02018R1726 — EN — 25.04.2024 — 004.001
This text is meant purely as a documentation tool and has no legal effect. The Union's institutions do not assume any liability for its contents. The authentic versions of the relevant acts, including their preambles, are those published in the Official Journal of the European Union and available in EUR-Lex. Those official texts are directly accessible through the links embedded in this document
REGULATION (EU) 2018/1726 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 November 2018 (OJ L 295 21.11.2018, p. 99) |
Amended by:
|
|
Official Journal |
||
No |
page |
date |
||
REGULATION (EU) 2019/816 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 April 2019 |
L 135 |
1 |
22.5.2019 |
|
REGULATION (EU) 2019/817 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 20 May 2019 |
L 135 |
27 |
22.5.2019 |
|
REGULATION (EU) 2019/818 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 20 May 2019 |
L 135 |
85 |
22.5.2019 |
|
REGULATION (EU) 2022/850 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 30 May 2022 |
L 150 |
1 |
1.6.2022 |
|
REGULATION (EU) 2023/969 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 10 May 2023 |
L 132 |
1 |
17.5.2023 |
|
REGULATION (EU) 2024/982 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 13 March 2024 |
L 982 |
1 |
5.4.2024 |
Corrected by:
REGULATION (EU) 2018/1726 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 14 November 2018
on the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), and amending Regulation (EC) No 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) No 1077/2011
CHAPTER I
SUBJECT MATTER AND OBJECTIVES
Article 1
Subject matter
The Agency shall also be responsible for the following tasks:
ensuring data quality in accordance with Article 12;
developing the necessary actions to enable interoperability in accordance with Article 13;
carrying out research activities in accordance with Article 14;
carrying out pilot projects, proofs of concept and testing activities in accordance with Article 15; and
providing support to Member States and the Commission in accordance with Article 16.
Article 2
Objectives
Without prejudice to the respective responsibilities of the Commission and of the Member States under the Union legal acts governing large-scale IT systems, the Agency shall ensure:
the development of large-scale IT systems using an adequate project management structure for efficiently developing such systems;
the effective, secure and continuous operation of large-scale IT systems;
the efficient and financially accountable management of large-scale IT systems;
an adequately high quality of service for users of large-scale IT systems;
continuity and uninterrupted service;
a high level of data protection, in accordance with Union data protection law, including specific provisions for each large-scale IT system;
an appropriate level of data and physical security, in accordance with the applicable rules, including specific provisions for each large-scale IT system.
CHAPTER II
TASKS OF THE AGENCY
Article 3
Tasks relating to SIS II
In relation to SIS II, the Agency shall perform:
the tasks conferred on the Management Authority by Regulation (EC) No 1987/2006 and Decision 2007/533/JHA; and
tasks relating to training on the technical use of SIS II, in particular for SIRENE staff (SIRENE — Supplementary Information Request at the National Entries), and training of experts on the technical aspects of SIS II in the framework of Schengen evaluation.
Article 4
Tasks relating to the VIS
In relation to the VIS, the Agency shall perform:
the tasks conferred on the Management Authority by Regulation (EC) No 767/2008 and Decision 2008/633/JHA; and
tasks relating to training on the technical use of the VIS and training of experts on the technical aspects of the VIS in the framework of Schengen evaluation.
Article 5
Tasks relating to Eurodac
In relation to Eurodac, the Agency shall perform:
the tasks conferred on it by Regulation (EU) No 603/2013; and
tasks relating to training on the technical use of Eurodac.
Article 6
Tasks relating to the EES
In relation to the EES, the Agency shall perform:
the tasks conferred on it by Regulation (EU) 2017/2226; and
tasks relating to training on the technical use of the EES and training of experts on the technical aspects of the EES in the framework of Schengen evaluation.
Article 7
Tasks relating to ETIAS
In relation to ETIAS, the Agency shall perform:
the tasks conferred on it by Regulation (EU) 2018/1240; and
tasks relating to training on the technical use of ETIAS and training of experts on the technical aspects of ETIAS in the framework of Schengen evaluation.
Article 8
Tasks relating to DubliNet
In relation to DubliNet, the Agency shall perform:
the operational management of DubliNet, a separate secure electronic transmission channel between the authorities of Member States, set up under Article 18 of Regulation (EC) No 1560/2003, for the purposes of Articles 31, 32 and 34 of Regulation (EU) No 604/2013 of the European Parliament and of the Council ( 1 ); and
tasks relating to training on the technical use of DubliNet.
Article 8a
Tasks related to ECRIS-TCN and the ECRIS reference implementation
In relation to ECRIS-TCN and the ECRIS reference implementation, the Agency shall perform:
the tasks conferred on it by Regulation (EU) 2019/816 of the European Parliament and of the Council ( 2 );
tasks relating to training on the technical use of ECRIS-TCN and the ECRIS reference implementation.
Article 8b
Tasks related to the e-CODEX system
In relation to the e-CODEX system, the Agency shall perform:
the tasks conferred on it by Regulation (EU) 2022/850 of the European Parliament and of the Council ( 3 );
tasks relating to training on the technical use of the e-CODEX system, including the provision of online training materials.
Article 8c
Tasks related to the JITs collaboration platform
In relation to the JITs collaboration platform, the Agency shall perform:
the tasks conferred on it by Regulation (EU) 2023/969 of the European Parliament and of the Council ( 4 );
tasks relating to training on the technical use of the JITs collaboration platform provided to the JITs Network Secretariat, including the provision of training materials.
Article 8d
Tasks related to the Prüm II router
In relation to the Prüm II router, the Agency shall perform the tasks conferred on it by Regulation (EU) 2024/982 of the European Parliament and of the Council ( 5 ).
Article 9
Tasks relating to the preparation, development and operational management of other large-scale IT systems
When entrusted with the preparation, development or operational management of other large-scale IT systems referred to in Article 1(5), the Agency shall perform the tasks conferred on it pursuant to the Union legal act governing the relevant system, as well as tasks relating to training on the technical use of those systems, as appropriate.
Article 10
Technical solutions requiring specific conditions before implementation
Where the Union legal acts governing the systems require the Agency to keep those systems functioning 24 hours a day, 7 days a week and without prejudice to those Union legal acts, the Agency shall implement technical solutions to meet those requirements. Where those technical solutions require a duplication of a system or a duplication of components of a system, they shall only be implemented where an independent impact assessment and cost-benefit analysis to be commissioned by the Agency has been carried out and following the consultation of the Commission and the positive decision of the Management Board. The impact assessment shall also examine existing and future needs in terms of the hosting capacity of the existing technical sites related to the development of such technical solutions and the possible risks related to the current operational set up.
Article 11
Tasks relating to the communication infrastructure
Tasks relating to the delivery, setting up, maintenance and monitoring of the communication infrastructure may be entrusted to external private-sector entities or bodies in accordance with Regulation (EU, Euratom) 2018/1046. Such tasks shall be carried out under the responsibility of the Agency and under its close supervision.
When carrying out the tasks referred to in the first subparagraph, all external private-sector entities or bodies, including network providers, shall be bound by the security measures referred to in paragraph 3 and shall have no access, by any means, to any operational data stored in the systems or transferred through the communication infrastructure or to the SIS II-related SIRENE exchange.
Article 12
Data quality
Article 13
Interoperability
Where interoperability of large-scale IT systems has been stipulated in a relevant Union legal act, the Agency shall develop the necessary actions to enable that interoperability.
Article 14
Monitoring of research
The Agency may contribute to the implementation of the parts of the European Union Framework Programme for Research and Innovation that relate to large-scale IT systems in the area of freedom, security and justice. For that purpose, and where the Commission has delegated the relevant powers to it, the Agency shall have the following tasks:
managing some stages of programme implementation and some phases in the lifetime of specific projects on the basis of the relevant work programmes adopted by the Commission;
adopting the instruments of budget execution and for revenue and expenditure and carrying out all the operations necessary for the management of the programme; and
providing support in programme implementation.
Article 15
Pilot projects, proofs of concept and testing activities
Upon the specific and precise request of the Commission, which shall have informed the European Parliament and the Council at least three months in advance of making such a request, and after a positive decision of the Management Board, the Agency may, in accordance with point (u) of Article 19(1) of this Regulation and by way of a delegation agreement be entrusted with carrying out pilot projects as referred to in point (a) of Article 58(2) of Regulation (EU, Euratom) 2018/1046 for the development or the operational management of large-scale IT systems pursuant to Articles 67 to 89 TFEU in accordance with point (c) of Article 62(1) of Regulation (EU, Euratom) 2018/1046.
The Agency shall keep the European Parliament, the Council and, where the processing of personal data is concerned, the European Data Protection Supervisor informed on a regular basis of the evolution of the pilot projects carried out by the Agency under the first subparagraph.
Article 16
Support to Member States and the Commission
Any Member State may submit a request for ad hoc support to the Commission, which, subject to its positive assessment that such support is required by virtue of extraordinary security or migratory needs, shall transmit it, without delay, to the Agency. The Agency shall inform the Management Board of such requests. The Member State shall be informed where the Commission’s assessment is negative.
The Commission shall monitor whether the Agency has provided a timely response to the Member State's request. The Agency’s annual activity report shall report in detail on the actions the Agency has carried out to provide ad hoc support to Member States and on the costs incurred in that respect.
A group of at least five Member States may entrust the Agency with the task of developing, managing or hosting a common IT component to assist them in implementing technical aspects of obligations deriving from Union law on decentralised systems in the area of freedom, security and justice. Those common IT solutions shall be without prejudice to the obligations of the requesting Member States under the applicable Union law, in particular with regard to the architecture of those systems.
In particular, the requesting Member States may entrust the Agency with the task of establishing a common component or router for advance passenger information and passenger name record data as a technical support tool to facilitate connectivity with air carriers in order to assist Member States in the implementation of Council Directive 2004/82/EC ( 8 ) and Directive (EU) 2016/681 of the European Parliament and of the Council ( 9 ). In such a case the Agency shall centrally collect the data from air carriers and transmit those data to the Member States via the common component or router. The requesting Member States shall adopt the necessary measures to ensure that air carriers transfer the data via the Agency.
The Agency shall be entrusted with the task of developing, managing or hosting a common IT component only after prior approval by the Commission and subject to a positive decision of the Management Board.
The requesting Member States shall entrust the Agency with the tasks referred to in the first and second subparagraphs by way of a delegation agreement setting out the conditions for the delegation of the tasks and the calculation of all relevant costs and the invoicing method. All relevant costs shall be covered by the participating Member States. The delegation agreement shall comply with the Union legal acts governing the systems in question. The Agency shall inform the European Parliament and the Council of the approved delegation agreement and of any modifications thereto.
Other Member States may request to participate in a common IT solution where this possibility is provided for in the delegation agreement setting out, in particular, the financial implications of such participation. The delegation agreement shall be modified accordingly following the prior approval by the Commission and after a positive decision of the Management Board.
CHAPTER III
STRUCTURE AND ORGANISATION
Article 17
Legal status and location
The seat of the Agency shall be Tallinn, Estonia.
The tasks relating to development and operational management referred to in Article 1(4) and (5) and Articles 3, 4, 5, 6, 7, 8, 9 and 11 shall be carried out at the technical site in Strasbourg, France.
The tasks relating to development and operational management referred to in Article 1(4) and (5), Articles 3 to 8 and Articles 8d, 9 and 11 shall be carried out at the technical site in Strasbourg, France.
A backup site capable of ensuring the operation of a large-scale IT system in the event of failure of such a system shall be installed in Sankt Johann im Pongau, Austria.
Article 18
Structure
The administrative and management structure of the Agency shall comprise:
a Management Board;
an Executive Director;
Advisory Groups.
The structure of the Agency shall include:
a data protection officer;
a security officer;
an accounting officer.
Article 19
Functions of the Management Board
The Management Board shall:
provide the general orientation for the Agency’s activities;
adopt, by a majority of two-thirds of members entitled to vote, the annual budget of the Agency and exercise other functions in respect of the Agency’s budget pursuant to Chapter V;
appoint the Executive Director and the Deputy Executive Director and, where relevant, extend their respective terms of office or remove them from office in accordance with Articles 25 and 26 respectively;
exercise disciplinary authority over the Executive Director and oversee his or her performance, including the implementation of the Management Board’s decisions, and exercise disciplinary authority over the Deputy Executive Director in agreement with the Executive Director;
take all decisions on the establishment of the Agency’s organisational structure and, where necessary, its modification, taking into consideration the Agency’s activity needs and having regard to sound budgetary management;
adopt the Agency’s staff policy;
establish the Agency’s rules of procedure;
adopt an anti-fraud strategy, proportionate to the risk of fraud, taking into account the costs and benefits of the measures to be implemented;
adopt rules for the prevention and management of conflicts of interest in respect of its members and publish them on the Agency’s website;
adopt detailed internal rules and procedures for the protection of whistleblowers, including appropriate channels of communication for reporting misconduct;
authorise the conclusion of working arrangements in accordance with Articles 41 and 43;
approve, following a proposal by the Executive Director, the Headquarters Agreement concerning the seat of the Agency and the agreements concerning the technical and backup sites, set up in accordance with Article 17(3), to be signed by the Executive Director and the host Member States;
exercise, in accordance with paragraph 2, with respect to the staff of the Agency, the powers conferred by the Staff Regulations of Officials on the Appointing Authority and by the Conditions of Employment of Other Servants on the Authority Empowered to Conclude a Contract of Employment (‘the appointing authority powers’);
adopt, in agreement with the Commission, the necessary implementing rules for giving effect to the Staff Regulations in accordance with Article 110 of the Staff Regulations of Officials;
adopt the necessary rules on the secondment of national experts to the Agency;
adopt a draft estimate of the Agency’s revenue and expenditure, including the draft establishment plan, and submit them by 31 January each year to the Commission;
adopt the draft single programming document, containing the Agency’s multiannual programming and its work programme for the following year and a provisional draft estimate of the Agency’s revenue and expenditure, including the draft establishment plan, and submit it by 31 January each year, as well as any updated version of that document, to the European Parliament, to the Council and to the Commission;
adopt, before 30 November each year, by a two-thirds majority of its members with the right to vote, and in accordance with the annual budgetary procedure, the single programming document taking into account the opinion of the Commission and ensure that the definitive version of this single programming document is transmitted to the European Parliament, to the Council and to the Commission and is published;
adopt an interim report by the end of August of each year on the progress of the implementation of the planned activities for the current year and submit it to the European Parliament, to the Council and to the Commission;
assess and adopt the consolidated annual activity report of the Agency’s activities for the previous year, comparing, in particular, the results achieved with the objectives of the annual work programme, and send both the report and its assessment by 1 July of each year to the European Parliament, to the Council, to the Commission and to the Court of Auditors and ensure that the annual activity report is published;
carry out its functions relating to the Agency’s budget, including the implementation of pilot projects and proofs of concept as referred to in Article 15;
adopt the financial rules applicable to the Agency in accordance with Article 49;
appoint an accounting officer, who may be the Commission’s accounting officer, subject to the Staff Regulations, who shall be completely independent in the performance of his or her duties;
ensure adequate follow-up to the findings and recommendations stemming from the various internal or external audit reports and evaluations as well as from investigations by the European Anti-Fraud Office (OLAF) and the European Public Prosecutor’s Office (EPPO);
adopt the communication and dissemination plans referred to in Article 34(4) and regularly update them;
adopt the necessary security measures, including a security plan and a business continuity and disaster recovery plan, taking into account the possible recommendations of the security experts present in the Advisory Groups;
adopt the security rules on the protection of classified information and non-classified sensitive information following approval by the Commission;
appoint a security officer;
appoint a data protection officer in accordance with Regulation (EU) 2018/1725;
adopt the detailed rules for implementing Regulation (EC) No 1049/2001;
adopt the reports on the development of the EES pursuant to Article 72(2) of Regulation (EU) 2017/2226, the reports on the development of ETIAS pursuant to Article 92(2) of Regulation (EU) 2018/1240 and the reports on the development of ECRIS-TCN and of the ECRIS reference implementation pursuant to Article 36(3) of Regulation (EU) 2019/816;
adopt reports on the state of play of the development of the interoperability components pursuant to Article 78(2) of Regulation (EU) 2019/817 and Article 74(2) of Regulation (EU) 2019/818;
adopt reports on the state of play of the development of the Prüm II router pursuant to Article 80(2) of Regulation (EU) 2024/982;
adopt reports on the technical functioning of the following:
VIS pursuant to Article 50(3) of Regulation (EC) No 767/2008 and Article 17(3) of Decision 2008/633/JHA;
the EES pursuant to Article 72(4) of Regulation (EU) 2017/2226;
ETIAS pursuant to Article 92(4) of Regulation (EU) 2018/1240;
ECRIS-TCN and of the ECRIS reference implementation pursuant to Article 36(8) of Regulation (EU) 2019/816;
the interoperability components pursuant to Article 78(3) of Regulation (EU) 2019/817 and Article 74(3) of Regulation (EU) 2019/818;
the e-CODEX system pursuant to Article 16(1) of Regulation (EU) 2022/850;
the JITs collaboration platform pursuant to Article 26(6) of Regulation (EU) 2023/969;
the Prüm II router pursuant to Article 80(5) of Regulation (EU) 2024/982;
adopt the annual report on the activities of the Central System of Eurodac pursuant to Article 40(1) of Regulation (EU) No 603/2013;
adopt formal comments on the European Data Protection Supervisor’s reports on its audits pursuant to Article 56(2) of Regulation (EU) 2018/1861, Article 42(2) of Regulation (EC) No 767/2008, Article 31(2) of Regulation (EU) No 603/2013, Article 56(2) of Regulation (EU) 2017/2226, Article 67 of Regulation (EU) 2018/1240, Article 29(2) of Regulation (EU) 2019/816, Article 52 of Regulations (EU) 2019/817 and (EU) No 2019/818 and Article 58(1) of Regulation (EU) 2024/982 and ensure appropriate follow-up of those audits;
publish statistics related to SIS II pursuant to Article 50(3) of Regulation (EC) No 1987/2006 and Article 66(3) of Decision 2007/533/JHA respectively;
compile and publish statistics on the work of the Central System of Eurodac pursuant to Article 8(2) of Regulation (EU) No 603/2013;
publish statistics related to the EES pursuant to Article 63 of Regulation (EU) 2017/2226;
publish statistics related to ETIAS pursuant to Article 84 of Regulation (EU) 2018/1240;
submit to the Commission statistics related to ECRIS-TCN and to the ECRIS reference implementation pursuant to the second subparagraph of Article 32(3) of Regulation (EU) 2019/816;
ensure annual publication of the following:
the list of competent authorities authorised to search directly the data contained in SIS pursuant to Article 41(8) of Regulation (EU) 2018/1861 and Article 56(7) of Regulation (EU) 2018/1862, together with the list of Offices of the national systems of SIS (N.SIS) and SIRENE Bureaux pursuant to Article 7(3) of Regulation (EU) 2018/1861 and Article 7(3) of Regulation (EU) 2018/1862, respectively;
the list of competent authorities pursuant to Article 65(2) of Regulation (EU) 2017/2226;
the list of competent authorities pursuant to Article 87(2) of Regulation (EU) 2018/1240;
the list of central authorities pursuant to Article 34(2) of Regulation (EU) 2019/816;
the list of authorities pursuant to Article 71(1) of Regulation (EU) 2019/817 and Article 67(1) of Regulation (EU) 2019/818;
the list of authorised e-CODEX access points pursuant to Article 7(1), point (h), of Regulation (EU) 2022/850;
ensure annual publication of the list of units pursuant to Article 27(2) of Regulation (EU) No 603/2013;
ensure that all decisions and actions of the Agency affecting large-scale IT systems in the area of freedom, security and justice respect the principle of independence of the judiciary;
perform any other tasks conferred on it in accordance with this Regulation.
Without prejudice to the provisions on publication of the lists of relevant authorities provided for in the Union legal acts referred to in point (mm) of the first subparagraph and where an obligation to publish and continuously update those lists on the Agency’s website is not provided for in those legal acts, the Management Board shall ensure such publication and continuous update.
The Management Board shall adopt, in accordance with Article 110 of the Staff Regulations of Officials, a decision based on Article 2(1) of the Staff Regulations of Officials and on Article 6 of the Conditions of Employment of Other Servants delegating relevant appointing authority powers to the Executive Director and defining the conditions under which this delegation of powers can be suspended. The Executive Director shall be authorised to sub-delegate those powers.
Where exceptional circumstances so require, the Management Board may, by way of a decision, temporarily suspend the delegation of the appointing authority powers to the Executive Director and those sub-delegated by him or her and exercise them itself or delegate them to one of its members or to a staff member other than the Executive Director.
Article 20
Composition of the Management Board
Article 21
Chairperson of the Management Board
The Management Board shall elect a Chairperson and a Deputy Chairperson from among those members of the Management Board that are appointed by Member States which are fully bound under Union law by all the Union legal acts governing the development, establishment, operation and use of all the large-scale IT systems managed by the Agency. The Chairperson and the Deputy Chairperson shall be elected by a majority of two-thirds of the members of the Management Board with the right to vote.
The Deputy Chairperson shall automatically replace the Chairperson if he or she is prevented from attending to his or her duties.
Article 22
Meetings of the Management Board
The European Border and Coast Guard Agency may attend the meetings of the Management Board as an observer when a question concerning SIS in relation to the application of Regulation (EU) 2016/1624 is on the agenda.
Europol may attend the meetings of the Management Board as an observer when a question concerning VIS, in relation to the application of Decision 2008/633/JHA or a question concerning Eurodac, in relation to the application of Regulation (EU) No 603/2013 is on the agenda.
Europol may attend the meetings of the Management Board as an observer when a question concerning EES in relation to the application of Regulation (EU) 2017/2226 is on the agenda or when a question concerning ETIAS in relation to Regulation (EU) 2018/1240 is on the agenda.
The European Border and Coast Guard Agency may attend the meetings of the Management Board as an observer when a question concerning ETIAS in relation with the application of Regulation (EU) 2018/1240 is on the agenda.
Eurojust, Europol and the European Public Prosecutor's Office may attend the meetings of the Management Board as observers when a question concerning Regulation (EU) 2019/816 is on the agenda.
Europol, Eurojust and the European Border and Coast Guard Agency may attend the meetings of the Management Board as observers when a question concerning Regulations (EU) 2019/817 and (EU) 2019/818 is on the agenda.
The Management Board may invite any other person whose opinion may be of interest to attend its meetings as an observer.
Article 23
Voting rules of the Management Board
Each member appointed by a Member State which is bound under Union law by any Union legal act governing the development, establishment, operation and use of a large-scale IT system managed by the Agency may vote on a question which concerns that large-scale IT system.
Denmark may vote on a question which concerns a large-scale IT system if it decides under Article 4 of the Protocol No 22 to implement the Union legal act governing the development, establishment, operation and use of that particular large-scale IT system in its national law.
Article 24
Responsibilities of the Executive Director
The Executive Director shall be responsible for the implementation of tasks assigned to the Agency by this Regulation. In particular, the Executive Director shall be responsible for:
the day-to-day administration of the Agency;
the operation of the Agency in accordance with this Regulation;
preparing and implementing the procedures, decisions, strategies, programmes and activities adopted by the Management Board, within the limits set out by this Regulation, its implementing rules and the applicable Union law;
preparing the single programming document and submitting it to the Management Board after consulting the Commission and the Advisory Groups;
implementing the single programming document and reporting to the Management Board on its implementation;
preparing the interim report on the progress of the implementation of the planned activities for the current year and, after consulting the Advisory Groups, submitting it to the Management Board for adoption by the end of August of each year;
preparing the consolidated annual report of the Agency’s activities and, after consulting the Advisory Groups, submitting it to the Management Board for assessment and adoption;
preparing an action plan following up on the conclusions of internal or external audit reports and evaluations, as well as on investigations by OLAF and by the EPPO, and reporting on progress twice a year to the Commission and regularly to the Management Board;
protecting the financial interests of the Union by applying preventive measures against fraud, corruption and any other illegal activities, without prejudicing the investigative competence of the EPPO and OLAF, by effective checks and, if irregularities are detected, by recovering amounts wrongly paid and, where appropriate, by imposing effective, proportionate and dissuasive administrative, including financial, penalties;
preparing an anti-fraud strategy for the Agency and submitting it to the Management Board for approval as well as monitoring the proper and timely implementation of that strategy;
preparing draft financial rules applicable to the Agency and submitting them to the Management Board for adoption after consulting the Commission;
preparing the draft budget for the following year, established on the basis of activity-based budgeting;
preparing the Agency’s draft statement of estimates of revenue and expenditure;
implementing the budget of the Agency;
establishing and implementing an effective system to enable the regular monitoring and evaluation of:
large-scale IT systems, including statistics, and
the Agency, including the effective and efficient achievement of its objectives;
without prejudice to Article 17 of the Staff Regulations of Officials, establishing confidentiality requirements in order to comply with Article 17 of Regulation (EC) No 1987/2006, Article 17 of Decision 2007/533/JHA, Article 26(9) of Regulation (EC) No 767/2008, Article 4(4) of Regulation (EU) No 603/2013, Article 37(4) of Regulation (EU) 2017/2226, Article 74(2) of Regulation (EU) 2018/1240, Article 11(16) of Regulation (EU) 2019/816 and Article 55(2) of Regulations (EU) 2019/817 and (EU) 2019/818;
negotiating and, after approval by the Management Board, signing a Headquarters Agreement concerning the seat of the Agency and agreements concerning the technical and backup sites with the host Member States;
preparing the practical arrangements for implementing Regulation (EC) No 1049/2001 and submitting them to the Management Board for adoption;
preparing the necessary security measures, including a security plan and a business continuity and disaster recovery plan, and, after consulting the relevant Advisory Group, submitting them to the Management Board for adoption;
preparing the reports on the technical functioning of each large-scale IT system referred to in point (ff) of Article 19(1) and the annual report on the activities of the Central System of Eurodac referred to in point (gg) of Article 19(1) on the basis of the results of monitoring and evaluation and, after consulting the relevant Advisory Group, submitting them to the Management Board for adoption;
preparing the reports on the development of the EES referred to in Article 72(2) of Regulation (EC) No 2017/2226 and on the development of ETIAS referred to in Article 92(2) of Regulation (EU) 2018/1240 and submitting them to the Management Board for adoption;
preparing the annual list for publication of competent authorities authorised to search directly the data contained in SIS II, including the list of N.SIS II Offices and SIRENE Bureaux, and the list of competent authorities authorised to search directly the data contained in the EES and ETIAS referred to in point (mm) of Article 19(1) and the list of units referred to in point (nn) of Article 19(1), and submitting them to the Management Board for adoption.
Article 25
Appointment of the Executive Director
Article 26
Deputy Executive Director
Article 27
Advisory Groups
The following Advisory Groups shall provide the Management Board with expertise relating to large-scale IT systems and, in particular, in the context of the preparation of the annual work programme and the annual activity report:
SIS II Advisory Group;
VIS Advisory Group;
Eurodac Advisory Group;
EES-ETIAS Advisory Group;
ECRIS-TCN Advisory Group;
Interoperability Advisory Group;
e-CODEX Advisory Group;
the JITs collaboration platform Advisory Group;
any other advisory group relating to a large-scale IT system when so provided in the relevant Union legal act governing the development, establishment, operation and use of that large-scale IT system.
Each Member State that is bound under Union law by any Union legal act governing the development, establishment, operation and use of a particular large-scale IT system, and the Commission shall appoint one member to the Advisory Group relating to that large-scale IT system for a four-year term, which may be renewed.
Denmark shall also appoint a member to an Advisory Group relating to a large-scale IT system if it decides under Article 4 of the Protocol No 22 to implement the Union legal act governing the development, establishment, operation and use of that particular large-scale IT system in its national law.
Each country associated with the implementation, application and development of the Schengen acquis and with Dublin- and Eurodac-related measures that participates in a particular large-scale IT system shall appoint a member to the Advisory Group relating to that large-scale IT system.
Europol may also appoint a representative to the VIS and Eurodac and EES-ETIAS Advisory Groups.
The European Border and Coast Guard Agency may also appoint a representative to the EES-ETIAS Advisory Group.
Eurojust, Europol, and the European Public Prosecutors Office may each appoint a representative to the ECRIS-TCN Advisory Group.
Europol, Eurojust and the European Border and Coast Guard Agency may each appoint a representative to the Interoperability Advisory Group.
CHAPTER IV
GENERAL PROVISIONS
Article 28
Staff
Article 29
Public interest
The members of the Management Board, the Executive Director, the Deputy Executive Director and the members of the Advisory Groups shall undertake to act in the public interest. For that purpose, they shall issue an annual, written, public statement of commitment which shall be published on the Agency’s website.
The list of members of the Management Board and of members of the Advisory Groups shall be published on the Agency’s website.
Article 30
Headquarters Agreement and agreements concerning the technical sites
Article 31
Privileges and immunities
The Protocol on the Privileges and Immunities of the European Union shall apply to the Agency.
Article 32
Liability
Article 33
Language arrangements
Article 34
Transparency and communication
Article 35
Data protection
Article 36
Purposes of processing personal data
The Agency may process personal data only for the following purposes:
where necessary for the performance of its tasks related to the operational management of large-scale IT systems entrusted to it under Union law;
where necessary for its administrative tasks.
Article 37
Security rules on the protection of classified information and sensitive non-classified information
Article 38
Security of the Agency
Article 39
Evaluation
Article 40
Administrative inquiries
The activities of the Agency shall be subject to the inquiries of the European Ombudsman in accordance with Article 228 TFEU.
Article 41
Cooperation with Union institutions, bodies, offices and agencies
Article 42
Participation by countries associated with the implementation, application and development of the Schengen acquis and with Dublin- and Eurodac-related measures
Article 43
Cooperation with international organisations and other relevant entities
CHAPTER V
ESTABLISHMENT AND STRUCTURE OF THE BUDGET
SECTION 1
Single programming document
Article 44
Single programming document
Each year the Executive Director shall draw up a draft single programming document for the following year, as set out in Article 32 of Delegated Regulation (EU) No 1271/2013 and in the relevant provision of the Agency’s financial rules adopted pursuant to Article 49 of this Regulation and taking into account guidelines set by the Commission.
The single programming document shall contain a multiannual programme, an annual work programme and the Agency’s budget and information on its resources, as set out in detail in the Agency’s financial rules adopted pursuant to Article 49.
Article 45
Establishment of the budget
SECTION 2
Presentation, implementation and control of the budgET
Article 46
Structure of the budget
Without prejudice to other types of income, the revenue of the Agency shall consist of:
a contribution from the Union entered in the general budget of the Union (Commission section);
a contribution from the countries associated with the implementation, application and development of the Schengen acquis and with Dublin- and Eurodac-related measures that participate in the work of the Agency, as established in the respective association agreements and in the arrangements referred to in Article 42 that specify their financial contribution;
Union funding in the form of delegation agreements in accordance with the Agency’s financial rules adopted pursuant to Article 49 and with the provisions of the relevant instruments supporting the policies of the Union;
contributions paid by Member States for the services provided to them in accordance with the delegation agreement referred to in Article 16;
cost recovery paid by Union bodies, offices and agencies for services provided to them in accordance with the working arrangements referred to in Article 41; and
any voluntary financial contribution from the Member States.
Article 47
Implementation and control of the budget
Article 48
Prevention of conflicts of interest
The Agency shall adopt internal rules requiring the members of its Management Board and its Advisory Groups and its staff members to avoid any situation liable to give rise to a conflict of interest during their employment or term of office and to report such situations. Those internal rules shall be published on the website of the Agency.
Article 49
Financial rules
The financial rules applicable to the Agency shall be adopted by the Management Board after consulting the Commission. They shall not depart from Delegated Regulation (EU) No 1271/2013 unless such departure is specifically required for the operation of the Agency and the Commission has given its prior consent.
Article 50
Combating fraud
CHAPTER VI
AMENDMENTS TO OTHER UNION LEGAL ACTS
Article 51
Amendment to Regulation (EC) No 1987/2006
In Regulation (EC) No 1987/2006, Article 15(2) and (3) are replaced by the following:
The Management Authority shall be responsible for all tasks relating to the Communication Infrastructure, in particular:
supervision;
security;
the coordination of relations between the Member States and the provider;
tasks relating to implementation of the budget;
acquisition and renewal, and
contractual matters.’.
Article 52
Amendment to Decision 2007/533/JHA
In Decision 2007/533/JHA, Article 15(2) and (3) are replaced by the following:
The Management Authority shall also be responsible for all tasks relating to the Communication Infrastructure, in particular:
supervision;
security;
the coordination of relations between the Member States and the provider;
tasks relating to implementation of the budget;
acquisition and renewal, and
contractual matters.’.
CHAPTER VII
TRANSITIONAL PROVISIONS
Article 53
Legal succession
Article 54
Transitional arrangements concerning the Management Board and the Advisory Groups
Article 55
Maintenance in force of the internal rules adopted by the Management Board
Internal rules and measures adopted by the Management Board on the basis of Regulation (EU) No 1077/2011 shall remain in force after 11 December 2018, without prejudice to any amendments thereto required by this Regulation.
Article 56
Transitional arrangements concerning the Executive Director
The Executive Director of the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, appointed on the basis of Article 18 of Regulation (EU) No 1077/2011, shall, for his or her remaining term of office, be assigned the responsibilities of the Executive Director of the Agency, as provided for in Article 24 of this Regulation. The other conditions of his or her contract shall remain unchanged. If a decision extending the mandate of the Executive Director in accordance with Article 18(4) of Regulation (EU) No 1077/2011 is adopted prior to 11 December 2018, the term of office shall be extended automatically until 31 October 2022.
CHAPTER VIII
FINAL PROVISIONS
Article 57
Replacement and repeal
Regulation (EU) No 1077/2011 is hereby replaced with regard to the Member States bound by this Regulation.
Therefore, Regulation (EU) No 1077/2011 is repealed.
With regard to the Member States bound by this Regulation, references to the repealed Regulation shall be construed as references to this Regulation and shall be read in accordance with the correlation table in the Annex to this Regulation.
Article 58
Entry into force and applicability
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
This Regulation shall apply from 11 December 2018. However point (x) of Article 19(1), points (h) and (i) of Article 24(3) and Article 50(5) of this Regulation, insofar as they refer to the EPPO, and Article 50(1) of this Regulation, insofar as it refers to Regulation (EU) 2017/1939, shall apply from the date determined by the Commission decision provided for in the second subparagraph of Article 120(2) of Regulation (EU) 2017/1939.
This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.
ANNEX
CORRELATION TABLE
Regulation (EU) No 1077/2011 |
This Regulation |
|
|
Article 1(1) |
Article 1(1) |
— |
Article 1(2) |
Article 1(2) |
Article 1(3) and (4) |
Article 1(3) |
Article 1(5) |
Article 1(4) |
Article 1(6) |
Article 2 |
Article 2 |
Article 3 |
Article 3 |
Article 4 |
Article 4 |
Article 5 |
Article 5 |
Article 5a |
Article 6 |
— |
Article 7 |
— |
Article 8 |
Article 6 |
Article 9 |
— |
Article 10 |
Article 7(1) and (2) |
Article 11(1) |
Article 7(3) |
Article 11(2) |
Article 7(4) |
Article 11(3) |
Article 7(5) |
Article 11(4) |
Article 7(6) |
Article 11(5) |
— |
Article 12 |
— |
Article 13 |
Article 8(1) |
Article 14(1) |
— |
Article 14(2) |
Article 8(2) |
Article 14(3) |
Article 9(1) and (2) |
Article 15(1) and (2) |
— |
Article 15(3) |
— |
Article 15(4) |
— |
Article 16 |
Article 10(1) and (2) |
Article 17(1) and (2) |
Article 10(3) |
Article 24(2) |
Article 10(4) |
Article 17(3) |
— |
Article 17(4) |
— |
Article 17(5) |
Article 11 |
Article 18 |
Article 12(1) |
Article 19(1) |
— |
Article 19(1)(a) |
— |
Article 19((1)(b) |
Article 12(1)(a) |
Article 19(1)(c) |
Article 12(1)(b) |
Article 19(1)(d) |
Article 12(1)(c) |
Article 19(1)(e) |
— |
Article 19(1)(f) |
Article 12(1)(d) |
Article 19(1)(g) |
— |
Article 19(1)(h) |
— |
Article 19(1)(i) |
— |
Article 19(1)(j) |
— |
Article 19(1)(k) |
Article 12(1)(e) |
Article 19(1)(l) |
— |
Article 19(1)(m) |
Article 12(1)(f) |
Article 19(1)(n) |
Article 12(1)(g) |
Article 19(1)(o) |
— |
Article 19(1)(p) |
Article 12(1)(h) |
Article 19(1)(q) |
Article 12(1)(i) |
Article 19(1)(q) |
Article 12(1)(j) |
Article 19(1)(r) |
— |
Article 19(1)(s) |
Article 12(1)(k) |
Article 19(1)(t) |
Article 12(1)(l) |
Article 19(1)(u) |
Article 12(1)(m) |
Article 19(1)(v) |
Article 12(1)(n) |
Article 19(1)(w) |
Article 12(1)(o) |
Article 19(1)(x) |
— |
Article 19(1)(y) |
Article 12(1)(p) |
Article 19(1)(z) |
Article 12(1)(q) |
Article 19(1)(bb) |
Article 12(1)(r) |
Article 19(1)(cc) |
Article 12(1)(s) |
Article 19(1)(dd) |
Article 12(1)(t) |
Article 19(1)(ff) |
Article 12(1)(u)) |
Article 19(1)(gg) |
Article 12(1)(v) |
Article 19(1)(hh) |
Article 12(1)(w) |
Article 19(1)(ii) |
Article 12(1)(x) |
Article 19(1)(jj) |
— |
Article 19(1)(ll) |
Article 12(1)(y) |
Article 19(1)(mm) |
Article 12(1)(z) |
Article 19(1)(nn) |
— |
Article 19(1)(oo) |
Article 12(1)(aa) |
Article 19(1)(pp) |
Article 12(1)(sa) |
Article 19(1)(ee) |
Article 12(1)(xa) |
Article 19(1)(kk) |
Article 12(1)(za) |
Article 19(1)(mm) |
— |
Article 19(1) second subparagraph |
— |
Article 19(2) |
Article 12(2) |
Article 19(3) |
Article 13(1) |
Article 20(1) |
Article 13(2) and (3) |
Article 20(2) |
Article 13(4) |
Article 20(3) |
Article 13(5) |
Article 20(4) |
Article 14(1) and (3) |
Article 21(1) |
Article 14(2) |
Article 21(2) |
Article 15(1) |
Article 22(1) and (3) |
Article 15(2) |
Article 22(2) |
Article 15(3) |
Article 22(5) |
Article 15(4) and (5) |
Article 22(4) |
Article 15(6) |
Article 22(6) |
Article 16(1) to (5) |
Article 23(1) to (5) |
— |
Article 23(6) |
Article 16(6) |
Article 23(7) |
Article 16(7) |
Article 23(8) |
Article 17(1) and (4) |
Article 24(1) |
Article 17(2) |
— |
Article 17(3) |
— |
Article 17(5) and (6) |
Article 24(3) |
Article 17(5)(a) |
Article 24(3)(a) |
Article 17(5)(b) |
Article 24(3)(b) |
Article 17(5)(c) |
Article 24(3)(c) |
Article 17(5)(d) |
Article 24(3)(o) |
Article 17(5)(e) |
Article 22(2) |
Article 17(5)(f) |
Article 19(2) |
Article 17(5)(g) |
Article 24(3)(p) |
Article 17(5)(h) |
Article 24(3)(q) |
Article 17(6)(a) |
Article 24(3)(d) and (g) |
Article 17(6)(b) |
Article 24(3)(k) |
Article 17(6)(c) |
Article 24(3)(d) |
Article 17(6)(d) |
Article 24(3)(l) |
Article 17(6)(e) |
— |
Article 17(6)(f) |
— |
Article 17(6)(g) |
Article 24(3)(r) |
Article 17(6)(h) |
Article 24(3)(s) |
Article 17(6)(i) |
Article 24(3)(t) |
Article 17(6)(j) |
Article 24(3)(v) |
Article 17(6)(k) |
Article 24(3)(u) |
Article 17(7) |
Article 24(4) |
— |
Article 24(5) |
Article 18 |
Article 25 |
Article 18(1) |
Article 25(1) and (10) |
Article 18(2) |
Article 25(2), (3) and (4) |
Article 18(3) |
Article 25(5) |
Article 18(4) |
Article 25(6) |
Article 18(5) |
Article 25(7) |
Article 18(6) |
Article 24(1) |
— |
Article 25(8) |
Article 18(7) |
Article 25(9) and (10) |
— |
Article 25(11) |
— |
Article 26 |
Article 19 |
Article 27 |
Article 20 |
Article 28 |
Article 20(1) and (2) |
Article 28(1) and (2) |
Article 20(3) |
— |
Article 20(4) |
Article 28(3) |
Article 20(5) |
Article 28(4) |
Article 20(6) |
Article 28(5) |
Article 20(7) |
Article 28(6) |
Article 20(8) |
Article 28(7) |
Article 21 |
Article 29 |
Article 22 |
Article 30 |
Article 23 |
Article 31 |
Article 24 |
Article 32 |
Article 25(1) and (2) |
Article 33(1) and (2) |
— |
Article 33(3) |
Article 25(3) |
Article 33(4) |
Articles 26 and 27 |
Article 34 |
Article 28(1) |
Article 35(1) and Article 36(2) |
Article 28(2) |
Article 35(2) |
— |
Article 36(1) |
Article 29(1) and (2) |
Article 37(1) |
Article 29(3) |
Article 37(2) |
Article 30 |
Article 38 |
Article 31(1) |
Article 39(1) |
Article 31(2) |
Article 39(1) and (3) |
— |
Article 39(2) |
— |
Article 40 |
— |
Article 41 |
— |
Article 43 |
— |
Article 44 |
Article 32(1) |
Article 46(3) |
Article 32(2) |
Article 46(4) |
Article 32(3) |
Article 46(2) |
Article 32(4) |
Article 45(2) |
Article 32(5) |
Article 45(2) |
Article 32(6) |
Article 44(2) |
Article 32(7) |
Article 45(3) |
Article 32(8) |
Article 45(4) |
Article 32(9) |
Article 45(5) and (6) |
Article 32(10) |
Article 45(7) |
Article 32(11) |
Article 45(8) |
Article 32(12) |
Article 45(9) |
Article 33(1) to (4) |
Article 47(1) to (4) |
— |
Article 47(5) |
Article 33(5) |
Article 47(6) |
Article 33(6) |
Article 47(7) |
Article 33(7) |
Article 47(8) |
Article 33(8) |
Article 47(9) |
Article 33(9) |
Article 47(10) |
Article 33(10) |
Article 47(11) |
Article 33(11) |
Article 47(12) |
— |
Article 48 |
Article 34 |
Article 49 |
Article 35(1) and (2) |
Article 50(1) and (2) |
— |
Article 50(3) |
Article 35(3) |
Article 50(4) and (5) |
Article 36 |
— |
Article 37 |
Article 42 |
— |
Article 51 |
— |
Article 52 |
— |
Article 53 |
— |
Article 54 |
— |
Article 55 |
— |
Article 56 |
— |
Article 57 |
Article 38 |
Article 58 |
— |
Annex |
( ) Regulation (EU) No 604/2013 of the European Parliament and of the Council of 26 June 2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third country national or a stateless person (OJ L 180, 29.6.2013, p. 31).
( 1 ) Regulation (EU) 2019/816 of the European Parliament and of the Council of 17 April 2019 establishing a centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN) to supplement the European Criminal Records Information System) and amending Regulation (EU) 2018/1726 (OJ L 135, 22.5.2019, p. 1).
( 2 ) Regulation (EU) 2022/850 of the European Parliament and of the Council of 30 May 2022 on a computerised system for the cross-border electronic exchange of data in the area of judicial cooperation in civil and criminal matters (e-CODEX system), and amending Regulation (EU) 2018/1726 (OJ L 150, 31.5.2022, p. 1).
( 3 ) Regulation (EU) 2023/969 of the European Parliament and of the Council of 10 May 2023 establishing a collaboration platform to support the functioning of joint investigation teams and amending Regulation (EU) 2018/1726 (OJ L 132, 17.5.2023, p. 1).
( 4 ) Regulation (EU) 2024/982 of the European Parliament and of the Council of 13 March 2024 on the automated search and exchange of data for police cooperation, and amending Council Decisions 2008/615/JHA and 2008/616/JHA and Regulations (EU) 2018/1726, (EU) No 2019/817 and (EU) 2019/818 of the European Parliament and of the Council (the Prüm II Regulation) (OJ L, 2024/982, 5.4.2024, ELI: http://data.europa.eu/eli/reg/2024/982/oj).
( 5 ) Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (OJ L 135, 22.5.2019, p. 27).
( 6 ) Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (OJ L 135, 22.5.2019, p. 85).
( 6 ) Council Directive 2004/82/EC of 29 April 2004 on the obligation of carriers to communicate passenger data (OJ L 261, 6.8.2004, p. 24).
( 6 ) Directive (EU) 2016/681 of the European Parliament and of the Council of 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime (OJ L 119, 4.5.2016, p. 132).
( 7 ) Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and amending the Convention implementing the Schengen Agreement, and amending and repealing Regulation (EC) No 1987/2006 (OJ L 312, 7.12.2018, p. 14).
( 8 ) Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU (OJ L 312, 7.12.2018, p. 56).
( 8 ) Council Regulation No 1 of 15 April 1958 determining the languages to be used by the European Economic Community (OJ 17, 6.10.1958, p. 385).
( 8 ) Commission Decision (EU, Euratom) 2015/443 of 13 March 2015 on Security in the Commission (OJ L 72, 17.3.2015, p. 41).
( 8 ) Commission Decision (EU, Euratom) 2015/444 of 13 March 2015 on the security rules for protecting EU classified information (OJ L 72, 17.3.2015, p. 53).
( 8 ) Council Regulation (Euratom, EC) No 2185/96 of 11 November 1996 concerning on-the-spot checks and inspections carried out by the Commission in order to protect the European Communities’ financial interests against fraud and other irregularities (OJ L 292, 15.11.1996, p. 2).