 120 of Delegated Regulation (EU) 2015/2446;

(f) authorisation for the status of authorised issuer, as referred to in Article 128 of Delegated Regulation (EU) 2015/2446;

(g) authorisation for the regular use of a simplified declaration, as referred to in Article 166(2) of the Code;

(h) authorisation for centralised clearance, as referred to in Article 179 of the Code;

(i) authorisation to lodge a customs declaration through an entry of data in the declarant’s records, including for the export procedure, as referred to in Article 182 of the Code;

(j) authorisation for self-assessment, as referred to in Article 185 of the Code;

(k) authorisation for the status of an authorised weigher of bananas, as referred to in Article 155 of Delegated Regulation (EU) 2015/2446;

(l) authorisation for the use of the inward processing procedure, as referred to in Article 211(1), point (a), of the Code;

(m) authorisation for the use of the outward processing procedure, as referred to in Article 211(1), point (a), of the Code;

(n) authorisation for the use of the end-use procedure, as referred to in Article 211(1), point (a), of the Code;

(o) authorisation for the use of the temporary admission procedure, as referred to in Article 211(1), point (a), of the Code;

(p) authorisation for the operation of storage facilities for customs warehousing of goods, as referred to in Article 211(1), point (b), of the Code;

(q) authorisation for the status of an authorised consignee for TIR operation, as referred to in Article 230 of the Code;

(r) authorisation for the status of an authorised consignor for Union transit, as referred to in Article 233(4), point (a), of the Code;

(s) authorisation for the status of an authorised consignee for Union transit, as referred to in Article 233(4), point (b), of the Code;

(t) authorisation for the use of seals of a special type, as referred to in Article 233(4), point (c), of the Code;

(u) authorisation to use a transit declaration with reduced data requirements, as referred to in Article 233(4), point (d), of the Code;

(v) authorisation for the use of an electronic transport document as a customs declaration, as referred to in Article 233(4), point (e), of the Code.

2. The common components of the CDS shall be used with respect to the applications and authorisations referred to in paragraph 1, as well as for the management of decisions related to those applications and authorisations, where those authorisations or decisions may have an impact in more than one Member State. The authorisations or decisions referred to in paragraph 1, point (f), of this Regulation shall be stored in the central CDMS to make them available for the central PoUS system.

3. A Member State may decide that the common components of the CDS may be used with respect to the applications and authorisations referred to in paragraph 1, as well as for the management of decisions related to those applications and authorisations, where those authorisations or decisions have an impact only in that Member State.

4. The CDS shall not be used with respect to applications, authorisations or decisions other than those listed in paragraph 1.

Article 9

Authentication and access to the CDS

1. The authentication and access verification of economic operators and other persons for the purposes of access to the common components of the CDS shall be effected using the UUM&DS system.

For customs representatives to be authenticated and be able to access the common components of the CDS, their empowerment to act in that capacity shall be registered in the UUM&DS system or in an identity and access management system set up by a Member State pursuant to Article 20 of this Regulation.

2. The authentication and access verification of the customs authorities of the Member States for the purposes of access to the common components of the CDS shall be effected using the network services provided by the Commission.

3. The authentication and access verification of the Commission’s staff for the purposes of access to the common components of the CDS shall be effected using the UUM&DS system or the network services provided by the Commission.

Article 10

EU trader portal

1. The EU trader portal shall be an entry point to the CDS for economic operators and other persons.

2. The EU trader portal shall interoperate with the central CDMS, and with the national CDMS where created by a Member State.

3. The EU trader portal shall be used for the applications and authorisations referred to in Article 8(1) of this Regulation, as well as for the management of decisions related to those applications and authorisations, where those authorisations or decisions may have an impact in more than one Member State.

4. A Member State may decide that the EU trader portal may be used for the applications and authorisations referred to in Article 8(1) of this Regulation, as well as for the management of decisions related to those applications and authorisations, where those authorisations or decisions have an impact only in that Member State.

A Member State that decides to use the EU trader portal for authorisations or decisions that have an impact only in that Member State shall inform the Commission thereof.

Article 11

Central CDMS

1. The central CDMS shall be used by the customs authorities of the Member States to process the applications and authorisations referred to in Article 8(1) of this Regulation, as well as to manage the decisions related to those applications and authorisations, to verify whether the conditions for the acceptance of an application and for taking a decision are fulfilled.

2. The central CDMS shall interoperate with the EU trader portal, the customer reference services referred to in Article 13 of this Regulation, and the national CDMS where created by a Member State.

Article 12

Consultation between the customs authorities of the Member States using the CDMS

A customs authority of a Member State shall use the central CDMS when it needs to consult a customs authority of another Member State before taking a decision regarding the applications or authorisations referred to in Article 8(1) of this Regulation.

Article 13

Customer reference services

1. The customer reference services shall be used for the central storage of data relating to the authorisations referred to in Article 8(1) of this Regulation, and for decisions related to those authorisations, and shall enable the consultation, replication, and validation of those authorisations by other electronic systems established for the purposes of Article 16 of the Code.

2. The customer reference services shall be used for the central storage of data relating to the registrations from the REX system referred to in Articles 81 and 88 of this Regulation, and shall enable the consultation, replication, and validation of those registrations by other electronic systems established for the purposes of Article 16 of the Code. The customer reference services shall be used by Andorra, Norway, San Marino, Switzerland, and Türkiye to store data from their national registered economic operators, and to consult, replicate, and validate data from the REX system for Member States, and from the REX system for third countries with which the Union has a preferential trade arrangement, for the purpose of their respective schemes of Generalised System of Preferences.

3. Apart from data from the central CDMS, the customer reference services shall be used to store data from the EORI, EBTI, AEO and GUM systems and shall enable the consultation, replication, and validation of those data by other electronic systems established for the purposes of Article 16 of the Code.

4. The customer reference services may be used by the Commission and Member States partner competent authorities to consult, replicate, and validate data from the EORI system, for the purposes of Article 16 of Regulation (EU) 2022/2399 of the European Parliament and of the Council (13).

Article 14

National trader portal

1. The national trader portal, where created by a Member State, shall be an additional entry point to the CDS for economic operators and other persons.

2. With respect to the applications and authorisations referred to in Article 8(1) of this Regulation, as well as for the management of decisions related to those applications and authorisations where those authorisations or decisions may have an impact in more than one Member State, economic operators and other persons may choose to use the national trader portal, where created, or the EU trader portal.

3. The national trader portal shall interoperate with the national CDMS, where created by a Member State.

4. A Member State that creates a national trader portal shall inform the Commission thereof.

Article 15

National CDMS

1. A national CDMS, where created by a Member State, shall be used by the customs authority of the Member State which created it to process the applications and authorisations referred to in Article 8(1) of this Regulation, as well as to manage the decisions related to those applications and authorisations, to verify whether the conditions for the acceptance of an application and for taking a decision are fulfilled.

2. The national CDMS shall interoperate with the central CDMS for consultation between the customs authorities of the Member States as referred to in Article 12 of this Regulation.

CHAPTER IV

UNIFORM USER MANAGEMENT AND DIGITAL SIGNATURE SYSTEM

Article 16

Objective and structure of the UUM&DS system

1. The Uniform User Management and Digital Signature System (‘UUM&DS system’) shall enable the communication between the Commission and the Member States’ identity and access management systems referred to in Article 20 of this Regulation for the purposes of providing secure authorised access to the electronic systems to the Commission’s staff, economic operators, and other persons.

2. The UUM&DS system shall consist of the following common components:

(a) an access management system;

(b) an administration management system.

3. A Member State shall create an identity and access management system as a national component of the UUM&DS system.

Article 17

Use of the UUM&DS system

The UUM&DS system shall be used to ensure the authentication and access verification of:

(a) economic operators and other persons for the purposes of having access to the EUCTP, the common components of the CDS, the EBTI system, the AEO system, the INF SP system, the REX system, the PoUS system, the ICS2, and the GUM system;

(b) the Commission’s staff for the purposes of having access to the EUCTP, the common components of the CDS, the EBTI system, the EORI system, the AEO system, the ICS2, the AES, the NCTS, the CRMS, the CCI system, the REX system, the PoUS system, the INF SP system and the GUM system for the purposes of maintenance and management of the UUM&DS system.

Article 18

Access management system

The Commission shall set up an access management system to validate the access requests submitted by economic operators and other persons within the UUM&DS system by interoperating with the Member States’ identity and access management systems referred to in Article 20 of this Regulation.

Article 19

Administration management system

The Commission shall set up an administration management system to manage the authentication and authorisation rules for validating the identification data of economic operators and other persons for granting access to the electronic systems.

Article 20

Member States’ identity and access management systems

The Member States shall set up an identity and access management system to ensure:

(a) the secure registration and storage of identification data of economic operators and other persons;

(b) the secure exchange of signed and encrypted identification data of economic operators and other persons.

CHAPTER V

EUROPEAN BINDING TARIFF INFORMATION SYSTEM

Article 21

Objective and structure of the EBTI system

1. The European Binding Tarif Information System (‘EBTI system’) shall, in accordance with Articles 33 and 34 of the Code, enable the following:

(a) communication between the Commission, the customs authorities of the Member States, economic operators and other persons for the purposes of submitting and processing BTI applications and BTI decisions;

(b) the management of any subsequent event which may affect the original application or decision;

(d) the monitoring and management of the extended use of BTI decisions;

(e) the monitoring by the Commission of BTI decisions, including the processes for applying for, taking, and managing those decisions, to ensure the uniform application of the customs legislation and other Union law.

2. The EBTI system shall consist of the following common components:

(a) an EU Specific Trader Portal for EBTI;

(b) a central EBTI system;

3. Member States may create, as a national component, a national binding tariff information system (‘national BTI system’) together with a national trader portal.

Article 22

Use of the EBTI system

1. The EBTI system shall be used to submit, process, exchange and store information pertaining to applications and decisions related to BTI or to any subsequent event which may affect the original application or decision as referred to in Article 21(1) of Implementing Regulation (EU) 2015/2447.

2. The EBTI system shall be used to support the monitoring by the customs authorities of the Member States of the compliance with the obligations resulting from the BTI under Article 21(3) of Implementing Regulation (EU) 2015/2447.

3. The EBTI system shall be used by the Commission to inform the Member States, pursuant to Article 22(2), third subparagraph, of Implementing Regulation (EU) 2015/2447, of the fact that the quantities of goods that may be cleared during a period of extended use have been reached as soon as that fact has occurred.

Article 23

Authentication and access to the EBTI system

1. The authentication and access verification of economic operators and other persons for the purposes of access to the common components of the EBTI system shall be effected using the UUM&DS system.

For customs representatives to be authenticated and be able to access the common components of the EBTI system, their empowerment to act in that capacity shall be registered in the UUM&DS system or in an identity and access management system set up by a Member State pursuant to Article 20 of this Regulation.

2. The authentication and access verification of the customs authorities of the Member States for the purposes of access to the common components of the EBTI system shall be effected using the network services provided by the Commission.

3. The authentication and access verification of the Commission’s staff for the purposes of access to the common components of the EBTI system shall be effected using the UUM&DS system or the network services provided by the Commission.

Article 24

EU Specific Trader Portal for EBTI

1. The EU Specific Trader Portal for EBTI shall communicate with the EUCTP, where the EUCTP shall be an entry point to the EBTI system for economic operators and other persons.

2. The EU Specific Trader Portal for EBTI shall interoperate with the central EBTI system, and shall offer redirection to national trader portals where national BTI systems have been created by Member States.

3. The EU Specific Trader Portal for EBTI shall be used to submit and exchange information pertaining to applications and decisions related to BTI or to any subsequent event which may affect the original application or decision.

Article 25

Central EBTI system

1. The central EBTI system shall be used by the customs authorities of the Member States to process, exchange and store information pertaining to applications and decisions related to BTI or to any subsequent event which may affect the original application or decision, to verify whether the conditions for the acceptance of an application and for taking a decision are fulfilled.

2. The central EBTI system shall be used by the customs authorities of the Member States to consult, process, exchange and store information, as referred to in Article 16(4), Article 17, Article 21(2), point (b), and Article 21(5) of Implementing Regulation (EU) 2015/2447.

3. The central EBTI system shall interoperate with:

(a) the EU Specific Trader Portal for EBTI;

(b) the national BTI systems, where created by Member States.

Article 26

Consultation between the customs authorities of the Member States using the central EBTI system

A customs authority of a Member State shall use the central EBTI system to consult a customs authority of another Member State to ensure compliance with Article 16(1) of Implementing Regulation (EU) 2015/2447.

Article 27

Monitoring of the usage of BTI decisions

The capability of the EBTI system to monitor the usage of BTI decisions shall be used for the purposes of Article 21(3) and of Article 22(2), third subparagraph, of Implementing Regulation (EU) 2015/2447.

Article 28

National trader portal

1. Where a Member State has created a national BTI system under Article 21(3) of this Regulation, the national trader portal shall be the main entry point to the national BTI system for economic operators and other persons.

2. Economic operators and other persons shall use the national trader portal, where created by a Member State, with respect to applications and decisions related to BTI or to any subsequent event which may affect the original application or decision.

3. The national trader portal shall interoperate with the national BTI system, where created by a Member State.

4. The national trader portal shall facilitate processes that are equivalent to those facilitated by the EU Specific Trader Portal for EBTI.

5. A Member State that creates a national trader portal shall inform the Commission thereof. The Commission shall ensure that the national trader portal can be accessed directly from the EU Specific Trader Portal for EBTI.

Article 29

National BTI system

1. A national BTI system, where created by a Member State, shall be used by the customs authority of the Member State which created it to process, exchange, and store information pertaining to applications and decisions related to BTI or to any subsequent event which may affect the original application or decision, to verify whether the conditions for the acceptance of an application or for taking a decision are fulfilled.

2. The customs authority of a Member State shall use its national BTI system to consult, process, exchange and store information as referred to in Article 16(4), Article 17, Article 21(2), point (b), and Article 21(5) of Implementing Regulation (EU) 2015/2447, unless that customs authority uses the central EBTI system for those purposes.

3. The national BTI system shall interoperate with:

(a) the national trader portal, where created by a Member State;

(b) the central EBTI system.

CHAPTER VI

ECONOMIC OPERATOR REGISTRATION AND IDENTIFICATION SYSTEM

Article 30

Objective and structure of the EORI system

The Economic Operator Registration and Identification System (‘EORI system’) shall enable a unique registration and identification, at Union level, of economic operators and other persons.

The EORI system shall consist of the following components:

(a) a central EORI system;

(b) the national EORI systems, where created by the Member States.

Article 31

Use of the EORI system

1. The EORI system shall be used for the following purposes:

(a) to receive the data of the registration of economic operators and other persons as referred to in Annex 12-01 to Delegated Regulation (EU) 2015/2446 (‘EORI data’) provided by the Member States;

(b) to centrally store EORI data pertaining to the registration and identification of economic operators and other persons;

(d) to ensure the uniform application of customs controls and customs legislation;

(e) to minimise risks.

2. The EORI system shall enable, to the customs authorities of the Member States, online access to the EORI data stored at central system level.

3. The EORI system shall interoperate with all the other electronic systems where the EORI number is used.

Article 32

Authentication and access to the central EORI system

1. The authentication and access verification of the customs authorities of the Member States for the purposes of access to the common components of the EORI system shall be effected using the network services provided by the Commission.

2. The authentication and access verification of the Commission’s staff for the purposes of access to the common components of the EORI system shall be effected using the UUM&DS system or the network services provided by the Commission.

Article 33

Central EORI system

1. The central EORI system shall be used by the customs authorities of the Member States for the purposes of Article 7 of Implementing Regulation (EU) 2015/2447, as well as by the Commission to make the EORI data available for the purposes of Articles 46, 47(2) and 50(1) of the Code to ensure the uniform application of customs controls and customs legislation and minimise risks, including through data mining techniques and exchange of risk information.

2. The EORI system may also be used by the Commission and by the Member States’ partner competent authorities for the purposes of Article 16 of Regulation (EU) 2022/2399.

3. The central EORI system shall interoperate with the national EORI systems, where created by the Member States.

Article 34

National EORI system

1. A national EORI system, where created by a Member State, shall be used by the customs authority of the Member State which created it to exchange and store EORI data.

2. A national EORI system, where created by a Member State, shall interoperate with the central EORI system.

CHAPTER VII

AUTHORISED ECONOMIC OPERATOR SYSTEM

Article 35

Objective and structure of the AEO system

1. The Authorised Economic Operator System (‘AEO system’) shall enable communication between the Commission, the customs authorities of the Member States, economic operators and other persons to:

(a) submit and process AEO applications;

(b) grant AEO authorisations;

(c) manage any subsequent event which may affect the original decision as referred to in Article 30(1) of Implementing Regulation (EU) 2015/2447.

2. The AEO system shall consist of the following common components:

(a) an EU Specific Trader Portal for AEO;

(b) a central AEO system.

3. Member States may create the following national components:

(a) a national trader portal;

(b) a national Authorised Economic Operator system (‘national AEO system’).

Article 36

Use of the AEO system

1. The AEO system shall be used to submit, exchange, process and store information pertaining to AEO applications and decisions or to any subsequent event which may affect the original decision as referred to in Article 30(1) and Article 31(1) and (4) of Implementing Regulation (EU) 2015/2447.

2. Customs authorities of the Member States shall use the AEO system to comply with their obligations under Article 31(1) and (4) of Implementing Regulation (EU) 2015/2447 and to keep a record of the consultations concerned.

Article 37

Authentication and access to the central AEO system

1. The authentication and access verification of economic operators and other persons for the purposes of access to the common components of the AEO system shall be effected using the UUM&DS system.

For customs representatives to be authenticated and be able to access the common components of the AEO system, their empowerment to act in that capacity shall be registered in the UUM&DS system or in an identity and access management system set up by a Member State pursuant to Article 20 of this Regulation.

2. The authentication and access verification of the customs authorities of the Member States for the purposes of access to the common components of the AEO system shall be effected using the network services provided by the Commission.

3. The authentication and access verification of the Commission’s staff for the purposes of access to the common components of the AEO system shall be effected using the UUM&DS system or the network services provided by the Commission.

Article 38

EU Specific Trader Portal for AEO

1. The EU Specific Trader Portal for AEO shall communicate with the EUCTP, where the EUCTP shall be an entry point to the AEO system for economic operators and other persons.

2. The EU Specific Trader Portal for AEO shall interoperate with the central AEO system, and shall offer redirection to the national trader portal where created by the Member State.

3. The EU Specific Trader Portal for AEO shall be used to submit and exchange information pertaining to AEO applications and decisions or to any subsequent event which may affect the original decision.

Article 39

Central AEO system

1. The central AEO system shall be used by the customs authorities of the Member States to exchange and store information pertaining to AEO applications and decisions or to any subsequent event which may affect the original decision.

2. The customs authorities of the Member States shall use the central AEO system to exchange and store information, and to consult and manage decisions as referred to in Articles 30 and 31 of Implementing Regulation (EU) 2015/2447.

3. The central AEO system shall interoperate with;

(a) the EU trader portal;

(b) the national AEO systems, where created by the Member States.

Article 40

National trader portal

1. The national trader portal, where created by a Member State, shall allow for the exchange of information pertaining to AEO applications and decisions.

2. Economic operators and other persons shall use the national trader portal, where created, to exchange information with the customs authorities of the Member States with respect to AEO applications and decisions.

3. The national trader portal shall interoperate with the national AEO system, where created by a Member State.

Article 41

National AEO system

1. A national AEO system, where created by a Member State, shall be used by the customs authority of the Member State which created it to exchange and store information pertaining to AEO applications and decisions or to any subsequent event which may affect the original decision.

2. The national AEO system shall interoperate with;

(a) the national trader portal, where created by a Member State;

(b) the central AEO system.

CHAPTER VIII

IMPORT CONTROL SYSTEM 2

Article 42

Objective and structure of the ICS2

1. The Import Control System 2 (‘ICS2’) shall support communication between the customs authorities of the Member States and the Commission, and between economic operators and other persons and the customs authorities of the Member States, for the following purposes:

(a) fulfilment of entry summary declaration requirements;

(b) risk analysis by the customs authorities of the Member States, primarily for security and safety purposes and for customs measures aimed at mitigating relevant risks, including customs controls;

(c) communication between the customs authorities of the Member States for the purpose of fulfilment of entry summary declaration requirements;

(d) ensuring the uniform application of customs legislation and the minimising of risks, using, among others, the processing, comparing, and analysis of data by the Member States and the Commission, and enriching and communicating data to Member States.

2. The ICS2 shall consist of the following common components:

(a) a shared trader interface;

(b) a common repository.

3. Each Member State shall create its national entry system as a national component.

4. A Member State may create a national trader interface as a national component.

Article 43

Use of the ICS2

1. The ICS2 shall be used for the following purposes:

(a) to submit, process, and store the particulars of entry summary declarations as referred to in Article 127 of the Code, and the requests for amendments and invalidations referred to in Article 129 of the Code;

(b) to receive, process and store the particulars of entry summary declarations extracted from declarations as referred to in Article 130 of the Code;

(c) to submit, process and store information regarding notifications of arrival of a sea-going vessel or an aircraft as referred to in Article 133 of the Code;

(d) to receive, process and store information regarding the presentation of goods to customs as referred to in Article 139 of the Code;

(e) to receive, process and store information regarding risk analysis requests and results, control recommendations, decisions on controls, and control results as referred to in Articles 46(3) and (5) and Article 47(2) of the Code;

(f) receive, process, store, and communicate the notifications and information to economic operators or other persons as referred to in Article 186(2), point (e), and Article 186(3) to (6) of Implementing Regulation (EU) 2015/2447 and Article 24(2) of Delegated Regulation (EU) 2015/2446;

(g) submit, process and store further information requested by the customs authorities of the Member States pursuant to Article 186(3) and (4) of Implementing Regulation (EU) 2015/2447.

2. The ICS2 shall be used to support the monitoring and evaluation by the Commission and the Member States of the implementation of the common safety and security risk criteria and standards and of the control measures and priority control areas referred to in Article 46(3) of the Code.

3. In addition to the data referred to in paragraph 1, to provide support to the risk management processes, the ICS2 safety and security analytics functionality may be used to collect, store, process and analyse the following information:

(a) information other than the information referred to in paragraph 1 of this Article;

(b) risk information and risk analysis results exchanged under Article 46(5) of the Code;

(c) data exchanged under Article 47(2) of the Code other than the information referred to in paragraph 1 of this Article;

(d) data collected by the Member States or the Commission from national, Union or international sources under Article 46(4), second subparagraph, of the Code;

(e) any other data or information made available in the Commission’s electronic systems for the exchange and storage of customs information referred to in Article 16 of the Code and other information concerning the entry, exit, transit, movement, storage and end-use of goods moved between the customs territory of the Union and countries or territories outside that territory for the purpose of the uniform implementation of customs controls and customs legislation.

Article 44

Authentication and access to the ICS2

1. The authentication and access verification of economic operators and other persons for the purposes of access to the common components of the ICS2 shall be effected using the UUM&DS system.

2. The authentication and access verification of the customs authorities of the Member States for the purposes of access to the common components of the ICS2 shall be effected using the network services provided by the Commission.

3. The authentication and access verification of the Commission’s staff for the purposes of access to the common components of the ICS2 shall be effected using the UUM&DS system or the network services provided by the Commission.

Article 45

Shared trader interface

1. The shared trader interface shall be an entry point to the ICS2 for economic operators and other persons for the purpose of Article 182(1a) of Implementing Regulation (EU) 2015/2447.

2. The shared trader interface shall interoperate with the ICS2 common repository referred to in Article 46 of this Regulation.

3. The shared trader interface shall be used:

(a) to submit, process and store the particulars of the entry summary declarations and notifications of arrival;

(b) to submit, process and store requests for amendments and invalidations of entry summary declarations;

(c) to exchange information between the customs authorities of the Member States and economic operators and other persons.

Article 46

The ICS2 common repository

1. The ICS2 common repository shall be used by the Commission and the customs authorities of the Member States to process, store, and exchange:

(a) the particulars of entry summary declarations;

(b) requests for amendments and invalidations of entry summary declarations;

(d) information regarding the presentation of goods;

(e) information regarding risk analysis requests and results;

(f) control recommendations;

(g) control decisions;

(h) control results and information exchanged with economic operators or other persons.

2. The ICS2 common repository shall be used by the Commission and the Member States for statistics and evaluation, and to exchange entry summary declaration information between Member States and between the Commission and the Member States.

3. The ICS2 common repository shall be used by the Commission and the Member States:

(a) to collect, store, process and analyse additional elements of information in conjunction with entry summary declarations;

(b) to provide support to the risk management processes referred to in Article 43(3) of this Regulation through the ICS2 safety and security analytics functionality.

4. The ICS2 common repository shall interoperate with:

(a) the shared trader interface;

(b) the national trader interfaces, where created by the Member States;

Article 47

Exchange of information between the customs authorities of the Member States using the ICS2 common repository

A customs authority of a Member State shall use the ICS2 common repository to exchange:

(a) information with a customs authority of another Member State under Article 186(2), point (a), of Implementing Regulation (EU) 2015/2447 before completing the risk analysis primarily for security and safety purposes;

(b) with a customs authority of another Member State information on:

(i) the recommended controls referred to in Article 186(7), first subparagraph, of Implementing Regulation (EU) 2015/2447;

(ii) decisions taken with regard to the recommended controls referred to in point (i);

(iii) the results of customs controls performed under Article 186(7) and (7a) of Implementing Regulation (EU) 2015/2447.

Article 48

National trader interface

1. The national trader interface, where created by a Member State, shall be an entry point to the ICS2 for economic operators and other persons, in accordance with Article 182(1a) of Implementing Regulation (EU) 2015/2447 where the submission is addressed to the Member State operating the national trader interface.

2. Economic operators and other persons may choose to use the national trader interface, where created, or the shared trader interface, to:

(a) submit, process, and store the particulars of the entry summary declarations and notifications of arrival;

(b) request the amendments and invalidation of the particulars of entry summary declarations;

3. The national trader interface, where created, shall interoperate with the ICS2 common repository.

4. A Member State that creates a national trader interface shall inform the Commission thereof.

Article 49

National entry system

1. A national entry system shall be used by the customs authority of the Member State concerned for the following purposes:

to exchange entry summary declaration particulars extracted from the declarations referred in Article 130 of the Code;

to exchange information and notifications with the ICS2 common repository for information regarding the arrival of a sea-going vessel or an aircraft as referred to in Article 133 of the Code;

to exchange information regarding the presentation of goods;

to process risk analysis requests;

to exchange and process information regarding risk analysis results, control recommendations, control decisions and control results.

The customs authority of the Member State concerned shall use a national entry system where a customs authority of a Member State receives further information from the economic operators and other persons.

2. The national entry system shall interoperate with the ICS2 common repository.

3. The national entry system shall interoperate with systems developed at national level to retrieve the information referred to in paragraph 1.

CHAPTER IX

AUTOMATED EXPORT SYSTEM

Article 50

Objective and structure of the AES

1. The Automated Export System (‘AES’) shall enable communication between the customs authorities of the Member States, and between the customs authorities of the Member States and economic operators and other persons to submit and process export and re-export declarations where goods are taken out of the customs territory of the Union. The AES may also enable communication between the customs authorities of the Member States to transmit the exit summary declarations particulars in the situations referred to in Article 271(1), second subparagraph, of the Code.

2. The AES shall consist of the following common components:

(a) a common communication network;

(b) central services.

3. Member States shall create the following national components:

(a) a national trader portal;

(b) a national export system (‘national AES’);

(d) a common interface between the AES and the Excise Movement Control System (EMCS) at national level.

Article 51

Use of the AES

The AES shall be used for the following purposes, where goods are taken out of the customs territory of the Union or moved to or out of special fiscal territories:

(a) to ensure the implementation of formalities at export and exit determined by the Code;

(b) to submit and process export and re-export declarations;

(c) to handle message exchanges between the customs office of export and customs office of exit and, in respect of Centralised Clearance at Export, between the supervising customs office and the customs office of presentation;

(d) to handle message exchanges between the customs office of lodgement and the customs office of exit in the situations referred to in Article 271(1), second subparagraph, of the Code.

Article 52

Authentication and access to the AES

1. Economic operators and other persons shall have access only to the national AES via the national trader portal. The authentication and access verification shall be determined by the Member States.

2. The authentication and access verification of the customs authorities of the Member States for the purposes of access to the common components of the AES system shall be effected using the network services provided by the Commission.

3. The authentication and access verification of the Commission’s staff for the purposes of access to the common components of the AES system shall be effected using the UUM&DS or the network services provided by the Commission.

Article 53

Common communication network of AES

1. The common communication network shall ensure the electronic communication between Member States’ national AES.

2. The customs authorities of the Member States shall use the common communication network for the exchange of information referred to in Article 51(1), points (c) and (d) of this Regulation.

Article 54

National trader portal

1. The national trader portal shall allow for the exchange of information between economic operators or other persons, and the national AES of the customs authorities of the Member States.

2. The national trader portal shall interoperate with the national AES.

Article 55

National Export System

1. The national AES shall interoperate with the national trader portal and shall be used by the customs authority of the Member State to process export and re-export declarations.

2. The national AESs of the Member States shall communicate with each other electronically via the common communication network and shall process export and exit information received from other Member States.

3. The Member States shall provide and maintain at national level an interface between their national AES and EMCS for the purposes of Article 280 of the Code and Articles 21 and 25 of Council Directive (EU) 2020/262 (14).

4. The Member States shall provide and maintain at national level an interface between their national AES and NCTS for the purposes of Article 280 of the Code, and Article 329(5) and (6), and Article 333(2), points (b) and (c), of Implementing Regulation (EU) 2015/2447.

Article 56

IT transition

1. Until 14 December 2025, the Commission shall provide the Member States with additional common components, transitional rules, and supporting mechanisms to establish an operational environment in which the Member States that have not yet deployed the AES system may continue, on a temporary basis, to interoperate with the systems in the Member States that have already deployed that system.

2. The Commission shall offer a common component in the form of a central convertor for the exchange of messages over the common communication network. A Member State may decide to implement the convertor at national level. The Commission shall maintain and operate the central convertor until 14 December 2025.

3. In the case of a gradual connectivity of economic operators and other persons, a Member State may offer a national convertor for the exchange of messages between the economic operator and other persons and the customs authority of that Member State.

4. The Commission, in collaboration with the Member States, shall draw up the rules which are of a business and technical nature to be applied until 14 December 2025, to enable mapping and interoperability between the information exchange requirements set out in Commission Delegated Regulations (EU) 2016/341 (15) and (EU) 2015/2446, and in Implementing Regulation (EU) 2015/2447.

CHAPTER X

NEW COMPUTERISED TRANSIT SYSTEM

Article 57

Objective and structure of the NCTS

1. The New Computerised Transit System (‘NCTS’) shall enable communication between the customs authorities of the Member States, and between the customs authorities of the Member States and economic operators and other persons, for the submission and processing of customs declarations and notifications where goods are placed under the transit procedure.

2. The NCTS shall consist of the following common components:

(a) a common communication network;

(b) central services.

3. Member States shall create the following national components:

(a) a national trader portal;

(b) a national computerised transit system (‘national NCTS’);

Article 58

Use of the NCTS

The NCTS shall be used for the following purposes where goods are moved under a transit procedure:

(a) to ensure the implementation of formalities in respect of transit determined by the Code;

(b) to ensure the implementation of formalities determined by the Convention on a common transit procedure (16);

(d) to lodge a transit declaration containing the particulars necessary for the risk analysis for safety and security purposes, referred to in Article 263(4) of the Code;

(e) to lodge a transit declaration instead of an entry summary declaration as referred to in Article 130(1) of the Code.

Article 59

Authentication and access to the NCTS

1. Economic operators have access only to the national transit system via a national trader portal. The authentication and access verification shall be determined by the Member States.

2. The authentication and access verification of the customs authorities of the Member States for the purposes of access to the common components of the NCTS shall be effected using the network services provided by the Commission.

3. The authentication and access verification of the Commission’s staff for the purposes of access to the common components of the NCTS shall be effected using the UUM&DS or the network services provided by the Commission.

Article 60

Common communication network of the NCTS

1. The common communication network shall ensure the electronic communication between the national NCTS of Member States and the Contracting Parties to the Convention on a common transit procedure.

2. The customs authorities of the Member States shall use the common communication network for the exchange of information related to the formalities in respect of transit.

Article 61

National trader portal

1. The national trader portal shall enable the exchange of information between the economic operators and other persons, and the national NCTS of the customs authorities of the Member States.

2. The national trader portal shall interoperate with the national NCTS.

Article 62

National transit system

1. The national NCTS shall interoperate with the national trader portal and shall be used by the customs authorities of the Member States or Contracting Parties to the Convention on a common transit procedure to submit and process the transit declaration.

2. The national NCTS shall via the common communication network communicate electronically with all national transit applications of the Member States and the Contracting Parties to the Convention on a common transit procedure and shall process transit information received from other Member States and Contracting Parties to the Convention on a common transit procedure.

3. The Member States shall provide and maintain an interface between their national NCTS and AES systems for the purposes of Article 329(5) and (6) of Implementing Regulation (EU) 2015/2447.

Article 63

Information exchange with the ICS2 system

1. For EU Member States and Contracting Parties to the Convention on a common transit procedure that decide to include entry summary declaration particulars in the transit declaration, and only when provided by the economic operator or other person, the NCTS shall communicate those particulars to the ICS2 system and support the exchange of information between the ICS2 and economic operators and other persons.

2. The Commission shall provide a common component for the exchange of messages between the NCTS and the ICS2.

Article 64

IT transition

1. During the NCTS transition period set out in the Annex to Implementing Decision (EU) 2023/2879, the Commission shall provide the Member States with additional common components, transitional rules and supporting mechanisms to establish an operational environment in which the Member States that have not yet deployed the new NCTS system may continue, on a temporary basis, to interoperate with the systems in Member States that have already deployed that new system.

4. The Commission, in collaboration with the Member States, shall draw up the technical rules which are of a business and technical nature to be applied during the NCTS transition period set out in the Annex to Implementing Decision (EU) 2023/2879, to enable mapping and interoperability between the information exchange requirements set out in Delegated Regulation (EU) 2016/341, in Delegated Regulation (EU) 2015/2446, and in Implementing Regulation (EU) 2015/2447.

CHAPTER XI

INF SPECIAL PROCEDURES SYSTEM

Article 65

Objective and structure of the INF SP system

1. The INF Special Procedures System (‘INF SP system’) shall enable communication between the customs authorities of the Member States and the economic operators and other persons to issue and manage INF data in the domain of Special Procedures.

2. The INF SP system shall consist of the following common components:

(a) an EU Specific Trader Portal for INF;

(b) a central INF SP system.

Article 66

Use of the INF SP system

1. The INF SP system shall be used for economic operators and other persons to submit INF requests and to follow up on the status of such requests. The customs authorities of the Member States shall use the INF SP system to process such requests and to manage INF.

2. The INF SP system shall enable the creation of INF by the customs authorities of the Member States and the communication between the customs authorities of Member States where needed.

3. The INF SP system shall enable the calculation of the amount of import duties in accordance with Article 86(3) of the Code.

Article 67

Authentication and access to the central INF SP system

1. The authentication and access verification of economic operators and other persons for the purposes of accessing the common components of the INF SP system shall be effected using the UUM&DS system.

For customs representatives to be authenticated and be able to access the common components of the INF SP system, their empowerment to act in that capacity must be registered in the UUM&DS system or in an identity and access management system set up by a Member State pursuant to Article 20 of this Regulation.

2. The authentication and access verification of the customs authorities of the Member States for the purposes of access to the common components of the INF SP system shall be effected using the network services provided by the Commission.

3. The authentication and access verification of the Commission’s staff for the purposes of access to the common components of the INF SP system shall be effected using the UUM&DS system or the network services provided by the Commission.

Article 68

EU Specific Trader Portal for INF

1. The EUCTP shall provide access to the EU Specific Trader Portal for INF as referred to in Article 6 of this Regulation, where the EU Specific Trader Portal shall be an entry point to the INF SP system for economic operators and other persons.

2. The EU Specific Trader Portal for INF shall interoperate with the central INF SP system.

Article 69

Central INF SP system

1. The central INF SP system shall be used by the customs authorities of the Member States to exchange and store information pertaining to submitted INFs.

2. The central INF SP system shall interoperate with the EU Specific Trader Portal for INF.

CHAPTER XII

CUSTOMS RISK MANAGEMENT SYSTEM

Article 70

Objective and structure of the CRMS

1. The Customs Risk Management System (‘CRMS’) shall enable the communication, storage, and exchange of risk information between the Member States, Switzerland and Norway, as well as between the Member States, Switzerland, Norway and the Commission to support the implementation of the common risk management framework.

2. A web service for national systems may be used to enable the exchange of data between the CRMS and national systems through a web interface. The CRMS shall interoperate with the ICS2 common components.

Article 71

Use of the CRMS

1. The CRMS shall be used for the following purposes:

(a) the exchange of risk information including risk analysis results between the Member States, Switzerland and Norway, as well as between the Member States, Switzerland, Norway and the Commission, as referred to in Article 46(5) and Article 47(2) of the Code and in Article 36(1) of Implementing Regulation (EU) 2015/2447, and the storing and processing of such information;

(b) the communication between the Member States, Switzerland and Norway, as well as between the Member States, Switzerland, Norway and the Commission of the information related to the implementation of common risk criteria, priority control actions, crisis management as referred to in Article 36(2) of Implementing Regulation (EU) 2015/2447, and the submission, processing and storing of such information, including the exchange of related-risk information, the results of the risk analysis performed prior to the actions concerning priority control and crisis management, and the analysis of the results of these actions;

(c) to enable the Member States, Switzerland, Norway and the Commission to retrieve electronically from the system risk analysis reports on existing risks, on risk analysis results, and on new trends to feed into the common risk management framework and national risk management system.

2. Where the transfer of data between the CRMS and national systems can be automated, Member States shall adapt national systems to use the CRMS web service.

Article 72

Authentication and access to the CRMS

The authentication and access verification of the customs authorities of the Member States for the purposes of access to the common components of the CRMS shall be effected using the network services provided by the Commission.

The authentication and access verification of the Commission’s staff for the purposes of access to the common components of the CRMS shall be effected using the UUM&DS system or the network services provided by the Commission.

Article 73

Common component of the CRMS

1. The CRMS shall provide for risk information forms and feedback forms on risk analysis and control results to be filled in electronically in the system, processed for reporting and stored in the system. Authorised users shall be able to retrieve the forms and use them for national risk management and control purposes.

2. The CRMS shall provide for communication mechanisms enabling users (individually or as part of an organisational unit) to provide and exchange risk information, to respond to specific requests from other users, and to provide to the Commission facts and an analysis of the results of their actions in the course of the implementation of common risk criteria, priority control actions, and crisis management.

3. The CRMS shall provide for tools enabling the analysis and aggregation of data from risk information forms stored in the systems.

4. The CRMS shall provide for a platform in which information, including guides, detection technology information and data, and links to other databases, relevant for risk management and controls, shall be stored and made available to authorised users for risk management and control purposes.

CHAPTER XIII

CENTRALISED CLEARANCE FOR IMPORT

Article 74

Objective and structure of the CCI

1. The Centralised Clearance for Import (‘CCI’) shall enable communication between the customs authorities of the Member States, and between the customs authorities of the Member States and economic operators to submit and process customs declarations in the context of centralised clearance for import where more than one Member State is involved.

2. The CCI shall consist of the following common components:

(a) a common communication network;

(b) central services.

3. Member States shall ensure that their national CCI systems communicate through the common communication network for CCI with the national CCI systems of the other Member States and that the national CCI system includes the following national components:

(a) a national trader portal;

(b) a national CCI application;

Article 75

Use of the CCI

The CCI system shall be used for the following purposes:

(a) to ensure the implementation of the formalities in respect of centralised clearance for import laid down in the Code, where more than one Member State is involved;

(b) to lodge and process standard customs declarations under the centralised clearance for import;

(c) to lodge and process simplified customs declarations and the respective supplementary declarations under the centralised clearance for import;

(d) to lodge and process the respective customs declarations and presentation notifications provided in the authorisation for entry in the declarant’s records under the centralised clearance for import.

Article 76

Authentication and access to the CCI

1. Economic operators shall only have access to the national CCI systems via a national trader portal developed by the Member States. The authentication and access verification shall be determined by the Member States.

2. The authentication and access verification of the customs authorities of the Member States for the purposes of access to the common components of the CCI system shall be effected using the network services provided by the Commission.

3. The authentication and access verification of the Commission’s staff for the purposes of access to the common components of the CCI system shall be effected using the UUM&DS or the network services provided by the Commission.

Article 77

Common communication network of the CCI

1. The common communication network shall ensure the electronic communication among Member States’ national CCI applications.

2. The customs authorities of the Member States shall use the common communication network for the exchange of information relevant to CCI related import formalities.

Article 78

National trader portal

1. The national trader portal shall allow for the exchange of information between the economic operators and the national CCI systems of the customs authorities of the Member States.

2. The national trader portal shall interoperate with the national CCI applications.

Article 79

National CCI system

1. The national CCI system shall be used by the customs authority of the Member State which created it for processing customs declarations under the CCI.

2. The national CCI systems of the Member States shall communicate with each other electronically via the common domain and shall process import information received from other Member States.

CHAPTER XIV

THE REGISTERED EXPORTER SYSTEM

SECTION 1

The REX system for Member States

Article 80

Objective and structure of the REX system for Member States

1. The Registered Exporter system (‘REX system’) for Member States shall enable the customs authorities of the Member States to register economic operators established in the Union to declare the preferential origin of goods, and to manage those registrations, namely modifications of registrations, revocations of registrations, cancellation of revocations and reporting of registrations.

2. The REX system for Member States shall consist of the following common components:

(a) an EU Specific Trader Portal for the REX system for Member States;

(b) a central REX system for Member States.

3. Member States may create the following national components:

(a) a national trader portal;

(b) a national Registered Exporter system (‘national REX system’).

Article 81

Use of the REX system for Member States

The REX system for Member States shall be used by exporters and the customs authorities of the Member States, in accordance with the provisions in force for the purpose of the Union preferential trade arrangements.

Article 82

Authentication and access to the REX system for Member States

1. The authentication and access verification of economic operators and other persons for the purposes of access to the EU Specific Trader Portal for the REX system for Member States shall be effected using the UUM&DS system.

For customs representatives to be authenticated and be able to access the EU Specific Trader Portal for the REX system for Member States, their empowerment to act in that capacity shall be registered in the UUM&DS system or in an identity and access management system set up by a Member State pursuant to Article 20 of this Regulation.

2. The authentication and access verification of Member States’ officials for the purposes of access to the central REX system for Member States shall be effected using the network services provided by the Commission.

3. The authentication and access verification of the Commission’s staff for the purposes of access to the central REX system for Member States shall be effected using the network services provided by the Commission.

Article 83

EU Specific Trader Portal for the REX system for Member States

1. The EU Specific Trader Portal for the REX system for Member States shall interoperate with the EUCTP, and the EUCTP shall be an entry point for requests from economic operators and other persons to the central REX system for Member States.

2. The EU Specific Trader Portal for the REX system for Member States shall be interoperable with the central REX system for Member States and be capable of redirecting users to the national trader portal, where created by a Member State.

3. In Member States where no national trader portal is created, the EU Specific Trader Portal for the REX system for Member States shall be used to submit and exchange information pertaining to applications for registrations and decisions of registrations, and in relation to any subsequent event which may affect the original application or registration as referred to in Article 80 of this Regulation.

Article 84

Central REX system for Member States

1. Customs authorities of the Member States shall use the central REX system for Member States to process the applications for registrations referred to in Article 83 of this Regulation, to store the registrations, to process any subsequent event which may affect the original application or registration, or to perform queries in the registrations.

2. The central REX system for Member States shall be interoperable with the EU Specific Trader Portal for the REX system, the customer reference services, and other relevant systems.

Article 85

National Trader Portal

1. Where a Member State puts in place a national trader portal, economic operators and other persons shall use that portal to submit and exchange information pertaining to applications for registrations and decisions of registrations, and in relation to any subsequent event which may affect the original application or registration as referred to in Article 80 of this Regulation.

2. A Member State that creates a national trader portal shall inform the Commission thereof.

3. The national trader portal shall be interoperable with the national REX system.

Article 86

National REX system

1. Customs authorities of the Member States shall use the national REX system, where created by a Member State, to process the applications for registrations referred to in Article 85 of this Regulation, to store the registrations, to process any subsequent event which may affect the original application or registration, or to perform queries in the registrations.

2. The national REX system shall interoperate and remain synchronised with the central REX system for Member States.

SECTION 2

The REX system for third countries with which the Union has a preferential trade arrangement

Article 87

Objective and structure of the REX system for third countries with which the Union has a preferential trade arrangement

1. The REX system for third countries with which the Union has a preferential trade arrangement (‘the REX system for third countries’) shall enable the economic operators in those countries to prepare applications for registration as registered exporters and competent authorities in those countries to process those applications, as well as to manage those registrations, namely modifications of registrations, revocations of registrations, cancellation of revocations and reporting of registrations.

2. The REX system for third countries shall consist of the following common components:

(a) a pre-application system;

(b) a central REX system for third countries.

Article 88

Use of the REX system for third countries

The REX system for third countries shall apply in certain third countries, in accordance with the Union preferential trade arrangements.

Article 89

Authentication and access to the REX system for third countries

1. The authentication and access verification of third countries’ officials for the purposes of access to the central REX system for third countries shall be effected using EU Login and the user management system for the REX system for third countries (T-REX).

2. The access of economic operators and other persons to the pre-application system referred to in Article 87(2), point (a) of this Regulation, shall be anonymous.

3. The authentication and access verification of the Commission’s staff for the purposes of access to the central REX system for third countries shall be effected using the network services provided by the Commission.

4. Where the preferential trade arrangement of the Union is no longer applicable to a third country, the competent authorities in that third country shall retain access to the REX system for third countries for as long as required to enable those competent authorities to comply with their obligations.

Article 90

Data processing as regards the REX system for third countries

The personal data of data subjects established in third countries in the REX system for third countries registered by competent authorities in third countries shall be processed to implement and monitor the relevant preferential trade arrangement with the Union.

Article 91

Central REX system for third countries with which the Union has a preferential trade arrangement

1. Competent authorities in the third countries with which the Union has a preferential trade arrangement shall use the central REX system for third countries to process applications for registrations, to store the registrations, to process any subsequent event which may affect the original application or registration, or to perform queries in the registrations.

2. The central REX system for third countries shall be interoperable with the pre-application system, the customer reference services, and other relevant systems.

Article 92

Pre-application system in the REX system for third countries with which the Union has a preferential trade arrangement

1. The pre-application system shall be an entry point for economic operators and other persons to submit electronically the data in their application to become a registered exporter. The pre-application system shall not be used for submitting requests for modification or revocation of existing registrations.

2. The pre-application system shall interoperate with the central REX system for third countries with which the Union has a preferential trade arrangement.

CHAPTER XV

PROOF OF UNION STATUS SYSTEM

Article 93

Objective and structure of the PoUS system

1. The Proof of Union Status System (‘PoUS system’) shall enable communication between the customs authorities of the Member States and the economic operators and other persons to issue and manage T2L/T2LF and customs goods manifests (CGM) documents as a means of proving the customs status of Union goods.

2. The PoUS system shall consist of the following common components:

(a) an EU Specific Trader Portal for PoUS;

(b) a central PoUS system.

3. Member States may create the following national components:

(a) a national trader portal;

(b) a national proof of Union status system (‘national PoUS system’).

Article 94

Use of the PoUS system

1. Economic operators and other persons shall use the PoUS system:

(a) to submit requests for endorsement and registration, or registration without endorsement;

(b) to submit proof of Union status in the form of T2L/T2LF and CGM documents;

2. The PoUS system shall allow for the endorsement and registration of economic operators’ and other persons’ requests and the management of the usage of the proof of Union status.

3. The PoUS shall also enable communication between the customs authorities of the Member States to present the T2L/T2LF and CGM documents as a means to prove the customs status of Union goods.

Article 95

Authentication and access to the central PoUS system

1. The authentication and access verification of economic operators and other persons for the purposes of accessing the common components of the PoUS system shall be effected using the UUM&DS system.

For customs representatives to be authenticated and be able to access the EU Specific Trader Portal for the PoUS system for Member States, their empowerment to act in that capacity shall be registered in the UUM&DS system or in an identity and access management system set up by a Member State pursuant to Article 20 of this Regulation.

2. The authentication and access verification of the customs authorities of the Member States for the purposes of access to the common components of the PoUS system shall be effected using the network services provided by the Commission.

The authentication and access verification of the customs authorities of the Member States for the purposes of access to the national PoUS system shall be effected using an identity and access management system set up by the relevant Member State.

3. The authentication and access verification of the Commission’s staff for the purposes of access to the common components of the PoUS system shall be effected using the UUM&DS system or the network services provided by the Commission.

Article 96

EU Specific Trader Portal for PoUS

1. The EU Specific Trader Portal for PoUS shall communicate with the EUCTP, where the EUCTP shall be an entry point to the PoUS system for economic operators and other persons.

2. The EU Specific Trader Portal for PoUS shall be interoperable with the central PoUS system.

Article 97

Central PoUS system

1. The central PoUS system shall be used by the customs authorities of the Member States to exchange and store information pertaining to submitted T2L/T2LF and CGM documents.

2. The central PoUS system shall be interoperable with the EU Specific Trader Portal for PoUS.

Article 98

National Trader Portal

1. Where a Member State has created a national PoUS system in accordance with Article 93(3), point (b) of this Regulation, the national trader portal shall be the main entry point to the national PoUS system for economic operators and other persons.

2. The national trader portal shall interoperate with the national PoUS system, where created by a Member State.

3. The national trader portal shall provide for the functionalities equivalent to those provided for by the EU Specific Trader Portal for PoUS.

4. A Member State that creates a national trader portal shall inform the Commission thereof.

Article 99

National PoUS system

The national PoUS system shall be interoperable with the central PoUS system to make proofs created in the national PoUS system available in the central system.

CHAPTER XVI

SURVEILLANCE SYSTEM

Article 100

Objective and structure of the Surveillance system

1. The Surveillance system shall, in accordance with Article 56(5) of the Code and with Union law providing for its use, enable, for the purpose of customs surveillance, communication between the customs authorities of the Member States and the Commission, and the collection, storage, processing and analysis of data extracted from the customs declaration for entry into free circulation or for export of goods.

2. Member States shall, in an automated manner, transmit the requested information from the customs declaration systems to the Surveillance system.

3. The Surveillance system is a central system that consists of the following common components:

(a) a component for the collection, validation and storage of data;

(b) a component for performing data mining and generating information for the purpose of customs surveillance.

Article 101

Use of the Surveillance system

The data in the Surveillance system shall be used for the surveillance of the release for free circulation and export procedures which entails:

(a) supporting the Commission and the customs authorities of the Member States to ensure the uniform application of customs controls and customs legislation;

(b) minimising risks, including through data mining and the exchange of risk information;

(c) implementing specific measures prescribed by other Union provisions that have to be implemented by the customs authorities of the Member States at the border.

Article 102

Authentication and access to the Surveillance system

1. The authentication and access verification of the customs authorities of the Member States for the purposes of access to the common components of the Surveillance system shall be effected using the network services provided by the Commission.

2. The authentication and access verification of the Commission’s staff for the purposes of access to the common components of the Surveillance system shall be effected using the network services provided by the Commission.

Article 103

Central Surveillance system

The Member States and the Commission shall use the central Surveillance system to collect, store, process, and analyse the data referred to in Article 101 of this Regulation.

CHAPTER XVII

GUARANTEE MANAGEMENT SYSTEM

Article 104

Objective and structure of the GUM system

1. The Guarantee Management system (‘GUM System’) shall enable the submission, processing and management of applications and decisions related to comprehensive guarantees through the CDS referred to in Article 7 of this Regulation. It shall also enable the management and monitoring of comprehensive guarantees and other guarantees, except for transit which is handled as part of the NCTS project.

2. The GUM System shall consist of the following common components of CDS referred to in Article 7(2) of this Regulation:

(a) an EU trader portal;

(b) a central GUM system;

3. Member States shall create, as a national component, a national guarantee management system (‘national GUM system’).

Article 105

Use of the GUM system

1. The GUM system shall be used, through the CDS referred to in Article 7 of this Regulation, to submit and process applications for comprehensive guarantees, and to manage decisions related to the applications or authorisations for comprehensive guarantees.

2. The GUM system shall also be used for the following purposes:

(a) the registration of individual guarantees and comprehensive guarantees;

(b) the management of individual guarantees and comprehensive guarantees;

(c) the monitoring of the existence of a guarantee that is provided in a Member State other than the one in which the guarantee is being used;

(d) the monitoring of the reference amount.

Article 106

Authentication and access to the central GUM system

1. The authentication and access verification of economic operators and other persons for the purposes of access to the common components of the GUM system shall be done in accordance with Article 9 of this Regulation.

2. The authentication and access verification of the customs authorities of the Member States for the purposes of access to the common components of the GUM system shall be done in accordance with Article 9 of this Regulation.

3. The authentication and access verification of the customs authorities of the Member States for the purposes of access to the national GUM system shall be effected using an identity and access management system set up by the Member State concerned.

4. The authentication and access verification of the Commission’s staff for the purposes of access to the common components of the GUM system shall be done in accordance with Article 9 of this Regulation.

Article 107

EU trader portal

1. The EU trader portal referred to in Article 10 of this Regulation shall be an entry point to the GUM system for economic operators and other persons.

2. The EU trader portal shall be used for the applications and authorisations related to comprehensive guarantees referred to in Article 8(1), point (b), of this Regulation, as well as the management of decisions related to those applications and authorisations.

Article 108

Central GUM system

1. The central GUM system, using the central CDMS referred to in Article 11 of this Regulation, shall be used by the customs authorities of the Member States to manage applications and decisions related to comprehensive guarantees.

2. The central GUM system shall interface with the national GUM system for comprehensive guarantees.

Article 109

National GUM system

1. The national GUM system shall be used by the customs authorities of the Member States to register and manage comprehensive guarantees and to monitor the related reference amounts.

2. The national GUM system may be used for the registration and management of other guarantees.

3. The national GUM system shall interoperate with the national customs declaration systems where guarantees are invoked.

4. The national GUM system may, in accordance with Article 13(3) of this Regulation, retrieve from the customer reference services the relevant business data from the respective authorisation for comprehensive guarantees.

CHAPTER XVIII

FUNCTIONING OF THE ELECTRONIC SYSTEMS AND TRAINING IN THE USE THEREOF

Article 110

Development, testing, deployment and management of the electronic systems

1. The Commission shall develop, test, deploy and manage the common components, and the Member States may test those common components. The Member States shall develop, test, deploy and manage the national components.

2. Member States shall ensure that the national components are interoperable with the common components.

3. The Commission shall design and maintain the common specifications for the decentralised systems in close cooperation with the Member States.

4. The Member States shall develop, operate, and maintain interfaces to provide the functionality for the decentralised systems necessary for the exchange of information with economic operators and other persons through national components and interfaces, and with other Member States through common components.

Article 111

Maintenance of and changes to the electronic systems

1. The Commission shall perform the maintenance of the common components and the Member States shall perform the maintenance of their national components.

2. The Commission and the Member States shall ensure the uninterrupted operation of the electronic systems.

3. The Commission may change the common components of the electronic systems to correct malfunctions, to add new functionalities, or to alter existing functionalities.

4. The Commission shall inform the Member States of changes and updates to the common components.

5. Member States shall inform the Commission of changes and updates to the national components that may affect the functioning of the common components.

6. The Commission and the Member States shall make the information on the changes and updates to the electronic systems set out in paragraphs 4 and 5 publicly available.

Article 112

Temporary failure of the electronic systems

1. In the event of a temporary failure of the electronic systems referred to in Article 6(3), point (b), of the Code, economic operators and other persons shall submit the information required to fulfil the formalities concerned by the means determined by the Member States, including by means other than electronic data-processing techniques.

2. The customs authorities of the Member States shall make sure the information submitted in accordance with paragraph 1 is made available in the respective electronic systems within 7 days of the respective electronic systems becoming available again.

3. The Commission and the Member States shall inform each other about any unavailability of the electronic systems resulting from a temporary failure.

The Commission and the Member States shall also inform each other of the unavailability of economic operators’ systems as regards the ICS2.

4. By way of derogation from paragraph 1, in the event of a temporary failure of the ICS2, AES, CRMS, PoUS or CCI, the business continuity plan agreed between the Member States and the Commission shall apply.

5. With regard to the ICS2, each Member State shall decide on the activation of the business continuity plan where that Member State is affected by the temporary failure of the electronic system or where an economic operator is unable to lodge an entry summary declaration or particulars of such declaration pursuant to Article 127(4) and (6) of the Code.

6. By way of derogation from paragraph 1, in the event of a temporary failure of the NCTS system, the business continuity procedure referred to in Annex 72-04 to Implementing Regulation (EU) 2015/2447 shall apply.

7. By way of derogation from paragraph 2, in the event of the temporary failure of the PoUS system, the business continuity plan agreed between the Member States and the Commission shall apply.

Article 113

Training support on the use and functioning of the common components

The Commission shall support the Member States on the use and functioning of the common components of the electronic systems by providing the appropriate training material.

CHAPTER XIX

DATA PROTECTION, DATA MANAGEMENT AND THE OWNERSHIP AND SECURITY OF THE ELECTRONIC SYSTEMS

Article 114

Personal data protection

1. The personal data registered in the electronic systems shall be processed for the purposes of implementing the customs legislation and other legislation referred to in the Code, having regard to the specific objectives of each of the electronic systems set out in Article 4, Articles 7(1), 16(1), and 21(1), Article 30, Articles 35(1), 42(1), 50(1), 57(1), 65(1), 70(1), 74(1), 80(1), 87(1), 93(1), 100(1) and 104(1) of this Regulation.

2. The Member States’ national supervisory authorities in the field of personal data protection and the European Data Protection Supervisor shall cooperate, in accordance with Article 62 of Regulation (EU) 2018/1725, to ensure the coordinated supervision of the processing of personal data registered in the electronic systems.

3. Any request by a data subject registered in the REX system to exercise his or her rights under Chapter III of Regulations (EU) 2016/679 and (EU) 2018/1725 shall first be submitted to the competent authorities in the third country or to the customs authorities in the Member State which registered the personal data.

Where a data subject has submitted such a request to the Commission without having tried to obtain his or her rights from the competent authorities in the third country or from the customs authorities in the Member State which registered the personal data, the Commission shall forward that request to the competent authorities in the third country or to the customs authorities in the Member State respectively which registered those data.

Where the registered exporter fails to obtain his or her rights from the competent authorities in the third country or from the customs authorities in the Member State which registered the personal data, the registered exporter shall submit such request to the Commission acting as controller as defined in Article 4, point (7), of Regulation (EU) 2016/679 and in Article 3, point (8), of Regulation (EU) 2018/1725.

Article 115

Updating of data in the electronic systems

1. Member States shall ensure that the data registered at national level correspond to the data registered in the common components and are kept up to date.

2. By way of derogation from paragraph 1, in respect of the ICS2, Member States shall ensure that the following data are kept up to date and correspond to the data in the ICS2 common repository:

(a) data registered at national level and communicated from the national entry system to the ICS2 common repository;

(b) data received by the national entry system from the ICS2 common repository.

Article 116

Limitation of data access and data processing

1. The data registered in the common components of the electronic systems by a Member State may be accessed or processed by that Member State. Another Member State that is involved in the processing of an application or the management of a decision to which the data relate may also access and process those data.

2. The data registered in the common components of the electronic systems by an economic operator or other person may be accessed or processed by that economic operator or that other person. A Member State involved in the processing of an application or the management of a decision to which the data relate may also access and process those data.

3. The data in the ICS2 common component that are communicated to or registered in the shared trader interface by an economic operator or other person may be accessed or processed by that economic operator or that other person.

4. The data registered in the central EBTI system by a Member State may be processed by that Member State. Another Member State which is involved in the processing of an application to which the data relate may also process those data, including by way of a consultation between the customs authorities of the Member States in accordance with Article 26 of this Regulation. The customs authorities of the Member States may access those data for the purposes of Article 25(2) of this Regulation and the Commission may access those data for the purposes of Article 21(1) of this Regulation.

5. The data registered in the central EBTI system by an economic operator or other person may be accessed or processed by that economic operator or that person. The customs authorities of the Member States may access those data for the purposes of Article 25(2) of this Regulation and the Commission may access those data for the purposes of Article 21(1) of this Regulation.

6. The data registered in the common component of the EORI system may be accessed and processed by the Commission. The Member State that registered those data may also access and process those data.

7. The data in the ICS2 common components:

(a) communicated to a Member State by an economic operator or other person through the shared trader interface into the ICS2 common repository may be accessed and processed by that Member State in the ICS2 common repository, and, where needed, that Member State may also access those data that are registered in the shared trader interface;

(b) communicated to or registered in the ICS2 common repository by a Member State may be accessed or processed by that Member State;

(c) referred to in points (a) and (b) may also be accessed and processed by another Member State where that other Member State, in accordance with Article 186(2), points (a), (b) and (d), Article 186(5), (7) and (7a), and Article 189(3) and (4) of Implementing Regulation (EU) 2015/2447, is involved in the risk analysis or control process, or both, to which the data relate, with the exception of data recorded in the system by customs authorities of other Member States in relation to information on security and safety risks as referred to in Article 186(2), point (a), of Implementing Regulation (EU) 2015/2447;

(d) may be processed by the Commission in cooperation with the Member States for the purposes referred to in Article 43(2) of this Regulation and in Article 182(1), point (c), of Implementing Regulation (EU) 2015/2447, and the results of such processing may be accessed by the Commission and the Member States;

(e) may be accessed and processed by the Member States and the Commission for the purposes referred to in Article 43(3) of this Regulation, under the conditions referred to in Article 119 of this Regulation and in accordance with the specific project agreements detailing processing operations between the Member States and the Commission.

8. The data in the ICS2 common component that are registered in the ICS2 common repository by the Commission may be accessed and processed by the Commission and Member States.

9. The data in the Surveillance system may be accessed and processed by the Commission and Member States.

10. The data registered in the central REX system for Member States may be accessed for the purpose of implementing and monitoring Union’s preferential trade arrangements by the customs authorities of Member States and the Commission.

11. The data registered in the central REX system for third countries with which the Union has a preferential trade arrangement may be accessed by the following:

(a) the competent authorities of the third country in which the data have been registered;

(b) the customs authorities of Member States for the purpose of carrying out verifications of customs declarations under Article 188 of the Code or post-release control under Article 48 of the Code;

12. Where Member States report incidents and problems in the operational processes for the provision of the services of the systems where the Commission acts as a processor, the Commission may have access to the data only to resolve a registered incident or problem. The Commission shall ensure the confidentiality of such data in accordance with Article 12 of the Code.

13. The data registered in the common components of the CRMS by a Member State, Switzerland, Norway or by the Commission may be accessed or processed by that Member State, Switzerland, Norway, another Member State or by the Commission to ensure the implementation of the common risk management framework in line with Article 46(5) of the Code and Article 36 of Implementing Regulation (EU) 2015/2447.

14. The data registered in the central PoUS system may be accessed or processed by:

(a) the customs authorities of Member States in accordance with Article 93 of this Regulation;

(b) the Commission for statistical purposes.

15. In the context of the Windsor Framework, the Union representatives may access the ICS2-data in respect of Northern Ireland.

Article 117

System ownership

1. The Commission shall be the system owner of the common components.

2. The Member States shall be the system owners of the respective national components.

Article 118

System security

1. The Commission shall ensure the security of the common components. The Member States shall ensure the security of the national components.

For those purposes, the Commission and the Member States shall take the necessary measures to:

(a) prevent any unauthorised person from having access to installations used for the processing of data;

(b) prevent the entry of data and any consultation, modification, or deletion of data by unauthorised persons;

2. The Commission and the Member States shall inform each other of any activities that might result in a breach or a suspected breach of the security of the electronic systems.

3. The Commission and the Member States shall establish security plans concerning all electronic systems.

Article 119

Controller and Processor for the systems

For the systems referred to in Article 1 of this Regulation and in relation to the processing of personal data:

(a) the Member States shall act as controllers as defined in Article 4, point (7), of Regulation (EU) 2016/679 and shall comply with the obligations set out in that Regulation;

(b) the Commission shall act as processor as defined in Article 3, point (12), of Regulation (EU) 2018/1725 and shall comply with the obligations set out in that Regulation;

(c) by way of derogation from point (b), the Commission shall act as a joint controller together with the Member States in the ICS2 when processing the data for monitoring and evaluating the implementation of the common security and safety risk criteria and standards and of the control measures and priority control in accordance with Article 116(7), point (d) of this Regulation;

(d) by way of derogation from point (b), the Commission shall act as a joint controller together with the Member States in the ICS2 when processing the data to collect, store, process, or analyse additional elements of information in conjunction with entry summary declarations and to provide support to risk management processes as referred to in Article 43(3) of this Regulation, under the conditions set out by Article 116(7), point (e), of this Regulation;

(e) by way of derogation from point (b), the Commission shall also act as a joint controller together with the Member States in the CRMS;

(f) by way of derogation from point (b), the Commission shall act as joint controller together with the Member States in the REX system in the following cases:

(i) when processing the data for synchronisation with a national system;

(ii) when processing the data to access the data to verify customs declarations under Article 188 of the Code or post-release control under Article 48 of the Code;

(iii) when processing data for statistics and monitoring purposes on the use of the REX system for Member States;

(iv) when processing data for statistics and monitoring purposes on the use of the REX system for third countries.

(g) by way of derogation from point (b), the Commission shall act as a joint controller together with the Member States in the Surveillance system.

Article 120

Data retention periods

1. The data retention periods for the systems for which the Member States are controllers, as set out in Article 119 of this Regulation, shall be determined by those Member States, taking into account the requirements of the customs legislation. The Member States shall inform the Commission of those retention periods.

2. The following data retention periods shall apply to the following systems for which the Commission and Member States are joint controllers:

(a) for the ICS2, to monitor and evaluate the implementation of the common security and safety risk criteria and standards, of the control measures and priority control areas referred to in Article 43(2), and to support the risk management processes referred in Article 43(3) of this Regulation, a retention period of 10 years starting from the moment the data are processed in the central system for the first time;

(b) for the REX system, to allow for the notification of the customs debt for a maximum period of 10 years in accordance with Article 103(2) of the Code, a revoked registration shall be retained in the REX system for a maximum period of 10 years starting from 1 January of the year after the year in which the revocation took place, and, after the expiry of that period, the competent authority of a third country or the customs authorities of the Member State having revoked the registration shall delete the registration data. However, if all registrations in a beneficiary country of the Generalized System of Preference were revoked in accordance with Article 90(1) of Implementing Regulation (EU) 2015/2447, and if the beneficiary country has not been a beneficiary country of the Generalized System of Preferences of Norway, Switzerland or Türkiye for more than 10 years, the Commission shall delete the registration data;

(c) for the CRMS, to ensure the protection of the security and safety of citizens and the protection of the financial interests of the Union and its Member States, a retention period of 10 years starting from the moment the data are processed in the central system for the first time;

(d) for the Surveillance system, to ensure the protection of the financial interests of the Union and its Member States and the trade and all other Union policies that are based on the data retrieved by means of surveillance, a retention period of 10 years starting from the moment the data are processed in the central system for the first time.

However, where court proceedings or an appeal involving data stored in the electronic systems referred to in points (a) to (d) have begun, those data shall be retained until the appeal procedure or court proceedings are terminated.

3. The data retention period shall be applicable to all data covered by the electronic systems.

CHAPTER XX

FINAL PROVISIONS

Article 121

Assessment of the electronic systems

The Commission and the Member States shall assess the components for which they are responsible and shall analyse the security and integrity of those components and the confidentiality of the data processed within those components.

The Commission and the Member States shall inform each other of the results of those assessments.

Article 122

Repeal

Implementing Regulation (EU) 2023/1070 is repealed.

References to the repealed Implementing Regulation shall be construed as references to this Regulation.

Article 123

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the

Official Journal of the European Union

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels, 13 March 2025.

For the Commission

The President

Ursula VON DER LEYEN

(1)

OJ L 269, 10.10.2013, p. 1

(2) Commission Implementing Decision (EU) 2023/2879 of 15 December 2023 establishing the Work Programme relating to the development and deployment for the electronic systems provided for in the Union Customs Code (

OJ L, 2023/2879, 22.12.2023, ELI: http://data.europa.eu/eli/dec_impl/2023/2879/oj

(3) Decision No 6/2020 of the Joint Committee established by the Agreement on the withdrawal of the United Kingdom of Great Britain and Northern Ireland from the European Union and the European Atomic Energy Community of 17 December 2020 providing for the practical working arrangements relating to the exercise of the rights of Union representatives referred to in Article 12(2) of the Protocol on Ireland/Northern Ireland [2020/2250] (

OJ L 443, 30.12.2020, p. 16

, ELI:

http://data.europa.eu/eli/dec/2020/2250/oj

(4) The Protocol on Ireland/Northern Ireland annexed to the Agreement

on the withdrawal of the United Kingdom of Great Britain and Northern Ireland from the European Union and the European Atomic Energy Community

(

OJ L 29, 31.1.2020, p. 7

, ELI:

http://data.europa.eu/eli/treaty/withd_2020/sign

) is referred to as the Windsor Framework pursuant to Joint Declaration No 1/2023 of the Union and the United Kingdom in the Joint Committee established by the Agreement on the withdrawal of the United Kingdom of Great Britain and Northern Ireland from the European Union and the European Atomic Energy Community of 24 March 2023 (

OJ L 102, 17.4.2023, p. 87

(5) Agreement on the European Economic Area – Final Act – Joint Declarations – Declarations by the Governments of the Member States of the Community and the EFTA States – Arrangements – Agreed Minutes – Declarations by one or several of the Contracting Parties of the Agreement on the European Economic Area (

OJ L 1, 3.1.1994, p. 3

, ELI:

http://data.europa.eu/eli/agree_internation/1994/1/oj

(6) Decision of the EEA Joint Committee No 76/2009 of 30 June 2009 amending Protocol 10 on simplification of inspections and formalities in respect of carriage of goods and Protocol 37 containing the list provided for in Article 101 (

OJ L 232, 3.9.2009, p. 40

, ELI:

http://data.europa.eu/eli/dec/2009/76(2)/oj

(7) Decision No 1/2021 of the EU-Switzerland Joint Committee of 12 March 2021 amending Chapter III of, and Annexes I and II to, the Agreement between the European Community and the Swiss Confederation on the simplification of inspections and formalities in respect of the carriage of goods and on customs security measures [2021/714] (

OJ L 152, 3.5.2021, p 1

, ELI:

http://data.europa.eu/eli/dec/2021/714/oj

(8) Commission Implementing Regulation (EU) 2015/2447 of 24 November 2015 laying down detailed rules for implementing certain provisions of Regulation (EU) No 952/2013 of the European Parliament and of the Council laying down the Union Customs Code (

OJ L 343, 29.12.2015, p. 558

, ELI:

http://data.europa.eu/eli/reg_impl/2015/2447/oj

(9) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (

OJ L 119, 4.5.2016, p. 1

, ELI:

http://data.europa.eu/eli/reg/2016/679/oj

(10) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (

OJ L 295, 21.11.2018, p. 39

, ELI:

http://data.europa.eu/eli/reg/2018/1725/oj

(11) Commission Implementing Regulation (EU) 2023/1070 of 1 June 2023 on technical arrangements for developing, maintaining and employing electronic systems for the exchange and storage of information under Regulation (EU) No 952/2013 of the European Parliament and the Council (

OJ L 143, 2.6.2023, p. 65

, ELI:

http://data.europa.eu/eli/reg_impl/2023/1070/oj

(12) Commission Delegated Regulation (EU) 2015/2446 of 28 July 2015 supplementing Regulation (EU) No 952/2013 of the European Parliament and of the Council as regards detailed rules concerning certain provisions of the Union Customs Code (

OJ L 343, 29.12.2015, p. 1

, ELI:

http://data.europa.eu/eli/reg_del/2015/2446/oj

(13) Regulation (EU) 2022/2399 of the European Parliament and of the Council of 23 November 2022 establishing the European Union Single Window Environment for Customs and amending Regulation (EU) No 952/2013 (

OJ L 317, 9.12.2022, p. 1

, ELI:

http://data.europa.eu/eli/reg/2022/2399/oj

(14) Council Directive (EU) 2020/262 of 19 December 2019 laying down the general arrangements for excise duty (

OJ L 58, 27.2.2020, p. 4

, ELI:

http://data.europa.eu/eli/dir/2020/262/oj

(15) Commission Delegated Regulation (EU) 2016/341 of 17 December 2015 supplementing Regulation (EU) No 952/2013 of the European Parliament and of the Council as regards transitional rules for certain provisions of the Union Customs Code where the relevant electronic systems are not yet operational and amending Delegated Regulation (EU) 2015/2446 (

OJ L 69, 15.3.2016, p. 1

, ELI:

http://data.europa.eu/eli/reg_del/2016/341/oj

(16) Convention between the European Economic Community, the Republic of Austria, the Republic of Finland, the Republic of Iceland, the Kingdom of Norway, the Kingdom of Sweden and the Swiss Confederation, on a common transit procedure (

OJ L 226, 13.8.1987, p. 2

, ELI:

http://data.europa.eu/eli/convention/1987/415/oj

ELI: http://data.europa.eu/eli/reg_impl/2025/512/oj

ISSN 1977-0677 (electronic edition)