Regulation (EU) 2018/1240 of the European Parliament and of the CouncilDangos y teitl llawn

CHAPTER VIIU.K. USE OF ETIAS BY CARRIERS

Article 45U.K.Access to data for verification by carriers

1.Air carriers, sea carriers and international carriers transporting groups overland by coach shall send a query to the ETIAS Information System in order to verify whether or not third-country nationals subject to the travel authorisation requirement are in possession of a valid travel authorisation.

2.Secure access to the carrier gateway referred to in point (k) of Article 6(2), including the possibility to use mobile technical solutions, shall allow carriers to proceed with the query referred to in paragraph 1 of this Article prior to the boarding of a passenger. The carrier shall provide the data contained in the machine-readable zone of the travel document and indicate the Member State of entry. By way of derogation, in the case of airport transit, the carrier shall not be obliged to verify whether the third-country national is in possession of a valid travel authorisation.

The ETIAS Information System shall, through the carrier gateway, provide the carriers with an ‘OK/NOT OK’ answer indicating whether or not the person has a valid travel authorisation. If a travel authorisation has been issued with limited territorial validity in accordance with Article 44, the response provided by the ETIAS Central System shall take into account the Member State(s) for which the authorisation is valid as well as the Member State of entry indicated by the carrier. Carriers may store the information sent and the answer received in accordance with the applicable law. The OK/NOT OK answer shall not be regarded as a decision to authorise or refuse entry in accordance with Regulation (EU) 2016/399.

The Commission shall, by means of implementing acts, adopt detailed rules concerning the conditions for the operation of the carrier gateway and the data protection and security rules applicable. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 90(2).

3.The Commission shall, by means of implementing acts, set up an authentication scheme reserved exclusively for carriers in order to allow access to the carrier gateway for the purposes of paragraph 2 of this Article to the duly authorised members of the carriers’ staff. When setting up the authentication scheme, information security risk management and the principles of data protection by design and by default shall be taken into account. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 90(2).

4.The carrier gateway shall make use of a separate read-only database updated on a daily basis via a one-way extraction of the minimum necessary subset of data stored in ETIAS. eu-LISA shall be responsible for the security of the carrier gateway, for the security of the personal data it contains and for the process of extracting the personal data into the separate read-only database.

5.The carriers referred to in paragraph 1 of this Article shall be subject to the penalties provided for in accordance with Article 26(2) of the Convention Implementing the Schengen Agreement of 14 June 1985 between the Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and the French Republic on the gradual abolition of checks at their common borders (‘the Convention implementing the Schengen Agreement’) and Article 4 of Council Directive 2001/51/EC(1) when they transport third-country nationals who, although subject to the travel authorisation requirement, are not in possession of a valid travel authorisation.

6.By way of derogation from paragraph 5 of this Article, where, for the same third-country national, the carriers referred to in paragraph 1 of this Article are already subject to the penalties provided for in accordance with Article 26(2) of the Convention Implementing the Schengen Agreement and Article 4 of Directive 2001/51/EC, the penalties referred to in paragraph 5 of this Article shall not apply.

7.For the purpose of implementing paragraph 5 or for the purpose of resolving any potential dispute arising from its application, eu-LISA shall keep logs of all data processing operations carried out within the carrier gateway by carriers. Those logs shall show the date and time of each operation, the data used for interrogation, the data transmitted by the carrier gateway and the name of the carrier in question.

Logs shall be stored for a period of two years. Logs shall be protected by appropriate measures against unauthorised access.

8.If third-country nationals are refused entry, any carrier which brought them to the external borders by air, sea and land shall be obliged to immediately assume responsibility for them again. At the request of the border authorities, the carriers shall be obliged to return the third-country nationals to one of either the third country from which they were transported, the third country which issued the travel document on which they travelled, or any other third country to which they are certain to be admitted.

9.By way of derogation from paragraph 1, for carriers transporting groups overland by coach, for the first three years following the ETIAS entry into operations, the verification referred to in paragraph 1 shall be optional and the provisions referred to in paragraph 5 shall not apply to them.

Article 46U.K.Fall-back procedures in the case of a technical impossibility to access data by carriers

1.Where it is technically impossible to proceed with the query referred to in Article 45(1) because of a failure of any part of the ETIAS Information System, the carriers shall be exempted of the obligation to verify the possession of a valid travel authorisation. Where such a failure is detected by eu-LISA, the ETIAS Central Unit shall notify the carriers. It shall also notify the carriers once the failure is remedied. Where such a failure is detected by the carriers, they may notify the ETIAS Central Unit.

2.The penalties referred to in Article 45(5) shall not be imposed on carriers in the cases referred to in paragraph 1 of this Article.

3.Where for other reasons than a failure of any part of the ETIAS Information System it is technically impossible for a carrier to proceed with the consultation query referred to in Article 45(1) for a prolonged period of time, that carrier shall inform the ETIAS Central Unit.

4.The Commission shall, by means of an implementing act, lay down details of the fall-back procedures referred to in this Article. That implementing act shall be adopted in accordance with the examination procedure referred to in Article 90(2).