14.7.2021   

EN

Official Journal of the European Union

L 249/1


REGULATION (EU) 2021/1150 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

of 7 July 2021

amending Regulations (EU) 2018/1862 and (EU) 2019/818 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the European Travel Information and Authorisation System

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular point (a) of Article 87(2) thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Acting in accordance with the ordinary legislative procedure (1),

Whereas:

(1)

Regulation (EU) 2018/1240 of the European Parliament and of the Council (2) established the European Travel Information and Authorisation System (‘ETIAS’) for third-country nationals exempt from the requirement to be in possession of a visa when crossing the external borders of the Union. That Regulation laid down the conditions and procedures for issuing or refusing a travel authorisation under ETIAS.

(2)

ETIAS enables consideration of whether the presence of those third-country nationals in the territory of the Member States would pose a security, illegal immigration or high epidemic risk.

(3)

In order to enable the ETIAS Central System to process application files as referred to in Regulation (EU) 2018/1240, it is necessary to establish interoperability between the ETIAS Information System, on the one hand, and the Entry/Exit System (‘EES’), the Visa Information System (‘VIS’), the Schengen Information System (‘SIS’), Eurodac and the European Criminal Records Information System – Third-Country Nationals (‘ECRIS-TCN’) (‘other EU information systems’), and Europol data as defined in that Regulation (‘Europol data’), on the other hand.

(4)

This Regulation, together with Regulations (EU) 2021/1151 (3) and (EU) 2021/1152 (4) of the European Parliament and of the Council, lays down rules on the implementation of interoperability between the ETIAS Information System, on the one hand, and other EU information systems and Europol data, on the other hand, and the conditions for the consultation of data stored in other EU information systems and Europol data by ETIAS for the purpose of automatically identifying hits. As a result, it is necessary to amend Regulations (EU) 2018/1862 (5) and (EU) 2019/818 (6) of the European Parliament and of the Council in order to connect the ETIAS Central System to other EU information systems and to Europol data and to specify the data that will be sent between those EU information systems and Europol data.

(5)

As regards the implementation of interoperability with Eurodac, in accordance with Regulation (EU) 2018/1240, the necessary consequential amendments will be adopted once the recast of Regulation (EU) No 603/2013 of the European Parliament and of the Council (7) is adopted.

(6)

The European Search Portal (ESP), established by Regulation (EU) 2019/817 of the European Parliament and of the Council (8) and Regulation (EU) 2019/818, will enable the data stored in ETIAS and the data stored in the other EU information systems concerned to be queried in parallel.

(7)

Technical arrangements should be established to enable ETIAS to regularly and automatically verify in other EU information systems whether the conditions for the retention of application files, as laid down in Regulation (EU) 2018/1240, are still fulfilled.

(8)

It is possible to revoke ETIAS travel authorisations following the entering in SIS of new alerts on refusal of entry and stay, or new alerts concerning a travel document reported as lost, stolen, misappropriated or invalidated. In order for the ETIAS Central System to be informed automatically by SIS of such new alerts, an automated process should be established between SIS and ETIAS.

(9)

The conditions, including access rights, under which the ETIAS Central Unit and ETIAS National Units are able to consult data stored in other EU information systems for the purposes of ETIAS should be safeguarded by clear and precise rules regarding access by the ETIAS Central Unit and ETIAS National Units to the data stored in other EU information systems, the types of query and the categories of data, all of which should be limited to what is strictly necessary for the performance of their duties. In the same vein, the data stored in the ETIAS application files should be visible only to those Member States that operate the underlying information systems in accordance with the arrangements for their participation.

(10)

Pursuant to Regulation (EU) 2018/1240, the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), established by Regulation (EU) 2018/1726 of the European Parliament and of the Council (9), is to be responsible for the design and development phase of the ETIAS Information System.

(11)

This Regulation is without prejudice to Directive 2004/38/EC of the European Parliament and of the Council (10).

(12)

In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union (TEU) and to the Treaty on the Functioning of the European Union (TFEU), Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application. Given that this Regulation builds upon the Schengen acquis, Denmark shall, in accordance with Article 4 of that Protocol, decide within a period of six months after the Council has decided on this Regulation whether it will implement it in its national law.

(13)

Insofar as its provisions relate to SIS as governed by Regulation (EU) 2018/1862, Ireland is taking part in this Regulation, in accordance with Article 5(1) of Protocol No 19 on the Schengen acquis integrated into the framework of the European Union, annexed to the TEU and to the TFEU, and Article 6(2) of Council Decision 2002/192/EC (11). Furthermore, insofar as its provisions relate to Europol, Eurodac and ECRIS-TCN, in accordance with Articles 1 and 2 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the TEU and to the TFEU, and without prejudice to Article 4 of that Protocol, Ireland is not taking part in the adoption of this Regulation and is not bound by it or subject to its application.

(14)

With regard to Cyprus and Croatia, this Regulation constitutes an act building upon, or otherwise relating to, the Schengen acquis within, respectively, the meaning of Article 3(2) of the 2003 Act of Accession and Article 4(2) of the 2011 Act of Accession. With respect to Croatia, this Regulation has to be read in conjunction with Council Decision (EU) 2017/733 (12).

(15)

As regards Iceland and Norway, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latters’ association with the implementation, application and development of the Schengen acquis (13) which fall within the area referred to in Article 1, point G, of Council Decision 1999/437/EC (14).

(16)

As regards Switzerland, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (15), which fall within the area referred to in Article 1, point G, of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/149/JHA (16).

(17)

As regards Liechtenstein, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (17) which fall within the area referred to in Article 1, point G, of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/349/EU (18).

(18)

Regulations (EU) 2018/1862 and (EU) 2019/818 should therefore be amended accordingly.

(19)

Since the objectives of this Regulation, namely to amend Regulations (EU) 2018/1862 and (EU) 2019/818 in order to connect the ETIAS Central System to other EU information systems and to Europol data and to specify the data that will be sent between those EU information systems and Europol data, cannot be sufficiently achieved by the Member States but can rather, by reason of their scale and effects, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 TEU. In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives.

(20)

The European Data Protection Supervisor was consulted, in accordance with Article 41(2) of Regulation (EU) 2018/1725 of the European Parliament and the Council (19),

HAVE ADOPTED THIS REGULATION:

Article 1

Amendments to Regulation (EU) 2018/1862

Regulation (EU) 2018/1862 is amended as follows:

(1)

the following article is inserted:

‘Article 18b

Keeping of logs for the purposes of interoperability with ETIAS

Logs of each data processing operation carried out within SIS and the European Travel Information and Authorisation System (ETIAS) pursuant to Article 50b of this Regulation shall be kept in accordance with Article 18 of this Regulation and Article 69 of Regulation (EU) 2018/1240 of the European Parliament and of the Council (*1).

(*1)  Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).’;"

(2)

in Article 44(1), the following point is added:

‘(h)

the manual processing of ETIAS applications by the ETIAS National Unit, pursuant to Article 8 of Regulation (EU) 2018/1240.’;

(3)

the following article is inserted:

‘Article 49a

Access to data in SIS by the ETIAS Central Unit

1.   For the purpose of performing the tasks conferred on it by Regulation (EU) 2018/1240, the ETIAS Central Unit, established within the European Border and Coast Guard Agency in accordance with Article 7 of that Regulation, shall have the right to access and search data in SIS in accordance with Article 11(8) of that Regulation. Article 50(4) to (8) of this Regulation shall apply to such access and searches.

2.   Where a verification by the ETIAS Central Unit pursuant to Article 22 and Article 23(2) of Regulation (EU) 2018/1240 confirms that the data recorded in an ETIAS application file corresponds to an alert in SIS or where after such verification doubts remain, Articles 23, 24 and 26 of that Regulation shall apply.’;

(4)

the following article is inserted:

‘Article 50b

Interoperability with ETIAS

1.   From the date of the start of operations of ETIAS, as determined in accordance with Article 88(1) of Regulation (EU) 2018/1240, the Central SIS shall be connected to the ESP to enable the automated verifications pursuant to Article 20, Article 23, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) of that Regulation and the subsequent verifications provided for in Articles 22, 23 and 26 of that Regulation.

2.   For the purpose of proceeding with the verifications referred to in points (a), (d) and (m)(i) of Article 20(2) and in Article 23(1) of Regulation (EU) 2018/1240, the ETIAS Central System, as defined in point (25) of Article 3(1) of that Regulation, shall use the ESP to compare the data referred to in Article 11(5) of that Regulation to data in SIS, in accordance with Article 11(8) of that Regulation.

3.   For the purpose of proceeding with the verifications referred to in point (c)(ii) of Article 24(6) and point (b) of Article 54(1) of Regulation (EU) 2018/1240, the ETIAS Central System shall use the ESP to regularly verify whether an alert on blank official documents or an identity document entered in SIS, as referred to in points (k) and (l) of Article 38(2) of this Regulation, which gave rise to the refusal, annulment or revocation of a travel authorisation has been deleted.

4.   Where a new alert is entered in SIS on a travel document that has been reported lost, stolen, misappropriated or invalidated, the Central SIS shall, in accordance with Article 41(3) of Regulation (EU) 2018/1240, transmit the information on that alert, using an automated process and the ESP, to the ETIAS Central System in order for that system to verify whether that new alert corresponds to a valid travel authorisation.’.

Article 2

Amendment to Regulation (EU) 2019/818

In Article 68 of Regulation (EU) 2019/818, the following paragraph is inserted:

‘1b.   Without prejudice to paragraph 1 of this Article, the ESP shall start operations, for the purposes of the automated verifications pursuant to Article 20, Article 23, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) of Regulation (EU) 2018/1240 only, once the conditions laid down in Article 88 of that Regulation have been met.’.

Article 3

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.

Done at Strasbourg, 7 July 2021.

For the European Parliament

The President

D. M. SASSOLI

For the Council

The President

A. LOGAR


(1)  Position of the European Parliament of 8 June 2021 (not yet published in the Official Journal) and decision of the Council of 28 June 2021.

(2)  Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).

(3)  Regulation (EU) 2021/1151 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EU) 2019/816 and (EU) 2019/818 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the European Travel Information and Authorisation System (see page 7 of this Official Journal).

(4)  Regulation (EU) 2021/1152 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EC) No 767/2008, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1860, (EU) 2018/1861 and (EU) 2019/817 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the European Travel Information and Authorisation System (see page 15 of this Official Journal).

(5)  Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU (OJ L 312, 7.12.2018, p. 56).

(6)  Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (OJ L 135, 22.5.2019, p. 85).

(7)  Regulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (OJ L 180, 29.6.2013, p. 1).

(8)  Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (OJ L 135, 22.5.2019, p. 27).

(9)  Regulation (EU) 2018/1726 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), and amending Regulation (EC) No 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) No 1077/2011 (OJ L 295, 21.11.2018, p. 99).

(10)  Directive 2004/38/EC of the European Parliament and of the Council of 29 April 2004 on the right of citizens of the Union and their family members to move and reside freely within the territory of the Member States amending Regulation (EEC) No 1612/68 and repealing Directives 64/221/EEC, 68/360/EEC, 72/194/EEC, 73/148/EEC, 75/34/EEC, 75/35/EEC, 90/364/EEC, 90/365/EEC and 93/96/EEC (OJ L 158, 30.4.2004, p. 77).

(11)  Council Decision 2002/192/EC of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen acquis (OJ L 64, 7.3.2002, p. 20).

(12)  Council Decision (EU) 2017/733 of 25 April 2017 on the application of the provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Croatia (OJ L 108, 26.4.2017, p. 31).

(13)   OJ L 176, 10.7.1999, p. 36.

(14)  Council Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis (OJ L 176, 10.7.1999, p. 31).

(15)   OJ L 53, 27.2.2008, p. 52.

(16)  Council Decision 2008/149/JHA of 28 January 2008 on the conclusion on behalf of the European Union of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (OJ L 53, 27.2.2008, p. 50).

(17)   OJ L 160, 18.6.2011, p. 21.

(18)  Council Decision 2011/349/EU of 7 March 2011 on the conclusion on behalf of the European Union of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis, relating in particular to judicial cooperation in criminal matters and police cooperation (OJ L 160, 18.6.2011, p. 1).

(19)  Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).