817 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the European Travel Information and Authorisation System - Main contents

1. Legislative text

14.7.2021

Official Journal of the European Union

L 249/15

REGULATION (EU) 2021/1152 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

of 7 July 2021

amending Regulations (EC) No 767/2008, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1860, (EU) 2018/1861 and (EU) 2019/817 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the European Travel Information and Authorisation System

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular points (a), (b) and (d) of Article 77(2) thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Acting in accordance with the ordinary legislative procedure (1),

Whereas:

(1)

Regulation (EU) 2018/1240 of the European Parliament and of the Council (2) established the European Travel Information and Authorisation System (‘ETIAS’) for third-country nationals exempt from the requirement to be in possession of a visa when crossing the external borders of the Union. That Regulation laid down the conditions and procedures for issuing or refusing a travel authorisation under ETIAS.

(2)	ETIAS enables consideration of whether the presence of those third-country nationals on the territory of the Member States would pose a security, illegal immigration or high epidemic risk.

(3)

In order to enable the ETIAS Central System to process application files as referred to in Regulation (EU) 2018/1240, it is necessary to establish interoperability between the ETIAS Information System, on the one hand, and the Entry/Exit System (‘EES’), the Visa Information System (‘VIS’), the Schengen Information System (‘SIS’), Eurodac and the European Criminal Record Information System – Third-Country Nationals (‘ECRIS-TCN’) (‘other EU information systems’), and Europol data as defined in that Regulation (‘Europol data’), on the other hand.

(4)

This Regulation, together with Regulations (EU) 2021/1150 (3) and (EU) 2021/1151 (4) of the European Parliament and of the Council, lays down rules on the implementation of the interoperability between the ETIAS Information System, on the one hand, and other EU information systems and Europol data, on the other hand, and the conditions for the consultation of data stored in other EU information systems and Europol data by ETIAS for the purpose of automatically identifying hits. As a result, it is necessary to amend Regulations (EC) No 767/2008 (5), (EU) 2017/2226 (6), (EU) 2018/1240, (EU) 2018/1860 (7), (EU) 2018/1861 (8) and (EU) 2019/817 (9) of the European Parliament and of the Council in order to connect the ETIAS Central System to other EU information systems and to Europol data and to specify the data that will be sent between those EU information systems and Europol data.

(5)	The European Search Portal (ESP), established by Regulation (EU) 2019/817 and Regulation (EU) 2019/818 of the European Parliament and of the Council (10), will enable the data stored in ETIAS and the data stored in the other EU information systems concerned to be queried in parallel.

(6)	Technical arrangements should be established to enable ETIAS to regularly and automatically verify in other EU information systems whether the conditions for the retention of application files, as laid down in Regulation (EU) 2018/1240, are still fulfilled.

(7)

It is necessary, for the purposes of ensuring the full attainment of the objectives of ETIAS, as well as to further the objectives of SIS, set out in Regulation (EU) 2018/1860, to include in the scope of the automated verifications a new alert category introduced by that Regulation, namely the alert on third-country nationals subject to a return decision.

(8)

The return of third-country nationals who do not fulfil or no longer fulfil the conditions for entry to, stay or residence on the territory of the Member States, in accordance with Directive 2008/115/EC of the European Parliament and of the Council (11), is an essential component of the comprehensive efforts to tackle irregular migration and represents an important reason of substantial public interest.

(9)	In order to ensure a high level of data accuracy and reliability, it is important to report false hits generated at the level of the ETIAS Central Unit.

(10)

In order to supplement certain detailed technical aspects of Regulation (EU) 2018/1240, the power to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union (TFEU) should be delegated to the Commission in respect of the specification of the conditions for the correspondence between the data present in a record, alert or file of the other EU information systems consulted and the data present in an ETIAS application file. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level, and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making (12). In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member States’ experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts.

(11)

In order to ensure uniform conditions for the implementation of Regulation (EU) 2018/1240, implementing powers should be conferred on the Commission to establish the technical arrangements for the implementation of certain provisions related to data retention and to detail further the rules relating to the support to carriers to be provided by the ETIAS Central Unit. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council (13).

(12)

In order to ensure uniform conditions for the implementation of Regulation (EU) 2017/2226, implementing powers should be conferred on the Commission to lay down the details of the fall-back procedures in the case of technical impossibility to access data by carriers and to detail further the rules relating to the support to carriers to be provided by the ETIAS Central Unit. Those powers should be exercised in accordance with Regulation (EU) No 182/2011.

(13)

It is possible to revoke ETIAS travel authorisations following the registration in SIS of new alerts on refusal of entry and stay, or concerning a travel document reported as lost, stolen, misappropriated or invalidated. In order for the ETIAS Central System to be informed automatically by SIS of such new alerts, an automated process should be established between SIS and ETIAS.

(14)

With a view to rationalising and simplifying the work of border guards through the implementation of a more uniform border control process for all third-country nationals seeking to enter the territory of the Member States for a short stay and following the adoption of Regulations (EU) 2017/2226 and (EU) 2018/1240, it is desirable to align the way the EES and ETIAS work together with the way the EES and the VIS are integrated with one another for the purpose of border control and registering border crossings in the EES.

(15)

The conditions, including access rights, under which the ETIAS Central Unit and ETIAS National Units are able to consult data stored in other EU information systems for the purposes of ETIAS should be safeguarded by clear and precise rules regarding access by the ETIAS Central Unit and ETIAS National Units to the data stored in other EU information systems, the types of query and the categories of data, all of which should be limited to what is strictly necessary for the performance of their duties. Member States’ access via the ETIAS National Units to the other EU information systems should be in accordance with the participation in the respective legal instruments. In the same vein, the data stored in ETIAS application files should be visible only to those Member States that operate the underlying information systems in accordance with the arrangements for their participation. As an example, the provisions of this Regulation relating to SIS and the VIS constitute provisions building upon all the provisions of the Schengen acquis, for which the Council Decisions 2010/365/EU (14), (EU) 2017/733 (15), (EU) 2017/1908 (16) and (EU) 2018/934 (17) on the application of the provisions of the Schengen acquis relating to SIS and the VIS are relevant.

(16)

Where technical difficulties make it impossible for carriers to access the ETIAS Information System through the carrier gateway, the ETIAS Central Unit should provide operational support to carriers in order to limit the impact on passenger travel and carriers to the extent possible. For that reason, it is necessary to align the fall-back procedures in the case of technical impossibility, including operational support, provided for in the VIS, ETIAS and the EES.

(17)

Pursuant to Regulation (EU) 2018/1240, the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), established by Regulation (EU) 2018/1726 of the European Parliament and of the Council (18), is to be responsible for the design and development phase of the ETIAS Information System.

(18)	This Regulation is without prejudice to Directive 2004/38/EC of the European Parliament and of the Council (19).

(19)

In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union (TEU) and to the TFEU, Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application. Given that this Regulation builds upon the Schengen acquis, Denmark shall, in accordance with Article 4 of that Protocol, decide within a period of six months after the Council has decided on this Regulation whether it will implement it in its national law.

(20)	This Regulation constitutes a development of the provisions of the Schengen acquis in which Ireland does not take part, in accordance with Council Decision 2002/192/EC (20); Ireland is therefore not taking part in the adoption of this Regulation and is not bound by it or subject to its application.

(21)

As regards Iceland and Norway, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latters’ association with the implementation, application and development of the Schengen acquis (21) which fall within the areas referred to in Article 1, points A, B, C and G, of Council Decision 1999/437/EC (22).

(22)

As regards Switzerland, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (23) which fall within the areas referred to in Article 1, points A, B, C and G, of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/146/EC (24).

(23)

As regards Liechtenstein, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (25) which fall within the areas referred to in Article 1, points A, B, C and G, of Council Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU (26).

(24)

As regards Cyprus, Bulgaria, Romania and Croatia, the provisions of this Regulation relating to the VIS, SIS and the EES constitute provisions building upon, or otherwise relating to, the Schengen acquis within, respectively, the meaning of Article 3(2) of the 2003 Act of Accession, Article 4(2) of the 2005 Act of Accession and Article 4(2) of the 2011 Act of Accession read in conjunction with Decisions 2010/365/EU, (EU) 2017/733, (EU) 2017/1908 and (EU) 2018/934.

(25)	Regulations (EC) No 767/2008, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1860, (EU) 2018/1861 and (EU) 2019/817 should therefore be amended accordingly.

(26)

Since the objectives of this Regulation, namely to amend Regulations (EC) No 767/2008, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1860, (EU) 2018/1861 and (EU) 2019/817 in order to connect the ETIAS Central System to the other EU information systems and to Europol data and to specify the data that will be sent between those EU information systems and Europol data, cannot be sufficiently achieved by the Member States but can rather, by reason of their scale and effects, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 TEU. In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives.

(27)	The European Data Protection Supervisor was consulted, in accordance with Article 41(2) of Regulation (EU) 2018/1725 of the European Parliament and the Council (27),

HAVE ADOPTED THIS REGULATION:

CHAPTER I

AMENDMENTS TO REGULATION (EU) 2018/1240

Article 1

Amendments to Regulation (EU) 2018/1240

Regulation (EU) 2018/1240 is amended as follows:

(1)

in Article 3(1), the following point is added:

‘(28)

‘other EU information systems’ means the Entry/Exit System (‘EES’), established by Regulation (EU) 2017/2226, the Visa Information System (‘VIS’), established by Regulation (EC) No 767/2008 of the European Parliament and of the Council (*1), the Schengen Information System (‘SIS’), established by Regulations (EU) 2018/1860 (*2), (EU) 2018/1861 (*3) and (EU) 2018/1862 (*4) of the European Parliament and of the Council, Eurodac, established by Regulation (EU) No 603/2013 of the European Parliament and of the Council (*5) and the European Criminal Record Information System – Third-Country Nationals (‘ECRIS-TCN’), established by Regulation (EU) 2019/816 of the European Parliament and of the Council (*6)

(*1) Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of information between Member States on short-stay visas, long-stay visas and residence permits (VIS Regulation) (OJ L 218, 13.8.2008, p. 60)."

(*2) Regulation (EU) 2018/1860 of the European Parliament and of the Council of 28 November 2018 on the use of the Schengen Information System for the return of illegally staying third-country nationals (OJ L 312, 7.12.2018, p. 1)."

(*3) Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and amending the Convention implementing the Schengen Agreement, and amending and repealing Regulation (EC) No 1987/2006 (OJ L 312, 7.12.2018, p. 14)."

(*4) Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU (OJ L 312, 7.12.2018, p. 56)."

(*5) Regulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (OJ L 180, 29.6.2013, p. 1)."

(*6) Regulation (EU) 2019/816 of the European Parliament and of the Council of 17 April 2019 establishing a centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN) to supplement the European Criminal Records Information System and amending Regulation (EU) 2018/1726 (OJ L 135, 22.5.2019, p. 1).’;"

(2)

Article 4 is amended as follows:

(a)

point (e) is replaced by the following:

‘(e)

support the objectives of SIS related to alerts on third-country nationals subject to a refusal of entry and stay, alerts on persons wanted for arrest for surrender purposes or extradition purposes, alerts on missing persons, alerts on persons sought to assist with a judicial procedure, alerts on persons for discreet checks or specific checks and alerts on third-country nationals subject to a return decision;’;

(b)

the following point is inserted:

‘(ea)

support the objectives of the EES;’;

(3)

in Article 6(2), the following point is inserted:

‘(da)

a secure communication channel between the ETIAS Central System and the EES Central System;’;

(4)

Article 7 is amended as follows:

(a)

in paragraph 2, point (a) is replaced by the following:

‘(a)

in cases where the automated application process has reported a hit, verifying in accordance with Article 22 whether the applicant’s personal data correspond to the personal data of the person having triggered that hit in the ETIAS Central System, any of the EU information systems that are consulted, Europol data, any of the Interpol databases referred to in Article 12, or the specific risk indicators referred to in Article 33, and where a correspondence is confirmed or where after such verification doubts remain, launching the manual processing of the application as referred to in Article 26;’;

(b)	the following paragraph is added: ‘4. The ETIAS Central Unit shall provide periodical reports to the Commission and eu-LISA concerning false hits as referred to in Article 22(4) which are generated during the automated verifications pursuant to Article 20(2).’;

(5)

Article 11 is replaced by the following:

‘Article 11

Interoperability with other EU information systems and Europol data

1.

Interoperability between the ETIAS Information System, on the one hand, and other EU information systems and Europol data, on the other hand, shall be established to enable the automated verifications pursuant to Article 20, Article 23, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) of this Regulation and shall rely on the European Search Portal (‘ESP’), established by Article 6 of Regulation (EU) 2019/817 and Article 6 of Regulation (EU) 2019/818 of the European Parliament and of the Council (*7), from the date referred to in Article 72(1b) of Regulation (EU) 2019/817 and Article 68(1b) of Regulation (EU) 2019/818.

2.

For the purpose of proceeding with the verifications referred to in point (i) of Article 20(2), the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6) and point (b) of Article 54(1) shall enable the ETIAS Central System to query VIS with the following data provided by applicants under points (a), (aa), (c) and (d) of Article 17(2):

(a)	surname (family name);

(b)	surname at birth;

(c)	first name(s) (given name(s));

(d)	date of birth;

(e)	place of birth;

(f)	country of birth;

(g)

sex;

(h)	current nationality;

(i)	other nationalities (if any);

(j)	type, number, the country of issue of the travel document.

3.

For the purpose of proceeding with the verifications referred to in points (g) and (h) of Article 20(2), the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) shall enable the ETIAS Central System to query the EES with the following data provided by applicants under points (a) to (d) of Article 17(2):

(a)	surname (family name);

(b)	surname at birth;

(c)	first name(s) (given name(s));

(d)	date of birth;

(e)

sex;

(f)	current nationality;

(g)	other names (alias(es));

(h)	artistic name(s);

(i)	usual name(s);

(j)	other nationalities (if any);

(k)	type, number, the country of issue of the travel document.

4.

For the purpose of proceeding with the verifications referred to in points (c), (m)(ii) and (o) of Article 20(2) and in Article 23 of this Regulation, the automated verifications pursuant to Article 20, Article 23, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) of this Regulation shall enable the ETIAS Central System to query SIS, as established by Regulations (EU) 2018/1860 and (EU) 2018/1861, with the following data provided by applicants under points (a) to (d) and (k) of Article 17(2) of this Regulation:

(a)	surname (family name);

(b)	surname at birth;

(c)	first name(s) (given name(s));

(d)	date of birth;

(e)	place of birth;

(f)

sex;

(g)	current nationality;

(h)	other names (alias(es));

(i)	artistic name(s);

(j)	usual name(s);

(k)	other nationalities (if any);

(l)	type, number, the country of issue of the travel document;

(m)	for minors, surname and first name(s) of the person exercising parental authority or of the applicant’s legal guardian.

5.

For the purpose of proceeding with the verifications referred to in points (a), (d) and (m)(i) of Article 20(2) and in Article 23(1) of this Regulation, the automated verifications pursuant to Article 20, Article 23, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) of this Regulation shall enable the ETIAS Central System to query SIS, as established by Regulation (EU) 2018/1862, with the following data provided by applicants under points (a) to (d) and (k) of Article 17(2) of this Regulation:

(a)	surname (family name);

(b)	surname at birth;

(c)	first name(s) (given name(s));

(d)	date of birth;

(e)	place of birth;

(f)

sex;

(g)	current nationality;

(h)	other names (alias(es));

(i)	artistic name(s);

(j)	usual name(s);

(k)	other nationalities (if any);

(l)	type, number, the country of issue of the travel document;

(m)	for minors, surname and first name(s) of the person exercising parental authority or of the applicant’s legal guardian.

6.

For the purpose of proceeding with the verifications referred to in point (n) of Article 20(2), the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6), and point (b) of Article 54(1) shall enable the ETIAS Central System to query ECRIS-TCN with the following data provided by applicants under points (a) to (d) of Article 17(2):

(a)	surname (family name);

(b)	surname at birth;

(c)	first name(s) (given name(s));

(d)	date of birth;

(e)	place of birth;

(ea)	country of birth;

(f)

sex;

(g)	current nationality;

(h)	other names (alias(es));

(i)	artistic name(s);

(j)	usual name(s);

(k)	other nationalities (if any);

(l)	type, number, the country of issue of the travel document.

7.

For the purpose of proceeding with the verifications referred to in point (j) of Article 20(2), the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6) and point (b) of Article 54(1) shall enable the ETIAS Central System to query Europol data with the data referred to in points (a), (aa), (b), (c), (d), (f), (g), (j), (k) and (m) of Article 17(2) and in Article 17(8).

8.

Where the automated verifications pursuant to Articles 20 and 23 report a hit, the ESP shall provide the ETIAS Central Unit with temporary read-only access to the results of those automated verifications. In the case of the automated verifications pursuant to Article 20, that access shall be provided in the application file until the end of the manual processing pursuant to Article 22(2). Where the data made available correspond to those of the applicant or where, after the automated verifications pursuant to Articles 20 and 23, doubts remain, the unique reference number of the record in the queried EU information systems of the data having triggered the hit shall be kept in the application file.

Where the automated verifications pursuant to Article 20 report a hit, those automated verifications shall receive the appropriate notification in accordance with Article 21(1a) of Regulation (EU) 2016/794.

9.

A hit shall be triggered where all or some of the data from the application file used for the query correspond fully or partially to the data present in a record, alert or file of the other EU information systems consulted. The Commission shall adopt delegated acts in accordance with Article 89 in order to specify the conditions for the correspondence between the data present in a record, alert or file of the other EU information systems consulted and an application file.

10.

For the purpose of paragraph 1 of this Article, the Commission, shall, by means of an implementing act, establish the technical arrangements for the implementation of point (c)(ii) of Article 24(6) and point (b) of Article 54(1) related to data retention. That implementing act shall be adopted in accordance with the examination procedure referred to in Article 90(2).

11.

For the purpose of Articles 25(2), 28(8) and 29(9), when registering the data related to hits in the application file, the origin of the data shall be indicated by the following data:

(a)	the type of the alert, with the exception of alerts as referred to in Article 23(1);

(b)	the source of the data, namely the other EU information system from which the data originated or Europol data, as appropriate;

(c)	the reference number in the queried EU information system of the record having triggered the hit and the Member State that entered or supplied the data having triggered the hit; and

(d)	where available, the date and time when the data was entered in the other EU information system or Europol data.

The data referred to in points (a) to (d) of the first subparagraph shall only be accessible and visible by the ETIAS Central Unit where the ETIAS Central System is not able to identify the Member State responsible.

(*7) Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (OJ L 135, 22.5.2019, p. 85).’;"

(6)

the following articles are inserted:

‘Article 11b

Support of the objectives of the EES

For the purpose of Articles 6, 14, 17 and 18 of Regulation (EU) 2017/2226, an automated process, using the secure communication channel referred to in point (da) of Article 6(2) of this Regulation, shall query and import from the ETIAS Central System the information referred to in Article 47(2) of this Regulation, as well as the application number and the expiry date of the ETIAS travel authorisation, and shall create or update the entry/exit record or the refusal of entry record in the EES accordingly.

Article 11c

Interoperability between ETIAS and the EES for the purpose of the revocation of an ETIAS travel authorisation at the request of an applicant

1.

For the purpose of implementing Article 41(8), an automated process, using the secure communication channel referred to in point (da) of Article 6(2), shall query the EES Central System to verify that applicants requesting the revocation of their travel authorisations are not present on the territory of the Member States.

2.

Where the outcome of the verification in the EES Central System under paragraph 1 indicates that the applicant is not present on the territory of the Member States, the revocation shall be effective immediately.

3.

Where the outcome of the verification under paragraph 1 of this Article indicates that the applicant is present on the territory of the Member States, Article 41(8) shall apply. The EES Central System shall record the fact that a notification is to be sent to the ETIAS Central System as soon as an entry/exit record indicating that the applicant having requested revocation of the travel authorisation has left the territory of the Member States has been created.’;

(7)

Article 12 is replaced by the following:

‘Article 12

Querying the Interpol databases

1.

The ETIAS Central System shall query the Interpol Stolen and Lost Travel Document database (SLTD) and the Interpol Travel Documents Associated with Notices database (TDAWN).

2.

Any queries and verification shall be performed in such a way that no information is revealed to the owner of the Interpol alert.

3.

If the implementation of paragraph 2 is not ensured, the ETIAS Central System shall not query the Interpol databases.’;

(8)

in Article 17(4), point (a) is replaced by the following:

‘(a)	whether he or she has been convicted in the previous 25 years of a terrorist offence or in the previous 15 years of any other criminal offence listed in the Annex, and if so when and in which country;’;

(9)

Article 20(2) is replaced by the following:

‘2. The ETIAS Central System shall launch a query by using the ESP to compare the relevant data referred to in points (a), (aa), (b), (c), (d), (f), (g), (j), (k) and (m) of Article 17(2) and in Article 17(8) to the data present in a record, file or alert registered in an application file stored in the ETIAS Central System, SIS, the EES, the VIS, Eurodac, ECRIS-TCN, Europol data and in the Interpol SLTD and TDAWN databases. In particular, the ETIAS Central System shall verify:

(a)	whether the travel document used for the application corresponds to a travel document reported lost, stolen, misappropriated or invalidated in SIS;

(b)	whether the travel document used for the application corresponds to a travel document reported lost, stolen or invalidated in the SLTD;

(c)	whether the applicant is subject to a refusal of entry and stay alert entered in SIS;

(d)	whether the applicant is subject to an alert in respect of persons wanted for arrest for surrender purposes on the basis of a European Arrest Warrant or wanted for arrest for extradition purposes in SIS;

(e)	whether the applicant and the travel document correspond to a refused, revoked or annulled travel authorisation in the ETIAS Central System;

(f)	whether the data provided in the application concerning the travel document correspond to another application for travel authorisation associated with different identity data referred to in point (a) of Article 17(2) in the ETIAS Central System;

(g)	whether the applicant is currently reported as an overstayer or whether he or she has been reported as an overstayer in the past in the EES;

(h)	whether the applicant is recorded as having been refused entry in the EES;

(i)	whether the applicant has been subject to a decision to refuse, annul or revoke a short stay visa recorded in VIS;

(j)	whether the data provided in the application correspond to data recorded in Europol data;

(k)	whether the applicant is registered in Eurodac;

(l)	whether the travel document used for the application corresponds to a travel document recorded in a file in TDAWN;

(m)

in cases where the applicant is a minor, whether the applicant’s parental authority or legal guardian:

(i)	is subject to an alert in respect of persons wanted for arrest for surrender purposes on the basis of a European Arrest Warrant or wanted for arrest for extradition purposes in SIS;

(ii)	is subject to a refusal of entry and stay alert entered in SIS;

(n)

whether the applicant corresponds to a person whose data has been recorded in ECRIS-TCN and flagged in accordance with point (c) of Article 5(1) of Regulation (EU) 2019/816; those data shall be used only for the purpose of the verification by the ETIAS Central Unit pursuant to Article 22 of this Regulation and for the purpose of the consultation of the national criminal records by the ETIAS National Units pursuant to Article 25a(2) of this Regulation; ETIAS National Units shall consult national criminal records prior to the assessments and decisions referred to in Article 26 of this Regulation and, where applicable, prior to the assessments and opinions pursuant to Article 28 of this Regulation;

(o)	whether the applicant is subject to an alert on return entered in SIS.’;

(10)

Article 22 is amended as follows:

(a)

paragraph 2 is replaced by the following:

‘2. When consulted, the ETIAS Central Unit shall have access to the application file and any linked application files, as well as to all the hits triggered during automated verifications pursuant to Article 20(2), (3) and (5) and to the information identified by the ETIAS Central System under Article 20(7) and (8).’;

(b)

in paragraph 3, point (b) is replaced by the following:

‘(b)	the data present in the ETIAS Central System;’;

(c)

paragraph 5 is replaced by the following:

‘5. Where the data correspond to those of the applicant, where doubts remain concerning the identity of the applicant or where the automated verifications pursuant to Article 20(4) have reported a hit, the application shall be processed manually in accordance with the procedure laid down in Article 26.’;

(d)

the following paragraph is added:

‘7. The ETIAS Information System shall keep records of all data processing operations carried out by the ETIAS Central Unit for the purpose of verification under paragraphs 2 to 6. Those records shall be created and entered automatically in the application file. They shall show the date and time of each operation, the data linked to the hit reported, the staff member having performed the manual processing under paragraphs 2 to 6 and the outcome of the verification and the corresponding justification.’;

(11)

Article 23 is amended as follows:

(a)

in paragraph 1, point (c) is replaced by the following:

‘(c)	an alert on persons for discreet checks, inquiry checks or specific checks.’;

(b)

paragraph 2 is amended as follows:

(i)

the first subparagraph is replaced by the following:

‘2. Where the comparison referred to in paragraph 1 reports one or several hits, the ETIAS Central System shall send an automated notification to the ETIAS Central Unit. When notified, the ETIAS Central Unit shall have access in accordance with Article 11(8) to the application file and any linked application files in order to verify whether the applicant’s personal data correspond to the personal data contained in the alert having triggered that hit and if a correspondence is confirmed, the ETIAS Central System shall send an automated notification to the SIRENE Bureau of the Member State that entered the alert. The SIRENE Bureau concerned shall further verify whether the applicant’s personal data correspond to the personal data contained in the alert having triggered the hit and take any appropriate follow-up action.’;

(ii)

the following subparagraph is added:

‘When the hit concerns an alert on return, the SIRENE Bureau of the issuing Member State shall verify, in cooperation with its ETIAS National Unit, whether the deletion of the alert on return in accordance with Article 14(1) of Regulation (EU) 2018/1860 and the entry of an alert for refusal of entry and stay in accordance with Article 24(3) of Regulation (EU) 2018/1861 is required.’;

(c)

paragraph 4 is replaced by the following:

‘4. The ETIAS Central System shall add a reference to any hit reported pursuant to paragraph 1 to the application file. That reference shall only be visible to and accessible by the ETIAS Central Unit and the SIRENE Bureau notified in accordance with paragraph 3, unless other limitations are provided for in this Regulation.’;

(12)

the following article is inserted:

‘Article 25a

Use of other EU information systems for the manual processing of applications by the ETIAS National Units

1.

Without prejudice to Article 13(1), the duly authorised staff of the ETIAS National Units shall have direct access to and may consult, in a read-only format, the other EU information systems for the purposes of examining applications for travel authorisation and adopting decisions relating to those applications in accordance with Article 26. The ETIAS National Units may consult:

(a)	the data referred to in Articles 16, 17 and 18 of Regulation (EU) 2017/2226;

(b)	the data referred to in Articles 9 to 14 of Regulation (EC) No 767/2008;

(c)	the data referred to in Article 20 of Regulation (EU) 2018/1861 processed for the purposes of Articles 24, 25 and 26 of that Regulation;

(d)	the data referred to in Article 20 of Regulation (EU) 2018/1862 processed for the purposes of Article 26 and points (k) and (l) of Article 38(2) of that Regulation;

(e)	the data referred to in Article 4 of Regulation (EU) 2018/1860 processed for the purposes of Article 3 of that Regulation.

2.

Insofar as a hit results from the verification pursuant to point (n) of Article 20(2), the duly authorised staff of the ETIAS National Units shall also have access, directly or indirectly, in accordance with national law, to the relevant data from the national criminal records of their own Member State in order to obtain information on third-country nationals, as defined in Regulation (EU) 2019/816, convicted of a terrorist offence or any other criminal offence listed in the Annex to this Regulation, for the purposes referred to in paragraph 1 of this Article.’;

(13)

Article 26 is amended as follows:

(a)

in paragraph 3, point (b) is replaced by the following:

‘(b)	assess the security or illegal immigration risk and decide whether to issue or refuse a travel authorisation where the hit corresponds to any of the verifications referred to in points (b) and (d) to (o) of Article 20(2).’;

(b)

the following paragraph is inserted:

‘3a. Where the automated processing under point (o) of Article 20(2) has reported a hit, the ETIAS National Unit of the Member State responsible shall:

(a)	refuse the applicant’s travel authorisation where the verification under the third subparagraph of Article 23(2) led to the deletion of the alert on return and the entry of an alert for refusal of entry and stay;

(b)	assess the security or illegal immigration risk and decide whether to issue or refuse a travel authorisation in all other cases.

The ETIAS National Unit of the Member State having entered the data shall consult its SIRENE Bureau to verify whether the deletion of the alert on return in accordance with Article 14(1) of Regulation (EU) 2018/1860 and, where applicable, the entry of an alert for refusal of entry and stay in accordance with Article 24(3) of Regulation (EU) 2018/1861 is required.’;

(c)

in paragraph 4, the following subparagraph is added:

‘Where the automated processing under point (n) of Article 20(2) has reported a hit, but has not reported a hit under point (c) of that paragraph, the ETIAS National Unit of the Member State responsible shall give particular consideration to the absence of such a hit in its assessment of the security risk in order to decide whether to issue or refuse a travel authorisation.’;

(14)

in Article 28(3), the following subparagraph is added:

‘For the purpose of the manual processing pursuant to Article 26, the reasoned positive or negative opinion shall only be visible by the ETIAS National Unit of the Member State consulted and by the ETIAS National Unit of the Member State responsible.’;

(15)

Article 37(3) is replaced by the following:

‘3. Applicants who have been refused a travel authorisation shall have the right to appeal. Appeals shall be conducted in the Member State that has taken the decision on the application and in accordance with the national law of that Member State. During the appeal procedure, the appellant shall be given access to the information in the application file in accordance with the data protection rules referred to in Article 56 of this Regulation. The ETIAS National Unit of the Member State responsible shall provide applicants with information regarding the appeal procedure. That information shall be provided in one of the official languages of the countries listed in Annex II to Regulation (EC) No 539/2001 of which the applicant is a national.’;

(16)

Article 41(3) is replaced by the following:

‘3. Without prejudice to paragraph 2, where a new alert is entered in SIS concerning a refusal of entry and stay or concerning a travel document reported as lost, stolen, misappropriated or invalidated, SIS shall inform the ETIAS Central System. The ETIAS Central System shall verify whether that new alert corresponds to a valid travel authorisation. Where this is the case, the ETIAS Central System shall transfer the application file to the ETIAS National Unit of the Member State having entered the alert. Where a new alert for refusal of entry and stay has been entered, the ETIAS National Unit shall revoke the travel authorisation. Where the travel authorisation is linked to a travel document reported as lost, stolen, misappropriated or invalidated in SIS or the Interpol SLTD database, the ETIAS National Unit shall manually process the application file.’;

(17)

Article 46 is amended as follows:

(a)

paragraph 1 is replaced by the following:

‘1. Where it is technically impossible to proceed with the query referred to in Article 45(1), because of a failure of any part of the ETIAS Information System, the carriers shall be exempt from the obligation to verify the possession of a valid travel authorisation. Where such a failure is detected by eu-LISA, the ETIAS Central Unit shall notify the carriers and the Member States. It shall also notify the carriers and the Member States when the failure is remedied. Where such a failure is detected by the carriers, they may notify the ETIAS Central Unit. The ETIAS Central Unit shall inform the Member States without delay about the notification of the carrier.’;

(b)

paragraph 3 is replaced by the following:

‘3. Where, for other reasons than a failure of any part of the ETIAS Information System, it is technically impossible for a carrier to proceed with the query referred to in Article 45(1) for a prolonged period of time, the carrier shall notify the ETIAS Central Unit. The ETIAS Central Unit shall inform the Member States without delay about the notification of that carrier.’;

(c)

the following paragraph is added:

‘5. The ETIAS Central Unit shall provide operational support to carriers in relation to paragraphs 1 and 3. The ETIAS Central Unit shall establish standard operational procedures setting out how such support is to be provided. The Commission shall, by means of implementing acts, adopt further detailed rules relating to the support to be provided and to the means to provide such support. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 90(2).’;

(18)

in Article 47(2), point (a) is replaced by the following:

‘(a)

whether or not the person has a valid travel authorisation, including whether the person’s status corresponds to the status referred to in point (c) of Article 2(1) and, in the case of a travel authorisation with limited territorial validity issued under Article 44, the Member State or Member States for which it is valid;’;

(19)	in Article 64, the following paragraph is added: ‘7. The right of access to personal data under this Article is without prejudice to Article 53 of Regulation (EU) 2018/1861 and Article 67 of Regulation (EU) 2018/1862.’;

(20)

in Article 73(3), the third subparagraph is replaced by the following:

‘eu-LISA shall develop and implement the ETIAS Central System, including the ETIAS watchlist, the NUIs, the communication infrastructure, and the secure communication channel between the ETIAS Central System and the EES Central System, as soon as possible after the entry into force of this Regulation and the adoption by the Commission of:

(a)	the measures provided for in Articles 6(4), 16(10), 17(9), Article 31 and Articles 35(7), 45(2), 54(2), 74(5), 84(2) and 92(8); and

(b)

the measures adopted in accordance with the examination procedure referred to in Article 90(2) necessary for the development and technical implementation of the ETIAS Central System, the NUIs, the communication infrastructure, the secure communication channel between the ETIAS Central System and the EES Central System and the carrier gateway, in particular implementing acts for:

(i)	accessing the data in accordance with Articles 22 to 29 and Articles 33 to 53;

(ii)	amending, erasing and advance erasure of data in accordance with Article 55;

(iii)

keeping and accessing the logs in accordance with Articles 45 and 69;

(iv)	performance requirements;

(v)	specifications for technical solutions to connect central access points in accordance with Articles 51, 52 and 53.’;

(21)

Article 88 is amended as follows:

(a)

paragraph 1 is amended as follows:

(i)

point (a) is replaced by the following:

‘(a)

the necessary amendments to the legal acts establishing the other EU information systems with which interoperability, within the meaning of Article 11 of this Regulation, is to be established with the ETIAS Information System have entered into force, with the exception of the recast of Regulation (EU) No 603/2013;’;

(ii)

point (d) is replaced by the following:

‘(d)

the measures referred to in Article 11(9) and (10), Article 15(5), Article 17(3), (5) and (6), Article 18(4), Article 27(3) and (5), Article 33(2) and (3), Article 36(3), Article 38(3), Article 39(2), Article 45(3), Article 46(4), Article 48(4), Article 59(4), point (b) of Article 73(3), Article 83(1), (3), and (4) and Article 85(3) have been adopted;’;

(b)

the following paragraphs are added:

‘6. Interoperability, as referred to in Article 11, with ECRIS-TCN shall start when the CIR starts operations. ETIAS shall start operations regardless of whether that interoperability with ECRIS-TCN has been established.

7.

ETIAS shall start operations regardless of whether it is possible to query the Interpol databases referred to in Article 12.’;

(22)

Article 89 is amended as follows:

(a)

paragraph 2 is replaced by the following:

‘2. The power to adopt delegated acts referred to in Article 6(4), Article 11(9), Article 17(3), (5) and (6), Articles 18(4), 27(3), Article 31, Articles 33(2), 36(4), 39(2), 54(2), Article 83(1) and (3) and Article 85(3) shall be conferred on the Commission for a period of five years from 9 October 2018. The Commission shall draw up a report in respect of the delegation of power not later than nine months before the end of the five-year period. The delegation of power shall be tacitly extended for periods of an identical duration, unless the European Parliament or the Council opposes such extension not later than three months before the end of each period.’;

(b)

paragraph 3 is replaced by the following:

‘3. The delegation of power referred to in Article 6(4), Article 11(9), Article 17(3), (5) and (6), Articles 18(4), 27(3), Article 31, Articles 33(2), 36(4), 39(2), 54(2), Article 83(1) and (3) and Article 85(3) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.’;

(c)

paragraph 6 is replaced by the following:

‘6. A delegated act adopted pursuant to Article 6(4), Article 11(9), Article 17(3), (5) or (6), Article 18(4), 27(3), Article 31, Article 33(2), 36(4), 39(2), 54(2), Article 83(1) or (3) or Article 85(3) shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of two months of notification of that act to the European Parliament and to the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by two months at the initiative of the European Parliament or of the Council.’;

(23)	Article 90(1) is replaced by the following: ‘1. The Commission shall be assisted by the committee established by Article 68 of Regulation (EU) 2017/2226. That committee shall be a committee within the meaning of Regulation (EU) No 182/2011.’;

(24)

in Article 92, the following paragraph is inserted:

‘5a. One year after the end of the transition period referred to in Article 83(1), and every four years thereafter, the Commission shall evaluate the querying of ECRIS-TCN through the ETIAS Central System. The Commission shall transmit those evaluations, together with the opinion of the ETIAS Fundamental Rights Guidance Board and any necessary recommendations, to the European Parliament and to the Council.

In order to assess the extent to which the querying of ECRIS-TCN through the ETIAS Central System has contributed to the achievement of the objective of ETIAS, the evaluations referred to in the first subparagraph shall include the following:

(a)	a comparison of the number of simultaneous hits, for the same application, in ECRIS-TCN relating to convictions for terrorist offences as listed in the Annex to this Regulation and in SIS relating to alerts for refusal of entry and stay;

(b)	a comparison of the number of simultaneous hits, for the same application, in ECRIS-TCN relating to any other criminal offences as listed in the Annex to this Regulation and in SIS relating to alerts for refusal of entry and stay;

(c)	for applications where the only hit is in ECRIS-TCN, a comparison of the number of refusals of travel authorisations with the total number of hits reported by the query of ECRIS-TCN.

The ETIAS Fundamental Rights Guidance Board shall provide opinions as regards the evaluations referred to in this paragraph.

The evaluations may be accompanied, where necessary, by legislative proposals.’;

(25)	in Article 96, the following paragraph is inserted after the second paragraph: ‘Article 11b shall apply from 3 August 2021.’.

CHAPTER II

AMENDMENT TO OTHER UNION INSTRUMENTS

Article 2

Amendments to Regulation (EC) No 767/2008

Regulation (EC) No 767/2008 is amended as follows:

(1)

Article 6(2) is replaced by the following:

‘2. Access to the VIS for consulting the data shall be reserved exclusively for the duly authorised staff of:

(a)	the national authorities of each Member State and of the Union bodies which are competent for the purposes of Articles 15 to 22, Articles 22g to 22m and Article 45e of this Regulation;

(b)	the ETIAS Central Unit and the ETIAS National Units, designated pursuant to Articles 7 and 8 of Regulation (EU) 2018/1240, for the purposes of Articles 18c and 18d of this Regulation and for the purposes of Regulation (EU) 2018/1240; and

(c)	the national authorities of each Member State and of the Union bodies which are competent for the purposes of Articles 20 and 21 of Regulation (EU) 2019/817.

Such access shall be limited to the extent to which the data are required for the performance of the tasks of those authorities and Union bodies in accordance with those purposes and proportionate to the objectives pursued.’;

(2)

the following articles are inserted:

‘Article 18b

Interoperability with ETIAS

1.

From the date of the start of operations of ETIAS, as determined in accordance with Article 88(1) of Regulation (EU) 2018/1240, the VIS shall be connected to the ESP to enable the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6), and point (b) of Article 54(1) of that Regulation.

2.

The automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6), and point (b) of Article 54(1) of Regulation (EU) 2018/1240 shall enable the verifications provided for in Article 20 of that Regulation and the subsequent verifications provided for in Articles 22 and 26 of that Regulation.

For the purpose of proceeding with the verifications referred to in point (i) of Article 20(2) of Regulation (EU) 2018/1240, the ETIAS Central System shall use the ESP to compare the data stored in ETIAS with the data stored in the VIS, in accordance with Article 11(8) of that Regulation, using the data listed in the correspondence table set out in Annex II to this Regulation.

Article 18c

Access to VIS data by the ETIAS Central Unit

1.

For the purpose of performing the tasks conferred on it by Regulation (EU) 2018/1240, the ETIAS Central Unit shall have the right to access and search relevant VIS data in accordance with Article 11(8) of that Regulation.

2.

Where a verification by the ETIAS Central Unit in accordance with Article 22 of Regulation (EU) 2018/1240 confirms a correspondence between data recorded in the ETIAS application file and VIS data or where after such verification doubts remain, the procedure set out in Article 26 of that Regulation shall apply.

Article 18d

Use of the VIS for the manual processing of applications by the ETIAS National Units

1.

ETIAS National Units, as referred to in Article 8(1) of Regulation (EU) 2018/1240, shall consult the VIS using the same alphanumerical data as those used for the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6) and point (b) of Article 54(1) of that Regulation.

2.

The ETIAS National Units shall have temporary access to consult the VIS, in a read-only format, for the purpose of examining applications for travel authorisation pursuant to Article 8(2) of Regulation (EU) 2018/1240. The ETIAS National Units may consult the data referred to in Articles 9 to 14 of this Regulation.

3.

Following consultation of the VIS by ETIAS National Units, as referred to in Article 8(1) of Regulation (EU) 2018/1240, duly authorised staff of the ETIAS National Units shall record the result of the consultation only in the ETIAS application files.’;

(3)

the following article is inserted:

‘Article 34a

Keeping of logs for the purposes of interoperability with ETIAS

Logs of each data processing operation carried out within the VIS and ETIAS pursuant to Article 20, point (c)(ii) of Article 24(6), and point (b) of Article 54(1) of Regulation (EU) 2018/1240 shall be kept in accordance with Article 34 of this Regulation and Article 69 of Regulation (EU) 2018/1240.’;

(4)

the Annex is numbered as Annex I and the following annex is added:

‘ANNEX II

Correspondence table

Data as referred to in Article 17(2) of Regulation (EU) 2018/1240 sent by the ETIAS Central System	The corresponding VIS data referred to in Article 9(4) of this Regulation with which data in ETIAS are to be compared
surname (family name)	surnames
surname at birth	surname at birth (former family name(s))
first name(s) (given name(s))	first name(s)
date of birth	date of birth
place of birth	place of birth
country of birth	country of birth
sex	sex
current nationality	current nationality or nationalities and nationality at birth
other nationalities (if any)	current nationality or nationalities and nationality at birth
type of the travel document	type of the travel document
number of the travel document	number of the travel document
country of issue of the travel document	the country which issued the travel document

Article 3

Amendments to Regulation (EU) 2017/2226

Regulation (EU) 2017/2226 is amended as follows:

(1)

in Article 6(1), the following point is added:

‘(k)	support the objectives of the European Travel Information and Authorisation System (ETIAS) established by Regulation (EU) 2018/1240 of the European Parliament and of the Council (*8).

(*8) Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).’;"

(2)

the following articles are inserted:

‘Article 8a

Automated process with ETIAS

1.

An automated process, using the secure communication channel referred to in point (da) of Article 6(2) of Regulation (EU) 2018/1240, shall enable the EES to create or update the entry/exit record or the refusal of entry record of a visa exempt third-country national in the EES in accordance with Articles 14, 17 and 18 of this Regulation.

Where an entry/exit record or a refusal of entry record of a visa exempt third-country national is created, the automated process referred to in the first subparagraph shall enable the EES Central System:

(a)	to query and to import from the ETIAS Central System the information referred to in Article 47(2) of Regulation (EU) 2018/1240, the application number and the expiry date of the ETIAS travel authorisation;

(b)	to update the entry/exit record in the EES in accordance with Article 17(2) of this Regulation; and

(c)	to update the refusal of entry record in the EES in accordance with point (b) of Article 18(1) of this Regulation.

2.

An automated process, using the secure communication channel referred to in point (da) of Article 6(2) of Regulation (EU) 2018/1240, shall enable the EES to process queries received from the ETIAS Central System and to send the corresponding answers in accordance with Article 11c and Article 41(8) of that Regulation. Where necessary, the EES Central System shall record the fact that a notification is to be sent to the ETIAS Central System as soon as an entry/exit record indicating that the applicant having requested revocation of the travel authorisation has left the territory of the Member States has been created.

Article 8b

Interoperability with ETIAS

1.

From the date of the start of operations of ETIAS, as determined in accordance with Article 88(1) of Regulation (EU) 2018/1240, the EES Central System shall be connected to the ESP to enable the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) of that Regulation.

2.

Without prejudice to Article 24 of Regulation (EU) 2018/1240, the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) of that Regulation shall enable the verifications provided for in Article 20 of that Regulation and the subsequent verifications provided for in Articles 22 and 26 of that Regulation.

For the purpose of proceeding with the verifications referred to in points (g) and (h) of Article 20(2) of Regulation (EU) 2018/1240, the ETIAS Central System shall use the ESP to compare the data stored in ETIAS with EES data, in accordance with Article 11(8) of that Regulation, using the data listed in the correspondence table set out in Annex III to this Regulation.

The verifications referred to in points (g) and (h) of Article 20(2) of Regulation (EU) 2018/1240 shall be without prejudice to the specific rules provided for in Article 24(3) of that Regulation.’;

(3)	in Article 9, the following paragraph is inserted: ‘2a. The duly authorised staff of the ETIAS National Units, designated pursuant to Article 8 of Regulation (EU) 2018/1240, shall have access to the EES to consult EES data in a read-only format.’;

(4)

the following article is inserted:

‘Article 13a

Fall-back procedures in the case of technical impossibility to access data by carriers

1.

Where it is technically impossible to proceed with the verification referred to in Article 13(3), because of a failure of any part of the EES, the carriers shall be exempt from the obligation to verify whether the third-country national holding a short-stay visa issued for one or two entries has already used the number of entries authorised by their visa. Where such a failure is detected by eu-LISA, the ETIAS Central Unit shall notify the carriers and the Member States. It shall also notify the carriers and the Member States when the failure is remedied. Where such a failure is detected by the carriers, they may notify the ETIAS Central Unit. The ETIAS Central Unit shall inform the Member States without delay about the notification of the carriers.

2.

Where, for other reasons than a failure of any part of the EES, it is technically impossible for a carrier to proceed with the verification referred to in Article 13(3) for a prolonged period of time, the carrier shall notify the ETIAS Central Unit. The ETIAS Central Unit shall inform the Member States without delay about the notification of that carrier.

3.

The Commission shall, by means of an implementing act, lay down the details of the fall-back procedures referred to in this Article. That implementing act shall be adopted in accordance with the examination procedure referred to in Article 68(2).

4.

The ETIAS Central Unit shall provide operational support to carriers in relation to paragraphs 1 and 2. The ETIAS Central Unit shall establish standard operational procedures setting out how such support is to be provided. The Commission shall, by means of implementing acts, adopt further detailed rules relating to the support to be provided and to the means to provide such support. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 68(2).’;

(5)

in Article 17(2), the following subparagraph is added:

‘The following data shall also be entered in the entry/exit record:

(a)	the ETIAS application number;

(b)	the expiry date of the ETIAS travel authorisation;

(c)	in the case of an ETIAS travel authorisation with limited territorial validity, the Member State or Member States for which it is valid.’;

(6)

in Article 18(1), point (b) is replaced by the following:

‘(b)	for visa-exempt third-country nationals, the alphanumeric data required pursuant to Article 17(1) and (2) of this Regulation;’;

(7)

the following articles are inserted:

‘Article 25a

Access to EES data by the ETIAS Central Unit

1.

For the purpose of performing the tasks conferred on it by Regulation (EU) 2018/1240, the ETIAS Central Unit shall have the right to access and search EES data in accordance with Article 11(8) of that Regulation.

2.

Where a verification by the ETIAS Central Unit in accordance with Article 22 of Regulation (EU) 2018/1240 confirms a correspondence between data recorded in the ETIAS application file and EES data or where after such verification doubts remain, the procedure set out in Article 26 of that Regulation shall apply.

Article 25b

Use of the EES for the manual processing of applications by the ETIAS National Units

1.

ETIAS National Units, as referred to in Article 8(1) of Regulation (EU) 2018/1240, shall consult the EES using the same alphanumerical data as those used for the automated verifications pursuant to Article 20, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) of that Regulation.

2.

The ETIAS National Units shall have access to and may consult the EES, in a read-only format, for the purpose of examining applications for travel authorisation, pursuant to Article 8(2) of Regulation (EU) 2018/1240. The ETIAS National Units may consult the data referred to in Articles 16 to 18 of this Regulation, without prejudice to Article 24 of Regulation (EU) 2018/1240.

3.

Following consultation of the EES by ETIAS National Units, as referred to in Article 8(1) of Regulation (EU) 2018/1240, duly authorised staff of the ETIAS National Units shall record the result of the consultation only in the ETIAS application files.’;

(8)

Article 28 is replaced by the following:

‘Article 28

Keeping of data retrieved from the EES

Data retrieved from the EES pursuant to Articles 24, 25, 26 and 27 may be kept in national files and data retrieved from the EES pursuant to Articles 25a and 25b may be kept in the ETIAS application files only where necessary in an individual case in accordance with the purpose for which they were retrieved and in accordance with relevant Union law, in particular on data protection, and for no longer than strictly necessary in that individual case.’;

(9)	in Article 46(2), the following subparagraph is added: ‘Logs of each data processing operation carried out within the EES and ETIAS pursuant to Articles 8a, 8b and 25a of this Regulation shall be kept in accordance with this Article and Article 69 of Regulation (EU) 2018/1240.’;

(10)

The following annex is added:

ANNEX III

Correspondence table

Data as referred to in Article 17(2) of Regulation (EU) 2018/1240 sent by the ETIAS Central System	The corresponding EES data referred to in point (a) of Article 17(1) of this Regulation with which the data in ETIAS are to be compared
surname (family name)	surnames
surname at birth	surnames
first name(s) (given name(s))	first name or names (given names)
other names (alias(es), artistic name(s), usual name(s))	first name or names (given names)
date of birth	date of birth
sex	sex
current nationality	nationality or nationalities
other nationalities (if any)	nationality or nationalities
type of the travel document	type of the travel document
number of the travel document	number of the travel document
country of issue of the travel document	the three letter code of the issuing country of the travel document

Article 4

Amendment to Regulation (EU) 2018/1860

In Regulation (EU) 2018/1860, Article 19 is replaced by the following:

‘Article 19

Applicability of Regulation (EU) 2018/1861

Insofar as not established in this Regulation, the entry, processing and updating of alerts, the provisions on responsibilities of the Member States and eu-LISA, the conditions concerning access and the review period for alerts, data processing, data protection, liability and monitoring and statistics, as laid down in Articles 6 to 19, Article 20(3) and (4), Articles 21, 23, 32 and 33, Article 34(5) and Articles 36a, 36b, 36c and 38 to 60 of Regulation (EU) 2018/1861, shall apply to data entered and processed in SIS in accordance with this Regulation.’.

Article 5

Amendments to Regulation (EU) 2018/1861

Regulation (EU) 2018/1861 is amended as follows:

(1)

the following article is inserted:

‘Article 18b

Keeping of logs for the purposes of interoperability with ETIAS

Logs of each data processing operation carried out within SIS and ETIAS pursuant to Articles 36a and 36b of this Regulation shall be kept in accordance with Article 18 of this Regulation and Article 69 of Regulation (EU) 2018/1240 of the European Parliament and of the Council (*9).

(*9) Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).’;"

(2)

in Article 34(1), the following point is added:

‘(h)	the manual processing of ETIAS applications by the ETIAS National Unit, pursuant to Article 8 of Regulation (EU) 2018/1240.’;

(3)

the following articles are inserted:

‘Article 36b

Access to SIS data by the ETIAS Central Unit

1.

For the purpose of performing the tasks conferred on it by Regulation (EU) 2018/1240, the ETIAS Central Unit, established within the European Border and Coast Guard Agency in accordance with Article 7 of that Regulation, shall have the right to access and search relevant data entered in SIS in accordance with Article 11(8) of that Regulation. Article 36(4) to (8) of this Regulation shall apply to that access and search.

2.

Without prejudice to Article 24 of Regulation (EU) 2018/1240, where a verification by the ETIAS Central Unit in accordance with Article 22 of that Regulation confirms a correspondence between data recorded in the ETIAS application file and an alert in SIS or where after such verification doubts remain, the procedure set out in Article 26 of that Regulation shall apply.

Article 36c

Interoperability with ETIAS

1.

From the date of the start of operations of ETIAS, as determined in accordance with Article 88(1) of Regulation (EU) 2018/1240, the Central SIS shall be connected to the ESP to enable the automated verifications pursuant to Article 20, Article 23, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) of that Regulation and the subsequent verifications provided for in Articles 22 and 26 of that Regulation.

2.

For the purpose of proceeding with the verifications referred to in points (c), (m)(ii) and (o) of Article 20(2) of Regulation (EU) 2018/1240, the ETIAS Central System shall use the ESP to compare the data referred to in Article 11(4) of that Regulation to data in SIS in accordance with Article 11(8) of that Regulation.

3.

For the purpose of proceeding with the verifications referred to in point (c)(ii) of Article 24(6) and point (b) of Article 54(1) of Regulation (EU) 2018/1240, the ETIAS Central System shall use the ESP to regularly verify whether an alert for refusal of entry and stay entered in SIS which gave rise to the refusal, annulment or revocation of a travel authorisation has been deleted.

4.

Pursuant to Article 41(3) of Regulation (EU) 2018/1240, where a new alert for refusal of entry and stay is entered in SIS, Central SIS shall transmit the data referred to in points (a) to (d), (f) to (i) and (s) to (v) of Article 20(2) of this Regulation to the ETIAS Central System, using the ESP, in order to verify whether that new alert corresponds to a valid travel authorisation.’.

Article 6

Amendment to Regulation (EU) 2019/817

In Article 72 of Regulation (EU) 2019/817, the following paragraph is inserted:

‘1b. Without prejudice to paragraph 1 of this Article, the ESP shall start operations, for the purposes of the automated verifications pursuant to Article 20, Article 23, point (c)(ii) of Article 24(6), Article 41 and point (b) of Article 54(1) of Regulation (EU) 2018/1240 only, once the conditions laid down in Article 88 of that Regulation have been met.’.

CHAPTER III

FINAL PROVISIONS

Article 7

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.

Done at Strasbourg, 7 July 2021.

For the European Parliament

The President

D.

M. SASSOLI

For the Council

The President

A.

LOGAR

(1)

Position of the European Parliament of 8 June 2021 (not yet published in the Official Journal) and decision of the Council of 28 June 2021.

(2)

Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).

(3)

Regulation (EU) 2021/1150 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EU) 2018/1862 and (EU) 2019/818 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the European Travel Information and Authorisation System (see page 1of this Official Journal).

(4)

Regulation (EU) 2021/1151 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EU) 2019/816 and (EU) 2019/818 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the European Travel Information and Authorisation System (see page 7 of this Official Journal).

(5)

Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of information between Member States on short-stay visas, long-stay visas and residence permits (VIS Regulation) (OJ L 218, 13.8.2008, p. 60).

(6)

Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011 (OJ L 327, 9.12.2017, p. 20).

(7)

Regulation (EU) 2018/1860 of the European Parliament and of the Council of 28 November 2018 on the use of the Schengen Information System for the return of illegally staying third-country nationals (OJ L 312, 7.12.2018, p. 1).

(8)

Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and amending the Convention implementing the Schengen Agreement, and amending and repealing Regulation (EC) No 1987/2006 (OJ L 312, 7.12.2018, p. 14).

(9)

Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (OJ L 135, 22.5.2019, p. 27).

(10)

Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (OJ L 135, 22.5.2019, p. 85).

(11)

Directive 2008/115/EC of the European Parliament and of the Council of 16 December 2008 on common standards and procedures in Member States for returning illegally staying third-country nationals (OJ L 348, 24.12.2008, p. 98).

(12)

OJ L 123, 12.5.2016, p. 1.

(13)

Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by the Member States of the Commission’s exercise of implementing powers (OJ L 55, 28.2.2011, p. 13).

(14)

Council Decision 2010/365/EU of 29 June 2010 on the application of the provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Bulgaria and Romania (OJ L 166, 1.7.2010, p. 17).

(15)

Council Decision (EU) 2017/733 of 25 April 2017 on the application of the provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Croatia (OJ L 108, 26.4.2017, p. 31).

(16)

Council Decision (EU) 2017/1908 of 12 October 2017 on the putting into effect of certain provisions of the Schengen acquis relating to the Visa Information System in the Republic of Bulgaria and Romania (OJ L 269, 19.10.2017, p. 39).

(17)

Council Decision (EU) 2018/934 of 25 June 2018 on the putting into effect of the remaining provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Bulgaria and Romania (OJ L 165, 2.7.2018, p. 37).

(18)

Regulation (EU) 2018/1726 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), and amending Regulation (EC) No 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) No 1077/2011 (OJ L 295, 21.11.2018, p. 99).

(19)

Directive 2004/38/EC of the European Parliament and of the Council of 29 April 2004 on the right of citizens of the Union and their family members to move and reside freely within the territory of the Member States amending Regulation (EEC) No 1612/68 and repealing Directives 64/221/EEC, 68/360/EEC, 72/194/EEC, 73/148/EEC, 75/34/EEC, 75/35/EEC, 90/364/EEC, 90/365/EEC and 93/96/EEC (OJ L 158, 30.4.2004, p. 77).

(20)

Council Decision 2002/192/EC of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen acquis (OJ L 64, 7.3.2002, p. 20).

(21)

OJ L 176, 10.7.1999, p. 36.

(22)

Council Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis (OJ L 176, 10.7.1999, p. 31).

(23)

OJ L 53, 27.2.2008, p. 52.

(24)

Council Decision 2008/146/EC of 28 January 2008 on the conclusion, on behalf of the European Community, of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (OJ L 53, 27.2.2008, p. 1).

(25)

OJ L 160, 18.6.2011, p. 21.

(26)

Council Decision 2011/350/EU of 7 March 2011 on the conclusion, on behalf of the European Union, of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis, relating to the abolition of checks at internal borders and movement of persons (OJ L 160, 18.6.2011, p. 19).

(27)

Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).

This summary has been adopted from EUR-Lex.