In relation to SIS II, the Agency shall perform:
the tasks conferred on the Management Authority by Regulation (EC) No 1987/2006 and Decision 2007/533/JHA; and
tasks relating to training on the technical use of SIS II, in particular for SIRENE-staff (SIRENE — Supplementary Information Request at the National Entries) and training of experts on the technical aspects of SIS II in the framework of Schengen evaluation.
In relation to VIS, the Agency shall perform:
the tasks conferred on the Management Authority by Regulation (EC) No 767/2008 and Decision 2008/633/JHA; and
tasks relating to training on the technical use of VIS.
In relation to Eurodac, the Agency shall perform:
the tasks conferred on the Commission as the authority responsible for the operational management of Eurodac in accordance with Regulations (EC) No 2725/2000 and (EC) No 407/2002;
tasks relating to the communication infrastructure, namely: supervision, security and coordination of relations between the Member States and the provider; and
tasks relating to training on the technical use of Eurodac.
When entrusted with the preparation, development and operational management of other large-scale IT systems referred to in Article 1(3), the Agency shall perform tasks relating to training on the technical use of those systems, as appropriate.
1.The Agency shall carry out the tasks relating to the communication infrastructure conferred on the Management Authority by the legislative instruments governing the development, establishment, operation and use of large-scale IT systems referred to in Article 1(2).
2.According to the legislative instruments referred to in paragraph 1, the tasks regarding the communication infrastructure (including the operational management and security) are divided between the Agency and the Commission. In order to ensure coherence between the exercise of their respective responsibilities, operational working arrangements shall be made between the Agency and the Commission and reflected in a Memorandum of Understanding.
3.The communication infrastructure shall be adequately managed and controlled in order to protect it from threats, and to ensure its security and that of large-scale IT systems, including that of data exchanged through the communication infrastructure.
4.Appropriate measures including security plans shall be adopted, inter alia, to prevent the unauthorised reading, copying, modification or deletion of personal data during transfers of personal data or transport of data media, in particular by means of appropriate encryption techniques. No system-related operational information shall circulate in the communication infrastructure without encryption.
5.Tasks relating to the operational management of the communication infrastructure may be entrusted to external private-sector entities or bodies in accordance with Regulation (EC, Euratom) No 1605/2002. In such a case, the network provider shall be bound by the security measures referred to in paragraph 4 and shall have no access to SIS II, VIS or Eurodac operational data, or to the SIS II-related SIRENE exchange, by any means.
6.Without prejudice to the existing contracts on the network of SIS II, VIS and Eurodac, the management of the encryption keys shall remain within the competence of the Agency and shall not be outsourced to any external private-sector entity.
1.The Agency shall monitor the developments in research relevant for the operational management of SIS II, VIS, Eurodac and other large-scale IT systems.
2.The Agency shall on a regular basis keep the European Parliament, the Council, the Commission, and, where data protection issues are concerned, the European Data Protection Supervisor, informed of the developments referred to in paragraph 1.
1.Only upon the specific and precise request of the Commission, which shall have informed the European Parliament and the Council at least 3 months in advance, and after a decision by the Management Board, the Agency may, in accordance with Article 12(1)(l), carry out pilot schemes as referred to in Article 49(6)(a) of Regulation (EC, Euratom) No 1605/2002, for the development or the operational management of large-scale IT systems, in the application of Articles 67 to 89 TFEU.
The Agency shall on a regular basis keep the European Parliament, the Council and, where data protection issues are concerned, the European Data Protection Supervisor, informed of the evolution of the pilot schemes referred to in the first subparagraph.
2.Financial appropriations for pilot schemes as requested by the Commission shall be entered in the budget for no more than two successive financial years.